3JL01001BWABPCZZA - V1 - 5520 AMS Release 9.7.03 Administrator Guide

Administrator Guide
5520 Access Management System,

Release 9.7.03
Administrator Guide
3JL-01001-BWAB-PCZZA
Issue: 02
June 2020
Nokia — Proprietary and confidential

Use pursuant to applicable agreements
Administrator Guide
Nokia is a registered trademark of Nokia Corporation. Other products and company

names mentioned herein may be trademarks or tradenames of their respective
owners.
The information presented is subject to change without notice. No responsibility is
assumed for inaccuracies contained herein.
© 2020 Nokia.
Contains proprietary/trade secret information which is the property of Nokia and must
not be made available to, or copied or used by anyone outside Nokia without its
written authorization. Not to be used or disclosed except in accordance with
applicable agreements.
2 3JL-01001-BWAB-PCZZA Issue: 02
Administrator Guide
Table of contents
1 Preface...........................................................................................28
1.1 Documentation ..........................................................................................28
1.2 Conventions used in this guide..................................................................28
1.2.1 Important information.................................................................................29
1.2.2 Navigation steps ........................................................................................30
1.2.3 Procedures with options or substeps.........................................................30
1.3 Multiple PDF file search.............................................................................31
1.4 Contact information ...................................................................................32
Getting started
2 What’s new ....................................................................................36
2.1 What’s new in Release 9.7.03 ...................................................................36
2.2 What’s new in Release 9.7 ........................................................................38
3 Overviews......................................................................................56
3.1 Guide overview..........................................................................................56
3.2 Administrative functions overview .............................................................56
3.2.1 Core software management ......................................................................56
3.2.2 Configuration management .......................................................................57
3.2.3 User management .....................................................................................57
3.2.4 Fault management.....................................................................................57
3.2.5 Environment variables ...............................................................................57
3.3 5529 Enhanced Applications .....................................................................58
3.4 Technical support ......................................................................................59
4 Logging in to the 5520 AMS.........................................................60
4.1 Logging in to the 5520 AMS client as an administrator .............................60
4.1.1 Logging in as an administrator ..................................................................60
4.1.2 If a login fails..............................................................................................62
4.1.3 Synchronizing server and client time.........................................................63
4.2 Logging in to the 5520 AMS server as an amssys user ............................64
4.3 Configuring user login from trusted hosts..................................................64
4.4 Restricting server selection in the Login window.......................................65
5 Managing licenses........................................................................68
5.1 Licensing overview ....................................................................................68
5.1.1 Licensing in a cluster .................................................................................70
5.1.2 Subscriber licenses ...................................................................................70
5.1.3 Operator licenses ......................................................................................70
5.1.4 License alarms ..........................................................................................71
Issue: 02 3JL-01001-BWAB-PCZZA 3
Administrator Guide
5.2 Adding license keys...................................................................................71

5.2.1 License installation error scenarios ...........................................................73
5.3 Viewing license keys .................................................................................74
5.4 Updating license keys................................................................................74
5.5 Managing LT licenses................................................................................75
Using the 5520 AMS securely
6 Using the 5520 AMS securely......................................................80
6.1 Security overview ......................................................................................80
7 Managing SSL ...............................................................................82
7.1 SSL overview.............................................................................................82
7.2 Generating a customized keystore ............................................................83
7.3 Enabling SSL.............................................................................................84
7.4 Reinstalling the 5520 AMS client to activate SSL changes .......................87
7.5 Switching between default and customized keystore ................................88
7.6 Disabling SSL ............................................................................................89
7.7 Modifying server and client protocols ........................................................90
7.7.1 SSL configuration on a server ...................................................................90
7.7.2 SSL configuration on a client.....................................................................91
7.7.2.1 Verifying 5520 AMS SSL server status .....................................................92
7.8 Installing a self-signed certification............................................................92
7.9 Installing a certificate signed by CA...........................................................94
8 Managing HTTPS ..........................................................................98
8.1 HTTPS overview........................................................................................98
8.1.1 vprocmon support of HTTP communication ..............................................98
8.2 Replacing the default HTTPS certificate....................................................98
User management
9 User accounts .............................................................................104
9.1 User accounts overview ..........................................................................104
9.1.1 Changes to user accounts.......................................................................105
9.1.2 Users .......................................................................................................105
9.1.3 Roles .......................................................................................................105
9.1.3.1 Default roles ............................................................................................106
9.1.3.2 Superuser role .........................................................................................106
9.1.4 Functions .................................................................................................106
9.1.5 User settings............................................................................................123
9.1.6 User account parameters ........................................................................126
9.2 Creating user accounts from the 5520 AMS GUI ....................................131
9.2.1 Internal DB authentication .......................................................................131
9.2.2 Remote authorization ..............................................................................131
9.2.3 Remote authentication.............................................................................132
9.3 Adding a new user account to the amssys group....................................134
9.3.1 Copying the existing input files for the 5520 AMS server scripts.............136
9.4 Managing user accounts from the 5520 AMS server ..............................137
9.5 Locking a user .........................................................................................145
9.6 Unlocking a user......................................................................................146
9.7 Locking or unlocking all users with a specific role ...................................147
Administrator Guide
9.8 Viewing user statistics .............................................................................148

9.9 Defining global password and username rules........................................148
9.10 Changing a user password......................................................................149
9.11 Changing passwords for default users ....................................................150
9.12 Configuring password dictionary .............................................................151
9.13 Viewing user functions.............................................................................152
9.14 Creating user roles ..................................................................................152
9.15 Assigning users to a user role .................................................................153
9.16 Configuring the superuser role ................................................................154
10 PAPs ............................................................................................156
10.1 PAPs overview ........................................................................................156
10.1.1 Configuring PAPs ....................................................................................157
10.2 Creating a PAP........................................................................................157
10.3 Changing the PAP associated with an NE ..............................................159
10.4 Creating a PAP group..............................................................................160
11 User sessions .............................................................................164
11.1 User session overview.............................................................................164
11.2 Viewing user session information ............................................................164
11.3 Closing an active user session ................................................................165
11.4 Configuring the inactivity logout timeout for a user..................................166
11.5 Configuring the global inactivity logout timeout value..............................167
11.6 Configuring the inactivity lock screen timeout for a user .........................167
11.7 Configuring the global inactivity lock screen timeout value .....................168
11.8 Configuring the global timeout value to lock a dormant account .............168
11.9 Configuring the global timeout value to delete a dormant account..........169
11.10 Configuring the dormant account lock timeout for a user ........................169
11.11 Configuring the dormant account deletion timeout for a user..................170
11.12 Configuring the maximum concurrent user sessions...............................171
11.13 Configuring the maximum users displayed in Administration tree...........171
NE tasks
12 NE tasks overview ......................................................................176
12.1 Overview of this volume ..........................................................................176
13 Managing NE communication and information .......................178
13.1 NE communication and information overview .........................................178
13.2 Retrieving NE information........................................................................178
13.3 Configuring automatic supervision on newly created NEs ......................179
13.4 Generating lists........................................................................................180
13.4.1 Mandatory and optional arguments .........................................................181
13.5 NE list ......................................................................................................181
13.6 NE agent list ............................................................................................183
13.7 NE balancing ...........................................................................................185
13.8 Configuring NAT ......................................................................................185
14 Managing SNTP and time zones ...............................................188
14.1 SNTP overview........................................................................................188
14.1.1 Configuring SNTP....................................................................................189
14.2 Creating an external SNTP server...........................................................190
Administrator Guide
14.3 Time zone overview.................................................................................191

14.3.1 Updating time zone data in the 5520 AMS ..............................................192
14.4 Updating time zone information in the NE ...............................................192
15 Managing subscriber search attributes....................................194
15.1 Subscriber search attributes overview.....................................................194
15.2 Configuring subscriber search attributes .................................................194
15.3 Managing subscriber search attributes....................................................196
16 Managing External TL1 Gateways.............................................202
16.1 Managing External TL1 Gateways overview ...........................................202
16.2 Using an External TL1 Gateway in a cluster ...........................................203
16.3 Multiple External TL1 Gateways..............................................................206
16.4 Configuring an External TL1 Gateway connection ..................................211
16.5 Logging in to an External TL1 Gateway ..................................................213
16.6 Managing command templates and batch executions ............................215
16.7 Managing TNM users ..............................................................................218
16.8 Viewing External TL1 Gateway information.............................................221
16.9 Managing alarm logs ...............................................................................222
17 ...................... NE tasks performed from the 5520 AMS server224
17.1 Server tasks overview .............................................................................224
17.2 Updating the NE plug-in file.....................................................................224
17.3 Creating NEs from the 5520 AMS server ................................................224
17.3.1 Before you proceed .................................................................................224
17.4 Managing splitter .....................................................................................231
17.5 Configuring NEs using the ams_ne_cli script ..........................................232
18 Backing up and restoring NE software.....................................236
18.1 Overview..................................................................................................236
18.1.1 Verifying backup files periodically............................................................237
18.2 Backing up and restoring NE software ....................................................237
18.3 Viewing backup or restore status ............................................................241
18.4 Managing NE backup files.......................................................................242
18.5 Checking an NE backup ..........................................................................245
18.6 Checking backup of multiple NEs............................................................247
18.7 Backing up and restoring the NE from the Software System
Parameters object ...................................................................................251
19 Managing links between NEs ....................................................252
19.1 Configuring link management settings ....................................................252
19.2 Creating links from the 5520 AMS application server..............................254
19.2.1 Align and audit script overview ................................................................261
19.3 Creating a Media Gateway from the 5520 AMS application server.........264
19.3.1 Before you proceed .................................................................................269
19.4 Creating hub-subtended clusters.............................................................271
Managing administration settings
20 Managing administration settings ............................................278
20.1 Administration settings overview .............................................................280
20.1.1 Comments in Administration Tree settings..............................................280
20.2 Modifying GUI settings ............................................................................281
Administrator Guide
20.3 Managing SNMP settings ........................................................................283

20.3.1 Managing SNMP profiles.........................................................................288
20.4 Configuring SSH public key of the NE.....................................................291
20.5 Configuring file transfer protocol settings ................................................293
20.5.1 SFTP with key based authentication .......................................................295
20.6 Configuring a TL1/CLI protocol selection strategy for a reachability
test...........................................................................................................295
20.7 Configuring TFTP server settings............................................................296
20.8 Configuring TFTP client settings .............................................................298
20.9 Administrating alarms ..............................................................................298
20.9.1 Historical Alarm view protection ..............................................................298
20.9.1.1 Viewing historical alarms when view protection is enabled .....................299
20.9.1.2 Configuring the Historical Alarm view protection .....................................299
20.9.2 Monitoring unstable services ...................................................................300
20.10 Filtering alarms ........................................................................................301
20.10.1 Filtering alarms from the NE....................................................................301
20.10.2 Filtering alarms from the 5520 AMS ........................................................301
20.10.2.1 Filtering out low severity alarms ..............................................................302
20.10.2.2 Saving alarms to a file for offline analysis ...............................................302
20.10.2.3 Suppressing toggling alarms ...................................................................302
20.11 Configuring EMS local alarms .................................................................302
20.12 Configuring alarm settings.......................................................................303
20.13 Configuring NE Alarm Processing Settings .............................................310
20.14 Configuring the suppression of toggling alarms ......................................313
20.15 Creating NE environmental alarm templates...........................................315
20.16 Customizing NE environmental alarm definitions ....................................316
20.17 Configuring PM settings ..........................................................................317
20.18 Configuring cut through settings..............................................................318
20.19 Configuring NE backup settings ..............................................................319
20.20 Configuring splitter settings .....................................................................320
20.21 Configuring Action Manager settings.......................................................321
20.22 Configuring subscriber search settings ...................................................322
20.23 Configuring supervision settings..............................................................322
20.24 Configuring EMS tracing settings ............................................................326
20.25 Configuring time zone settings ................................................................327
20.26 Configuring user activity log settings .......................................................330
20.27 Configuring NE plug-in settings ...............................................................330
20.28 Managing NE-based TL1 users from the 5520 AMS GUI .......................331
20.28.1 Enabling the TL1 credentials synchronization strategy ...........................332
20.28.1.1 NE TL1 user parameters managed through the 5520 AMS GUI.............332
20.28.2 Updating TL1 credentials in multiple NEs................................................332
20.28.3 Configuring the NE to enable access to TL1 users .................................333
20.29 Copying NE plug-in settings ....................................................................333
20.30 Configuring template settings ..................................................................334
20.31 Managing users and settings...................................................................334
20.32 Managing license settings .......................................................................335
20.33 Managing site settings.............................................................................335
20.34 Authentication and Authorization.............................................................339
20.34.1 RADIUS authentication............................................................................341
Administrator Guide
20.34.2 LDAP authentication................................................................................344

20.34.3 LDAP authorization..................................................................................347
20.34.4 RADIUS authorization .............................................................................347
20.34.5 LDAP/RADIUS authentication and authorization.....................................347
20.34.6 RADIUS Accounting ................................................................................350
20.35 Configuring application server settings....................................................351
20.36 Viewing data server settings....................................................................354
20.37 Configuring SNTP settings ......................................................................355
20.38 Configuring inventory basic settings........................................................356
20.38.1 Collection failure alarms ..........................................................................359
20.39 Configuring proxy settings in the 5520 AMS clients to access the
Internet ....................................................................................................360
20.40 Configuring the SIP file transfer protocols ...............................................361
20.41 Configuring FTP for SIP ..........................................................................362
20.42 Configuring AMS Settings for NBI ...........................................................368
20.43 Configuring 5530 NA-F settings ..............................................................370
20.44 Configuring HDM NBI settings.................................................................371
20.45 Configuring zero touch provisioning settings...........................................372
Managing data
21 Managing data.............................................................................376
21.1 Managing data overview..........................................................................376
21.1.1 NE backup and restore............................................................................376
21.1.2 Verifying backup files periodically............................................................377
21.2 Backing up the 5520 AMS database .......................................................377
21.2.1 Data preserved in a backup.....................................................................378
21.2.2 Backup log files .......................................................................................378
21.2.3 Backing up in a cluster ............................................................................378
21.2.4 Scheduling backups ................................................................................382
21.3 Restoring the 5520 AMS database..........................................................385
21.3.1 Restoring the 5520 AMS database on the same server..........................385
21.3.2 Restoring the 5520 AMS database on a new server (cold standby) .......389
21.4 Backing up the 5520 AMS software ........................................................394
21.4.1 Backup log files .......................................................................................394
21.4.2 Backing up in a cluster ............................................................................394
21.5 Restoring the 5520 AMS software...........................................................395
21.5.1 Restore log files.......................................................................................395
21.6 Exporting and importing data...................................................................396
21.7 Exporting data to a file in CSV format .....................................................404
21.8 Performing a forced collection of inventory basic data ............................405
21.9 Splitting and concatenating a backup file ................................................406
Managing schedules, links, and codes
22 Managing schedules ..................................................................410
22.1 Schedules overview.................................................................................410
22.1.1 Schedule view .........................................................................................410
22.1.2 Effect of DST changes.............................................................................411
22.1.2.1 Simple schedules ....................................................................................411
22.1.2.2 Complex schedules .................................................................................411
Administrator Guide
22.2 Creating a simple schedule .....................................................................412

22.3 Creating a complex schedule ..................................................................413
22.4 Viewing a list of schedules ......................................................................414
22.4.1 Viewing a list of schedules for an NE ......................................................414
22.5 Modifying a schedule...............................................................................415
22.6 Modifying a task.......................................................................................415
22.7 Unscheduling a task ................................................................................416
22.8 Deleting a schedule .................................................................................417
22.9 Scheduling an NE database backup .......................................................417
23 Managing customized web links and operator defaults .........422
23.1 Managing customized web links overview...............................................422
23.1.1 Customized Web Links view....................................................................423
23.1.2 Dynamic data...........................................................................................423
23.2 Adding a customized web link .................................................................424
23.3 Modifying a customized web link .............................................................427
23.4 Deleting a customized web link ...............................................................428
23.5 Duplicating a customized web link...........................................................429
23.6 Managing operator default templates ......................................................429
23.7 Creating an operator default template .....................................................430
23.8 Viewing operator default templates .........................................................430
23.9 Duplicating operator default templates ....................................................431
23.10 Modifying operator default templates ......................................................431
24 Managing CPE vendor ID and country codes ..........................434
24.1 CPE vendor ID and country codes overview ...........................................434
24.1.1 ANSI and ETSI vendor identification numbers ........................................434
24.1.2 ITU-T country codes ................................................................................436
24.2 Adding CPE vendor ID and country codes ..............................................439
24.3 Deleting CPE vendor ID and country codes ............................................440
Cluster management
25 Cluster management ..................................................................444
25.1 Cluster management overview ................................................................444
25.1.1 EMS alarms .............................................................................................445
25.2 Using more than one application server ..................................................445
25.3 Using more than one data server ............................................................449
25.3.1 Data server switchover conditions...........................................................449
25.3.2 Forcing a data server switchover.............................................................450
26 Configuring VM templates on the 5520 AMS application
server ...........................................................................................452
26.1 VM templates configuration overview......................................................452
26.2 Cloning an application server ..................................................................452
Logs
27 Managing logs.............................................................................458
27.1 Managing logs and audits overview ........................................................458
27.2 Configuring user activity log settings .......................................................459
27.3 Viewing user activity logs ........................................................................462
Administrator Guide
27.4 Filtering user activity logs ........................................................................465

27.5 Saving user activity logs to file ................................................................467
27.6 Viewing user login statistics.....................................................................468
27.7 Viewing tracing logs.................................................................................468
27.8 Viewing system logs ................................................................................469
27.9 Clearing log files ......................................................................................472
27.10 Configuring system logs ..........................................................................472
27.10.1 Changing the log type..............................................................................482
27.10.2 Configuring the expiry of database logs ..................................................486
27.10.3 Auditing and identifying security violations ..............................................486
27.11 Configuring event log settings .................................................................486
27.12 Editing the log4j2.properties file ..............................................................488
27.13 Viewing AMS GUI logs ...........................................................................489
27.14 Auditing configuration file changes..........................................................490
27.15 Backup and restore log files ....................................................................491
28 Syslogs ........................................................................................492
28.1 Overview..................................................................................................492
28.1.1 Architecture .............................................................................................493
28.2 Viewing syslog system parameters .........................................................494
28.3 Managing a syslog server........................................................................494
28.4 Configuring the syslog rotation settings...................................................497
28.5 Viewing security log files .........................................................................498
28.6 Viewing alarm logs ..................................................................................499
Monitoring and fault management
29 Managing alarm rules.................................................................504
29.1 Overview of managing alarm rules ..........................................................504
29.2 Managing alarm rules ..............................................................................504
29.3 Performance graphs for alarm rules ........................................................513
30 EMS performance monitoring ...................................................514
30.1 EMS performance monitoring overview...................................................514
30.1.1 Components of the EMS performance monitoring view ..........................515
30.1.1.1 Modifiers in the graph ..............................................................................516
30.2 Graph overview .......................................................................................516
30.2.0.1 How to interpret fractional values? ..........................................................518
30.3 Managing EMS performance monitoring .................................................518
Appendix
31 5520 AMS server scripts ............................................................524
31.1 5520 AMS server scripts overview ..........................................................526
31.2 ams_server..............................................................................................527
31.2.1 start..........................................................................................................529
31.2.2 stop..........................................................................................................529
31.2.3 restart ......................................................................................................531
31.2.4 status .......................................................................................................532
31.2.4.1 5520 AMS processes and statuses .........................................................536
31.2.4.2 Output for a simplex server .....................................................................538
31.2.4.3 Output for an application + data server in a cluster .................................539
Administrator Guide
31.2.4.4 Output for an application server in a cluster ............................................540

31.2.4.5 Output for a data server in a cluster ........................................................541
31.2.4.6 Output for an arbiter server in a cluster ...................................................543
31.2.5 resetgeo...................................................................................................543
31.2.6 version .....................................................................................................544
31.2.6.1 Example of version command output ......................................................545
31.2.6.2 Example of version save command output (no file name provided)........545
31.2.6.3 Example of version verify command output.............................................546
31.3 ams_activate ...........................................................................................547
31.4 ams_audit_agent_alarm ..........................................................................547
31.5 ams_backup ............................................................................................548
31.6 ams_change_ip_subnet_server ..............................................................549
31.7 ams_cluster .............................................................................................550
31.7.1 restart ......................................................................................................551
31.7.2 start..........................................................................................................551
31.7.3 stop..........................................................................................................552
31.7.4 status .......................................................................................................552
31.7.4.1 Output for ams_cluster status command.................................................553
31.7.5 status sw..................................................................................................554
31.7.6 status --detailed .......................................................................................554
31.7.6.1 Output for ams_cluster status --detailed command ................................554
31.7.7 switch.......................................................................................................555
31.7.8 evacuate_ne cluster_ip_address.............................................................556
31.7.9 unevacuate_ne cluster_ip_address weight .............................................556
31.7.10 deletehost cluster_ip_address.................................................................557
31.8 ams_copy_datafiles.................................................................................557
31.8.1 Copying data files in an in-place migration scenario ...............................557
31.8.2 Copying data files in an out-of-place migration scenario.........................558
31.8.3 Sample output of the script using the --from-backup option ....................559
31.8.4 Sample output of the script using the --from-release option....................560
31.9 ams_configure_ssh_timeouts..................................................................560
31.10 ams_db_defragment................................................................................561
31.10.1 Database defragmentation for simplex, cluster, and geographical
redundant clusters ...................................................................................564
31.11 ams_export..............................................................................................565
31.12 ams_exttl1gw_integration........................................................................567
31.12.1 configure..................................................................................................567
31.12.2 unconfigure..............................................................................................568
31.12.3 start-active ...............................................................................................569
31.12.4 start-standby............................................................................................569
31.12.5 stop..........................................................................................................570
31.13 ams_geo_configure .................................................................................571
31.14 ams_hub_sub_link_mgr ..........................................................................571
31.15 ams_import..............................................................................................571
31.16 ams_install...............................................................................................573
31.17 ams_install_license .................................................................................574
31.18 ams_createfirstuser .................................................................................574
31.19 ams_link_mgr ..........................................................................................575
31.20 ams_mediagw_mgr .................................................................................576
Administrator Guide
31.21 ams_ne_cli ..............................................................................................576

31.21.1 Format of the input command file ............................................................577
31.21.2 Example of an input command file ..........................................................577
31.21.3 Example output........................................................................................577
31.22 ams_nebackup ........................................................................................578
31.23 ams_nerestore.........................................................................................579
31.24 ams_show_ne_balancing ........................................................................579
31.25 ams_remove_data...................................................................................586
31.26 ams_ne_mgr............................................................................................587
31.27 ams_restore.............................................................................................587
31.28 ams_retrieve_ip_by_nename ..................................................................588
31.29 ams_retrieve_pap_ne_from_db...............................................................588
31.30 ams_schedule_backup............................................................................589
31.31 ams_splitter_mgr .....................................................................................592
31.32 ams_sw_backup......................................................................................593
31.33 ams_switch_active_dataserver ...............................................................594
31.34 ams_switch_authentication_local ............................................................594
31.35 ams_tracing .............................................................................................595
31.36 ams_uninstall...........................................................................................595
31.37 ams_update_limit ....................................................................................595
31.38 ams_user_mgr.........................................................................................595
31.39 ams_check_ssl ........................................................................................596
31.40 convert5526AMSTo5523AWS.................................................................596
31.41 createUsernamePassword ......................................................................596
31.42 DEMO_IT_infrastructure_integration.......................................................597
31.43 ams_disable_ssl ......................................................................................597
31.44 ams_enable_ssl.......................................................................................598
31.45 getAgentlist..............................................................................................598
31.46 innotop.....................................................................................................600
31.47 ams_reset_logs .......................................................................................600
31.48 retrieve_nes.............................................................................................601
31.49 ams_simplex_to_cluster ..........................................................................602
31.50 switchover_hook......................................................................................602
31.51 ams_log_manager...................................................................................602
31.52 ams_apps_stats_converter .....................................................................609
31.53 ams_updatefirewall..................................................................................609
31.53.1 Connection logging..................................................................................611
31.54 getLicenseCounter ..................................................................................611
31.55 convert_to_shorter_line ...........................................................................612
31.56 ams_reconfigure_host .............................................................................613
31.57 ams_support............................................................................................613
31.58 ams_update_database_pwd ...................................................................615
31.59 ams_renew_isam_ssh_info .....................................................................617
31.60 ams_set_snmp_trap_port........................................................................619
32 RADIUS authentication scenarios.............................................622
32.1 RADIUS authentication overview ............................................................622
33 Installing Web Map Server on Ubuntu ......................................624
33.1 Installing Web Map Server on Ubuntu.....................................................624
Administrator Guide
Index ......................................................................................................634
Administrator Guide
Administrator Guide
List of figures
Figure 1 Acceptable alarm event rates and overload protection mechanisms
implemented by the 5520 AMS ...............................................................301
Figure 2 Components of the EMS Performance Monitoring graph........................515
Figure 3 Average number of backups submitted ...................................................517
Administrator Guide
Administrator Guide
List of tables
1 Preface...........................................................................................28
Table 1 Documentation conventions ......................................................................29
2 What’s new ....................................................................................36
Table 2 What’s new in Release 9.7.03 ...................................................................36
Table 3 What’s new in Release 9.7 ........................................................................38
Table 4 What’s new in Release 9.6.07 ..................................................................40
3 Overviews......................................................................................56
Table 11 Environment variables ...............................................................................57
Table 12 Error messages at login failure..................................................................62
Table 13 5520 AMS license information...................................................................69
Table 14 License installation from the 5520 AMS server .........................................73
Table 15 License installation error scenarios ...........................................................73
6 Using the 5520 AMS securely......................................................80
Table 16 Options for configuring the 5520 AMS for secure operation......................80
7 Managing SSL ...............................................................................82
Table 17 Secure ports for SSL configuration............................................................91
9 User accounts .............................................................................104
Table 18 Default roles ............................................................................................106
Table 19 5520 AMS function descriptions ..............................................................107
Table 20 User settings parameters ........................................................................123
Table 21 User account parameters ........................................................................126
Table 22 5520 AMS server scripts executed by users in the amssys group ..........135
Table 23 User configuration options for the ams_user_mgr script .........................138
Table 24 Add or modify user input file parameters.................................................139
Table 25 Delete user, suspend user, resume user, list user and expire
password input file parameters................................................................141
Table 26 Reset password input file parameters .....................................................142
Table 27 Options for the ams_user_mgr script ......................................................143
Table 28 NAT between the 5520 AMS server and the NEs ...................................186
Table 29 Define format for a subscriber attribute parameters ................................196
Table 30 Edit a subscriber search attribute category parameters ..........................199
Administrator Guide

Table 31 Set up the External TL1 Gateway for use in a cluster .............................203
Table 32 Access privileges.....................................................................................207
Table 33 Input file parameters................................................................................226
Table 34 Options for the ams_ne_mgr script .........................................................229
Table 35 Input file parameters ...............................................................................232
Table 36 CLI input command text file parameters..................................................233
Table 37 Link management settings.......................................................................253
Table 38 Link creation parameter details ...............................................................255
Table 39 Input file parameters for G6-GPON links.................................................255
Table 40 Input file parameters for
7302 ISAM/7330 ISAM FTTN/7356 ISAM FTTB/ 7360 ISAM FX links ...257
Table 41 Input file parameters for ISAM-MDU links ...............................................257
Table 42 Input file parameters for NE-NE links ......................................................258
Table 43 Options for the ams_link_mgr script ........................................................260
Table 44 Input file parameters for Media Gateway ................................................265
Table 45 Options for ams_mediagw_mgr script .....................................................271
Table 46 Input file parameters................................................................................272
Table 47 Options for the ams_hub_sub_link_mgr script ........................................274
Table 48 GUI settings.............................................................................................282
Table 49 Connections settings ...............................................................................284
Table 50 NE Detection settings ..............................................................................285
Table 51 SNMP trap parameters............................................................................286
Table 52 SNMP retries parameters ........................................................................287
Table 53 Create SNMPv3 User parameters...........................................................289
Table 54 Create SNMP Profile parameters ............................................................290
Table 55 File transfer protocols supported by NE type ..........................................293
Table 56 TFTP server settings ...............................................................................297
Table 57 EMS Alarm Severity Assignment settings parameters ............................303
Table 58 Alarm settings parameters.......................................................................304
Table 59 NE Alarm Processing Settings parameters .............................................311
Table 60 ENV Alarm Template parameters............................................................316
Table 61 PM settings..............................................................................................318
Table 62 Cut through settings ................................................................................319
Table 63 NE backup settings..................................................................................320
Table 64 Splitter settings ........................................................................................320
Table 65 Actions settings .......................................................................................321
Table 66 Supervision settings ................................................................................323
Table 67 Minimum and maximum time calculation for NE isolation alarm .............326
Table 68 Alarm and event time display behavior with time zones configured
and NEs in different time zones...............................................................329
Table 69 Template settings ....................................................................................334
Table 70 Site settings .............................................................................................336
Table 71 Authentication modes ..............................................................................340
Table 72 Authorization modes................................................................................340
Administrator Guide
Table 73 User account parameters for LDAP/RADIUS server ...............................348

Table 74 Mapping of Termination Causes..............................................................350
Table 75 Application server settings.......................................................................352
Table 76 Version and plug-in details ......................................................................353
Table 77 Data server settings.................................................................................354
Table 78 SNTP server settings...............................................................................356
Table 79 Basic Settings parameters.......................................................................358
Table 80 Inventory collection alarms ......................................................................359
Table 81 Configure SIP ..........................................................................................362
Table 82 Guidelines for SIP parameters ................................................................363
Table 83 Parameters of AMS Settings ...................................................................369
Table 84 5530 NA-F Settings .................................................................................370
Table 85 HDM NBI Settings ...................................................................................372
Table 86 Zero touch provisioning Settings .............................................................373
21 Managing data.............................................................................376
Table 87 Options for the ams_schedule_backup script..........................................382
Table 88 Types of records for selective export.......................................................399
Table 89 Disabled forced inventory data collection—reasons and corrective
actions .....................................................................................................405
Table 90 Add Schedule - Simple Schedule parameters.........................................413
Table 91 Complex schedule parameters................................................................414
Table 92 Customized Web Links view....................................................................423
Table 93 Customized web link parameters ............................................................424
Table 94 Dynamic data parameters .......................................................................426
Table 95 CPE vendor identification numbers .........................................................434
Table 96 ITU-T country codes ................................................................................436
Table 97 Add Dialog window parameters...............................................................440
server ...........................................................................................452
Table 98 Edit settings .............................................................................................453
Table 99 VM Guest Customization Spec settings ..................................................454
27 Managing logs.............................................................................458
Table 100 User activity log settings..........................................................................460
Table 101 Applications in the User Activity Log view ...............................................464
Table 102 System log files .......................................................................................473
Table 103 Traces and debug files ............................................................................474
Table 104 Configuration parameters to change log levels .......................................479
Table 105 Possible scenarios and values ................................................................480
Table 106 Possible exit codes..................................................................................484
Table 107 Security actions and related log file.........................................................486
28 Syslogs ........................................................................................492
Table 108 Syslog messages ....................................................................................492
Table 109 Syslog system parameters ......................................................................494
Administrator Guide
Table 110 Syslog server parameters........................................................................495

Table 111 Syslog server type options ......................................................................495
Table 112 Security log tasks ....................................................................................498
Table 113 Alarm log parameters ..............................................................................499
Table 114 Alarm Rules view parameters..................................................................505
Table 115 Add or modify an alarm rule ....................................................................506
Table 116 Add or modify a rule (continued) .............................................................508
Table 117 Modifiers used in the EMS Performance Monitoring graph .....................516
Table 118 TCA entry settings ...................................................................................519
Table 119 Start - service names and output.............................................................529
Table 120 Stop - service names and output.............................................................530
Table 121 Restart - service names and output.........................................................531
Table 122 Status - service names and output ..........................................................533
Table 123 ams_server and ams_cluster status parameter descriptions ..................534
Table 124 5520 AMS processes status parameter descriptions ..............................537
Table 125 Version - service names and output ........................................................544
Table 126 Start - sub-options ...................................................................................552
Table 127 Switch - sub-options ................................................................................556
Table 128 Output of defragmenation with performance details................................563
Table 129 Supported NE product and NE type ........................................................581
Table 130 Error messages for ams_set_snmp_trap_port script...............................620
32 RADIUS authentication scenarios.............................................622
Table 131 RADIUS authentication scenarios ...........................................................623
Administrator Guide
List of procedures
1 Preface...........................................................................................28
Procedure 1 Example of NE navigation convention.......................................................30
Procedure 2 Example of options in a procedure ............................................................30
Procedure 3 Example of substeps in a procedure .........................................................31
Procedure 4 To search multiple PDF files for a term .....................................................31
3 Overviews......................................................................................56
Procedure 5 To find contact information for technical assistance..................................59
Procedure 6 To log in to the 5520 AMS client as an administrator ................................61
Procedure 7 To synchronize server and client time .......................................................63
Procedure 8 To log in to a 5520 AMS server as amssys ..............................................64
Procedure 9 To restrict login server selection in Windows or Red Hat Enterprise
Linux ..........................................................................................................65
Procedure 10 To add a license key from the 5520 AMS GUI ..........................................72
Procedure 11 To add a license key from the 5520 AMS server.......................................73
Procedure 12 To view license keys..................................................................................74
Procedure 13 To update a license key.............................................................................75
Procedure 14 To add or remove LT licenses ...................................................................76
Procedure 15 To view license usage ...............................................................................76
7 Managing SSL ...............................................................................82
Procedure 16 To generate a customized keystore ..........................................................84
Procedure 17 To list the customized keystore .................................................................84
Procedure 18 To enable SSL between the 5520 AMS server and 5520 AMS GUI
client ..........................................................................................................85
Procedure 19 To enable SSL communication with a customized keystore .....................85
Procedure 20 To confirm the status of SSL .....................................................................87
Procedure 21 To reinstall the Windows or Red Hat Enterprise Linux client to
activate SSL changes................................................................................87
Procedure 22 To switch from the default to a customized keystore.................................88
Procedure 23 To switch from a customized to the default keystore.................................89
Procedure 24 To disable SSL between the 5520 AMS server and the 5520 AMS
GUI client...................................................................................................90
Procedure 25 To install a self-signed certification............................................................92
Procedure 26 To generate a certificate signed by CA .....................................................94
8 Managing HTTPS ..........................................................................98
Procedure 27 To replace the default HTTPS certificate...................................................99
Procedure 28 To enable the HTTP communication .........................................................99
9 User accounts .............................................................................104
Procedure 29 To create a user account.........................................................................133
Procedure 30 To add a new user account to the amssys group....................................135
Procedure 31 To copy the existing input files for the 5520 AMS server scripts .............137
Administrator Guide
Procedure 32 To create an input file for the ams_user_mgr script ................................139

Procedure 33 To run the password encryption script.....................................................142
Procedure 34 To manage users using the ams_user_mgr script ..................................143
Procedure 35 To lock a user from the 5520 AMS GUI...................................................145
Procedure 36 To unlock a user ......................................................................................146
Procedure 37 To lock all users with a specific role ........................................................147
Procedure 38 To unlock all users with a specific role ....................................................147
Procedure 39 To view user statistics .............................................................................148
Procedure 40 To define global password and username rules......................................148
Procedure 41 To change a user password in the 5520 AMS GUI .................................149
Procedure 42 To change the password of a default user on the 5520 AMS
application server ....................................................................................150
Procedure 43 To configure a password dictionary.........................................................151
Procedure 44 To view user functions.............................................................................152
Procedure 45 To create user roles.................................................................................152
Procedure 46 To assign a user to a user role in the 5520 AMS GUI .............................153
Procedure 47 To configure the superuser role...............................................................154
10 PAPs ............................................................................................156
Procedure 48 To create a PAP ......................................................................................158
Procedure 49 To change the PAP associated with an NE or NE group ........................160
Procedure 50 To create a PAP group ............................................................................161
11 User sessions .............................................................................164
Procedure 51 To view user session information ............................................................165
Procedure 52 To close an active user session ..............................................................165
Procedure 53 To configure the inactivity logout timeout ................................................166
Procedure 54 To configure the global inactivity logout timeout value ............................167
Procedure 55 To configure the inactivity lock screen timeout........................................167
Procedure 56 To configure the global inactivity lock screen timeout value....................168
Procedure 57 To configure the global timeout value to lock a dormant account ...........169
Procedure 58 To configure the global timeout value to delete a dormant account ........169
Procedure 59 To configure the dormant account lock timeout for a user ......................170
Procedure 60 To configure the dormant user deletion timeout ......................................170
Procedure 61 To configure the maximum concurrent user sessions .............................171
Procedure 62 To configure the maximum number of users displayed in
Administration Tree .................................................................................172
Procedure 63 To search for a user from the Administration Tree ..................................172
Procedure 64 To retrieve the IP address of an NE by the NE name .............................179
Procedure 65 To configure automatic supervision of newly created NEs......................179
Procedure 66 To generate an NE list.............................................................................182
Procedure 67 To generate an NE list using a cron job ..................................................182
Procedure 68 To generate an agent list.........................................................................184
Procedure 69 To generate an agent list using a cron job ..............................................184
Procedure 70 To configure DCN settings ......................................................................186
14 Managing SNTP and time zones ...............................................188
Procedure 71 To create an external SNTP server .........................................................190
Procedure 72 To modify the time zone ..........................................................................191
Administrator Guide
Procedure 73 To change time zone information for an NE ............................................192

Procedure 74 To define the format for a subscriber attribute.........................................195
Procedure 75 To create a subscriber search attribute category ....................................197
Procedure 76 To edit a subscriber search attribute category ........................................198
Procedure 77 To move an attribute to a different subscriber search attribute
category...................................................................................................199
Procedure 78 To delete a subscriber search attribute or attribute category ..................200
Procedure 79 To revert the changes in subscriber search attribute categories
view .........................................................................................................201
Procedure 80 To configure the External TL1 Gateway using the External TL1
Gateway integration script .......................................................................204
Procedure 81 To unconfigure the External TL1 Gateway using the External TL1
Gateway integration script .......................................................................205
Procedure 82 To create an External TL1 Gateway server.............................................208
Procedure 83 To delete an External TL1 Gateway server .............................................209
Procedure 84 To export External TL1 Gateway settings ...............................................209
Procedure 85 To associate all unassigned NEs to an External TL1 Gateway
server.......................................................................................................210
Procedure 86 To associate one NE to an External TL1 Gateway server.......................210
Procedure 87 To disassociate NEs from an External TL1 Gateway server ...................211
Procedure 88 To establish an External TL1 Gateway connection .................................211
Procedure 89 To start a new External TL1 Gateway user session from the NE............212
Procedure 90 To configure or modify an External TL1 Gateway ...................................212
Procedure 91 To log in using the External TL1 Gateway Manager ...............................213
Procedure 92 To change an External TL1 Gateway user password..............................214
Procedure 93 To load command templates on the External TL1 Gateway....................215
Procedure 94 To send TL1 commands..........................................................................216
Procedure 95 To clear command templates on the External TL1 Gateway...................216
Procedure 96 To start batch execution actions on the External TL1 Gateway ..............217
Procedure 97 To stop batch execution actions on the External TL1 Gateway ..............217
Procedure 98 To add a TNM user profile on the External TL1 Gateway .......................218
Procedure 99 To list TNM user profiles..........................................................................219
Procedure 100 To remove a TNM user profile.................................................................219
Procedure 101 To terminate TNM sessions on the External TL1 Gateway .....................220
Procedure 102 To view External TL1 Gateway statistics.................................................221
Procedure 103 To view External TL1 Gateway release and license information.............221
Procedure 104 To manage alarm logs.............................................................................222
Procedure 105 To create an input file for the ams_ne_mgr script with option -
createNE..................................................................................................225
Procedure 106 To add NEs using the ams_ne_mgr script ..............................................229
Procedure 107 To create an input file for ams_ne_mgr script with option -
modifyNE .................................................................................................231
Procedure 108 To create an input file for the ams_splitter_mgr .....................................232
Procedure 109 To configure NEs using the ams_ne_cli script ........................................234
Administrator Guide
18 Backing up and restoring NE software.....................................236

Procedure 110 To back up the NE...................................................................................237
Procedure 111 To restore an NE .....................................................................................239
Procedure 112 To view the backup or restore status.......................................................241
Procedure 113 To view and filter NE backup files ...........................................................243
Procedure 114 To copy NE backup files..........................................................................244
Procedure 115 To align the 5520 AMS database with stored NE backups .....................244
Procedure 116 To delete NE backup files........................................................................245
Procedure 117 To check NE backup consistency............................................................246
Procedure 118 To install vprocmon.bin file in an external server ....................................248
Procedure 119 To create multiple NEs backup consistency............................................249
Procedure 120 To synchronize the NE tools....................................................................250
Procedure 121 To initiate an NE backup or restore when the 5520 AMS is used as
a craft terminal.........................................................................................251
Procedure 122 To configure link management settings...................................................252
Procedure 123 To create an input file for the ams_link_mgr script..................................254
Procedure 124 To add links using the ams_link_mgr script.............................................260
Procedure 125 Align the G6-GPON links in the 5520 AMS .............................................262
Procedure 126 Audit the provisioned link in the 5520 AMS .............................................263
Procedure 127 To create an input file for the ams_mediagw_mgr script.........................264
Procedure 128 To create a Media Gateway using ams_mediagw_mgr script.................270
Procedure 129 To create an input file for the ams_hub_sub_link_mgr script ..................272
Procedure 130 To create a cluster using the ams_hub_sub_link_mgr script ..................273
Procedure 131 To modify GUI settings ............................................................................281
Procedure 132 To configure SNMP connections .............................................................284
Procedure 133 To configure NE detection settings..........................................................284
Procedure 134 To configure SNMP traps ........................................................................285
Procedure 135 To configure SNMP retries ......................................................................286
Procedure 136 To create an SNMPv3 user on the 5520 AMS ........................................289
Procedure 137 To create an SNMP profile ......................................................................290
Procedure 138 To configure SSH settings.......................................................................292
Procedure 139 To refresh SSH server public keys in the SSH known_hosts file for
all NEs .....................................................................................................292
Procedure 140 To configure file transfer protocol settings...............................................294
Procedure 141 To perform a file transfer test ..................................................................294
Procedure 142 To configure a TL1/CLI protocol selection strategy for a reachability
test...........................................................................................................296
Procedure 143 To configure TFTP server settings ..........................................................296
Procedure 144 To configure TFTP client settings............................................................298
Procedure 145 To clear the ‘Service Unstable’ alarm......................................................300
Procedure 146 To configure EMS local alarms................................................................302
Procedure 147 To configure alarm storage......................................................................304
Procedure 148 To configure the delay before an alarm is deleted from the
Historical Alarm view ...............................................................................309
Procedure 149 To configure NE Alarm Processing Settings ...........................................310
Procedure 150 To configure the suppression of toggling alarms.....................................314
Administrator Guide
Procedure 151 To create environmental alarm templates ...............................................315

Procedure 152 To customize environmental alarm definitions ........................................316
Procedure 153 To configure PM settings.........................................................................317
Procedure 154 To configure cut through settings ............................................................318
Procedure 155 To configure NE backup settings.............................................................319
Procedure 156 To configure splitter management settings..............................................320
Procedure 157 To configure Action Manager settings .....................................................321
Procedure 158 To configure subscriber search settings..................................................322
Procedure 159 To configure supervision settings ............................................................322
Procedure 160 To configure EMS tracing settings...........................................................326
Procedure 161 To configure the EMS Detailed Tracing for an NE ..................................327
Procedure 162 To reset the tracing level to the default on all NEs ..................................327
Procedure 163 To configure time zone settings...............................................................329
Procedure 164 To configure NE plug-in settings .............................................................330
Procedure 165 To copy NE plug-in settings.....................................................................333
Procedure 166 To configure template settings ................................................................334
Procedure 167 To configure the license alarm threshold.................................................335
Procedure 168 To configure the daily license collection start time ..................................335
Procedure 169 To configure site settings.........................................................................336
Procedure 170 To enable RADIUS authentication...........................................................342
Procedure 171 To revert to database authentication .......................................................342
Procedure 172 To disable RADIUS authentication ..........................................................344
Procedure 173 LDAP authentication based on MD5 algorithm........................................344
Procedure 174 To enable LDAP or LDAPS authentication..............................................345
Procedure 175 To disable LDAP authentication ..............................................................346
Procedure 176 To add a CA certificate for LDAPS ..........................................................346
Procedure 177 To configure application server settings ..................................................351
Procedure 178 To view 5520 AMS version and plug-in details........................................353
Procedure 179 To view data server settings....................................................................354
Procedure 180 To configure SNTP settings.....................................................................355
Procedure 181 To configure inventory basic settings ......................................................357
Procedure 182 To configure the proxy settings in the 5520 AMS Red Hat
Enterprise clients to access the Internet..................................................360
Procedure 183 To configure the SIP file transfer protocols using the 5520 AMS
GUI ..........................................................................................................361
Procedure 184 To configure an FTP server for SIP.........................................................363
Procedure 185 To create an anonymous FTP user .........................................................364
Procedure 186 To configure the 5520 AMS to upload the SIP configuration file to an
external FTP server .................................................................................367
Procedure 187 To configure AMS settings for NBI using 5520 AMS GUI .......................368
Procedure 188 To configure 5530 NA-F settings.............................................................370
Procedure 189 To configure HDM NBI settings ...............................................................371
Procedure 190 To configure zero touch provisioning settings .........................................373
21 Managing data.............................................................................376
Procedure 191 To back up the 5520 AMS database .......................................................379
Procedure 192 To back up the 5520 AMS database in a geo-redundant cluster ............380
Procedure 193 To back up the NE backup database ......................................................381
Procedure 194 To modify the default options for the ams_schedule_backup script........384
Procedure 195 To schedule backups of the 5520 AMS database ...................................384
Administrator Guide
Procedure 196 To restore the 5520 AMS database on the same standalone server ......386
Procedure 197 To restore the 5520 AMS database on the same cluster ........................386
Procedure 198 To restore the 5520 AMS database on the same geo-redundant
cluster ......................................................................................................387
simplex ....................................................................................................388
Procedure 200 To restore the NE backup database........................................................389
Procedure 201 To restore the 5520 AMS database on a new standalone server ...........390
Procedure 202 To restore the 5520 AMS database on a new cluster .............................391
Procedure 203 To restore the 5520 AMS database on a new geo-redundant
cluster ......................................................................................................392
Procedure 204 To restore the 5520 AMS database on a new geo-redundant
simplex ....................................................................................................393
Procedure 205 To back up the 5520 AMS software ........................................................395
Procedure 206 To restore the 5520 AMS software..........................................................396
Procedure 207 To export data using the 5520 AMS GUI.................................................397
Procedure 208 To selectively export records using the 5520 AMS GUI ..........................398
Procedure 209 To import data using the 5520 AMS GUI.................................................403
Procedure 210 To configure the field separator in the 5520 AMS GUI............................405
Procedure 211 To perform a forced inventory data collection .........................................406
Procedure 212 To split a backup file................................................................................407
Procedure 213 To concatenate a split backup file ...........................................................407
Procedure 214 To create a simple schedule....................................................................412
Procedure 215 To create a complex schedule.................................................................413
Procedure 216 To modify a schedule ..............................................................................415
Procedure 217 To modify a task ......................................................................................415
Procedure 218 To unschedule a task ..............................................................................416
Procedure 219 To delete a schedule ...............................................................................417
Procedure 220 To schedule an NE database backup from the perspective bar..............418
Procedure 221 To schedule an NE database backup from the Network Tree.................419
Procedure 222 To add a customized web link .................................................................424
Procedure 223 To modify a customized web link.............................................................427
Procedure 224 To delete a customized web link .............................................................428
Procedure 225 To duplicate a customized web link.........................................................429
Procedure 226 To create an operator default template ...................................................430
Procedure 227 To view operator default templates .........................................................430
Procedure 228 To duplicate operator default templates ..................................................431
Procedure 229 To modify operator default templates ......................................................432
Procedure 230 To delete operator defaults......................................................................432
Procedure 231 To add a CPE vendor ID and country code.............................................439
Procedure 232 To delete CPE vendor ID and country codes ..........................................440
25 Cluster management ..................................................................444
Procedure 233 To stop an application server without rebalancing the load.....................446
Procedure 234 To evacuate the NEs using the GUI ........................................................447
Administrator Guide
Procedure 235 To unevacuate the NEs using the GUI ....................................................448

Procedure 236 To force a data server switchover ...........................................................450
server ...........................................................................................452
Procedure 237 To create a VM template .........................................................................452
Procedure 238 To instantiate a VM template to a run an application server ...................453
27 Managing logs.............................................................................458
Procedure 239 To configure user activity log settings .....................................................459
Procedure 240 To purge and archive alarm or user activity log files ...............................462
Procedure 241 To view user activity logs.........................................................................465
Procedure 242 To apply a filter to the user activity log ....................................................466
Procedure 243 To delete a filter.......................................................................................467
Procedure 244 To save user activity logs to file...............................................................468
Procedure 245 To view user login statistics.....................................................................468
Procedure 246 To view and save tracing log files............................................................469
Procedure 247 To configure 5520 AMS GUI preferences for saving files .......................469
Procedure 248 To view system logs ................................................................................470
Procedure 249 To tail system logs...................................................................................471
Procedure 250 To clear log files ......................................................................................472
Procedure 251 To configure system logs.........................................................................478
Procedure 252 To change the log levels..........................................................................479
Procedure 253 To enable or disable a log .......................................................................481
Procedure 254 To change the log type ............................................................................483
Procedure 255 To set logging level..................................................................................484
Procedure 256 To configure logging settings...................................................................485
Procedure 257 To configure event logs ...........................................................................487
Procedure 258 To edit the log4j2.properties file ..............................................................488
Procedure 259 Restore to default option .........................................................................489
Procedure 260 To view the AMS GUI logs ......................................................................489
Procedure 261 To audit configuration file changes..........................................................490
28 Syslogs ........................................................................................492
Procedure 262 To view syslog system parameters .........................................................494
Procedure 263 To create a syslog server ........................................................................494
Procedure 264 To create a syslog server message.........................................................496
Procedure 265 To configure the syslog rotation settings .................................................497
Procedure 266 To rotate log files .....................................................................................497
Procedure 267 To view a security log ..............................................................................498
Procedure 268 To view alarm logs...................................................................................499
Procedure 269 To open the Alarm Rules view.................................................................504
Procedure 270 To add an alarm rule ...............................................................................505
Procedure 271 To modify an alarm rule...........................................................................510
Procedure 272 To delete alarm rules...............................................................................510
Procedure 273 To change the order of an alarm rule ......................................................511
Procedure 274 To change the status of alarm rules ........................................................511
Procedure 275 To check all alarm rules...........................................................................512
Administrator Guide

Procedure 276 To display EMS performance monitoring data and configure TCA .........518
Procedure 277 To export graphs .....................................................................................520
Procedure 278 To convert applicationStatistics files to CSV format ................................521
Procedure 279 Database defragmentation for a simplex setup .......................................564
Procedure 280 Database defragmentation for clusters....................................................564
Procedure 281 Database defragmentation for geographical redundant clusters.............565
33 Installing Web Map Server on Ubuntu ......................................624
Procedure 282 To install the Web Map Server on Ubuntu...............................................624
Administrator Guide Preface
1 Preface
The 5520 AMS provides fault, configuration, and performance management of the
underlying access networks, using a GUI and hierarchical tree navigation. The
5520 AMS also supports network productivity features such as equipment profile
management, NE backup and restore, and NE software management.
1.1 Documentation
The 5520 AMS Release Notice describes changes or enhancements made to the
software and its features, as well as information about delivery, compatibility, and
customer documentation.
The 5520 AMS Solution Planning Guide describes how to plan the purchase and
configuration of hardware and software to support the deployment of the 5520 AMS.
The 5520 AMS Server Configuration Technical Guidelines describes how to prepare
hardware for installation of the 5520 AMS, including information about installing the
server, setting up a cluster and configuring a network.
The 5520 AMS Installation and Migration Guide describes how to install, optimize,
and uninstall the 5520 AMS server, client, and plug-in components, as well as how
to migrate data to the 5520 AMS from other EMSs.
The 5520 AMS Administrator Guide describes administrative functions, including
management of server-client communication, users, NE communication, schedules,
links, and codes.
The 5520 AMS User Guide describes user functions, including monitoring, fault, and
alarm management and performing tasks that are common to the NEs.
The 5520 AMS Northbound Interface Guide describes functions supported by the
5520 AMS NBI.
The 5520 AMS Glossary provides descriptions of 5520 AMS-related terms and
acronyms.
The 5520 AMS and 5529 Enhanced Applications Alarm Search Tool provides
information about the 5529 Enhanced Application Alarms.
The 5520 AMS and 5529 Enhanced Applications Privacy Considerations provides
information on the product features that impact privacy and the measures taken to
protect such data.
1.2 Conventions used in this guide

The following table lists the conventions that are used in this guide.
Preface Administrator Guide
Table 1 Documentation conventions
Convention Description Examples
Key name Identifies a keyboard key Delete
Italics Identifies a variable hostname
Key+Key Type the appropriate consecutive keystroke sequence. CTRL+G
Key-Key Type the appropriate simultaneous keystroke sequence. CTRL-G
↵ Press the Return or Enter key. Press ↵
— An em dash in a table cell indicates that there is no —

information or that the category is not applicable.
* An asterisk is a wildcard character that means “any Path_analysis.*file

character” in a search argument.
An asterisk also indicates a default option for an NMTI
parameter.
→ Indicates a submenu File→Save
1.2.1 Important information

The following conventions are used to indicate important information:
Warning — Warning indicates that the described task or

situation may, or will, cause equipment damage or serious
performance problems.
Caution — Caution indicates that the described task or

situation may, or will, cause service interruption.
Note — Note provides information that is, or may be, of special

interest.
Applies to — The Applies to note indicates that the described

task or situation applies only in the situation specified.
1.2.2 Navigation steps

The 5520 AMS GUI allows you to navigate to objects using any of the following
methods:
• Navigation trees in the Network and Administration perspectives—expand,
collapse, and choose objects
• Graphical View—double-click on objects
• Search and Find utilities—enter information about the object in a window
See the 5520 AMS User Guide for more information about navigating in the GUI.
Procedure 1 Example of NE navigation convention
1 Navigate to the NE and choose object.
2 Right-click object and choose menu item.
1.2.3 Procedures with options or substeps

When there are options in a procedure, they are identified by an unordered list. When
there are substeps in a procedure, they are identified by roman numerals.
Procedure 2 Example of options in a procedure

At step 1, you can choose to perform one of the options provided in the unordered list. At step 2,
you must do what the step indicates.
1 This step offers two options. You must perform one of the following:
• This is one option.

• This is another option.
2 You must perform this step.
Procedure 3 Example of substeps in a procedure

At step 1, you must perform a series of substeps within a step. At step 2, you must do what the
step indicates.
1 This step has a series of substeps that you must perform to complete the step. You must
perform the following substeps:
i This is the first substep.
ii This is the second substep.
iii This is the third substep.
2 You must perform this step.
1.3 Multiple PDF file search

You can use Adobe Reader, Release 6.0 or later, to search multiple PDF files for a
term. Adobe Reader displays the results in a display panel. The results are grouped
by PDF file. You can expand the entry for each file.
Note — The PDF files in which you search must be in the same
folder.
Procedure 4 To search multiple PDF files for a term
1 Open the Adobe Reader.
2 Choose Edit→ Search from the Adobe Reader main menu.
Result: The Search panel opens.
3 Enter the term to search for.
4 Select All PDF Documents.
5 Choose the folder in which to search using the drop-down menu.
6 Select the following search criteria, if required:
• Whole words only

• Case-Sensitive
• Include Bookmarks
• Include Comments
7 Click Search.
Result: Adobe Reader displays the search results. Click the + symbol to expand the entries
for each file.
Note — After you click on hyperlink, right-click and choose Previous

View from the contextual menu to return to the location of the hyperlink
that you clicked on.
1.4 Contact information

If you have questions or comments about this documentation, contact:
documentation.feedback@nokia.com
Administrator Guide Getting started
Getting started
2 What’s new
3 Overviews
4 Logging in to the 5520 AMS
5 Managing licenses
Getting started Administrator Guide
Administrator Guide What’s new
2 What’s new
2.1 What’s new in Release 9.7.03
2.2 What’s new in Release 9.7

Table 2 lists the new 5520 AMS features and enhancements added to the 5520 AMS
Administrator Guide for Release 9.7.03.
Table 2 What’s new in Release 9.7.03
Feature/enhancement Description See

New features/enhancements
Managing LT licenses Added a section to add or remove LT licenses and to Section 5.5
view license usage for 10G_PON_enabled_LT license.
NE Communication Degraded alarms Added a parameter for minimum number of SNMP Table 52
requests per hour before raising a communication
degraded alarm
Global address filter Updated the section for ams_createfirstuser script to Section 31.18
include information about global address filter
Updated the default value and description for Use Tables 21 and 24
Global Address Filter and Address filter parameters
IP DSLAM Subscribers counter Added information about ‘IP DSLAM Data Subscribers’ Table 13
and ‘IP DSLAM Voice Subscribers’ counters
Clicking the background in the Graphical Added a parameter ‘Clicking the background in the Table 48
View Graphical View’ under GUI settings
(1 of 3)
What’s new Administrator Guide

Manage Users Based on PAP Added a parameter to configure the 5520 AMS to restrict Table 20
the users based on PAP
Added information about Manage Users Based on PAP Section 10.1

parameter
Resource Management Universal ID Added information about Resource Management Procedure 106
Universal ID which is created automatically by the 5520
AMS during the NE creation
Manual backup supports external server Added information about the additional support by Sections 31.5 and
ams_backup script for backing up files into a remote 21.2
server. Procedures 191
and 192
ams_log_manager script Added an option to enable or disable syslog mode and Section 31.51
added amssys.log details. Table 103
Added securing logs for configuring the 5520 AMS for Table 16
secure operation.
ams_updatefirewall script Removed --enableigmp and --disableigmp options from Section 31.53
the script and the information related to IGMP snooping
Subscriber attributes Added an attribute category for subscriber attributes. Section 15.3
Custom Fields Added functions for Subscriber Search Attribute Custom Table 19
Field view and Edit
Documentation changes
Backing up the 5520 AMS database Added a note about the server status and database Section 21.2
process status when the 5520 AMS backup is running
on the data server.
ams_cluster status script Updated the example for ams_cluster status and added Sub-sections
information about “ams_cluster status --detailed.” 31.7.4.1 and
31.7.6
PKCS12 keystore Updated the note to use PKCS12 keystore Section 7.2
Usage of NG-PON2 Updated usage of NGPON2 to NG-PON2 Table 13
Sub-section 5.1.2
and 5.1.4
Default admin user Updated information about ams_createfirstuser.sh Section 31.18

script
Added information about creating the default admin user Section 9.1
after installing the 5520 AMS
SNMP password encryption Added two new parameters ‘Re-Type Read Community’ Table 54
and ‘Re-Type Write Community’ in the Create SNMP Section 31.45
Profile parameters table and updated the example
output of the getAgentlist script.
AMS log manager Added information about configuring the Fixed Duration Section 31.51
logs and the default value.
AMS export script Added the information that the ams_export script Section 31.11
overwrites any existing file.
(2 of 3)

Log management Moved the content related to configuring user activity log Section 27.2
settings to Managing Logs chapter.
Added information related to ams_log_manager script. Section 27.10
Added a section for backup and restore log files. Section 27.15
Moved the Syslogs chapter from 5520 AMS User Guide. Chapter 28
Added information related to syslog configuration and Section 28.1

redirecting IP tables logging.
Moved the content related to viewing alarm logs from Section 28.6
5520 AMS User Guide.
Timeout parameter in SNMP Retries settings Modified the description of the parameter Timeout Tables 52 and 66
and Supervision settings Before 1st Retransmission.
SNMPv3 SHA2 Authorization Protocol Added a note about SNMPv3 SHA2 encryption. Procedure 136
User Settings and User Account parameters Updated the parameter names as in the AMS GUI for Tables 20 and 21
User Settings and User Account parameters.
Initial admin user account created by Removed the reference to ‘default’ admin user account Section 31.18
ams_createfirstuser script that is required to download the AMS client and updated
it as the ‘initial’ admin user account created by the script.
(3 of 3)

Administrator Guide for Release 9.7.
Table 3 What’s new in Release 9.7

ams_updatefirewall script Added --enableigmp and --disableigmp options to the Section 31.53
script, and added information related to IGMP snooping
GoldenEMSSwConfig file Updated the procedure to include Golden SW Label Procedure 178
details.
Updated the section for ams_server version to include Sub-section
information related to GoldenEMSSwConfig file, and 31.2.6, 31.2.6.1
updated the examples. and 31.2.6.2
Updated the section for ams_cluster status sw to include Sub-section

information related to GoldenEMSSwConfig file. 31.7.5
Updated the section for ams_install script to include Section 31.16

--golden and --cluster options.
(1 of 2)

Default admin user Added a note about the default admin user which is not Section 9.1
created after the 5520 AMS installation.
Removed “Include 'admin' User in Maximum Login Table 20

Failures Check” parameter from the table.
Added a note regarding the generic usernames while Procedure 29

creating a user account.
Added a section to create an initial AMS administrator Section 31.18

account after the 5520 AMS installation.
Added a note about --resetadminpwd and Section 31.57

--killadminsessions commands.
Removed a sub-section Default admin user under Users Section 9.1.2

section.
Web links in the Tools menu Added information about customized web links in the Sections 23.1 and
Tools menu. 23.2
Increase number of PAPs supported Updated the number of PAPs from 50 to 1000. Section 10.2
Timestamp for Alarm template on AMS Added information about the start time of the toggling Section 20.14
alarm.
Radius or LDAP server Added information about Role attribute in the Radius or Tables 72, 73 and
LDAP authentication and authorization. Sub-section
20.34.5
Log4j configuration file name Updated the log4j configuration file name from Table 19 and
‘log4j.properties’ to ‘log4j2.properties’. Section 27.12.
SHA2 algorithms for SNMPv3 authentication Added information about the SHA2 algorithms for Table 53,
SNMPv3 authentication. Sub-section
20.34.2 and
Procedure173
ams_cluster status command Updated the output for “ams_cluster status” command Sub-sections
for Simplex and Cluster setups. 31.7.4.1
Job Manager tuning Added information on Job manager tuning. Table 75
ISAM Software Load Validation Updated User Role Software Mgmt- Edit. Table 19
SSL Overview Updated SSL Overview. Added details of One-way Section 7.1
authentication between AMS Server and client.
(A+D) usage Modified (A+D) as (AD). Sub-section

25.3.1
Configuring Proxy Settings Added note that SOCKS proxy is not supported. Section 20.39
SSL behavior Updated information about SSL enabled in data server Section 7.2 and
also. Procedure 19
(2 of 2)

Zero touch provisioning Updated the note on supported NEs for R6.0.01 Section 20.45
SSH public key of the NE Added a new section for configuring SSH public key of Section 20.4
the NE.
Added a new function called SSH Settings. Table 19

Updated the table to add the supervision setting and Table 66
description for polling cycles between SSH server
public key checks.
IPv6 Support Added IPv6 address format support for procedures and Sections 13.5,
sections related to NE communication. 18.4, 31.6, 31.21,
31.24, 31.28,
31.45, and 31.48.
Procedures 64, 70,
109, and 183.
Tables 33, 50, and
78.
ams_set_snmp_trap_port script Added a section for ams_set_snmp_trap_port script Section 31.60

which is used to change the default SNMP trap port
number.
Radius or LDAP Updated the login behavior for Radius or LDAP Table 72
authorization option.
ONT-View TR-069 configuration Added a new function, ONT-View TR-069 Configuration Table 19
Download of AMS client with authentication Included information about the AMS client download Tables 19 and 102
with valid user credentials.
Audit configuration files Added the Configuration File Changes Detection Period Table 70
setting in Administration settings.
Added a new section for auditing configuration files. Section 27.14
Updated the example for ams_sw_backup script. Section 31.32
Unacknowledged alarms Added information about collecting details for Table 116
unacknowledged alarms.
Privacy Considerations Included the 5520 AMS and 5529 Enhanced Section 1.1
Applications Privacy Considerations document to the
related documentation section.
ams_cluster script Updated the ams_cluster start with the new sub-option Section 31.7
appservers.
nbi.log file updates Added information about the nbi.log file, including the Table 103
following new log file keywords: SourceIP and
X-Forwarded-For
configureIPSec script Deleted configureIPSec script Section 31.1
(1 of 2)

ASAM reference Removed ASAM reference for the following: Sections 31.45
• getAgentlist and retrieve_nes scripts and 31.48
• Configure of NE Family parameter for the alarm Table 115
rule.
getAgentlist script Updated information about output of the getAgentlist Section 31.45
script.
ams_geo_configure script Added a note about the automatic modification of Section 31.13
firewall settings when executing the script.
Create an anonymous FTP user Included example for command arguments with Procedure 185
absolute path to shared data directory.
Included command to restart system and start vsftpd
service on RHEL 7.x.
NE rebalancing Added information about NE rebalancing in a cluster. Section 25.2
getAgentlist.sh and retrieve_nes.sh scripts Updated the script examples to include password as an Sections 13.4,
option for getAgentlist.sh and retrieve_nes.sh scripts. 13.5, 13.6, 31.45
and 31.48
Added a caution note on crontab file password. Procedures 67 and

69
NE List - NBI function Updated the procedures to include “NE List - NBI Procedures 66, 67,
function”. 68 and 69
ams_user_mgr script Updated the example of an input file entry for adding a Procedure 32
user when executing the ams_user_mgr script.
Scheduling backup Updated information on schedule backup in Section 21.2.4

geographically redundant installation.
(2 of 2)

AMS license for XGS PON and NGPON2 Included information on the license for XGS PON and Sections 5.1.2 and
ONTs NGPON2 ONTs 5.1.4
Table 13
Support of 400 concurrent client user Updated the number of concurrent client user sessions Table 20
sessions and 4000 users in 5520 AMS supported. Sections 11.12
Included information on configuring maximum users in and 11.13
5520 AMS.
(1 of 3)

Start and stop supervision of NEs at group Added a new security function, NE - Supervision at Table 19
level group level.
NE Group Creation Updated the parameters of AMS settings to include NE Tables 83 and 33
Group Creation and input file parameters to include
Parent NE Group Name.
Backup check of multiple NEs Updated the section to include the backup check of Procedure 117,
multiple 7342 ISAM FTTU NEs. Sections 18.6 and
8.1.1
Comments in Administration tree Added a section on adding comments in Administration Section 20.1.1
Tree settings.
ams_renew_isam_ssh_info script Added a new script ams_renew_isam_ssh_info which Section 31.59

is used to remove the SSH host signature information
from the ISAM NE.
Radius accounting Added new parameters and a sub-section for Radius Table 70
accounting. Section 20.34.6
Configuration Template(1) Added information about the Configuration Template Table 33

used in the NEs managed by the Nokia Access
Virtualizer Adaptor.
ams_show_ne_balancing script Updated information on the NE balancing and new Sections 13.7 and
options support for the script. 31.24
Added a note about custom group related options Table 70
support for the script only when the setting “Enable NE
Balancing Based On Custom Group” is selected.
Promote to master not supported. Removed the procedure to change the master —
application server.
ams_switch_active_dataserver Updated the script to include the confirmation message Procedure 236
before proceeding with the data server switchover. Section 31.33
Radius or LDAP authorization Added information for Radius or LDAP authorization Table 72
when remote server denies request.
Restore to default option Added the support of Restore to default option for Section 27.12
log4j.properties file. Procedure 259
IP address Added a note for Main IP address parameter for the Table 33
ams_ne_mgr script.
CLI connectivity check Added a table note for “Number of Polling Cycles Table 66
Between CLI Connection Checks” setting.
Nokia-AMS-Role Added a table note on Nokia-AMS-Role attribute. Table 73
ams_change_ip_subnet_server Updated the section to use “ams_server stop” to stop, Section 31.6
and “ams_server start” to start the servers in a cluster.
Data and Application server Updated the active/standby terms for data and Sections 4.1.2,
application server, and removed master/slave terms. 21.2, 21.4
Table 77
Password expiration configuration Updated the note in the procedure to mention that the Procedure 6
password expiration warning does not appear in the
5529 Enhanced Application GUIs.
(2 of 3)

ams_schedule_backup Added a note on crontab service in a server where Section 31.30
scheduled backup is configured.
Time zone synchronization Added a note about time zone synchronization in a Sub-section 14.3.1
cluster.
Server in maintenance mode Updated ams_cluster script for ‘restart’ and ‘stop’ Sub-sections
options. 31.7.1 and 31.7.3
Installing a certificate signed by CA Added a note to mention that the commands provided Section 7.9
in the section is only for reference and the command
line must be adapted based the requirements.
ams_update_database_pwd script Added a note that ams_cluster restart script should not Section 31.58
be used when executing ams_update_database_pwd
and remove information execute ams_cluster status
script.
Updated the note about regenerating VM template
when changing the database password.
ams_updatefirewall Added information about --enableneprotocols option. Section 31.53
(3 of 3)
Notes
(1) To use this functionality, you must have Nokia Access Virtualizer Adaptor installed. Contact your Nokia technical representative for more
information.

Configure the 5520 AMS so that all defaults Updated the default value for SSL. Section 7.1
are secure
Updated the procedure to enable the HTTP Procedure 28
communication.
Updated the default URL of the NBI client as HTTPS. Table 27 and 34
Updated the default value for SNMP Version. Table 54
Updated the default protocol selection. Procedures 140,

142 and 183
Toggling alarms Updated the section with new counter information in Section 20.14
case of toggling alarms.
Input file parameters for ams_user_mgr Added the missing parameters for add or modify user Table 24
script input file.
(1 of 3)

Lock or Unlock users Added a note on creating a user account with a role that Table 19
includes security function. Section 9.5
NE backup consistency check Added a step to view the Consistency log from the AMS Procedure 117
client.
TFTP server settings Updated the procedure to configure TFTP server Procedure 143
settings.
Added a new script option for ams_updatefirewall Section 31.53

script.
Custom group for NE balancing Updated the site settings table to add parameters for Table 70
custom group for NE balancing.
Creating a Media Gateway Added information about creating a Media Gateway Sections 19.3 and
from the 5520 AMS Application server for 7367 ISAM 31.20
SX.
AMS function description Added a new function Network Layer2 - Aging. Table 19
User setting parameters Added a new parameter ‘Exit the GUI instead of Logout Table 20
on Inactivity logout timeout
System log files Added new system log files to the table. Table 102, 103
Splitter management Added a new script ams_splitter_mgr to manage Section 31.31

splitters
Updated the script ams_link_mgr for splitter Section 31.19

management
Added a section on Managing splitter Section 17.4
Wildfly version upgrade Upgraded the version of Wildfly to 9.0.2. Procedures 27,
251, and 253
pbit traffic counters Updated the description for the Network Default - Table 19
Troubleshoot function.
Password aging Updated the default value for password aging. Table 20
security.log Added more information on security.log file. Table 102
AMS GUI logs and log4j.properties Added information on editing the log4j.properties and Sections 27.12
viewing the GUI logs in AMS. and 27.13
ams_updatefirewall Added sub-section on connection logging information. Section 31.53
NE-NE links Added input file parameters list for NE-NE links. Tables 38, 42, and
43
HTTPS certificate, configure of system logs, Added a section on replacing the default HTTPS Section 8.2
and enable or disable a log certificate.
Added a procedure to configure system logs. Procedure 251
Added a procedure to enable or disable a log. Procedure 253
ams_updatefirewall Change in the Option of the script. Section 31.53
Account parameters for LDAP/RADIUS Change in table of account parameters for Table 73
server LDAP/RADIUS server.
(2 of 3)

ams_log_manager Added a note on uploading the collected logs to the Section 31.51
server without password.
ams_updatefirewall --enableneprotocols Added a note on adding the service of TFTP. Section 31.53
Functions Updated the section for Edit and View functions. Section 9.1.4
LDAP authentication Added a new procedure for LDAP authentication based Procedure 20.34.2
on MD5 algorithm
Zero touch provisioning Removed the content related to zero touch provisioning Section 20.45
and moved to 5520 AMS User Guide.
Security log and user activity log Added notes about the security log file and user Table 107
activities log.
Forcing a collection Modified the step to force a collection. Procedure 211
Saving alarms to a file Modified the selection procedure Section 20.10.2.2
Customized keystore Removed a step from the procedure which had a Procedure 16
mention of the keystore location where the generated
keystore could be copied.
ams_configure_ssh_timeouts Updated the script description to add the root as well as Section 31.9
amssys login for this script.
Export file Updated the extension of the export file to tar.gz Section 31.15,
21.6
Procedure 206,
207 and 208
Removed figure Removed Figure Process for enabling a secure Section 7.7.2
connection from the 5520 AMS client the flowchart is
not appropriate.
Installing CA certification Added a procedure for installing a certificate signed by Section 7.9
CA.
ams_exttl1gw_integration Added a note for ams_exttl1gw_integration script to run Section 31.12

in manual fail over mode.
ams_log_manager Updated the directory of the temporary collected trace Section 31.51
file.
vprocmon support of HTTP Added information on the vprocmon support of HTTP Section 8.1.1
communication.
SSH Key infrastructure to Scheduling Added a information about SSH Key infrastructure to Section 21.2.4
Backup Schedule Backup for SFTP to function. Table 87
External TL1 Gateway server Added a note related to deleting an External TL1 Procedure 83
Gateway server.
(3 of 3)

Action Manager Added information about Action filters. Procedure 112
Maximum number of password changes in a Added a row in Table and added a note reference Table 20
day regarding number of password changes in a day.
jboss wildfly Updated the navigation path in the procedures for jboss Procedures 21, 27,
wildfly. 251 and 253
Maintenance mode Added additional options for action in the table for Table 34
ams_ne_mgr script. —
Removed section for clearing maintenance mode.
User activity logs Added rows in Table for Syslog. Table 100
Added a note on the user activity log records. Section 27.3

Customized web links Added the new options to include application server IP Procedure 222
address and object full friendly name in the dynamic
data.
G6-GPON links Updated the sections to add the new IP address Section 19.1
schema details. Table 39
NE Alarm Processing Settings parameters Added new parameters in NE Alarm Processing Table 59
Settings parameters.
Disable Hidden Account Added a note on Hidden Account. Tables 21 and 73

Updated the table ‘User account parameters for
LDAP/RADIUS server’
SFTP with key based authentication Added a sub-section for SFTP with key based Sub-section 20.5.1
authentication
Aggregated EMS alarm icon Added a note on the new aggregated EMS alarm icon Procedure 146
which appears in the status bar.
ams_updatefirewall Updated the procedure to replace the iptables Section 31.53

instances with the generic firewall term as it is not
supported by RHEL 7.
Delay to Resume Stopped Collection Added a new parameter ‘Delay to Resume Stopped Table 79
Collection’ and updated the parameter name ‘Number
of Failures Causing the Collection to Stop’.
ANV Process Name Added the new parameter “ANV Process Name” and is Table 33
applicable only for Nokia Access Virtualizer Adaptor,
which is a licensed product. (1)
Database password Added a new script to change the database password. Section 31.58
ams_ne_mgr Added a note about ams_ne_mgr Section 31.26
Added the new option for ams_ne_mgr Table 34
Added a new procedure to create an input file for Procedure 107

ams_ne_mgr script.
(1 of 3)

ams_ne_cli Added the new argument for the command ams_ne_cli Section 31.21
Added the description for the new argument for the Procedure 109
command ams_ne_cli
Input file parameter for G6-GPON link Added the new input file parameter for G6-GPON link Table 39
Automated data collection Updated the ams_log_manager.sh script with new Section 31.51 and
options. Added a script to collect jstack and jmap 31.57
information.
Zero touch provisioning Added a new section about zero touch provisioning. Section 20.45
Added a note for supervising zero touch provisioning Section 13.3

NE.
Added the parameters specific to zero touch Procedure 105

provisioning feature in ams_ne_mgr script.
Changing the log type Added a new section and procedure about changing the Section 27.10.1
log type. Procedure 253
Updated the ams_log_manager.sh script. Section 31.51
Backup consistency check for ISAM NEs Added a new section and procedures about backup Section 18.6
consistency check for multiple ISAM NEs. Procedures 118,
119 and 120
Added a note about backup consistency check. Procedure 117
ams_change_ip_subnet_server script Added information about Section 31.6

ams_change_ip_subnet_server script.
Supported NE types and version for Updated the table to add all the supported NE types and Table 34
ams_ne_mgr version for ams_ne_mgr
Corrected the procedure to backup the NE Updated the procedure to include details of backing up Procedure 110
NE which supports only one type of back up file.
Updated super user capability Replaced the existing information on exceeding Procedure 47
maximum login limits.
Added alarmSilentMode parameter Updated the table to add the alarmSilentMode Table 33
parameter and the description
FTP for SIP Introduced a section from The User Guide and updated Section 20.41
the procedure.
ams_ne_mgr script Removed the table “Supported NE types and version Procedure 105
for ams_ne_mgr" and Note.
File transfer protocol settings Updated the section and procedure for file transfer test. Section 20.5
Procedure 141
HDM NBI settings Added a note to indicate that this functionality is no Section 20.44
longer supported.
Log files Added information about the log files directory. Section 27.10
Sub-section
21.2.2,
Procedures 191,
192, and 193
(2 of 3)
Template Group name Added information about template group name. Table 33
Anonymous FTP user Modified the procedure to create an anonymous FTP Procedure 185
user.
ams_log_manager script Modified the note on ams_log_manager script. Section 31.51
log levels Updated the procedure to include configuration Procedure 252

parameters for changing log levels.
ams_update_limit script Added a new script ams_update_limit. Section 31.37
AMS server scripts Added a note to use only the recommended scripts. Section 31.1
TFTP server settings Updated the description for the parameter ‘Enable Table 56
TFTP server on the EMS’.
Allowed PAP Groups Added a note mentioning when creating a new user Procedure 29
“Allowed PAP Groups” field is mandatory.
Auditing and identifying security violations Added a section which describes the security action Section 27.10.3
and related log file information.
Select EMS Tracing Level attribute Added information about using the "-modifyNE" option Table 33
to modify multiple values of the
"selectedEmsTracingLevel" attribute.
Customized keystore Added information about using a customized keystore Section 7.2
in a cluster setup. Procedure 19
System logs Added note in two procedures about Cluster Settings. Procedures 255,
256
Historical actions Updated the note on the threshold to move and delete Section 20.21
actions from the historical view.
System user Added a note on ‘system’ user. Procedure 29
Basic Settings parameters Updated the table for basic settings parameters. Table 79
Self-signed certification Added information about self-signed certification. Section 7.8
SSL / TLS protocol Added information about server and client protocols. Sections 7.7,
31.43 and 31.44
EMS performance monitoring Updated figures for the EMS performance monitoring Figures 2 and 3
view and Average number of backups submitted.
ams_cluster stop|restart Added information about ams_cluster where stop and Section 31.7
restart script stop the servers in the 5520 AMS cluster
in the maintenance mode.
SNMP retries parameter Updated the range value of the ‘Timeout Before 1st Table 52
Retransmission’ parameter.
(3 of 3)
Notes
(1) To use this functionality, you must have Nokia Access Virtualizer Adaptor installed. Contact your Nokia technical representative for more
information

Propogate all changes immediately option The information about “Propogate all changes Tables 20 and 21
immediately” option is removed and the related
parameter details are updated.
Timezone registration Added a parameter under Supervision settings and Table 66 and
added an alarm timestamp in TL1. 5520 AMS and
5529 Enhanced
Applications
Alarms
Modifying a task Added a note on the new Job Details window which Procedure 217
appears while modifying a task.
Solaris support stopped from R9.4.90 Removed references to Solaris from the guide. Chapters 4, 7, 16,
20, and 21
Appendix 31
5520 AMS backup using SFTP Added an option for the ams_schedule_backup script. Table 87
Added the example for ams_schedule_backup script. Section 31.28

5520 AMS restart event Added alarm information about the 5520 AMS restart 5520 AMS and
event. 5529 Enhanced
Applications
Alarms
5520 AMS moved to OpenJDK Added information related to time zone update in Red Section Updating
Hat Enterprise Linux system and Windows system. time zone data in
the 5520 AMS
Removed the procedures related to time zone update —

using tzupdater.
Smart NE groups Added a note related to replication of custom groups. Procedure 209
Change of database from MYSQL to Updated instances of the term ‘MYSQL’ to “the generic Chapter 16, 20,
MariaDB term ‘Database’ in the text and figures. 21, 25, 21, and 31
Lock the admin user after maximum number Added a parameter “Include 'admin' User in Maximum Table 20
of failed login attempts Login Failures Check” under User settings.
Map and Link management license Removed the references to Map and Link management Chapter 17, 19,
licenses from the guide. and 20
Logging security actions on the database Added a log which records details about the Table 103
connections and disconnections to or from the
database.
Applying multiple Template Group Versions Modified the description of Template Group Name Table 33
at NE supervision parameter.
(1 of 3)

Cluster support in RedHat Enterprise Linux Removed a note that clusters are not supported on —
RedHat Enterprise Linux systems.
Two-factor authentication Added a note on two-factor authentication with append Section 32.1
method.
ISAM-MDU link for NGPON2 ONT Added information about ISAM-MDU link creation for Table 41
NGPON2 ONT.
ams_db_defragment script Added information for using ams_db_defragment Section 31.10

script.
Added information about historical alarms and TCA Sub-section

alarm configuration. Configuring the
Historical Alarm
view protection
160k profile support Updated table for maximum number of templates or Table 69
template groups that can be displayed in the template
tree.
SSH session timeout Added a new section for ams_configure_ssh_timeouts Section 31.9
script.
Support of encryption by the Web Browser Added Note Section 7.1
ams_ne_cli script failure with CLI Cut Added Caution Procedure 109
Through Secure
Limiting the number of exported historical Added Warning Section 21.6
alarms
Logging information Added ndd settings log in the traces and debug files. Table 103
Restricting server selection in the Login Added a note related to amsclient.ini file to restrict login Procedure 9
window server selection .
NE communication degraded alarm Added a table note on NE communication degraded Table 52
alarm.
Site settings Added information related to Role-Based Authorization Table 70

setting for LDAP server.
Cluster management Added a caution about using SSL in a cluster. Section 25.1
User account parameters Added a table note about InactivityLogoutTimeout and Table 21
InactivityLockScreenTimeout parameters for LDAP
server.
5520 AMS server scripts Added a new script support for updating the log level Section 31.49
and enabling or disabling the custodian logging.
ams_restore script Added a note related to ams_restore script. Section 31.25

Disable HTTP communication Added a procedure to disable the HTTP Procedure 28
communication.
SSH configuration Added a caution note on the impact on AMS server Section Functions
behavior due to customization of SSH configuration.
User operations using the NBI Updated the information on user operations using the Section 11.2
NBI interface.
(2 of 3)

retrieve_nes.sh script Updated the section for the list of NEs returned by the Section 13.2
script in a particular format.
ams_updatefirewall.sh script Added information about ams_updatefirewall script. Section 31.51
SNMP Trap Parameters Removed Community and Security Level parameters Procedure 134
from SNMP Trap parameters.
Logging settings Added the procedure to set logging level and configure Procedure 255
logging settings. and 256
ams_remove_data.sh script Added the log file details for ams_remove_data.sh Section 31.23
script.
Restart supervision Removed the restart supervision step from the Procedure 149
procedure to Configure NE alarm processing settings.
ams_user_mgr script Added a note regarding password for the Procedure 34

ams_user_mgr script.
Rebalance the NEs Removed the procedure to rebalance the NEs using the -
GUI.
Generate customized keystore Added a note related to the key length to generate Section 7.2
customized keystore.
Change password for amssftp or amsftp Moved the section for changing the password for Section 9.11
amssftp or amsftp from IMG.
AMS function descriptions Updated the user roles for constructor, operator and Table 19
viewer.
5520 AMS server scripts Added information for the following scripts. Sections 31.54,
• getLicenseCounter.sh 31.55, and 31.56
• convert_to_shorter_line.sh
• ams_reconfigure_host.sh
Max Concurrent Operations Updated the definition and parameter name. Table 83
DCN connectivity test Updated the DCN connectivity details for RHEL. Section 25.2
Table 70
jboss_service.log Added the new log details for start/stop logs. Section 31.2
ETL1 GW switchover Added a paragraph on ETL1 GW switchover details. Section 16.1
Export ETL1 GW settings Added a procedure to export ETL1 GW settings. Procedure 84
Alarms Moved Alarms chapter to a new document. 5520 AMS and

5529 Enhanced
Applications
Alarms
(3 of 3)

Solaris presentation server Added the Solaris client related information Section 4.4,
Procedure 19, 21,
22, and 182
Alarms Added a new alarm for sudo configuration 5520 AMS and
5529 Enhanced
Applications
Alarms
G6-GPON link creation Added information about G6-GPON link creation. Section 19.1 and
Procedure 123
Logging information Added table on traces and debug files. Table 103
Added procedure to change the log levels. Procedure 252
Updated the path and name of the .xml file for setting Procedure 251
the log levels. and 253
Added log file information for each of the 5520 AMS Appendix 31
server scripts.
Added environment variable for debug directory. Table 11
Subscriber search attribute categories Renamed Unmapped Attributes to Not Collected for Chapter 15
SMA.
Added a note related to performance of the 5520 AMS Section 15.3

and custom fields attributes.
Added a procedure to revert the changes in subscriber Procedure 79

search attribute categories view.
Configuring VM templates Added a chapter for VM template configuration and Chapter 26

cloning an application server.
AMS settings for NBI Removed the word job from heartbeat parameters. Table 83
Active sessions Added information related to OSS sessions being Section 11.2
displayed under active sessions.
Client authentication Updated the information about the client OS Table 71

authentication mode.
Environment variables Added information on the environment variables, Table 11, Section
tracing logs and licensing. 27.7 and
Sub-section
License alarms
AMS server script Added information on the force option to stop the ams Appendix 31.2
servers using the ams_server script
5530 NA-F settings Updated the default Port Number value in the 5530 Table 84
NA-F settings.

Table 10 lists the new 5520 AMS features and enhancements added to the 5520
AMS Administrator Guide for Release 9.3.10.
Support for hidden user accounts Added a parameter to configure a user account as Tables 21 and 73
hidden.
Added information that operations of hidden user Sections 11.2,

accounts are not logged in the security.log and user 27.3
activity log, and sessions of hidden user accounts are Table 102
not listed as active user sessions.
Displaying operating system information of Added the parameters providing the operating system Tables 75 and 77
the 5520 AMS server in the GUI information in the 5520 AMS server.
Support for locking all users belonging to a Added procedures to lock or unlock all users belonging Procedures 37, 38,
specific role to a specific role. and 46
Alarm rules enhancements Added a procedure to check the consistency of alarm Procedure 275
rules.
Added information on the alarm rules supported for Section 29.3

performance graphs. Table 114
Updated the procedure to create alarm rules to include Procedure 270
the parameters related to source criteria.
Support for security functions per technology Added descriptions for new security functions per Table 19
technology.
Support for security function role Added a note for security function role for creating new Procedures 29
user account. and 45
Table 19, 21 and
24
HDM NBI settings Added a section on configuring HDM NBI settings. Section 20.44
Table 19
Red Hat Enterprise Linux client Added a procedure to reinstall the Red Hat Enterprise Procedure 22
Linux client to activate SSL changes.
Added a procedure to configure proxy settings in the Procedure 182

5520 AMS Red Hat Enterprise client to access internet.
Supervision settings Updated the procedure and table to add the supervision Procedures 135
setting and description for polling retransmission and 159
parameters of isolated NEs. Table 151
Application statistics file Added a procedure to convert application statistics file Procedure 278
to a CSV format.
ams_app_stats_converter Added a new script for converting application statistics Section 31.50
file to a CSV format.
(1 of 3)

ams_server version script Added information about Version command to verify the Section 31.2
installed software components.
Configure supervision settings Modified the procedure and added a note that it applies Procedure 159
to only isolated NEs.
Modified the description of the setting Timeout Before Table 66

1st Retransmission.
Link management settings Added the new parameter along with the description for Table 37
link management settings.
Added a note in the procedure to describe the link Procedure 122

management services and its function.
Updated the procedures to add a pre-requisite for Procedure 125

G6-GPON links audit and align operation. and 126
Application server Replaced the term ‘Make as Master’ to ‘Promote to —

Master’.
Viewing user statistics Modified the user statistics parameter details. Section 9.8
Scheduling backups Added a new script option for ams_schedule_backup Table 87

script.
Restoring the 5520 AMS software Added a note to mention that the user needs to login as Procedure 206
a root user for restoring the 5520 AMS using the
software backup script.
EMS performance management Updated the EMS performance monitoring graph. Figure 2
Added a section on units used in the graph, a sample Section 30.1

calculation and an example calculation to interpret the
graph.
Removed the FAQ chapter from the document. -
Site settings Added the hostname label along with IP address and Table 70
Secondary IP address for site settings.
File transfer protocol settings Updated the file transfer protocol settings. Section 20.5
EMS alarms Added information on disk full alarms. EMS local alarms
Backing up and restoring NE software Deleted Locating backup files section and added the Section 18.4
information to Managing NE backup files topic with a
caution note.
User Activity Log Added a note about logging of old values in User Section 27.3
Activity Log.
Site name Added a table note to define the special characters that Table 123
are allowed in a site name.
Password Parameter Modified the table notes for the Password parameter. Table 20 and 21
Align and audit G6-GPON link Updated the procedures and added details of how to Procedure 125
align and audit the missing G6-GPON links. and 126
Updated the procedures to align and audit G6-GPON Procedure 125

links and modified the scripts. and 126
(2 of 3)

EMS performance monitoring Updated the chapter and added new images and Chapter 30
graphs and new sections on EMS performance
monitoring.
AMS function description Removed the setting “User Activity Log-Admin” from the Table 19
table.
Exporting and importing data Added a note on Export/Import - Edit function. Section 21.6
Site settings Modified the setting IP Address or Hostname and its Table 70
description.
Restoring the AMS software Modified the procedure and added a note on restoring Procedure 206
the AMS software using the software backup script.
Managing alarm rules Added a note on NE Release parameter. Table 115

Address Filter parameter Modified the description for the address filter Tables 21, 24, and
parameter. 73
ams-cluster script Deleted the rebalance_ne option from the ams_cluster -

script.
Managing SSL Updated the procedure to check the status of SSL and Procedures 20, 21,
reinstall Windows and Linux clients to activate SSL and 22
User Accounts Updated the descriptions for Roles and PAP Groups Table 24
parameters for the user input file.
Password dictionary Added a note on password dictionary file. Procedure 43
Client OS authentication Updated the Client OS authentication details in the Table 71

table.
TFTP client settings Added a procedure to configure TFTP client settings. Section 20.8
(3 of 3)
Administrator Guide Overviews
3 Overviews
3.1 Guide overview
3.2 Administrative functions overview
3.3 5529 Enhanced Applications
3.4 Technical support
3.1 Guide overview

The 5520 AMS Administrator Guide includes procedures for managing:
• Secure server-client • Data

communications • Schedules
• Users • Customized web links
• NE communication • CPE vendor ID and country
• SNTP codes
• TL1 Gateways • Monitoring and faults
To perform the procedures in this guide, you must be familiar with the 5520 AMS GUI
and be able to open and navigate between perspectives and views. Unless otherwise
stated, all procedures in this guide require you to log in to the 5520 AMS client as an
administrator, or to log in to the 5520 AMS server as amssys. See Section 4.1 for
details about logging in to the 5520 AMS client as an administrator.
3.2 Administrative functions overview

An administrator is a superuser who manages the core 5520 AMS software, NE
software, configuration, users, and faults.
3.2.1 Core software management

You can manage the 5520 AMS core software in the 5520 AMS GUI or on the
5520 AMS server. You can manage licenses and NE communication tools such as
TL1 Gateways in the 5520 AMS GUI. You need to log in to the 5520 AMS server to
manage data and server-client communication.
Overviews Administrator Guide
3.2.2 Configuration management

The Administration Tree displays the settings you can configure for your site. See
Chapter 20 for details about managing administrative settings.
3.2.3 User management

The 5520 AMS user management features are grouped together under the EMS
Administration object in the Administration Tree. You can define password rules for
user accounts, create user accounts and access-level profiles, change passwords,
and lock and unlock accounts.
You can view current user session information in the Administration Tree. An Activity
Log view is available to view and manage user tasks.
3.2.4 Fault management

You can manage alarm handling and configure alarm system parameters, alarm
severity, the handling method, and other alarm-related features using the 5520 AMS.
See Sections 20.11 and 20.12 for alarm configuration information.
3.2.5 Environment variables

The 5520 AMS defines environment variables for directories on the servers. These
variables can be used by the amssys user. The procedures found in this guide
require you to log in to the server as amssys.
Table 11 describes environment variables used in the procedures found in this guide.
The $PATH variable for the amssys user includes the directory where most scripts
are found, therefore you do not need to enter a path to run a script when you are
logged in as amssys. You do not need to enter ./ before the script name.
Table 11 Environment variables
Environment variable Description
$AMS_EXTERNAL_LOCALDATA_HOME The directory where data is stored that is external to the 5520 AMS
software and that is local to one server. An example is
/var/opt/ams/local/common.
$AMS_LOCAL_DATA_DIR The directory where local data is stored. By default, this is /var/opt.
$AMS_LOCALDATA_HOME The subdirectory where data files that are separate from the database are
stored. An example is /var/opt/ams/local/ams-9.6.03-999000.
(1 of 2)
Administrator Guide Overviews
Environment variable Description

$AMS_EXTERNAL_SHAREDDATA_HOME The directory where data is stored that is external to the 5520 AMS
software and that all servers need access to. An example is
/var/opt/ams/shared/common.
$AMS_SHARED_DATA_DIR The directory where shared data is stored. By default, this is /var/opt.
$AMS_SHAREDDATA_HOME The directory where shared data is stored. An example is

/var/opt/ams/shared/ams-9.6.03-999000.
$AMS_SOFTWARE_HOME The directory where the 5520 AMS software is stored. An example is
/opt/ams/software/ams-9.6.03-999000.
$AMS_LOG_DIR The directory where 5520 AMS logs are stored. An example is
/var/opt/ams/local/ams-9.6.03-999000/traces/log
$AMS_CONF_DIR The directory where configuration files for the 5520 AMS are stored. An
example is /opt/ams/software/ams-9.6.03-999000/conf
$PLATFORM_SCRIPTS_DIR The directory where platform scripts for the 5520 AMS are stored. An
example is /opt/ams/software/ams-9.6.03-999000/lib/platform/bin
$AMS_DEBUG_DIR The directory where 5520 AMS traces and debug files are stored. An
example is /var/opt/ams/local/ams-9.6.03-248124/traces/debug
$AMSSFTPDB_USER_HOME_DIR The directory where the user home directory is located.
$AMS_DATABASE_DIR The directory where the database directory is located.
(2 of 2)
Before you can perform the procedures in this guide, the 5520 AMS software and
client must be installed and running, including all required plug-ins. For information
about installation, see the 5520 AMS Installation and Migration Guide. For detailed
hardware requirements and network specifications, see the 5520 AMS Solution
Planning Guide.
When you have performed the procedures in this guide, parameters specific to your
site will be configured and user accounts will be created. Users can then log in and
use the 5520 AMS to manage NEs.
See the 5520 AMS User Guide for information about user functions, including
monitoring and fault management tasks not requiring administrator privileges and
tasks that are common to all NEs.
For information specific to management of a particular NE, see the Operations and
Maintenance guide for the NE.
3.3 5529 Enhanced Applications

The 5529 Enhanced Applications are a set of optional products that expand the
management capabilities provided by the 5520 AMS. Each application provides a
specific management function. The supported applications are:
• 5529 Access Provisioning Center
• 5529 Inventory Data Manager
• 5529 Large-scale Release Manager
Overviews Administrator Guide
• 5529 OSS Alarm Dispatcher

• 5529 Statistics and Data Collector
For more information about one of the 5529 Enhanced Applications, see the product
documentation for the application.
3.4 Technical support

Include the release of the 5520 AMS and the 5520 AMS plug-in release and version
when reporting issues to Nokia technical support.
Procedure 5 describes how to find the contact information for technical assistance
for a country.
Procedure 5 To find contact information for technical assistance
1 Go to https://customer.nokia.com/support/s/.
2 Log in to the Nokia Support portal with the username and password for your account.
Result: A customized Support portal page opens.
3 Under Emergency Contact, select a country and click Submit.
Result: The Nokia Emergency Contact page opens and displays the phone and e-mail
contact information for technical assistance for the selected country.
Administrator Guide Logging in to the 5520 AMS
4 Logging in to the 5520 AMS

4.1 Logging in to the 5520 AMS client as an administrator
4.2 Logging in to the 5520 AMS server as an amssys user
4.3 Configuring user login from trusted hosts
4.4 Restricting server selection in the Login window
4.1 Logging in to the 5520 AMS client as an

administrator
Before you log in to the 5520 AMS client, you must verify that the 5520 AMS client is
installed. For more information, see the 5520 AMS Installation and Migration Guide.
For information about using the 5520 AMS client, including starting up, logging out,
closing and exiting, see the 5520 AMS User Guide.
For information about logging in to the TL1 Gateway, see Section 16.5.
4.1.1 Logging in as an administrator

Use this procedure to access the 5520 AMS client from a Windows or Red Hat
Enterprise Linux based PC.
Logging in to the 5520 AMS Administrator Guide
Before you proceed:

• The 5520 AMS client must be installed. See the 5520 AMS Installation and
Migration Guide for more information.
• You need the default administrator username and password. To obtain the default
administrator username and password, contact your Nokia account
representative.
• You need the IP address for the 5520 AMS server that the client is accessing.
Note 1 — In a simplex setup, if a client is logging in to a server

which is starting up, the message "Server currently starting up"
is displayed.
Note 2 — In a cluster setup, the client login behavior and the
active client session behavior differ depending on the status of
the application servers. For more information, see the
Note 3 — The first time that you log in to the 5520 AMS client,
you must enter the default administrator username and
password. After you log in, you can create additional accounts
with the Administrator role.
Procedure 6 To log in to the 5520 AMS client as an administrator
1 To log in, perform one of the following steps:
• Click the Login icon ( ) on the 5520 AMS toolbar.
• Choose Login from the File menu.
Result: The Login window opens.
2 In the Login window, perform one of the following steps:
• Enter the IP address or hostname of the server in the Server field.
• If you have logged in to the site before, choose the site name from the Server drop-down
list.
3 Enter the user ID and password.
4 Click Finish.
Result: If the login is successful, a Login Information window opens.
• If this is the first login, the 5520 AMS prompts you to change the administrator password.
• If the password expiration warning is configured for the user and the user tries to login
during password expiration warning period, then the 5520 AMS displays a password
expiration warning message with the information that the user's password will expire
within the configured number of days and prompts the user to change the password.
Note: This warning does not appear for remotely authenticated users or users logging in
to certain 5529 Enhanced Application GUIs.
The following message is displayed Your password will expire in <n> days. Would you
like to change your password now?
5 Perform the following steps:
• Click Yes to change the password. The Change Password Information dialog appears
with the following confirmation message:
After changing your password, your session will expire and you will have to login again.
Do you want to proceed? Click Yes to change the password of the user.
After changing the password, go to step 6.
• Click No to proceed without changing the password.
6 Click OK to complete the login.
If the login is unsuccessful, an error message is displayed in the Login window.
Note 1 — If RADIUS or LDAP authentication is enabled and you cannot

access the 5520 AMS GUI, see Procedure 172 or Procedure 175 to
disable RADIUS or LDAP authentication.
Note 2 — You can open multiple GUI windows. To open another

window, choose File → Open New Window.
4.1.2 If a login fails

If a login is unsuccessful, an error message appears in the Login window. Table 12
provides information about login error messages.
Table 12 Error messages at login failure
Error message Description
Server temporarily unavailable The 5520 AMS server is starting up, or a switchover is in
progress to a new master application server.
(1 of 2)

Maximum number of concurrent The maximum number of concurrent sessions for your
sessions exceeded username has been exceeded. For information about
configuring concurrent sessions, see User settings.
Maximum licensed/configured The maximum concurrent sessions for the 5520 AMS server has
user sessions reached been reached either the maximum allowed by your license, or
the maximum concurrent settings configured in User Settings.
See Procedure 61 for information about configuring User
Settings.
(2 of 2)
4.1.3 Synchronizing server and client time

If the time on your PC does not match the time on the 5520 AMS server you will
receive an error message when you log in to the client. To resolve the error, update
the time on your PC to match the time on the server.
Before you proceed, you need to be able to log in to the server as amssys. See
Section 4.2 for more information.
Procedure 7 To synchronize server and client time

Use this procedure to synchronize the server and client time.
1 Log in to the 5520 AMS application server as amssys. See Procedure 8 for more information.
2 Check the time on the server by typing:
date ↵
The date and time on the server is displayed.
3 Change the time on your PC to match the time on the server.
4 Restart the 5520 AMS client.
4.2 Logging in to the 5520 AMS server as an

amssys user
Use this procedure to log in to a 5520 AMS server workstation as an amssys user.
Before you perform this procedure, you will need an amssys password. The default
password is amssys.
Procedure 8 To log in to a 5520 AMS server as amssys

Use this procedure to log in to a 5520 AMS server as amssys.
1 Log in to the 5520 AMS server workstation as the amssys user by performing one of the
following:
• If you are logged in as a root user, switch to the amssys user by typing:
su - amssys ↵
• If you are not logged in, type the following:
amssys ↵
2 Enter the amssys password if a prompt appears.
4.3 Configuring user login from trusted hosts

The 5520 AMS server supports user login from trusted hosts. Trusted host users can
log in to the 5520 AMS by entering a password of their choice in the client Login
window. A different password can be used in their next login.
To enable user login from a trusted host, you need to perform the following
configuration tasks on the 5520 AMS server:
• Set the Authentication Source to Client OS. See Procedure 169 for details.
• For each user, create a user account with the same name as the user ID for the
trusted host workstation. See Procedure 29 for details.
Ensure that you configure yourself and other applicable admin users as trusted
host users as well. Set the Authentication/Authorization Sources to the required
site settings and login to the 5520 AMS from a trusted host.
After enabling the server for login from trusted hosts, you may need to assist the
users to log in to the 5520 AMS. For more information about the tasks that a user
needs to perform to log in to the 5520 AMS from a trusted host, see the 5520 AMS
User Guide.
4.4 Restricting server selection in the Login

window
Using the command line option or configuring the amsclient.ini file, you can specify
the IP address or server name that appears in the Server field of the Login window,
and prevent the field from being changed with the grayoutserveratlogin option.
Procedure 9 To restrict login server selection in Windows or Red Hat Enterprise

Linux
1 Navigate to the folder in which you installed the 5520 AMS client application.
Note — Starting the client application in the Red Hat Enterprise Linux
operating system using the amsclient script requires that the terminal
window be open while the client is running.
2 Perform one of the following steps:
•
To start the 5520 AMS client with restricted server settings using the command prompt,
type:
path/amsclient.exe -serverip IP_address -grayoutserveratlogin ↵
where:
path is the path to the 5520 AMS installation directory; for example, C:\Program Files\ams
IP_address is the IP address of the 5520 AMS server
• For both Windows and Red Hat Enterprise Linux client, in the 5520 AMS installation
directory, edit the amsclient.ini file.
•
Add the following lines to the amsclient.ini file:
-serverip
IP_address
-grayoutserveratlogin
where IP_address is the IP address of the 5520 AMS server.
Note 1 — Add these lines before the -vmargs line in the amsclient.ini file.
Note 2 — You need to add the IP_address on a new line in the amsclient.ini
file.
• Save and close the amsclient.ini file.
3 Start the 5520 AMS client. For more information about starting the 5520 AMS client, see the
Administrator Guide Managing licenses
5 Managing licenses
5.1 Licensing overview
5.2 Adding license keys
5.3 Viewing license keys
5.4 Updating license keys
5.5 Managing LT licenses
5.1 Licensing overview

License keys provide access to enhanced features and services that are otherwise
unavailable or have limited availability. License keys are associated with the host IDs
of the server (or servers, for a cluster installation) that is running the 5520 AMS.
Separate licenses are issued for each component and plug-in for the 5520 AMS. A
product family and release must be specified to request a license. For information
and to obtain the required licenses for the 5520 AMS, contact the Nokia account
representative.
The following are licensed:
• Number of concurrent GUI user sessions
• Type and release of NEs that can be added and supervised
• 5529 Enhanced Applications
• Feature packs
• Number of subscribers allowed for all of the NEs managed by the 5520 AMS
The types of licenses are:

• True/false indicators that grant unlimited use of a specific feature for the duration
of the license
• Counters that grant permission to manage a specific number of resources
You can view information about each installed license in the Administration
perspective of the 5520 AMS. Details for each license display a true or false indicator
for unlimited features, or the number of resources to which you are entitled for
counted features. The counted features have separate columns to display the
number of licenses used as both a number and as a percentage of the total
entitlements.
Table 13 describes the 5520 AMS license information displayed in the Object Details
view. See Procedure 12 to view the 5520 AMS license information.
Managing licenses Administrator Guide
Table 13 5520 AMS license information
Column Column heading description Example Example description

heading
Parameter Type of license GPON License for subscribers on NEs with ONTs
4.7
XGS License for subscribers on NEs with

PON and XGS PON ONTs and NGPON2 ONTs
NG-PON
2
Host ID 5520 AMS server host identifier

IP License for subscribers on NEs with data and voice
DSLAM ports (1)
iSAM 4.2 License for 7302 ISAM/7330 ISAM FTTN/

7356 ISAM FTTB/7360 ISAM FX R4.2
Licensed Indicates whether NEs, true The NE or service pack is licensed, applies to unlimited
5529 Enhanced Applications or features only
service packs are licensed
Enabled The 5529 Enhanced Application is licensed
9.1.0 The release identifier of 5529 Enhanced Applications
1000 Counted feature indicates the number of licensed

elements, such as:
• Number of subscribers
• Number of operators (number of concurrent GUI
user sessions)
• Number of NEs
trunk 5520 AMS core software license
Used Number of licenses used; 250 —

applies to counted features only
% Percentage of licenses used; 0.8 —

applies to counted features only
Notes
(1) The data and voice ports are counted in separate counters. These ports are counted for reporting the number of data and voice ports in the
‘IP DLSAM Subscribers’ license usage in the Object Details view. Hence the licensed number is reported as ‘-1’ for ‘IP DSLAM Data
Subscribers’ and ‘IP DSLAM Voice Subscribers’ counters.
A new host ID due to any change in the server hardware results in automatically
deleting any AMS licenses associated with the old host ID when the AMS server
starts. In a cluster configuration, the license keys are deleted only if they are not
associated with any host ID of servers.
If the host ID changes due to any change in the server hardware, you need to install
the license keys for the new host ID. See Procedure 10 for information about adding
a license key.
Before you proceed, make sure your user account is assigned a role that includes
the necessary functions to perform the procedures in this chapter. See Table 19 for
more information on 5520 AMS function descriptions.
5.1.1 Licensing in a cluster

If you install the 5520 AMS in a cluster configuration, you must provide the host IDs
of all of the application servers in the cluster when you request your 5520 AMS
license key. If you add an application server to the cluster, you must request a new
license that includes the expanded set of host IDs for the cluster.
For your license to function correctly in a cluster, each server must be able to resolve
the host names of all other servers in the cluster, by using DNS or by adding the list
of all hosts to the /etc/hosts file of each server.
See the 5520 AMS Installation and Migration Guide for more information about
cluster configurations and applying your 5520 AMS license.
5.1.2 Subscriber licenses

The following subscriber types are licensed for the 5520 AMS:
• GPON: If an ONT belongs to a GSFU or GSBU family, the 5520 AMS counts one
subscriber. If an ONT belongs to a GMDU family, the 5520 AMS counts four
subscribers for every ONT.
• XGS PON and NG-PON2: If an ONT belongs to an MDU family, the 5520 AMS
counts four subscribers for every ONT. For other ONTs, the 5520 AMS counts
one subscriber for every ONT.
• IP DSLAM: The 5520 AMS counts one subscriber for each xDSL port.
Note — Only the subscribers on supervised, physically

installed boards are counted, not subscribers on planned
boards. If an NE is not supervised, its subscribers are not
counted against the license.
5.1.3 Operator licenses

An operator license allows a specified number of concurrent GUI user sessions per
server. When the limit is reached, a new login is denied. There is one exception; a
single operator whose user account includes the “superuser” role can always log in,
even after the licensed operator limit is reached.
See Procedure 47 for information about configuring the superuser role.
5.1.4 License alarms

The 5520 AMS performs a daily collection of the number of GPON, XGS PON and
NG-PON2, and IP DSLAM subscribers. When you approach or exceed a license
threshold, an alarm is raised. These alarms are automatically cleared after the
license problem is resolved.
For counted alarms, a warning alarm is raised when a percentage threshold of
licensed resources are used. By default, this threshold is set to 80%.
See Procedure 168 to configure this threshold.
Note — If the threshold is lowered below the current

percentage of licensed resources, an alarm will not be raised
immediately. For instance, if 80% of resources are currently in
use and the threshold is lowered to 75%, an alarm will not be
raised until the percentage is reached. You must trigger the
timer to reflect the changed threshold settings or wait for the
default license schedule which is triggered automatically at
3:00 AM.
A major alarm is raised when usage reaches 100%.

The 5520 AMS raises an alarm when a license is close to its expiry date. The License
validity is checked everyday at midnight. A minor alarm is raised when a license is
60 days from expiring, a major alarm is raised when a license is 30 days from
expiring, and a critical alarm is raised when a license is 7 days or less from expiring.
5.2 Adding license keys

To add a license key, you need a 5520 AMS license from the Nokia account
representative. See Section 5.1.
Licenses can be installed using the Create License wizard of the GUI by:
• Uploading valid .tar, .pdf, or .txt license files in the License File field, or
• Copying a valid license key in the License Key field
If both License File and License Key fields are populated in the Create License
wizard of the GUI, both licenses will be validated and installed. See Procedure 10.
Licenses can also be installed from valid .tar, .pdf, or .txt license files in the 5520
AMS server using the ams_install_license.sh script. See Procedure 11.
You can add a license for objects that are not already in your license list. If you add
a license key that includes an object for which you are already licensed, you will
receive an error message.
Note 1 — A .tar file can contain multiple .pdf or .txt license files,
which are uncompressed after uploading to the server. The
individual license files are then validated before installation.
Note 2 — A .txt file or .pdf file can contain multiple licenses.
• In a .txt file, each license is presented in the following format:

Key: Value, where Key identifies the application or
component to which the license applies, and Value is the
license key. Each license is separated by the delimiter ‘#----’.
• In a .pdf file, multiple licenses are presented in a table with
two columns. The first column identifies the application or
component to which the license applies, and the second
column includes the license key.
Procedure 10 To add a license key from the 5520 AMS GUI
1 In the Administration Tree, choose EMS Administration→License.
2 Right-click License and choose Create→License.
Result: The Create License window opens.
• Copy the license key from the locally stored license file and paste it in the License Key
field. Optionally, enter the description of the license in the Description field.
• Browse and select the license file (in .txt, .pdf, or .tar file format) in the License File field.
The default option is .txt.
4 Click Finish to verify and install the licenses.
Result: The licenses are verified and installed. In case an error occurs, no license will be
installed. See Table 15 for the scenarios in which installation of licenses may fail.
5 Close and restart the 5520 AMS client for the newly installed licenses to take effect.
Procedure 11 To add a license key from the 5520 AMS server
1 Log in to the 5520 AMS server as amssys or root.
2 Transfer the license files to be installed to a temporary directory in the 5520 AMS server.
3 Execute one of the following command options, as applicable:
Table 14 License installation from the 5520 AMS server
To install licenses Command options Command example
From a single file ams_install_license.sh [--force] ams_install_license.sh --force /var/opt/tmp/license/license.txt

<full path and name of license
file>
From multiple files ams_install_license.sh [--force] ams_install_license.sh --force /var/opt/tmp/license/license.txt,
<full path and name of license /var/opt/tmp/license/license.tar, /var/opt/tmp/license/license.pdf
file1>, <full path and name of
license file2>, <full path and
name of license filen>
From multiple files of ams_install_license.sh [--force] ams_install_license.sh --force /var/opt/tmp/license/*.pdf
the same file format <full path to license file>/*.<file or
supported by extension>
wildcard file selection ams_install_license.sh --force /var/opt/tmp/license/9.2.20*.txt
pattern
Note
(1) When you use the --force option, the script forcefully installs all licenses from the license file(s). If the license exists, then the existing license
is replaced by the new license.
Result: The licenses are verified and installed. In case an error occurs, no license will be
installed. See Table 15 for the scenarios in which installation of licenses may fail.
5.2.1 License installation error scenarios

Table 15 lists the scenarios in which a license installation may fail.
Table 15 License installation error scenarios
Error scenario The license installation fails with the error

message:
If an error occurs while processing the license file Error processing license [txt/pdf/tar] file {file
name}
(1 of 2)
Error scenario The license installation fails with the error

message:
If no license is found or the license file is License file {file name} corrupted or doesn't
corrupted contain license keys
If a file format other than .pdf, .txt, or.tar is The uploaded license file format { file name } is
uploaded not supported
If the path and filename entered in the License The uploaded license file { file name } doesn't
File field is incorrect exist
If you install a duplicate license License Key(s) {keys that are already present in
the system} already exists
If you install a license which has expired Expired license
If you install a license the host ID of which does The hostid in the license does not match the
not match the host ID of the 5520 AMS server hostid of the server(s) {host id present in the
license key}
(2 of 2)
5.3 Viewing license keys

Perform this procedure to view a license key.
Procedure 12 To view license keys
1 In the Administration Tree, choose EMS Administration→License to display a list of installed

licenses.
Result: The License window appears.
2 Choose a license from the Administration Tree.
Result: The Object Details view displays the license key parameters. See Table 13 for
information about the license key parameters.
5.4 Updating license keys

Perform this procedure to update a license key.
Note — If your updated license key includes an object for which

you are already licensed under a different license, you will
receive an error message.
Procedure 13 To update a license key
1 In the Administration Tree, choose EMS Administration→License to display a list of installed

licenses.
2 Choose a license from the Administration Tree.
Result: The Object Details view displays the license key details.
3 Delete the contents of the License Key field.
4 Navigate to the directory where you store your license key PDF files and open the file that
you need to use.
5 Copy the license key number from the PDF file and paste it in the License Key field.
6 Click Apply to update the license key.
7 Close and restart the 5520 AMS client.
5.5 Managing LT licenses
Applies to — This section applies to:
• ISAM R6.2.03 or later.

• The 10G_PON_enabled_LT license is enabled only on 7360
ISAM FX NEs with FGUT-A card type.
This section describes procedures to view license usage and to add or remove LT
licenses which are applicable only for 10G_PON_enabled_LT license. You can add
or remove LT licenses only when the 10G_PON_enabled_LT license is installed in
the 5520 AMS.
Procedure 14 To add or remove LT licenses
1 Open the Network perspective and navigate to the NE.
2 Right-click the NE and choose one of the following options:
• Supervision → LT Licenses → Add LT Licenses

• Supervision → LT Licenses → Remove LT Licenses
Note — You can select multiple NEs for adding or removing the LT
licenses.
Result: The Add LT Licenses window or Delete LT Licenses window opens based on the
chosen option.
3 In the Add LT Licenses window, you can enter the number of licenses to be added and in the
Delete LT Licenses window, you can enter the number of licenses to be removed.
4 Click Finish.
Result: When the addition or deletion of LT license is complete, the 5520 AMS displays the
Target, Description, Status and Additional Information in the Action Details window.
Procedure 15 To view license usage
1 Navigate to the NE and choose Infrastructure → Licenses → Actual
2 Choose the license License Usage 10G_PON_enabled_LT from the Network Tree.
Result: The Object Details view displays the information about the LT license count and the
list of LTs that are enabled with the license.
Administrator Guide Using the 5520 AMS securely
Using the 5520 AMS securely

6 Using the 5520 AMS securely
7 Managing SSL
8 Managing HTTPS
Using the 5520 AMS securely Administrator Guide
Administrator Guide Using the 5520 AMS securely
6 Using the 5520 AMS securely

6.1 Security overview
6.1 Security overview

You can use security protocols with the 5520 AMS. Table 16 describes options to
configure the 5520 AMS for secure operation.
Table 16 Options for configuring the 5520 AMS for secure operation
Protocol or configuration Description
Secure installation When securing your installation, see the 5520 AMS
Solution Planning Guide for information about ports and
services the 5520 AMS requires to operate correctly.
SSL between the application server and You can use SSL with the default keystore or a customized
the client keystore.
SSL communication between the application server and
the client is disabled by default. See Chapter 7 for
information about configuring SSL.
HTTPS between the application server A default HTTPs certificate is provided with the 5520 AMS,
and 5529 Enhanced Applications no configuration is required.
See Chapter 8 for information about replacing the default
certificate with one of your own.
5520 AMS user accounts Three UNIX user accounts are created on the application
server: amssys, amsftp and amssftp.
amssys is used by operators to connect to the server, you
need to change the password on the application server.
amsftp and amssftp are used by the NEs when transferring
files. If you choose to change the passwords for these
accounts, you need to change them on the application
server and in the 5520 AMS GUI. See the 5520 AMS
Installation and Migration Guide for more information.
See the 5520 AMS Installation and Migration Guide for
more information about user accounts.
SSL between the application server and The NEs do not use SFTP for file transfer by default.
the NEs You can choose the protocols used for file transfer
between the 5520 AMS and the NEs. See Procedure 140.
Secure communication for NEs that use See the Operations and Maintenance guide for the NE for
IPSec information about configuring IPSec.
(1 of 2)
Using the 5520 AMS securely Administrator Guide
Protocol or configuration Description

Security for 5520 AMS user sessions To increase the security of 5520 AMS user settings, you
can configure the following:
• User accounts (see Section 9.2).
• User roles (see Section 9.14).
• Session timeouts (see Section 11.4).
• Authentication using LDAPS (see Section 20.33).
You can also track user activity with the User Activity Log.
See Section 27.3.
Securing logs To forward the processmonitor and user command logs to

syslog server. See Section 31.51 for enabling or disabling
the syslog mode for logs.
(2 of 2)
Administrator Guide Managing SSL
7 Managing SSL
7.1 SSL overview
7.2 Generating a customized keystore
7.3 Enabling SSL
7.4 Reinstalling the 5520 AMS client to activate SSL changes
7.5 Switching between default and customized keystore
7.6 Disabling SSL
7.7 Modifying server and client protocols
7.8 Installing a self-signed certification
7.9 Installing a certificate signed by CA
7.1 SSL overview

SSL or TLS is a cryptographic protocol that is used to transmit data securely over the
Internet. SSL or TLS is used for secure communication between the 5520 AMS
application server and the 5520 AMS client.
Secure communication over SSL between the 5520 AMS server and client involves
one-way authentication, a process that uses a public key infrastructure to
authenticate the identity of the server. The client validates the certificate sent by the
server. The default SSL keystore setup in AMS uses a Self signed certificate for the
validation. If you use a customized keystore, you can use a Certificate Authority (CA)
signed certificate for the validation. If the server has a valid certificate, the client can
communicate with the server. The client and server exchange encrypted keys to
ensure secure communication.
By default, SSL communication between the 5520 AMS and the AMS GUI clients is
enabled. You can disable and enable SSL communication anytime by running a
script on the 5520 AMS server. However you need to stop the server to run a script,
which can take some time. No SSL configuration changes are required to the client.
In some cases, as documented in the procedures, users must install a new client.
Managing SSL Administrator Guide
To use SSL communication in a cluster environment, communication between the

server and all nodes must be secured and the keystore key and password must be
the same. The 5520 AMS server has a keystore file that contains a default keystore
key and password. The value is changeit. The key and password are shared with all
5520 AMS applications. You can generate a customized (self-signed) keystore file
on the 5520 AMS. See Procedure 16 to generate a customized keystore.
Note — Ensure that your Web Browser supports the encryption
that is used to generate the keystore for an SSL. Otherwise, the
Web Browser will be unable to display the AMS Download
Page.
The 5520 AMS client gets the keystore key and password from the server when you
download the client. Therefore, if you update the keystore file on the server, you must
download a new client to communicate with the server.
The types of entries in the keystore file are:
• Key entries: Each entry includes sensitive cryptographic key information that is
stored in a protected format to prevent unauthorized access. The key stored in a
key entry is a private key that is accompanied by the certificate chain for the
corresponding public key. The keytool and jarsigner tools only handle private keys
and their associated certificate chains.
• Trusted certificate entries: Each entry contains one public key certificate that
belongs to another party. The entry is called a trusted certificate because the
keystore owner trusts that the public key in the certificate belongs to the identity
identified by the owner of the certificate. The owner of the certificate vouches for
this by signing the certificate.
7.2 Generating a customized keystore

The 5520 AMS is shipped with a default keystore. You can generate a customized
keystore, if required. A customized keystore can even be generated on a server that
is not part of the 5520 AMS and can be still used in the AMS environment. You can
also use a certificate signed by an authorized Certificate Authority.
Note 1 — You must use PKCS12 keystore and 2048 bit key
length to generate customized keystore.
Note 2 — In a cluster setup, the same customized keystore
must be used on all servers except the Red Hat presentation
server. To configure the keystore on the applicable servers
execute the "ams_enable_ssl.sh" script with the location of the
keystore; see Procedure 19.
To perform the procedures in this section, you need to log in to the 5520 AMS server
as amssys. See Procedure 8 to log in to a 5520 AMS server as amssys.
Procedure 16 To generate a customized keystore
1 Log in to the 5520 AMS application server workstation as amssys.
2 In the workstation window, type:
keytool -genkey -keystore ams.keystore ↵
3 Enter the keystore password.
4 Re-enter the keystore password.
5 Enter the information when prompted.
Result: The keystore file is generated in the current directory. Ensure that amssys has the
required permissions to the current directory.
Procedure 17 To list the customized keystore

To perform this procedure, you must know the customized keystore password.
2 Go to the directory where the keystore file is generated in the workstation window and type:
keytool -list -v -keystore ams.keystore ↵
3 Enter the keystore password.
Result: The keystore type, keystore provider, and certificate fingerprint are displayed.
7.3 Enabling SSL

Enable secure communication over SSL by running a script on the 5520 AMS server.
You must stop the server, run the script, then restart the server.
In a cluster environment, you must enable SSL on every server in the cluster.
To perform the procedures in this section, you must be able to log in to the 5520 AMS
server as amssys. See Procedure 8 for more information.
Procedure 18 To enable SSL between the 5520 AMS server and 5520 AMS GUI client
Use this procedure to enable SSL communication between the 5520 AMS server and 5520 AMS
GUI client. Enabling SSL does not require you to download a new client.
Caution — This is a service-affecting procedure because it requires

you to stop the server.
1 Stop the 5520 AMS server:
i Log in to the 5520 AMS application server workstation as amssys.
ii In the workstation window, type:
ams_server stop ↵
2 Enable SSL using one of the following options:
i Use the following command if you want to enable SSL with the default keystore shipped
with AMS:
ams_enable_ssl.sh default ↵
ii Use the following command if you want to enable the last used SSL configuration:
ams_enable_ssl.sh ↵
3 Start the 5520 AMS server by typing:
ams_server start ↵
4 In a cluster environment, repeat steps 1 to 3 for each server in the cluster.
Procedure 19 To enable SSL communication with a customized keystore

Perform this procedure to enable SSL communication between the 5520 AMS server and the 5520
AMS GUI clients, using a customized keystore and keystore password. You can either generate
a customized keystore, or manually replace a keystore file obtain from a recognized certification
authority. For information about generating a customized keystore, see Procedure 16.
Before you proceed:
• You need the path to the keystore file on the 5520 AMS server and the keystore
password.
• Perform one of the following steps, as applicable:
• Generate a customized keystore. For information about generating a customized
keystore, see Procedure 16.

ams_server stop ↵
2 Enable SSL by typing:
ams_enable_ssl.sh [path-to-keystore-file] [keystore password] ↵
where:
path-to-keystore-file is the path to the keystore file on the 5520 AMS server.
keystore password is the customized keystore password.
For example:
ams_enable_ssl.sh /tmp/ams.keystore amsams.
Note — In a cluster setup, ensure that the same customized keystore is

used on all the servers in the cluster except the Red Hat presentation
server.
5 Reinstall the client to activate SSL changes on the client side.
To reinstall Windows or Red Hat Enterprise Linux client, see Procedure 21
Procedure 20 To confirm the status of SSL

Perform the following procedure to check the status of SSL.
2 In the workstation window, type:
ams_check_ssl.sh ↵
The status of SSL is displayed as enabled or disabled.
7.4 Reinstalling the 5520 AMS client to activate

SSL changes
You need to reinstall the 5520 AMS client when you:
• Enable SSL with a customized keystore. See Procedure 19 to enable SSL with a
customized keystore.
• Switch from the default to a customized keystore. See Procedure 22 to switch
from the default keystore to a customized keystore.
• Switch from a customized to the default keystore. See Procedure 23 to switch
from a customized keystore to the default keystore.
Procedure 21 To reinstall the Windows or Red Hat Enterprise Linux client to

activate SSL changes
Perform this procedure to reinstall the 5520 AMS Windows or Red Hat Enterprise Linux client to
apply SSL settings.
1 Enable the SSL between the 5520 AMS Server and the 5520 AMS GUI Client. For
information about enabling SSL, refer to 18
2 Install the Windows/Red Hat Enterprise client from the 5520 AMS server. For information
about installing the client, see the 5520 AMS Installation and Migration Guide.
3 In the Red Hat Enterprise Linux systems, verify that the keystore and amsclient.ini files are
overwritten by the new files.
Caution — For a shared client installation, modifying the permissions

on the keystore and amsclient.ini files would allow all users access to the
keystore and the password for the keystore.
Note — Perform the following only if the UNIX user is not assigned to
the amssys group.
For a shared client installation, log in to the 5520 AMS server as amssys
and modify the permissions on the keystore and amsclient.ini files by
typing
chmod 664 path/ams.keystore ↵
chmod 664 path/amsclient.ini ↵
where
path is the path to the location where the client is installed.
4 Restart the client.
7.5 Switching between default and customized

keystore
You can switch between using the default keystore and a customized keystore.
To perform the procedures in this section, you need to log in to the 5520 AMS server
as amssys. See Procedure 8 to log in to a 5520 AMS server as amssys.
Procedure 22 To switch from the default to a customized keystore

To switch from using the default to a customized keystore, enable SSL with a customized
keystore. See Procedure 19 to enable SSL with a customized keystore.
Perform this procedure to switch from using the default keystore to using a customized keystore.
You need a generated customized keystore file. See Procedure 16 to generate a customized
keystore.
Procedure 23 To switch from a customized to the default keystore

Perform this procedure to switch from using a customized keystore to the default keystore.

ams_server stop ↵
2 Enable SSL by typing:
ams_enable_ssl.sh default ↵
5 Reinstall the client to activate SSL changes.
To reinstall Windows or Red Hat Enterprise Linux client, see Procedure 21.
7.6 Disabling SSL

You can disable secure communication over SSL by running a script on the
5520 AMS server. You must stop the server, run the script, then restart the server.
In a cluster environment, you must disable SSL on every server in the cluster.
Before you proceed, you need to log in to the 5520 AMS server as amssys. See
Procedure 8 to log in to a 5520 AMS server as amssys.
Procedure 24 To disable SSL between the 5520 AMS server and the 5520 AMS GUI
client
Perform this procedure to disable SSL communication between the 5520 AMS server and the
5520 AMS GUI client; using default or customized keystore. You do not need to download a new
client.

ams_server stop ↵
2 Disable SSL by typing:
ams_disable_ssl.sh ↵
7.7 Modifying server and client protocols

This section describes how to modify a protocol on a server or a client.
Applies to — The SSL configuration mentioned in this section

is applicable only in Jboss/Wildfly.
7.7.1 SSL configuration on a server

When SSL is enabled, the 5520 AMS must establish secure connections through the
ports mentioned in Table 17.
Table 17 Secure ports for SSL configuration
Ports Description
8443 By default, the secure connection is enabled for HTTPS on this port.
If you want to force the server using a certain SSL protocol, you can manually modify
enabled-protocols in HTTPS configuration. For example, if you want to use TLSv1.2 only
for HTTPS, you can modify as the following configuration:
<https-listener name="https" socket-binding="https" security-realm="AxSSSLRealm"
enabled-cipher-suites="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_EC
DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_
SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256
_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_
CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA" enabled-protocols="TLSv1.2"
max-post-size="0"/>
4447 This port is used to establish the remote connection from a client to the 5520 AMS
server.
5445 and 5455 These ports are used to manage the messaging in HornetQ.
7.7.2 SSL configuration on a client

To establish an encrypted connection between the 5520 AMS client and the 5520
AMS server, AMS requires the location of trusted CA certificates. This is to verify the
server certificate when making a connection to an SSL/TLS server. In the AMS client,
the keystore file for the AMS client is stored under the AMS client directory, that is,
the same directory level with amsclient.exe.
The basic SSL configurations to establish a secured connection are stored in
amsclient.ini:
-Djavax.net.ssl.trustStore=keystore
-Djavax.net.ssl.keyStore=keystore
-Djavax.net.ssl.keyStorePassword=5520AMSPinCode
-Djavax.net.ssl.trustStorePassword=5520AMSPinCode
7.7.2.1 Verifying 5520 AMS SSL server status

Connect to the 5520 AMS server through port 4447 and you will receive one of the
following responses from the application server:
• If the connection is successful, the AMS SSL server is disabled.
• If the connection fails and the NamingException message is without STARTTLS
or SSL, then SSL is disabled because the failed connection might be a network
issue or other reasons not related to SSL.
• If the connection fails and the NamingException message contains STARTTLS or
SSL, then the AMS SSL server is enabled.
7.8 Installing a self-signed certification

This section describes the steps required for installing a self-signed certification.
Before you proceed, ensure you have installed Java JRE or JDK and OpenSSL.
Perform the steps in Procedure 25 to install a self-signed certification on a 5520 AMS
server.
Procedure 25 To install a self-signed certification
1 Create a folder and from the folder execute the following command:
set RANDFILE=rand
2 Generate a keystore; type
keytool -genkeypair -alias AMS -keyalg RSA -keysize 2048 -validity 7300
-sigalg SHA256withRSA -keystore AMSKeyStore -storepass 123456
Note — The first and last name should be a common name and the URL
which is used to access the server. There can be wildcards in the
Common Name (*.nokia.com or 192.168.92.*).
3 If you are using a domain name, following configurations are required:
• For a client: The client machine resolves the hostnames based on the information
provided in the certificate.
• For a server (Optional):
• Update the domain name on the server using sysctl -w
kernel.domainname=www.nokia.com
• Update /etc/sysconfig/network HOSTNAME
• Restart service of the NetworkManager.
4 Generate a Certificate Signing Request (CSR). Execute the command:
keytool -certreq -alias AMS -keystore AMSKeyStore -file AMS.csr
5 Setup a Certificate Authority (CA).
Copy openssl.cnf file (from where the OpenSSL was installed) and place it in the current
folder where the keystore is generated.
6 Execute the following commands:
openssl req -new -keyout cakey.pem -out careq.pem -config openssl.cnf
openssl x509 -signkey cakey.pem -req -days 3650 -in careq.pem -out
caroot.cer -extensions v3_ca -sha256
7 Import the CA certificate to the browser.
i Go to Internet Options → Content → Certificates → Trusted Root Certification

Authorities.
ii Click Import.
Result: The certificate import wizard opens.
iii Click Next.
iv In the File to Import page, browse and select the created CA file.
8 Sign your own certificate with CA.
echo 1234 > serial.txt
openssl x509 -CA caroot.cer -CAkey cakey.pem -CAserial serial.txt -req

-in AMS.csr -out TrustedAMS.cer -days 365 -sha256
9 Import the signed certificate to the keystore.
• To import CA Certificate, execute the command:
keytool -import -alias TestCA -file caroot.cer -keystore AMSKeyStore
• To import a AMS Certificate, execute the command:
keytool -import -alias AMS -file TrustedAMS.cer -keystore AMSKeyStore
You can also import the file type pem.
Note 1 — The alias used when importing the AMS certificate and when
generating the keystore must be the same.
Note 2 —
• For Releases 9.5.03 and above, if required, after importing the AMS
certificate, you can remove the CA certificate using the following
command:
keytool -delete -noprompt -alias TestCA -keystore
AMSKeyStore
• It is mandatory for Release 9.5.02 and older releases to remove the
CA certificate from the keystore.
10 Access the 5520 AMS server using port 8443 on the web browser.
Result: If the certificate is successfully imported, a green lock icon appears on the address
bar of the web browser.
7.9 Installing a certificate signed by CA

You can also use a certificate signed by an authorized Certificate Authority (CA) for
5520 AMS.
Note — 5520 AMS provides a default Keystore and password.

For enhanced security, it is recommended to generate a
Keystore and self-sign or use a certificate from a recognized
Certificate Authority (CA).
Before you proceed, ensure you have installed Java JRE or JDK.
Perform the steps in Procedure 26 as amssys to install a self-signed certification on
a 5520 AMS server.
Note — The commands provided in Procedure 26 is only for
reference. You must adapt the command line to meet your
specific requirements.
Procedure 26 To generate a certificate signed by CA
1 Create a folder and from the folder execute the following command:
set RANDFILE=rand
2 Generate a keystore; execute the command:
keytool -genkeypair -alias AMS -keyalg RSA -keysize 2048 -validity 7300
-sigalg SHA256withRSA -keystore AMSKeyStore -storepass 123456
Note — The first and last name should be a common name and the URL
which is used to access the server. There can be wildcards in the
Common Name (*.nokia.com or 192.168.92.*).
3 Generate a Certificate Signing Request (CSR). Execute the command:
keytool -certreq -alias AMS -keystore AMSKeyStore -file AMS.csr
4 Send the generated CSR file to a public CA. When requested, provide the required
information to the CA.
The CA provides the signed caroot.cer certificate.
5 Import the signed caroot.cer certificate to the AMS keystore. Execute the command:
keytool -import -alias TestCA -file caroot.cer -keystore AMSKeyStore
6 Import the AMS certificate to the AMS keystore. Execute the command:
keytool -import -alias AMS -file TrustedAMS.cer -keystore AMSKeyStore
You can also import the file type pem.
Note 1 — The alias used when importing the AMS certificate and when
generating the keystore must be the same.
Note 2 —
• For Releases 9.5.03 and above, if required, after importing the AMS
certificate, you can remove the CA certificate using the following
command:
keytool -delete -noprompt -alias TestCA -keystore
AMSKeyStore
• It is mandatory for Release 9.5.02 and older releases to remove the
CA certificate from the keystore.
7 Import the CA certificate to the browser.
i Go to Internet Options → Content → Certificates → Trusted Root Certification

Authorities.
ii Click Import.
Result: The certificate import wizard opens.
iii Click Next.
iv In the File to Import page, browse and select the CA file.
8 Access the 5520 AMS server using port 8443 on the web browser.
Result: If the certificate is successfully imported, a green lock icon appears on the address
bar of the web browser.
Administrator Guide Managing HTTPS
8 Managing HTTPS
8.1 HTTPS overview
8.2 Replacing the default HTTPS certificate
8.1 HTTPS overview

The 5520 AMS uses HTTPS to exchange data with 5529 Enhanced Applications. A
default HTTPS certificate is provided with the 5520 AMS and is enabled during
installation. You can replace the default HTTPS certificate with another HTTPS
certificate.
8.1.1 vprocmon support of HTTP communication

The vprocmon server supports only HTTP communication and 5520 AMS server
supports both HTTP and HTTPS communication.
To allow the vprocmon server to communicate with 5520 AMS server, you must
update the ams.conf configuration file before installing the vprocmon server.
Configure the value for the following parameter as:
AMS_PROTOCOL=BOTH
You can also configure the value of the AMS_PROTOCOL as HTTP but not HTTPS.
Note — You need to restart the server for the configuration

changes to take effect.
8.2 Replacing the default HTTPS certificate

Perform this procedure to replace the default HTTPS certificate.
Managing HTTPS Administrator Guide
Procedure 27 To replace the default HTTPS certificate
1 Obtain an HTTPS certificate that is issued by a recognized certification authority.
2 Log in to the 5520 AMS application server as amssys.
3 Place a copy of the HTTPS certificate in
$AMS_LOCALDATA_HOME/server/wildfly/server/amssys/configuration
4 Rename the HTTPS certificate to “keystore”.
5 Restart AMS server.
Procedure 28 To enable the HTTP communication

Perform this procedure to enable the HTTP communication.
Before you proceed, you need to log in to the 5520 AMS server as amssys. See Procedure 8 to
log in to a 5520 AMS server as amssys.
i Navigate to the following path:
$AMS_SOFTWARE_HOME/conf/
ii Execute the following command to open the configuration file for editing in a text editor:
vi ams.conf
3 Configure the value for the following parameter as:
AMS_PROTOCOL=HTTP
Note — The default value of AMS_PROTOCOL is set as HTTPS.
4 Save and close the ams.conf file.
Administrator Guide Managing HTTPS
Result: The HTTP communication is enabled.

Managing HTTPS Administrator Guide

Administrator Guide User management
User management
9 User accounts
10 PAPs
11 User sessions

User management Administrator Guide

Administrator Guide User accounts
9 User accounts
9.1 User accounts overview
9.2 Creating user accounts from the 5520 AMS GUI
9.3 Adding a new user account to the amssys group
9.4 Managing user accounts from the 5520 AMS server
9.5 Locking a user
9.6 Unlocking a user
9.7 Locking or unlocking all users with a specific role
9.8 Viewing user statistics
9.9 Defining global password and username rules
9.10 Changing a user password
9.11 Changing passwords for default users
9.12 Configuring password dictionary
9.13 Viewing user functions
9.14 Creating user roles
9.15 Assigning users to a user role
9.16 Configuring the superuser role
9.1 User accounts overview

In the 5520 AMS, each user has one or more roles. Each role specifies one or more
functions that allow a user to perform tasks for those functions. The 5520 AMS
provides a default admin user account and a number of default roles. The admin user
has the Administrator role, which allows the admin to perform all of the functions in
the 5520 AMS, including creating and managing other users and roles.
After installing the 5520 AMS, you must create the default admin user account using
the ams_createfirstuser script. For more information, see Appendix 31.

User accounts Administrator Guide
When a user does not have permission to execute an operation, the 5520 AMS:
• Dims or hides menu items that apply to the operation
• Makes parameters read-only
Note — From Release 9.7 onwards, the default admin user is

not created after installing the 5520 AMS. You must manually
create an initial AMS Administrator account using the
ams_createfirstuser script. For more information, see Appendix
31.
9.1.1 Changes to user accounts

User accounts can be changed at any time. By default, changes made to user
settings apply immediately. You can configure the 5520 AMS to make all changes to
user account parameters, including roles and passwords, subject to a 30 minute
delay. See “User settings” in this section.
9.1.2 Users
You need a user account to log in to the 5520 AMS. The 5520 AMS provides one
default admin user account. The admin can create other users and roles as required.
Each new user must be assigned at least one role.
9.1.3 Roles
A role can include one or more functions and can be assigned to one or more users.
There are default roles provided in the 5520 AMS. You can also create roles.
A role can be specific or more comprehensive. For example, a software administrator
may only need to manage software backups, restores, and upgrades, while a system
administrator needs to have full system access. Any combination of functions can be
grouped into a role.
Note — If there is any change in the roles of a user, some

privileges come into effect immediately (for example, view or
edit users). For other privileges, the user needs to log out and
log in again (for example, any change in access to node
objects). It is recommended that the user logs out and logs in
whenever the role changes.

9.1.3.1 Default roles

Table 18 describes the default roles.
Table 18 Default roles
Role Description
Administrator Perform all functions, including the functions in the other default roles. This is the
default superuser role.
AMS NBI Perform NBI functions.
Constructor Perform functions that are required to construct and manage the NEs in a network,
including creating NEs, starting and stopping supervision, planning units, creating
templates, and managing NE software.
NBI System System functions for OSS users that access the 5520 AMS using an NBI.
Operator Provision subscribers and perform troubleshooting.

Viewer View, but not modify, network and equipment information.
The default roles cannot be modified or deleted. A user with the Administrator role
can create, delete, assign, or modify other users and roles.
See Procedure 44 to view the functions that are assigned to a user with the default
roles. For a complete list of all the functions and what they allow users to do, see
Table 19.
9.1.3.2 Superuser role

You can assign only one role to be the “superuser”. A user whose account includes
the superuser role can log in even when logging in would exceed:
• The maximum number of logins to the current server configured by an
administrator using the Maximum Concurrent User Sessions parameter.
• The maximum number of logins to the current server allowed by your 5520 AMS
license.
By default, the superuser role is Administrator.
9.1.4 Functions
A function determines a set of operations that an operator can perform in the
5520 AMS. The operations that are allowed by the function are defined in the
software and cannot be changed by a user.
Functions can be added to roles, except the default roles. Roles can be assigned to
users to allow them to perform all the functions that are specified by the roles.

Many different functions are available in the 5520 AMS. Each function allows a user
to perform a specific type of operation. For example, Event - View is a function which
allows a user to view event settings in the Administration tree.
If you have the Edit function in a role, you cannot edit unless you have the View
function. For example, NE Edit function does not allow user to view NE details. In
order to create, manage, and delete NEs, you must have the View function.
• To create a role that allows to configure objects, you must add the following
functions to the role:
• Network Default – Edit
• Network – View
• NE - View
• To create a Troubleshoot role, you must add the following functions to the role:
• Network – Troubleshoot
• Network – View
• NE - View
Note — For information about functions that only apply to

5529 Enhanced Applications, see the product documentation
for the application.
You cannot create a function. However, you can create roles with various
combinations of functions. See Procedure 45 to create a role. See Procedure 44 to
view the functions that are assigned to a role. See Table 19 for a list of user functions
and what they allow users to do.
Note — The AMS NBI and NBI system default roles are used
exclusively by OSS users.
Table 19 5520 AMS function descriptions
Function Default Roles Description

Administrator
Constructor
AMS NBI
Operator
Viewer
5530 NA-F Settings - Edit Y Edit the 5530 NA-F settings in the
Administration tree (EMS
System→Site→5530 NA-F Settings).
5530 NA-F Settings - View Y View the 5530 NA-F settings in the
System→Site→5530 NA-F Settings).
(1 of 17)

Administrator
Constructor
Operator
AMS NBI
Viewer
Action Manager - Admin Y Manage and view jobs in the Action
Manager views, manage jobs created by
other users. (1)
Any user has access to the Action
Manager perspective, Action view, and
Historical Action view.
A user who has the Action Manager-
Admin function in their role can view and
modify the actions of all users.
A user who does not have the Action
Manager- Admin function in their role can:
• Modify only their actions (for example,
cancel, retry, and move to history).
• View the actions of all users.
Action Manager Settings - Edit Y Edit Action Manager settings in the

Administration tree (Configuration→Action
Manager Settings). See Section 20.21.
Action Manager Settings - Y View Action Manager settings in the

View Administration tree (Configuration→Action
Manager Settings). See Section 20.21.(6)
Active Sessions - Edit Y Modify active user sessions (User

Management→Active
Sessions→Session).
See Chapter 11.
Active Sessions - View Y View active user sessions (User

Management→Active
Sessions→Session).
See Chapter 11.
Alarm - Edit Y Y Y Modify, acknowledge, and assign

alarms (1).
Alarm - Manual Alarm Clear Y Clear an alarm manually from the AMS
Alarm Table. See the Alarms chapter in the
Alarm - View Y Y Y Y View alarms (1).
(2 of 17)

Administrator
Constructor
Operator
AMS NBI
Viewer
Alarm Settings - Edit Y Modify the following alarm settings in the
Administration tree:
• Configuration→Alarms→EMS Alarm
Severity Assignment→EMS Alarm
Severity Assignment
• Configuration→Alarms→Alarm
Settings
• Configuration→Alarms→NE Alarm
Processing Settings→NE Alarm Event
Log Filter
• Configuration→Alarms→ENV Alarm
Template→ENV Alarm Template
See Chapter 20.

Manage alarm rules. See Chapter 29.
Alarm Settings - View Y View the following alarm settings in the

• Configuration→Alarms→EMS Alarm
Severity Assignment→EMS Alarm
Severity Assignment
• Configuration→Alarms→Alarm
Settings
• Configuration→Alarms→NE Alarm
Processing Settings→NE Alarm Event
Log Filter
• Configuration→Alarms→ENV Alarm
Template→ENV Alarm Template
See Chapter 20.(6)
AMS NBI - Edit Y Y Create or modify an NE using the NBI.
AMS NBI - Edit User Y Y Create or modify a user using the NBI.
AMS NBI - Notify Y Y Receive notifications.
AMS NBI - View Y Y View users or NEs using the NBI.
AMS NBI Settings - Edit Y Configure the AMS NBI settings in the
Administration tree
(Configuration→NBI→EMS NBI Settings).
See Section 20.42.
AMS NBI Settings - View Y View the AMS NBI settings in the
Administration tree
(Configuration→NBI→EMS NBI Settings).
See Section 20.42.(6)
Cluster Performance - View Y View the data in the EMS Performance

Monitoring View.
(3 of 17)

Administrator
Constructor
Operator
AMS NBI
Viewer
Cluster Settings - Edit Y Modify the following server settings in the
• EMS System→Site
• EMS System→Site→DCN Settings
• EMS System→Site→Application &
Data Servers→Application Server
Data Servers→Data Server
• EMS System→LDAP Server CA
Certificates→CA Certificate
See Section 20.33.
Cluster Settings - View Y View the following server settings in the

• EMS System→Site
• EMS System→Site→DCN Settings
Data Servers→Application Server
Data Servers→Data Server
• EMS System→LDAP Server CA
Certificates→CA Certificate
Comments - Edit Y Y Y Add, modify, and delete comments on

objects. (1)
Comments - View Y Y Y Y View comments. (1)
CPE Vendor ID - Edit Y Modify entries in the CPE Vendor ID table.

See Chapter 24.
CPE Vendor ID - View Y View entries in the CPE Vendor ID table.

See Chapter 24.
Customized Web Links - Edit Y Y Add, modify, and delete customized web
links.
See Chapter 23.
Customized Web Links - View Y Y View customized web links.

See Chapter 23.
Cut Through - Secure CLI Y Y Y Use a secure CLI interface to send

commands (1).
Cut Through - Secure TL1 Y Y Y Use a secure TL1 interface to send
commands. (1)
Cut Through - Standard CLI Y Y Y Use a standard CLI interface to send

commands. (1)
(4 of 17)

Administrator
Constructor
Operator
AMS NBI
Viewer
Cut Through - Standard TL1 Y Y Y Use a standard TL1 interface to send
commands. (1)
Cut Through Settings - Edit Y Y Y Modify cut-through settings in the

Administration tree (Configuration→Cut
Through Settings). See Section 20.18.(1)
Cut Through Settings - View Y Y Y View cut-through settings in the

Administration tree (Configuration→Cut
Through Settings). See Section 20.18.(1) (6)
Event - View Y Y View event settings in the Administration

tree (Configuration→Event).
EMS/NE Protocol Settings - Y Modify the following EMS/NE Protocols in

Edit the Administration tree:
• Configuration→EMS/NE
Protocols→SSH Settings
Protocols→File Server
Credentials→<Type> User
Protocols→File Transfer Protocol
Selection
Protocols→TL1/CLI Protocol
Selection
Protocols→TFTP Server Settings
See Chapter 20.
EMS/NE Protocol Settings - Y View the following EMS/NE Protocols

View settings in the Administration tree:
Protocols→SSH Settings
Protocols→File Server
Credentials→<Type> User
Protocols→File Transfer Protocol
Selection
Protocols→TL1/CLI Protocol
Selection
Protocols→TFTP Server Settings
See Chapter 20.(6)
(5 of 17)

Administrator
Constructor
Operator
AMS NBI
Viewer
EMS Tracing Settings - Edit Y Configure the tracing of the EMS in the
Administration tree (Configuration→EMS
Tracing Settings).
See Section 20.24. (1)
EMS Tracing Settings - View Y View the tracing level of the EMS in the
Administration Tree (Configuration→EMS
Tracing Settings).
External TL1GW - Admin Y Log in to the External TL1 Gateway as an

Login Admin user.
See Chapter 16.
External TL1GW - OSS Login Y Y Y Log in to the External TL1 Gateway as an

OSS user.
See Chapter 16.
External TL1GW Server - Edit Y Create, modify or delete an External TL1

Gateway (EMS System→Site→External
TL1 GW Servers→External TL1 GW
Server).
See Chapter 16.
External TL1GW Server - Y View the External TL1 Gateway server
View (EMS System→Site→External TL1 GW
Servers→External TL1 GW Server).
See Chapter 16.
External TL1GW - TNM Login Y Y Y Log in to the External TL1 Gateway as a

TNM user.
See Chapter 16.
Filters - Admin Y Y Create, modify and delete public filters in

the Alarm, User Activity Log views, and
public filters used in 5529 Enhanced
Applications. Manage the public alarm
filters created by any user.
A user that has the Filters-Admin function
in their role can:
• Create public and private filters.
• Modify or delete filters that are created
by any user.
A user that does not have the

Filters-Admin function in their role can:
• Create private filters.
• Modify or delete only their filters.
To filter user activity log, see Chapter

27. (1)
(6 of 17)

Administrator
Constructor
Operator
AMS NBI
Viewer
Find - Run Y Y Y Find objects with the Go to navigation bar
and the Find objects feature. (1)
GUI Client Download Page - Y Y Y Y Required to download the AMS client. This
View function is available in the default roles.
The GUI Client Download Page - View
function is available from 9.6.07.
When migrating from an AMS release
earlier to 9.6.07, this function is added to
all the existing roles available in the earlier
release.
GUI - Multiple Edit Y Y Use the multiple edit function to modify

several objects of the same type at once.
(1)
This function supersedes other editing

functions.
GUI - Save to File on Client Y Y Y Y Use the Log File Selection menu in all the
Cut Through views.
Use the Save as, Save as CSV, Save as
XML in the Graphical View and Object
Details view.
Use the Export button in the PM views.
Use the Export menu in the Alarm
views. (1)
GUI - Save to File on Server Y Y Y Use the Copy Backup Files command from
the Backup Restore perspective.
See Chapter 18.
GUI Settings - Edit Y Modify the GUI settings in the

Administration tree (Configuration→GUI
Settings).
See Section 20.2.
GUI Settings - View Y View the GUI settings in the Administration

tree (Configuration→GUI Settings).
HDM NBI Settings - Edit Y Edit the HDM NBI Settings in the
System→Site→HDM NBI Settings).
HDM NBI Settings - View Y View the HDM NBI Settings in the
System→Site→HDM NBI Settings).(6)
Import/Export - Edit Y Import and export data from 5520 AMS.

See Section 21.6.
(7 of 17)

Administrator
Constructor
Operator
AMS NBI
Viewer
Inventory Settings - Edit Y Modify the Inventory settings in the
Administration tree (Inventory→Basic
Settings).
See Section 20.38.
Inventory Settings - View Y View the Inventory settings in the

Administration tree (Inventory→Basic
Settings).
License - Edit Y Add, modify, and delete 5520 AMS

licences (License→License).
See Chapter 5.
License - View Y View 5520 AMS licenses

(License→License).
See Chapter 5.
License Settings - Edit Y Edit the License settings in the

Administration tree (License→License
Settings). See Section 20.32.
License Settings - View Y View the License settings in the
Administration tree (License→License
Settings). See Section 20.32.(6)
Link Settings - Edit Y Edit the Link Settings in the Administration

tree (Configuration→Link Mgmt→<Link
Type> Links).
Link Settings - View Y View the Link Settings in the

Administration tree (Configuration→Link
Mgmt→<Link Type> Links).(6)
Log Files - View Y View the log files on the server from the
GUI.
See Chapter 27.
Map - Edit Y Y Modify the Map View.
NE - CLI/TL1 Credentials Y Y Configure the Auto populate Credentials

parameter in the cut-through settings in the
Administration tree, as well as the Update
the TL1 Credentials in the NE when
changing them in the NE Object Details
parameter in the NE plug-in settings.
See Section 20.18.
NE - Connectivity Check Y Y Y Launch the Tools→Connectivity Check
command. (1)
NE - Detection Y Y Discover new NEs in the network. (1)
(8 of 17)

Administrator
Constructor
Operator
AMS NBI
Viewer
NE - Edit Y Y Create, delete and modify (applicable on
attributes other than parent group) NEs
and NE Groups, start and stop supervision
of NEs, enable or disable alarm silent
mode for NEs. (1) (7)
To start and stop supervision of a single or
multiple NE groups, the security function
NE - Supervision at group level must be
assigned to the user role.
NE - Supervision at group Y Y Y Start and stop supervision of a single or
level multiple NE groups.
When the function is not enabled and a mix
of NEs and NE groups is selected, then the
start and stop supervision options will
continue to be unavailable until the NE
groups are deselected.
NE - Move Y Y Y Allows to change the parent group of an
NE or NE Group in the Object Details view
or by dragging and dropping the selected
objects in the tree. (7)
NE - View Y Y Y Y View NEs and NE group configuration. (1)
NE Backup - Backup Y Y Perform NE backup operations.

See Chapter 18.
NE Backup - Manage Y Y Y Y View NE backup files.

See Chapter 18.
NE Backup - Restore Y Y Perform an NE restore operation.

See Chapter 18.
NE Backup Settings - Edit Y Edit the NE Backup settings in the

Administration tree (Configuration→NE
Backup Settings). See Section 20.19.
NE Backup Settings - View Y View the NE Backup settings in the

Backup Settings). See Section 20.19.(6)
NE Link - Edit Y Y Create, delete, and modify links between

NEs.(1)
NE List - NBI Y Generate the NE or agent list.
NE Plug Settings - Edit Y Edit the NE Plug settings in the

Plug Specific Settings→<NE> <Release>
Settings). See Section 20.27.
(9 of 17)

Administrator
Constructor
Operator
AMS NBI
Viewer
NE Plug Settings - View Y View the NE Plug settings in the
Plug Specific Settings→<NE> <Release>
Settings). See Section 20.27.(6)
Network - View Y Y Y Y View the NEs and NE Group configuration.

(1) (2)
Network Alarm - Edit (5) Y Y Modify alarm severities, alarm filters, and
the ASAT. (1)
Network Default - Edit (5) Y Y Y Modify the attributes of objects that are
below the NE in the Network Tree and that
are not included in the other Network - Edit
functions. (1) (2)
Network Default - Y Y Y Lock, unlock, perform test operations, and

Troubleshoot (4) enable or disable PM collection on other
subscriber resources. (2)
An LT board is not considered as a
subscriber resource.
Perform OTDR operations in the OTDR
view.
Create pbit traffic counters on a VLAN
Association Interface.
Network E1/DS1 Port - Edit (5) Y Y Y Create and modify E1 and DS1 ports. (2)
Network E3/DS3 Port - Edit (5) Y Y Y Create and modify E3 and DS3 ports. (2)
Network Equipment - Edit (5) Y Y Plan and delete a rack, subrack, or slot. (1)
Network Ethernet LT Port - Y Y Y Create and modify Ethernet LT ports. (2)

Edit (5)
Network Ethernet LT Port - Y Y Y Perform test operations, lock or unlock the

Troubleshoot (5) port, clear counters on Ethernet subscriber
resources. (2)
Network G6 Subscriber - Edit Y Y Y Create and modify G6 subscribers.

Network Layer2 - Aging Time Y Y Y Security function for editing aging time for
GPON and SHub- based NEs.
Network Layer2 - Edit (5) Y Y Y Create and modify Infrastructure→Layer2

objects (except for the aging time
attribute). (2)
Network Layer3 - Edit (5) Y Y Y Create and modify Infrastructure→Layer3

objects. (2)
Network Multicast - Edit (5) Y Y Y Create and modify

Infrastructure→Multicast objects. (2)
Network OAM - Edit (5) Y Y Modify the OAM IP address, trap definition,
SNMP, and SSH parameters.(3)
(10 of 17)

Administrator
Constructor
Operator
AMS NBI
Viewer
Network ONT - Edit (5) Y Y Y Create, delete, configure and clean up
ONTs. (2)
Network ONT - Replace Y Y Y Modify the ONT serial number, subscriber

location ID, and planned software. (2)
Network ONT Card - Edit (5) Y Y Y Create, delete, configure and clean up
ONT cards. (2)
Network ONT Port - Edit (5) Y Y Y Create, delete, configure and clean up
ONT ports. (2)
Network ONT Service - Edit (5) Y Y Y Create, delete, configure and clean up
ONT services. (2)
Network PON Port - Edit (5) Y Y Create, modify, delete, and clean up PON
ports. (2)
Network PON Port / ONT - Y Y Y Perform test operations, lock or unlock the
Troubleshoot (5) port, clear counters on PON subscriber
resources. (2)
A PON port is not considered as a
subscriber resource.
Network Profile - Edit (5) Y Y Y Create, modify, and delete NE profiles,

such as xDSL Spectrum and ENV alarm
profiles.
Network SDH/Sonet Port - Y Y Y Create and modify SDH and SONET
Edit (5) ports. (2)
Network SHDSL Port - Edit (5) Y Y Y Create and modify SHDSL ports. (2)
Network SHDSL Port - Y Y Y Perform test operations, lock or unlock the

Troubleshoot (5) port, clear counters on SHDSL subscriber
resources. (2)
Network SHUB/IHUB Port - Y Y Y Create and modify Ethernet SHUB and

Edit (5) IHUB ports. (2)
Network Slot LT Ethernet - Y Y Y Modify, and unplan Ethernet LT units.

Edit
Network Slot LT Ethernet - Y Y Y Perform lock, unlock, and reset LT

Troubleshoot operations on Ethernet LT units.
Network Slot LT Other - Edit (5) Y Y Y Plan all types of LT units, and modify and
unplan other LT units and appliques. (2)
Network Slot LT Other - Y Y Y Perform lock, unlock, and reset LT

Troubleshoot operations on other LT units.
Network Slot LT PON - Edit Y Y Y Modify, and unplan PON LT units.
Network Slot LT PON - Y Y Y Perform lock, unlock, and reset LT

Troubleshoot operations on PON LT units.
Network Slot LT SHDSL - Edit Y Y Y Modify, and unplan SHDSL LT units.
(11 of 17)

Administrator
Constructor
Operator
AMS NBI
Viewer
Network Slot LT SHDSL - Y Y Y Perform lock, unlock, and reset LT
Troubleshoot operations on SHDSL LT units.
Network Slot LT Voice - Edit Y Y Y Modify, and unplan Voice LT units.
Network Slot LT Voice - Y Y Y Perform lock, unlock, and reset LT

Troubleshoot operations on Voice LT units.
Network Slot LT XDSL - Edit Y Y Y Modify, and unplan XDSL LT units.
Network Slot LT XDSL - Y Y Y Perform lock, unlock, and reset LT

Troubleshoot operations on XDSL LT units.
Network Slot NT - Edit (5) Y Y Plan, modify, and unplan NT units and
force NT switchovers. (2)
Network Slot NT - Y Y Perform lock, unlock, and reset NT

Troubleshoot operations.
Network Software - Edit (5) Y Y Activate and commit software downloads.

Network Voice Infrastructure - Y Y Y Plan, modify and unplan Voice boards. (2)
Edit (5)
Network Voice User Port - Y Y Y Create and modify Voice user ports. (2)
Edit (5)
Network Voice User Port - Y Y Y Perform test operations, lock or unlock the
Troubleshoot (5) port, clear counters on Voice subscriber
resources. (2)
Network XDSL Override - Y Y Y Override the xDSL profile data of xDSL

Edit (5) ports. (2)
Network XDSL Port - Edit (5) Y Y Y Create and modify ADSL and xDSL
ports. (2)
Network XDSL Port - Y Y Y Perform test operations, lock or unlock the

Troubleshoot (5) port, clear counters on DSL subscriber
resources. (2)
ONT - View HGU Y Retrieve HGU operational parameters

Configuration from ONT.
Operator Defaults - Edit Y Y Configure and manage operator defaults.

See Chapter 23.
PAP - Edit Y Y Create, modify, and delete PAPs and PAP

groups in the Administration tree.
• User Management→Partition Access
Profiles→PAP
• User Management→PAP
Groups→PAP Group
See Chapter 10.
(12 of 17)

Administrator
Constructor
Operator
AMS NBI
Viewer
PAP - View Y Y Y Y View PAPs and PAP groups in the
Administration tree.
• User Management→Partition Access
Profiles→PAP
• User Management→PAP
Groups→PAP Group
See Chapter 10.
PM - Admin Y Y Perform all PM operations, including

stopping monitoring tasks created by other
users. (1)
PM Settings - Edit Y Edit the PM settings in the Administration

tree (Configuration→PM Settings). See
Section 20.17.
PM Settings - View Y View the PM settings in the Administration

tree (Configuration→PM Settings). See
Section 20.17.(6)
PM - User Y Y Y Y Create PM monitoring tasks. (1)
Schedule - Edit Y Y Y Create and modify schedules.

See Chapter 22.
Schedule - View Y Y Y Y View schedules.

See Chapter 22.
SIP Profile - Edit Y Y Create and modify SIP profiles. (2)
SIP Profile - View Y Y Y Y View SIP profiles. (2)
SIP Settings - Edit Y Modify SIP settings in the Administration

tree (Configuration→SIP Settings). (2)
SIP Settings - View Y View SIP settings in the Administration

tree (Configuration→SIP Settings). (2)
SNMP Profile - Edit Y Y Create and modify SNMP users and

profiles in the Administration tree.
• Configuration→SNMP→SNMPv3
User
• Configuration→SNMP→SNMP Profile
See Section 20.3.
SNMP Profile - View Y Y Y View SNMP users and profiles in the

Administration tree.
• Configuration→SNMP→SNMPv3
User
• Configuration→SNMP→SNMP Profile
See Section 20.3.
(13 of 17)

Administrator
Constructor
Operator
AMS NBI
Viewer
SNMP Settings - Edit Y Modify the following SNMP settings in the
• Configuration→SNMP→Connections
• Configuration→SNMP→NE Detection
Setting
• Configuration→SNMP→Trap Setting
• Configuration→SNMP→Retries
See Section 20.3.
SNMP Settings - View Y View the following SNMP settings in the

• Configuration→SNMP→Connections
• Configuration→SNMP→NE Detection
Setting
• Configuration→SNMP→Trap Setting
• Configuration→SNMP→Retries
SNTP Settings - Edit Y Modify the SNTP settings in the

System→Site→SNTP Server→SNTP
Server).
See Section 20.37.
SNTP Settings - View Y View the SNTP settings in the

System→Site→SNTP Server→SNTP
Server).
Software Mgmt - Edit Y Y Perform NE or ONT software upgrade

operations. Verify and abort verify
software downloads.
Software Mgmt - Prepare Y Y Prepare NE or ONT software upgrade

operations.
Software Mgmt - View Y Y Y Y View NE or ONT software upgrade results.
Splitter Settings - Edit Y Edit the Splitter settings in the

Administration tree
(Configuration→Splitter Settings). See
Section 20.20.
Splitter Settings - View Y View the Splitter settings in the

Administration tree
(Configuration→Splitter Settings). See
Section 20.20.(6)
(14 of 17)

Administrator
Constructor
Operator
AMS NBI
Viewer
Subscriber Search Attribute Y Change the attributes categories for the
Categories, Custom Fields - subscriber search.
Edit See Chapter 15.
Subscriber Search Attribute Y Y Y Change the custom field attributes.
Categories, Custom Fields - See Chapter 15.
Attribute Edit
Subscriber Search Attribute Y View the attributes categories for the

Categories, Custom Fields - subscriber search.
View See Chapter 15.
Subscriber Search Attribute Y Y Y Y View the custom field attributes.

Categories, Custom Fields - See Chapter 15.
Attribute View
Supervision Settings - Edit Y Change the parameters related to the

supervision of a NE, such as polling and
system ID in the Administration tree
(Configuration→Supervision Settings).
See Chapter 13.
Supervision Settings - View Y View the parameters related to the
supervision of a NE, such as polling and
system ID in the Administration tree.
(Configuration→Supervision Settings)
See Chapter 13.(6)
Syslog - View Y View the logs that are created by the NE

on syslog servers. (1)
Template - Apply Y Y Y Apply or download templates to the

NEs. (1)
Template - Discover Y Y Upload profiles from the NE so that the

profiles become templates in the 5520
AMS. (1)
Template - Edit Y Y Create, modify, clone and delete NE

templates. (1)
Template - View Y Y Y Y View NE templates. (1)

Template Settings - Edit Y Edit the Template settings in the
Administration tree
(Configuration→Template Settings). See
Section 20.30.
Template Settings - View Y View the Template settings in the

Administration tree
(Configuration→Template Settings). See
Section 20.30.(6)
(15 of 17)

Administrator
Constructor
Operator
AMS NBI
Viewer
Time Zone Settings - Edit Y Configure the time zones used in the
Administration Tree (Configuration→Time
Zone Settings).
See Section 20.25.
Time Zone Settings - View Y View the time zones used in the
Administration Tree (Configuration→Time
Zone Settings).
User Activity Log - View Y View the user activity log corresponding to
the user’s own activity only.
See Chapter 27.
User Activity Log Settings - Y Configure the user activity log settings in
Edit the Administration tree
(Configuration→User Activity Log
Settings).
See Section 20.26.
User Activity Log Settings - Y View the user activity log settings in the
View Administration tree (Configuration→User
Activity Log Settings).
User Activity Log - View All Y Y Y View the user activity log of all users.
See Chapter 27.
User Management - Allow All Y Enables to create or modify users with all
Privileges roles and PAP groups.
User Management - Edit Y Create, modify, and delete users and

roles. Also locks and unlocks the users.
See Chapters 9 (this chapter) and 11.
User Management - Y Lock or Unlock users.

Lock/Unlock See Chapter 9 (this chapter).(8)
User Management - View Y View user configurations.

User Management Settings - Y Configure the user settings in the

Edit Administration tree (User
Management→User Settings).
User Management Settings - Y View the user settings in the

View Administration tree (User
Management→User Settings).
See Chapters 9 (this chapter) and 11.(6)
User Messaging - Broadcast Y Y Y Broadcast user messages. (1)
(16 of 17)

Administrator
Constructor
Operator
AMS NBI
Viewer
Web Console – Debugger Y Edit the file log4j2.properties.
View the AMS GUI logs.
See Sections 27.12 and 27.13
(17 of 17)
Notes
(1) See the 5520 AMS User Guide.
(2) See the Operations and Maintenance guide for the NE.
(3) Modify the default SSH parameters only as described in the AMS documentation. If not, the customizations may
impact AMS server behavior.
(4) If you perform operations that require the Network - Troubleshoot function, your user role must also have the
NE - View and Network - View functions.
(5) If you perform operations that require a Network object - Edit function, your user role must also have the NE -
View, Network - View, and Network - Troubleshoot functions.
(6) If this function is not assigned to a user role, the settings object is not visible to the user in the Administration
tree.
(7) To allow a user to create an NE or NE Group, both security functions NE - Edit and NE - Move must be assigned
to the user role.
(8) To allow a user to lock or unlock another user, the security function User Management - View must be assigned
to the user role.
9.1.5 User settings

Table 20 describes parameters that apply to all user accounts. The parameters
appear in the Object Details view when you choose EMS Administration→User
Management→User Settings in the Administration Tree.
Table 20 User settings parameters
Parameter Description
General
Superuser Role Even if the total number of users allowed by the license is
reached, the AMS allows one additional user with the Superuser
Role to login. For instance, such a user can unblock the situation
by disconnecting inactive user sessions and thereby, letting
other users to login to the AMS.
Max. Number of Concurrent GUI The maximum number of concurrent GUI user sessions
User Sessions allowed.
Max. Number of Users displayed The maximum limit on the users displayed in the Administration
in Administration Tree Tree.
(1 of 3)

Manage Users Based on PAP Select this check box to configure the 5520 AMS to restrict the
users based on PAP.
If the check box is checked, then only the users that contain one
or more PAPs of the current user appears in the Administration
Tree and the Table view.
By default, the check box remains unchecked.
For more information, see Section 10.1.
Global Max. Number of A global setting that specifies the maximum number of
Concurrent Session concurrent sessions allowed for users who have not applied a
user-level preference.
If a user has specified a user-level preference in the 'Maximum
Number of Concurrent Sessions' field in the User account
settings, then this global setting will not apply to the user.
Global Login Message A message that is displayed to users after they log in to the
5520 AMS client. The message can be 0 to 1000 characters.
Global Address Filter Specifies a global setting of IP addresses and subnet masks of
client workstations that are allowed to access the server.
If a user has specified a user-level preference in the 'Address
Filter' field in the User account settings, then this global setting
will not apply to the user.
When the Global Address Filter is modified, the session that do
not match the specified IP address mentioned in the filter is
disconnected.
Global Inactivity Lock Screen Specifies the duration of time that elapses with no GUI activity in
Timeout a user session before the 5520 AMS GUI screen is locked for
the specified user. For more information, see Section 11.7.
Global Inactivity Logout Timeout Specifies the duration of time that elapses with no GUI activity in
a user session before the user is logged out.
Also, the inactive user session is logged off when the number of
logged in sessions exceed the specified threshold limit.
Exit the GUI instead of Logout on Specifies the exit time of the GUI, based on the Global Inactivity
Inactivity Logout Timeout Logout Timeout.
If the check box is checked, then the GUI will exit when the
Global inactivity Logout Timeout expires.
By default, the check box remains unchecked.
Global Timeout for Dormant Specifies the duration of time that elapses when a user has not
Account Lock logged in for a specific amount of time and the dormant account
gets locked. For more information, see Section 11.8.
Global Timeout for Dormant Specifies the duration of time that elapses when a user has not
Account Deletion logged in for a specific amount of time and the dormant account
gets deleted. For more information, see Section 11.9.
User Name
Minimum Length The minimum number of characters for usernames.
Maximum Login Failures The maximum number of login failures.
At Least One Numeric Character A minimum of one numeric character is required in usernames.
(2 of 3)

Password
Minimum Length (1) The minimum number of characters in a password.
At Least One Special Character (1) A special character is required in passwords.
Must Differ From User Name (1) The password must be different from the username.
Strong Password (1) The password must include at least:

• One lowercase alphabetic character
• One uppercase alphabetic character
• One numeral
• One special character
Refuse if Present in Dictionary (1) Select this check box to check the password entered by the user
against the password dictionary. If the password appears in the
dictionary, then the password is refused.
Loaded Dictionary File Displays the path of the last password dictionary uploaded.
Min. Time Before Password The minimum number of days that must elapse before a user
Reuse can reuse a password.
Enforce Password History Prohibits the user from re-using one of the last ten passwords.
Password Aging (2) When the value set in the Maximum Password Age parameter
expires, the 5520 AMS forces the user to change the password
on the next login.
This parameter is overridden for individual users when you
enable the Bypass Password Aging Check parameter. See
Table 21.
By default, this check box is selected.
Maximum Password Age The maximum number of days that the user can use the
password.
Password Expiration Warning (2) Selecting this box allows the configuration of a password
expiration warning to be displayed at user login for a configured
number of days prior to the password expiration date till the user
changes the password.
Password Expiration Warning Specifies the number of days prior to the password expiration
Period date from when the password expiration warning will be
displayed to the user at the time of login. The user has the option
to change the password when this warning is displayed.
Max. Number of Password Specifies the number of times password can be changed in a
Changes per Day (2) calendar day. The range is from 1 to 12. By default, this value is
set to 1.
(3 of 3)
Note
(1) When an administrator creates a user account, password complexity rules are not checked. These rules are
checked only when you change your password using the Change Password option. Nokia recommends that
you always enable the Change Password on Next Login (2) parameter in combination with this option.
(2) If the number of the times the password has been changed in a day exceeds the configured value, a warning
message “Max. number of password change attempts reached” is displayed in the change Password window
and the password can only be changed the next day.

9.1.6 User account parameters

Table 21 describes parameters that apply when you create or modify user accounts.
See Procedure 29 to create a user account.
Table 21 User account parameters
Parameters Options Description
User - User account name
Common tab
Full User Name - Full name of the user
Email Address - E-mail address of the user
Description - Description of the user account.
Password (1) - User account password

If remote authentication is configured
at the site, and the Use Internal
Database check box is not selected,
then assigning a password for the
user is optional.
Change Password on Next Login (2) Select the check box Prompts the user to change the
password the next time the user logs
in.
Bypass Password Aging Check Select the check box The password does not expire,
overriding the password aging value
set in the user settings. See Table 20.
Roles Click Add to select See Roles for more information about
user roles roles.
If the current user has a role that
includes the security function "User
Management - Edit" but not the
function "User Management - Allow
All Privileges", then only the roles
containing the security functions of
the current user are available for
selection.
When the user role is modified, the
logged in user is logged off.
Allowed PAP Groups Click Add to select See Chapter 10 for more information
PAP groups for the about PAP groups.
user If the current user has a role that
includes the security function "User
management - Edit" but not the
function "User management - Allow
All Privileges", only the PAP groups
containing the PAPs of the current
user are available for selection.
When the list of PAP groups is
modified, the logged in user is logged
off.
(1 of 5)


Use Global Max. Number of Select the check box Select this check box to set the
Concurrent Sessions maximum number of concurrent
sessions allowed for this user
account as per the setting defined in
the 'Global Max Number of
Concurrent Session' parameter.
This setting can be applied to users
created from a remote authorization
server, when the remote server does
not provide this setting.
Max. Number of Concurrent - The maximum number of concurrent

Sessions sessions allowed for this user
account.
Locked Select the check box Prevents the user from logging in to
the account.
When this parameter is modified the
logged in user is logged off.
Advanced tab
Use Global Login Message Select the check box Use the global login message
configured in the user settings. See
Table 20.
Login message - Login message that appears when

the Use Global Login Message
parameter is not selected.
Use Global Address Filter Select the check box Select this check box to set the
(Selected by default) address filter for this user account as
per the setting defined in the 'Global
Address Filter' parameter.
This setting can be applied to users
server, when the remote server does
not provide this setting.
When the Global Address Filter is
modified, the session that does not
match the specified IP address
mentioned in the filter is
disconnected.
Address Filter Use the format IP addresses and subnet masks of
IP_address/subnet_ client workstations that are allowed to
mask, with each access the server.
entry separated by a When the Address filter is modified,
comma. the session that does not match the
By default, the value specified IP address mentioned in the
of this parameter is filter is disconnected.
empty. In such
cases, the user
cannot login to the
server. When the
value is set to
0.0.0.0/0, full access
is given to the user.
Authentication and Authorization
(2 of 5)


Creation Manual Specifies how the user is created.
Automatic Manual indicates that the user
created from the 5520 AMS GUI or
server.
Automatic indicates that the user
server.
You cannot modify any attribute of a
user, if a user creation is ‘Automatic’.
Last Successful Authentication Internal Database Specifies the Authentication source

Source LDAP for the user.
RADIUS The value ‘-’ is for manually created
users who are not logged in.
Client OS
-
Last Successful Authorization Internal Database Specifies the Authorization source for
Source LDAP the user.
RADIUS The value ‘-’ is for manually created
users who are not logged in.
Client OS
-
Use Internal Database Select this check box When LDAP or RADIUS
(selected by default) authentication is configured, select
this parameter to override that
configured authentication and use
local authentication (authentication
using the internal database) for the
user.
When LDAP or RADIUS
authentication is used, it is
recommended to select this
parameter as well for users that have
the administrator role so that they can
still log in to the 5520 AMS system
when the LDAP or RADIUS server is
down.
Even though NBI users can be
remotely authenticated, it is
recommended to select this option for
such users to avoid contacting the
remote authentication/authorization
server at each login.
See Section 20.33 for information
about enabling LDAP and RADIUS
authentication.
Inactivity
Inactivity Logout Timeout (3) Global (As in User The type of inactivity logout timeout
Settings) for this user account.
User Defined The inactive user sessions are
No Inactivity Timeout logged off when the number of logged
in sessions exceed the specified
threshold limit.
(3 of 5)


Logout Timeout - The length of time after which the
user is logged off when there is no
user activity on the GUI.
Configurable only when the Inactivity
Logout Timeout parameter is set to
User Defined.
Inactivity Lock Screen Timeout (3) Global (As in User The type of inactivity lock screen
Settings) timeout for this user account.
User Defined
No Inactivity Timeout
Lock Screen Timeout - The length of time after which the

5520 AMS GUI screen is locked
when there is no user activity on the
GUI.
Configurable only when the Inactivity
Lock Screen Timeout parameter is
set to User Defined.
Dormant Account
Dormant Account Lock Policy No Lock Timeout The type of lock timeout for this
Global dormant account.
User Defined
Dormant Account Lock Timeout - The length of time after which the
user is locked when the user account
is dormant. Configurable only when
the Dormant Account Lock Policy
parameter is set to User Defined.
Dormant Account Deletion Policy No Delete Timeout The type of deletion timeout for this
Global dormant account.
User Defined This parameter also applies to user
accounts created automatically
through a remote authorization
server.
Dormant Account Deletion Timeout - The length of time after which the
user is deleted when the user
account is dormant. Configurable
only when the Dormant Account
Deletion Policy parameter is set to
User Defined.
Miscellaneous
(4 of 5)


Hidden Account (Operations are Select the check box Note - This is a licensed feature and
not logged) is disabled by default. Please contact
your Nokia representative for further
information.
Enabling this check box prevents
detection of any configuration
changes made by this user. The user
account is hidden from other users,
as operations of the user are not
logged in the user activity log or
security log, and the user session is
not listed as an active session when
the user is logged in. It is
recommended to assign the “Viewer”
role to this user to prevent execution
of configuration changes. This check
box is not selected, by default. This
parameter will take effect at the next
login.
When any changes are made to this
parameter, the logged in user session
is disconnected.
Statistics
Active Sessions Select an active Displays the active sessions and

session and click Go allows you to navigate to a selected
To active session in the Administration
Tree (choose EMS Administration →
User Management → Active
Sessions → Session).
If the check box ‘Hidden Account
(Operations are not logged)’ is
enabled for an user account, the
user’s session is not listed as an
active session when the user is
logged in.
(5 of 5)
Notes
(1) When an administrator creates a user account, password complexity rules are not checked. These rules are
checked only when you change your password using the Change Password option. Nokia recommends that
you always enable the Change Password on Next Login (2) parameter in combination with this option. When the
password is changed, if there are any logged in users, they will be logged off immediately.
(2) This parameter does not apply if remote authentication is enabled.
(3) In LDAP server, the supported options for Nokia-AMS-InactivityLogoutTimeout and
Nokia-AMS-InactivityLockScreenTimeout parameters is GLOBAL, NONE, and USER.

9.2 Creating user accounts from the 5520 AMS

GUI
Note — The password that you assign to the 5520 AMS user is
stored in the 5520 AMS database. This 5520 AMS user
password does not override the password that is specified in
the RADIUS server.
When you create a user, you associate roles and PAP groups with the user to
configure the access privileges and the NEs for which the user has access.
See Section 9.14 and Chapter 10 for the procedures to configure roles and PAP
groups.
By default, the 5520 AMS server uses internal database authentication. To enable
RADIUS or LDAP authentication, you must install a RADIUS or LDAP server and
configure the authentication settings for the site. For information about enabling,
disabling, and configuring RADIUS and LDAP authentication, see Section 20.33.
9.2.1 Internal DB authentication

When internal database authentication and authorization (authentication and
authorization using the 5520 AMS database) are enabled at the site, creating a user
account from the 5520 AMS GUI and assigning a password for the user are
mandatory.
9.2.2 Remote authorization

When using remote authorization, users will be automatically created in the 5520
AMS when authorization is successful, and will be automatically deleted by the
'Dormant Account Deletion' feature configured in 'User Settings'.

When remote authorization is enabled at the site, you can also create a user account
from the 5520 AMS GUI for each user that will be authorized from the remote
authorization server. In this case, even if remote authorization server is down, 5520
AMS GUI enables the user to log in after authorization by the 5520 AMS database.
• Create a user account to be always authorized and authenticated against the local
AMS database by selecting the Use Internal Database check box (default option).
For example, use this configuration for NBI users or local AMS administrators.
• Create a user account to be authorized and authenticated against the remote
LDAP or RADIUS server by deselecting the Use Internal Database check box. In
case of failure, the user can be authorized and authenticated against the local
AMS database, in a fallback scenario. The following parameters configured in the
user account created in the 5520 AMS GUI are not supported in this case:
• Password Aging
• Password Expiration Warning
• Change Password on Next Login
Note — During migration from local to remote authorization,

the second option is recommended to avoid the risk of failing all
user logins:
• Change the site configuration to enable remote
authorization, but keep the user accounts locally defined in
the 5520 AMS. In this mode, in case of remote authorization
failures, the local user accounts will be used as fallback.
• When the remote server configuration works fine and it is no
longer needed to have a fallback for all users, delete these
local user accounts.
9.2.3 Remote authentication

When remote authentication is enabled at the site, you must create a user account
from the 5520 AMS GUI for each user that will be authenticated by the remote
authentication server. In this case:
• Create a user account to be always authenticated by the AMS local database by:
• Selecting the Use Internal Database check box, and
• Providing a password for the user account.
For example, use this configuration for NBI users or local AMS administrators.
• Create a user account to be always authenticated by the remote authentication
server by:
• Deselecting the Use Internal Database check box, and
• Not providing a password for the user account.
If the remote server is down, the user authentication fails.

Procedure 29 To create a user account

Perform this procedure to create a user account.
1 In the Administration Tree, choose EMS Administration→User Management→Users.
2 Right-click Users and choose Create→User.
Result: The Create User window opens.
3 Enter a username in the User field and click Next.
Note 1 — For security reasons, Nokia recommends that you do not use
generic usernames such as admin, helpdesk, support etc.
Note 2 — Username ‘system’ is not allowed as user, an error message

is displayed, “User:Username 'system is not allowed (including upper
case variants)”.
Result: The Create User window prompts you to enter the details for the user.
4 Configure the parameters. See Table 21 for more information.
Note — If you have not created a role, click Create in the Select Roles
window to create a role. See Section 9.14 for the procedures to create a
role.
5 Assign a password for the user account, if required. The creation of a user with an empty
password fails, when the user is configured to log in using the 5520 AMS database as
authorization source.
6 To add roles to the user:
i Click Add in the Roles field.
Result: The Select Roles window opens.
ii Choose one or more roles from the list and click OK to return to the Create User window.
Note — If the current user creating a new user account has a role that
includes the security function "User management - Edit" but not the
function "User management - Allow All Privileges", then only the roles
containing the security functions present in the roles of the current user
are available for selection.

7 To add PAP groups to the user:
i Click Add in the Allowed PAP Groups field.
Result: The Select Allowed PAP Groups window opens.
ii Choose one or more PAP groups from the list, and click OK to return to the Create User
window.
Note — When creating a new user adding the user to a PAP group is
mandatory. If not, an error is displayed.
If you have not created a PAP group, click Create in the Select Allowed
PAP Groups window to create a group. See Section 10.4 for the
procedures to create a PAP group.
The PAPGroup profile is the default profile and can be applied to the user to provide
access to all of the NEs that are configured on the 5520 AMS.
Note — If the current user creating the new user account has a role that
includes the security function "User management - Edit" but not the
function "User management - Allow All Privileges", only the PAP groups
containing the PAPs of the current user are available for selection.
8 Click Finish to add the user to the users list and close the Create User window.
9 Repeat steps 2 to 8 for each user that you need to add.
Note — When migrating from remote authentication to local

authentication mode, to find out the list of user accounts with empty
passwords, open the Table View of the Users object in the Administration
tree, and sort the Password column to find out which user accounts have
an empty string. You can then assign passwords for such user accounts.
9.3 Adding a new user account to the amssys

group
Any user account added to the amssys group can execute the 5520 AMS server
scripts listed in Table 22.

Table 22 5520 AMS server scripts executed by users in the amssys group
5520 AMS Server script See
ams_hub_sub_link_mgr Appendix 31.14 and Section 19.4
ams_link_mgr Appendix 31.19 and Section 19.2
ams_ne_mgr Appendix 31.26 and Section 17.3
ams_user_mgr Appendix 31.38 and Section 9.4
createUsernamePassword Appendix 31.41 and Procedure 33
Before you proceed:

• The 5520 AMS server must be installed and activated.
• You must be able to log in to the 5520 AMS server as root.
Procedure 30 To add a new user account to the amssys group

Perform this procedure to add a new user account to the amssys group.
1 Log in to the 5520 AMS application server as root.
2 To add a new user account to the amssys group, perform one of the following steps:
• To add a new user account to the amssys primary group, type:
# useradd -g amssys -d homedirectory/useraccount -m useraccount ↵
where:
homedirectory is the home directory of the new user account you want to add.
useraccount is the new user account you want to add to the amssys primary group.
• To add a new user account to the amssys secondary group, type:
# useradd -G amssys -d homedirectory/useraccount -m useraccount ↵
where:
homedirectory is the home directory of the new user account you want to add.
useraccount is the new user account you want to add to the amssys secondary group.
3 Log out of the 5520 AMS application server.
Note — To execute the 5520 AMS server scripts listed in Table 22, log
in to the 5520 AMS application server as amssys or as a user in the
amssys group.

9.3.1 Copying the existing input files for the 5520 AMS
server scripts
The 5520 AMS server scripts, listed in Table 22, are executed by reading input files
containing the script parameters. Non-amssys users do not have access to the
default location, containing the input files, of the amssys user.
You can copy the existing input files for the 5520 AMS server scripts, listed in
Table 22, from the default location of the amssys user to the home directory of the
new user account in the amssys group.
Note 1 — If you copy the existing input files for the 5520 AMS
server scripts, listed in Table 22, and log in to the 5520 AMS
application server as a user in the amssys group, you can edit
the copied input files and execute the 5520 AMS server scripts.
For more information on editing the input files for the 5520 AMS
server scripts listed in Table 22, refer to the individual sections.
Note 2 — If you do not copy the existing input files for the
5520 AMS server scripts, listed in Table 22, and log in to the
5520 AMS application server as a user in the amssys group,
you must create the input files before executing the 5520 AMS
server scripts. For more information on creating the input files
for the 5520 AMS server scripts listed in Table 22, refer to the
individual sections.
Before you proceed:

• You must be able to log in to the 5520 AMS server as root.
• A user account must be added to the amssys group. For information on adding a
new user account to the amssys group, see Procedure 30.

Procedure 31 To copy the existing input files for the 5520 AMS server scripts
• If you added a new user account to the amssys primary group, copy the existing input file
for the 5520 AMS server script from the default location of the amssys user to the home
directory of the new user account in the amssys primary group. Type:
cp inputfile_amssys inputfile_amssys_pri_grp ↵
where:
inputfile_amssys is the full path to the input file for the 5520 AMS server script provided for the amssys
user. For example: $AMS_LOCALDATA_HOME/oss/conf/ams_user_mgr.csv
inputfile_amssys_pri_grp is the full path to the input file for the 5520 AMS server script in the home
directory of the new user account in the amssys primary group. For example:
/var/opt/ams/users/amsfielduser/ams_user_mgr.csv
• If you added a new user account to the amssys secondary group, copy the existing input
file for the 5520 AMS server script from the default location of the amssys user to the
home directory of the new user account in the amssys secondary group. Type:
cp inputfile_amssys inputfile_amssys_sec_grp ↵
where:
inputfile_amssys is the full path to the input file for the 5520 AMS server script provided for the amssys
user. For example: $AMS_LOCALDATA_HOME/oss/conf/ams_user_mgr.csv
inputfile_amssys_sec_grp is the full path to the input file for the 5520 AMS server script in the home
directory of the new user account in the amssys secondary group. For example:
/var/opt/ams/users/amsfielduser/ams_user_mgr.csv
3 Log out of the 5520 AMS application server.
9.4 Managing user accounts from the 5520 AMS

server
You can create, modify and delete user accounts from the 5520 AMS server using a
script called ams_user_mgr. The script reads an input file that contains the
parameters and configures the users in the 5520 AMS.
Use the following procedures to create the input file and manage the user accounts.
Table 23 describes the options for managing users. You can choose only one of
these options at a time. If none of these options is chosen, the default action is to add
users.

Additional options are required when you run the script. See Procedure 34 for more
information. The options are mutually exclusive. The sub-options A, D, and R for the
-m option are also mutually exclusive, for example, if you need to add one value and
replace another, you need to run the script twice.
Table 23 User configuration options for the ams_user_mgr script
Option Description
-a Add users
-d Delete users
Modification options: these apply to the roles, allowedPapGroups and allowedTl1Commands

parameters
-m A Modify users. The A specifies that the values in the input file will be added to the
existing parameters in the user’s account, for example, a specified role will be
added to the user’s list of roles.
-m D Modify users. The D specifies that the values in the input file will be deleted from
the existing parameters in the user’s account, for example, a specified role will
be removed from the user’s list of roles.
-m R Modify users. The R specifies that the values in the input file will replace the
existing parameters in the user’s account, for example, a specified list of roles
will become the user’s list of roles. This is the default modification.
-s Suspend users
-r Resume users
-e Expire user passwords. The Must Change Password on Next Login parameter
will be changed to True.
-w Reset users’ passwords
-l List user accounts and their parameters.
Before you proceed:

• You must be able to log in to the 5520 AMS server as amssys or as a user in the
amssys group. For information on adding a new user account to the amssys
group, see Section 9.3.
• You need the username and password of a 5520 AMS user with the AMS NBI -
Edit - User function, for example, a user with the Administrator role. You can enter
the username and password when you run the script, or you can use the
password encryption tool. See Procedure 33 to run the password encryption
script.

Procedure 32 To create an input file for the ams_user_mgr script
1 Log in to the 5520 AMS application server as amssys or as a user in the amssys group.
• If you logged in as amssys, open the following sample input file in a text editor:
$AMS_LOCALDATA_HOME/oss/conf/ams_user_mgr.csv
• If you logged in as a user in the amssys group, open the copied input file in a text editor.
For information on copying the existing input file, see Procedure 31.
• Create a new input file in an editor.
3 Configure the parameters as comma-separated values with one line for each user.
Table 24 describes the parameters for the add user and modify user options.
Table 25 describes the parameters for the delete user, suspend user, resume user, list user,
and expire password options.
Table 26 describes the parameters for the reset password option.
An example of an input file entry for adding a user is:
user1,123456,AMS NBI,allPAPs,test
user,true,,false,0.0.0.0/0,false,1,Global(As in User
Settings),,false,false,false,false,true,,,
Table 24 Add or modify user input file parameters
Parameter Required Description
Username Yes The name of the user.
Password No The user password. The default is amsuser.

If remote authentication is configured at the site, and the Use Internal DB
Authentication parameter is set to false, then assigning a password for the
user is optional.
Roles Yes for add user The list of roles to assign to the user. Use colons (:) to separate multiple
No for modify user roles.
If the current user has a role that includes the security function “User
management - Edit” but not the function “User management - Allow All
Privileges”, then the roles containing only the security functions of the
current user or a user with lower-level permissions must be provided as
input for successful creation or modification.
PAP groups Yes for add user The list of PAP groups to assign to the user. Use colons (:) to separate
No for modify user multiple PAP groups.
If the current user has a role that includes the security function “User
management - Edit” but not the function “User management - Allow All
Privileges”, then the PAP Groups containing only the PAPs of the current
user or a user with lower-level PAPs must be provided as input for
successful creation or modification.
(1 of 3)


Description No Description of the user.
Use global login No True or false. The default is true.

message
Login message No The login message to use if Use global login message is false.
Address filter No Filter logins from specified IP addresses. To enter multiple IP addresses,
separate them using a comma (,). For example,
192.168.1.2/24,192.190.1.1/24.
By default, the value of this parameter is empty. In such cases, the user
cannot login to the server. When the value is set to 0.0.0.0/0, full access
is given to the user.
Max concurrent No The maximum number of concurrent sessions for the user. The range is
sessions from 1 to 1000. The default is 1.
Inactivity timeout No GUI timeout. The following are valid input:

• Global (As in User Settings)
• User Defined
• No Inactivity Timeout
The default is Global (As in User Settings).
Timeout No Number of minutes before a user is logged out if Inactivity Timeout is set
to User Defined. The range is from 5 to 525 600.
Locked No True or false. The default is false.
The parameter indicates whether the user login is disabled.
Use internal DB No True or false. The default is false.

authentication The parameter indicates whether the user is authenticated through
internal database authentication.
Must Change No True or false. The default is false.

Password on Next
Login
Bypass Password No True or false. The default is false.
Aging Check The parameter indicates whether password expiration is disabled for the
user.
Use global No True or false. The default is false.

command timeout The parameter is only
required if you are using
certain 5529 Enhanced
Applications.
Command timeout No The timeout in seconds, if Use global command timeout is set to false.
Allowed TL1 No The TL1 commands the user is allowed to run using certain
Commands 5529 Enhanced Applications. The default is ““.
Use colons (:) to separate multiple commands,
for example,
RTRV-HDR:RTRV-EQPT:RTRV-ONT.
Full User Name No The full name of the user.
Email Address No The email of the user.
(2 of 3)


Use Global Max. No True or false. Default value is false.
Number of
Concurrent
Sessions
Use Global Yes True or false. Default value is true.

Address Filter
Inactivity Lock No The type of inactivity lock screen timeout for this user account.
Screen Timeout
Lock Screen No The length of time after which the 5520 AMS GUI screen is locked when
Timeout Yes, if there is no user activity on the GUI.
inactivityLockScreenTim Configurable only when the Inactivity Lock Screen Timeout parameter is
eout = User Defined set to User Defined.
Dormant Account No The type of lock timeout for this dormant account.
Lock Policy
Dormant Account No The length of time after which the user is locked when the user account is
Lock Timeout Yes, if dormant.
dormantAccountLockPol Configurable only when the Dormant Account Lock Policy parameter is set
icy = User Defined to User Defined.
Dormant Account No The type of deletion timeout for this dormant account.
Deletion Policy This parameter also applies to user accounts created automatically
through a remote authorization server.
Dormant Account No The length of time after which the user is deleted when the user account
Deletion Timeout Yes, if is dormant.
dormantAccountDeletion Configurable only when the Dormant Account Deletion Policy parameter
Policy = User Defined is set to User Defined.
Hidden Account No This is a licensed feature and is disabled by default. Please contact your
Nokia representative for further information.
Enabling this check box prevents detection of any configuration changes
made by this user. The user account is hidden from other users, as
operations of the user are not logged in the user activity log or security log,
and the user session is not listed as an active session when the user is
logged in. It is recommended to assign the “Viewer” role to this user to
prevent execution of configuration changes. This check box is not
selected, by default. This parameter will take effect at the next login. When
any changes are made to this parameter, the logged in user session
is disconnected.
Custom Fields No The custom fields attributes which are added by users.
(3 of 3)
Table 25 Delete user, suspend user, resume user, list user and expire password input file pa-
rameters
Username Yes The name of the user.

Table 26 Reset password input file parameters
Username Yes The name of the user
Password Yes The new password
An example of an input file entry for creating a user is:
user1,,Administrator,allPAPs, test user,true,,0.0.0.0/0,1,Global (As in

User Settings),,false,false,true,,,
4 Save and close the file.
Procedure 33 To run the password encryption script

Perform this procedure to encrypt the password for a 5520 AMS user and save the encrypted
password to a file. The file can be read by the ams_link_mgr, ams_hub_sub_link_mgr,
ams_user_mgr, and ams_ne_mgr scripts.
2 Run the password encryption script by typing:
createUsernamePassword ↵
You are prompted to enter a username.
3 Type the username and press ↵. You are prompted to enter a password.
4 Type the password and press ↵.

Result: The script takes the username and password, encrypts the password, and saves both
to a file called ams.password in the $AMS_SHAREDDATA_HOME/config directory of the
active data server. When you perform Procedure 34, you do not need to enter the -username
or -password options when you run the ams_link_mgr, ams_hub_sub_link_mgr,
ams_user_mgr, or ams_ne_mgr scripts.
Note — When you run this script with the ‘-efile’ option, the file is created
under $AMS_SHAREDDATA_HOME/config of the active data server
with the name of the file provided for the -efile option.
If you execute the ‘createUsernamePassword’ script when the password

file already exists, you will be prompted with an error message that the
password file already exists. To overwrite the password file, execute the
script with the -f option.
Result: The ams.password file is overwritten.
Procedure 34 To manage users using the ams_user_mgr script
Caution — It is recommended that you do not run multiple instances of

the ams_user_mgr script.
2 Run the script by typing:
ams_user_mgr [options] input_file ↵
where:
[options] is the options you need to enter, as shown in Table 27.
input_file is the full path to the input file you configured in Procedure 32.
Note — If you do not specify an input file, the script will read the
example input file at
$AMS_LOCALDATA_HOME/oss/conf/ams_user_mgr.csv.
Table 27 Options for the ams_user_mgr script
Option Description
User configuration options
(1 of 2)

Option Description
-a Add users
-d Delete users
-m A Modify users. The A specifies that the values in the input file will be added to the
existing parameters in the user’s account, for example, a specified role will be
added to the user’s list of roles.
-m D Modify users. The D specifies that the values in the input file will be deleted from
the existing parameters in the user’s account, for example, a specified role will
be removed from the user’s list of roles.
-m R Modify users. The R specifies that the values in the input file will replace the
existing parameters in the user’s account, for example, a specified list of roles
will become the user’s list of roles. This is the default modification.
-s Suspend users
-r Resume users
-e Expire users’ passwords. The Must Change Password on Next Login parameter
will be changed to True.
-w Reset users’ passwords
-l List users’ account parameters

Other options
-h or -help Show usage information
-pfile file Specify the name of the properties file, which is used by the script for
configuration. The file must be in the shared directory of the data server,
$AMS_SHAREDDATA_HOME/config. The default properties file is
ams_mgr.conf. The configuration changes to the properties file must be done on
the active data server.
-efile file Specify the name of the password file created in Procedure 33, which is used by
the script to get username and password. The file must be in the shared directory
of the data server, $AMS_SHAREDDATA_HOME/config. The default password
file is ams.password.
-logdir directory Specify a directory to save the log to. The default directory is
$AMS_LOCALDATA_HOME/log.
-username The username of a 5520 AMS client user with the AMS NBI - Edit - User function.
username(1)
or -u username
-password The user password

password(1) (2) (3)
or -p password
-keystore key The full path to the keystore file. By default, the 5520 AMS retrieves the path
from the properties file.
-keypass The password for the keystore file. By default, the 5520 AMS retrieves the
password password from the properties file.
-nbihost URL The URL of the NBI client the 5520 AMS needs to connect to.
The default URL is https://server:8443, where server is the host name or IP
address of the 5520 AMS server.
If you are using HTTP, enter http://server:8080/.
(2 of 2)

Notes
(1) This option is not necessary if you have performed Procedure 33.
(2) If the password contains special characters you need to follow shell quoting rules. Normally this can be done
by enclosing the password in single quotes.
If the password includes single quotes you can use one of the following:
Example password: $pec'ch*rs"
Single Quotes: -password '$pec'\''ch*rs"'
Double Quotes: -password "\$pec'ch*rs\""
Backslash Quotes: -password \$pec\'ch\*rs\"
(3) If the password is not entered for a username, but the input file is specified, the corresponding user is not
created. No error message is displayed. If an incorrect password is entered, an error message “FAILURE:
Authentication failed for user” is displayed.
3 The script executes, displaying success messages for each user created. A log file is created
called ams_user_mgr.log.
9.5 Locking a user

Use this procedure to prevent users from logging in to their accounts. You can also
suspend a user using the ams_user_mgr script, see Section 9.4.
A user with an assigned role that includes the function User Management -
Lock/Unlock or User Management - Edit can lock other users.
Note — If you want to lock the admin user, you need to make
sure that there is at least one user with an Administrator role.
Procedure 35 To lock a user from the 5520 AMS GUI
Result: A list of users appears in the Administration Tree and the Table view. The
Administration Tree displays Locked beside the names of users that are locked.
• To lock multiple users, select the users that you need to lock and proceed to step 3.
• To lock a single user, select the user that you need to lock and proceed to step 4.
3 Right-click a selected user, and choose Multiple Edit.

4 Select the Locked parameter.
5 To lock the user, perform one of the following steps:
• Click the Apply icon ( ) in the Object Details view.
• Click Finish in the Multiple Edit window.
9.6 Unlocking a user

Use this procedure to unlock a user. You can also resume a user using the
ams_user_mgr script. See Section 9.4.
Procedure 36 To unlock a user
Result: A list of users appears in the Administration Tree and the Table view. The
Administration Tree displays Locked beside the names of users that are locked.
• To unlock multiple users, select the users that you need to unlock and proceed to step 3.
• To unlock a single user, select the user that you need to unlock and proceed to step 4.
3 Right-click a selected user, and choose Multiple Edit.
4 Deselect the Locked parameter.
5 To unlock the user, perform one of the following steps:
• Click the Apply icon ( ) in the Object Details view.
• Click Finish in the Multiple Edit window.

9.7 Locking or unlocking all users with a specific

role
This section describes the procedure to lock or unlock all users belonging to a
specific role.
Procedure 37 To lock all users with a specific role
Note 1 — If all users belonging to a specific role are already locked, the
menu option to lock all users is disabled.
Note 2 — Locked users cannot log in to the 5520 AMS GUI.
1 In the Administration Tree, choose EMS Administration→User Management→Roles.
2 Choose a role whose users you want to lock.
3 Right-click the role, and choose Actions → Lock All Users.
Result: All users with the specific role are locked.
Procedure 38 To unlock all users with a specific role
Note — If all users belonging to a specific role are unlocked, the menu
option to unlock all users is disabled.
1 In the Administration Tree, choose EMS Administration→ User Management → Roles.
2 Choose a role whose users you want to unlock.
3 Right-click the role, and choose Actions → Unlock All Users.
Result: All users with the specific role are unlocked.

9.8 Viewing user statistics

You can view the following statistics for users:
• Last successful login date and time
• Number of failed login attempts since the last user login
• Last failed login date and time. This parameter provides the last failed login
attempt since the last successful login.
• Last password change date and time
• Any active sessions
Procedure 39 To view user statistics
2 Choose a user.
Result: The Object Details view opens for the selected user.
3 Click the Statistics tab to see the statistics.
9.9 Defining global password and username rules

Perform this procedure to define global password and username rules that apply to
every user in the 5520 AMS.
Procedure 40 To define global password and username rules
1 In the Administration Tree, choose EMS Administration→User Management.
2 Choose User Settings.
Result: The Object Details view displays the user setting parameters.

3 Configure the User Name and Password parameters in the Object Details view. See User
settings for more information about security setting parameters.
4 Click the Apply icon ( ) to save the new password and username rules.
9.10 Changing a user password

Perform this procedure to change a user password in the 5520 AMS GUI. You can
also change a user password using the ams_user_mgr script, see Section 9.4.
Note — An administrator can define global password rules for

the 5520 AMS. See Section 9.9 to define global password and
username rules.
Procedure 41 To change a user password in the 5520 AMS GUI
2 Choose a user from the Administration Tree.
Result: The Object Details view opens for the selected user.
3 Change the password in the Password and Re-Type Password fields in the Object Details
view.
Note — When you are logged in as an administrator and change a user

password, the global password rules described in Table 20 do not apply.
4 Click the Apply icon ( ) to save the new password.
5 Repeat steps 2 to 4 for each user for which you need to change the password.

9.11 Changing passwords for default users

You need to change the password for the amssys user on each server in the cluster.
If needed, you can also change the passwords for amsftp and amssftp. To change
the passwords for all users, you need root access to the application server.
The password for amssys is changed in the server only. The passwords for amsftp
and amssftp must be changed in the servers and in the GUI. See the 5520 AMS
Administrator Guide for more information on changing the password in the GUI.
Procedure 42 To change the password of a default user on the 5520 AMS

application server
Caution — Passwords for the amsftp and amssftp users cannot include
the @ or : symbols.
2 In a terminal window, type:
passwd username
where:
username is the name of the user whose password you need to change.
3 Enter the new user password.
4 Re-enter the new password.
Note — Red Hat Enterprise Linux allows three attempts to re-enter the
new password. After three unsuccessful attempts, you will need to enter
the passwd command again.

9.12 Configuring password dictionary

Use this procedure to configure a password dictionary for a user in the 5520 AMS.
Note 1 — The password dictionary is a text file where each word
is written in a separate line. The character encoding is UTF-8.
Note 2 — If the user setting is configured to check user
passwords against the password dictionary, all user passwords
are checked against the password dictionary. If the password
appears in the dictionary, it is then rejected.
Procedure 43 To configure a password dictionary
1 In the Administration Tree, choose EMS Administration→User Management→User Settings.
2 Right-click User Settings and choose Actions→Load Password Dictionary.
Result: The Load Password Dictionary window opens.
3 Type the full directory path and filename of the password dictionary file in the Dictionary File
Location field.
Note — If the size of the password dictionary file is large, it takes longer
to upload. For example, a 10 MB file takes 30 minutes to upload.
4 Click Finish to load the password dictionary file.
Note 1 — The Object Details view under the User Settings displays the
path for password dictionary in the Loaded Dictionary File field which is a
read-only field.
Note 2 — It is not possible to download a password dictionary file that

has the same name as the one that exists already in the 5520 AMS. Nokia
recommends to include the version of the dictionary file in its name. For
example, “dictionary_v1”, “dictionary_v2” and so on.
The passwords in the dictionary file are not case sensitive, therefore only
a word match of the password is checked.
Note 3 — Any line that starts with a hash (#) symbol in the password
dictionary file will be considered as a comment line.

9.13 Viewing user functions

To perform a specific function in the 5520 AMS, the function must be configured in
at least one of the roles that is assigned to the user’s account. You can verify the
functions that are assigned in user roles.
Procedure 44 To view user functions
2 To view all of the functions in the 5520 AMS, choose Role (Administrator).
Result: The functions are displayed on the Configuration tab in the Object Details view.
3 To view the assigned functions contained in another role, choose the role in the
Administration Tree.
Result: The allowed functions for that role are displayed on the Configuration tab in the
Object Details view.
9.14 Creating user roles

Perform this procedure to create user roles.
Procedure 45 To create user roles
2 Right-click Roles and choose Create→Role.
Result: The Create Role window opens.
3 Enter a name for the user role in the Roles field and click Next.
Result: The Create Role window opens.
4 At the prompt, provide the details for the role.
5 Enter a description for the role in the Description field.

6 Click Add next to the Allowed Functions field to add functions to the role.
Result: The Select Allowed Functions window opens.
7 Choose one or more functions from the list and click OK to return to the Create Role window.
Note — If the current user has a role that includes the security function
"User management - Edit" but not "User management - Allow All
Privileges", only the security functions of the current user are available for
selection.
8 Click Finish to add the user role to the roles list and close the Create Role window.
You can assign the user role when you create a user, as described in Section 9.2, or assign
the user role to existing users, as described in Section 9.15.
9.15 Assigning users to a user role

Perform this procedure to assign users to a user role. You can also change the roles
assigned to the user by modifying the account using the ams_user_mgr script. See
Section 9.4.
Procedure 46 To assign a user to a user role in the 5520 AMS GUI
2 Choose the role to which you need to assign users.
Result: The role details are displayed in the Object Details view.
3 Click Add beside the Users field.
Result: The Select Users window appears and lists the available users.
4 Choose the users you need to associate with the role, and click OK.
Result: The chosen users are associated with the role and appear in the Users field. The
‘locked’ or ‘unlocked’ status of the user is displayed in brackets next to each username in the
Users field.

The All Users Locked field indicates if all users are locked, no users are locked, or some
users are locked. The possible values are ‘Yes’, ‘No’, or ‘Partially’.
Note 1 — You can create a user using the Select Users window. Click
Create.
Note 2 — You can delete a user using the Select Users window. Choose
the user that you need to delete and click Delete.
9.16 Configuring the superuser role

Perform procedure 47 to configure a role as the superuser.
Procedure 47 To configure the superuser role
1 If the role does not exist, follow Procedure 45 to create it.
3 Click Browse beside the Superuser Role parameter.
Result: The Select Superuser Role window opens.
4 Select a role in the list and click OK.
Result: The superuser role appears in the Superuser Role field.
Note — The user with superuser role can have only one additional login
session to the 5520 AMS beyond either the concurrent login limits that
are configured by the administrator or session limits allowed by your
license.


Administrator Guide PAPs
10 PAPs
10.1 PAPs overview
10.2 Creating a PAP
10.3 Changing the PAP associated with an NE
10.4 Creating a PAP group
10.1 PAPs overview

You can configure PAPs and PAP groups (Partition Access Profile), which allow an
administrator to configure the available NEs that other users can access and
configure. Administrators create a PAP and include the profile in a PAP group. Each
PAP group can be associated with a user account. The PAP can be applied to new
or existing NEs to specify the NEs that the user can access.
The administrator associates a PAP group with a user account by adding previously
configured PAP groups in the Allowed PAP Groups field in the Create User window.
See Section 9.2 for details about creating user accounts from the 5520 AMS GUI. All
users that are configured with the groups in the Allowed PAP Groups field can only
access the NEs that are associated with the PAPs in those groups.
If a PAP is not associated with a specific NE, that NE is not visible to the user in the
Network perspective or in the NE Selection window when performing tasks such as
software management, backup and restore, and scheduling. Similarly, the NE is not
visible if the user account is not configured with a PAP group that has access to that
NE.
You can configure ‘Manage Users Based on PAP’ parameter in ‘User Settings’ to
restrict the users based on PAP. If this option is selected, then only the users that
contain one or more PAPs of the current user appears in the Administration Tree and
the Table view. See Table 20 for more information on the user setting.
The following conditions are applicable only when the ‘Manage Users Based on PAP’
setting is enabled:
• When you try to create or modify a user, the list of Allowed PAP Groups contains
only the users that has one or more PAPs of the current user.
• If the list of Allowed PAP Groups already contains one or more PAP Groups that
has at least one PAP that is not in the current user’s profile, then an error message
is displayed while modifying the user. For example, ‘The PAP Groups <PG1>,

PAPs Administrator Guide
<PG2>, ... contain at least one PAP that is not in the role of the current user’ where
‘<PG1>, <PG2>, ...’ is a comma separated list of the PAP Groups that are causing
the problem.
• If the user that is to be deleted contains at least one PAP that is not in the current
user’s profile, then the user is not deleted and an error ‘The user cannot be
deleted as it is assigned to at least one PAP that is not in the role of the current
user’ is displayed.
10.1.1 Configuring PAPs

This section describes the assumptions on which PAPs and PAP groups can be
configured:
• The PAP groups are associated with a user account.
• Only users with an Administrator role and users with the PAP- Edit function can
create, modify, or delete PAPs and groups.
• A user account can contain multiple PAP groups. A PAP can be added to multiple
PAP groups.
• An NE or NE group can be associated with a single PAP and a PAP can be
associated with multiple NEs or NE groups.
• A default PAP and group is automatically generated on the 5520 AMS. The
default PAP and group allows access to all NEs.
• The 5520 AMS only displays the NE alarms raised on the NEs that are visible to
the user.
• EMS alarms are not associated with any PAP and will be visible to all users.
• When a PAP is deleted, the alarms raised on the NEs that had been associated
with the PAP will be visible to all users.
10.2 Creating a PAP

You can create up to 1000 profiles on the 5520 AMS. After you create the PAP, you
can associate the PAP with an NE and PAP group. You can only associate one PAP
with an NE, but you can associate multiple PAPs with a group.
Note 1 — The list of NEs displayed in the PAP Object Details
view is limited to the first 1000 entries.
Note 2 — If a PAP group is changed or new PAPs are added to
a PAP group during a user session, invalid values are
displayed. You must log in to the GUI again to view accurate
values.

Procedure 48 To create a PAP
1 In the Administration Tree, choose EMS Administration→User Management→Partition

Access Profiles.
2 Right-click Partition Access Profiles and choose Create→PAP.
Result: The Create PAP window opens and prompts you to provide the details for the new
PAP.
3 Enter a name for the PAP in the Name field.
4 Enter a description for the PAP in the Description field.
5 Click Finish to save the PAP and close the window.
Result: The PAP is displayed under Partition Access Profiles in the Administration Tree.

6 Associate the PAP with a new or existing NE. Perform one of the following steps:
• To associate the PAP with a new NE:

• Create the NE. See the Operations and Maintenance guide for the NE for more
information.
• In the Partition Access Profile field in the Create NE window, click Browse to associate
the newly created PAP with the NE.
• Result: The default PAP (defaultPAP) is automatically associated to the NE.
• In the Select Partition Access Profile window, choose PAP and click OK.
Result: The selected PAP is associated with the new NE and appears in the Partition
Access Profile field.
Note — You can create a PAP from the Select Partition Access Profile
window. Click Create.
• To associate the PAP with an existing NE:

• In the Network Tree, select the NE that you need to associate with the PAP.
Result: The NE details are displayed in the Object Details view.
• Click Browse in the Partition Access Profile field.
Result: The Select Partition Access Profile window opens and lists the available PAPs.
• Choose the PAP that you created and click OK.
Result: The selected PAP is associated with the NE and appears in the Partition Access
Profile field.
Note — You can create a PAP from the Select Partition Access Profile
window. Click Create.
7 Click the Apply icon ( ) to save the changes.
10.3 Changing the PAP associated with an NE

You can change the PAP associated with an NE from the Network perspective. Every
NE must have a PAP associated with it. The default PAP is associated with each NE
by default.
All NEs in an NE group must be assigned to the same PAP as the group.
Note — If a PAP group is changed or new PAPs are added to

values.

Procedure 49 To change the PAP associated with an NE or NE group
1 In the Network Tree, choose the NE or group that you need to modify.
Result: The object details are displayed in the Object Details view.
2 Click Browse in the Partition Access Profile field.
Result: The Select Partition Access Profile window opens and lists the available PAPs.
3 Choose another PAP in the Select Partition Access Profile window.
Note: The Partition Access Profile field cannot be empty.
4 Click OK.
Result: The PAP now associated with the object appears in the Partition Access Profile field.
6 To modify the profile details, click Go to.
Result: The selected PAP is displayed in the Object Details view.
7 Modify the name and description fields as required.
10.4 Creating a PAP group

You can create a PAP group from the Administration perspective on the 5520 AMS.
You must have already created a PAP and associated the profile with a new or
existing NE. See Section 10.2 for more information. After you create the PAP group,
you can associate it with a user account.
Note — If a PAP group is changed or new PAPs are added to
values.

Procedure 50 To create a PAP group
1 In the Administration Tree, choose EMS Administration→User Management→PAP Groups.
2 Right-click PAP Groups and choose Create→PAP Group.
Result: The create PAP group window opens.
3 At the prompt, enter a name for the PAP group in the Name field and click Next.
4 At the prompt, enter a description for the PAP group in the Description field.
5 Click Add in the PAPs field.
Result: The Select PAPs window opens and lists the available PAPs.
6 Choose the PAP and click OK.
The selected PAP is associated with the PAP group and appears in the PAPs field.
Note 1 — You can create a PAP using the Select PAPs window. Click
Create.
Note 2 — You can delete a PAP using the Select PAPs window. Choose
the PAP that you need to delete and click Delete.
7 Click Finish to save the PAP group and close the window.
Result: The PAP group appears under PAP groups in the Administration Tree.
8 Associate the PAP group with a user account:
i In the Administration Tree, select the PAP group.
Result: The PAP group details are displayed in the Object Details view.
ii Click Add beside the Users field.
Result: The Select Users window appears and lists the available user accounts.
iii Choose the user accounts you need to associate with the PAP group, and click OK.

Result: The chosen user accounts are associated with the PAP group and appear in the
Users field.
Note 1 — You can create a user account using the Select Users window.
Click Create.
Note 2 — You can delete a user account using the Select Users window.
Choose the user account that you need to delete and click Delete.
iv Click the Apply icon ( ) to save the changes.


Administrator Guide User sessions
11 User sessions
11.1 User session overview
11.2 Viewing user session information
11.3 Closing an active user session
11.4 Configuring the inactivity logout timeout for a user
11.5 Configuring the global inactivity logout timeout value
11.6 Configuring the inactivity lock screen timeout for a user
11.7 Configuring the global inactivity lock screen timeout value
11.8 Configuring the global timeout value to lock a dormant account
11.9 Configuring the global timeout value to delete a dormant account
11.10 Configuring the dormant account lock timeout for a user
11.11 Configuring the dormant account deletion timeout for a user
11.12 Configuring the maximum concurrent user sessions
11.13 Configuring the maximum users displayed in Administration tree
11.1 User session overview

Every time a user logs in to a 5520 AMS client, a session is created in the
Administration Tree. Administrators, or a user with another default role, can manage
these user sessions for every client that accesses the server. If a user has a
non-default role and is required to manage these user sessions, update the
non-default role with the Active Sessions - View and Active Sessions - Edit functions,
as applicable.
more information on 5520 AMSs function descriptions.
11.2 Viewing user session information

Perform this procedure to display information about a user session.

User sessions Administrator Guide
The session type is GUI or OSS. A GUI session type indicates that a user is logged
in using the 5520 AMS GUI. An OSS session type indicates that a user is logged in
using an OSS interface. A user can be logged in using the 5520 AMS GUI and an
OSS interface, in which case two user sessions are listed, each displaying the
corresponding session type.
When a user executes operations through an NBI interface then, as part of the active
session, NBI interface does not display the OSS session.
When you login to a TL1 session using the 5520 AMS GUI, the session type is
displayed as TL1 in Object Details view.
Note — If the check box ‘Hidden Account (Operations are not

logged)’ is enabled for an user account, the user’s session is
not listed as an active session when the user is logged in.
Procedure 51 To view user session information
1 In the Administration Tree, choose EMS Administration→User

Management→Active Sessions.
Result: The list of active user sessions is displayed in the following format: Session
(username, IP address, session type).
2 Choose a user session from the session list in the Administration Tree or Table view.
Result: The Object Details view displays information about the user session.
11.3 Closing an active user session

Only a Security Admin or Administrator who has been assigned a role that includes
the function ‘Active Sessions - Edit’ can close an active user session.
Procedure 52 To close an active user session
1 In the Administration Tree, choose EMS Administration→User Management→Active

Sessions.
2 Choose an active session that you want to close.
3 Right-click the session and click Delete.

Result: The Delete confirmation window appears with the following message: Are you sure
you want to delete the selected objects?
4 Click Yes to delete the session.
11.4 Configuring the inactivity logout timeout for a

user
For a client session on the 5520 AMS, inactivity is the lack of pointer and keyboard
activity. Each time that a client session becomes inactive, the inactivity logout timer
measures the duration of the inactivity. If the inactivity logout timeout expires, the
user is logged out of the client session.
Procedure 53 To configure the inactivity logout timeout
2 Choose a user.
3 In the Object Details view, click the Advanced tab and configure the Inactivity Logout Timeout
parameter. Perform one of the following steps:
• To disable timeout restrictions for the user, set the Inactivity Logout Timeout parameter
to No Inactivity Timeout.
• To configure a user-specific timeout, set the Inactivity Logout Timeout parameter to User
Defined, and enter a value in the Logout Timeout field. The range is from 5 to 525600 min.
• To apply the global timeout configuration to the user, set the Inactivity Logout Timeout
parameter to Global (As in User Settings).

11.5 Configuring the global inactivity logout

timeout value
The global inactivity logout timeout is the default timeout parameter for all users. See
Section 11.4 for more information about setting the inactivity logout timeout for a
single user.
Procedure 54 To configure the global inactivity logout timeout value
2 In the Object Details view, enter a value for the Global Inactivity Logout Timeout parameter.
The range is from 5 to 525600 min. The default is 480 min (8 h).
11.6 Configuring the inactivity lock screen timeout

for a user
For a client session on the 5520 AMS, inactivity is the lack of pointer and keyboard
activity. Each time that a client session becomes inactive, the inactivity lock screen
timer measures the duration of the inactivity. If the inactivity lock screen timeout
expires, the user is locked out of the client session.
Procedure 55 To configure the inactivity lock screen timeout
2 Choose a user.

3 In the Object Details view, click the Advanced tab and configure the Inactivity Lock Screen
Timeout parameter. Perform one of the following steps:
• To disable timeout restrictions for the user, set the Inactivity Lock Screen Timeout
parameter to No Inactivity Timeout.
• To configure a user-specific timeout, set the Inactivity Lock Screen Timeout parameter to
User Defined, and enter a value in the Lock Screen Timeout field. The range is from 3 to
525600 min.
• To apply the global timeout configuration to the user, set the Inactivity Lock Screen
Timeout parameter to Global (As in User Settings).
11.7 Configuring the global inactivity lock screen

timeout value
The global inactivity lock screen timeout is the default timeout parameter for all users.
See Section 11.6 for more information about setting the inactivity lock screen timeout
for a single user.
Procedure 56 To configure the global inactivity lock screen timeout value
2 In the Object Details view, enter a value for the Global Inactivity Lock Screen Timeout
parameter. The range is from 3 to 525600 min. The default is 10 min.
11.8 Configuring the global timeout value to lock a

dormant account
The global timeout value to lock a dormant account is the default parameter for all
users. See Section 11.10 for more information about setting the dormant account
lock timeout for a single user.

Procedure 57 To configure the global timeout value to lock a dormant account
1 In the Administration Tree, choose EMS Administration→User Management→User settings.
Result: The Object Details view opens.
2 In the Object Details view, enter a value for the Global Timeout for Dormant Account Lock
parameter. The default value is 10000 days. The range is from 1 to 10000 days.
11.9 Configuring the global timeout value to delete

a dormant account
The global timeout value to delete a dormant account is the default parameter for all
users. See Section 11.11 for more information about setting the dormant account
deletion timeout value for a single user.
Procedure 58 To configure the global timeout value to delete a dormant account
1 In the Administration Tree, choose EMS Administration→User Management→User settings.
2 In the Object Details view, enter a value for the Global Timeout for Dormant Account Deletion
parameter. The default value is 10000 days. The range is from 1 to 10000 days.
11.10 Configuring the dormant account lock

timeout for a user
For a client session on the 5520 AMS, a dormant account is locked when a user has
not logged in for a specific amount of time. It is possible to configure a timeout value
for locking a user account, when a client account becomes dormant.

Procedure 59 To configure the dormant account lock timeout for a user
2 Choose a user.
3 In the Object Details view, click the Advanced tab and configure the Dormant Account Lock
Timeout Policy parameter. Perform one of the following steps:
• To disable timeout restrictions for the user, set the Dormant Account Lock Timeout Policy
parameter to No Lock Timeout.
• To configure a user-specific timeout value, set the Dormant Account Lock Timeout Policy
parameter to User Defined. The default value is 10000 days and the range is from 1 to
10000 days.
• To apply the global timeout configuration for the user, set the Dormant Account Lock
Timeout Policy parameter to Global (As in User Settings).
11.11 Configuring the dormant account deletion

timeout for a user
For a client session on the 5520 AMS, a dormant account is deleted when a user has
not logged in for a specific amount of time. It is possible to configure a timeout value
for deleting a dormant account, when a client account becomes dormant.
Procedure 60 To configure the dormant user deletion timeout
2 Choose a user.

3 In the Object Details view, click the Advanced tab and configure the Dormant Account
Deletion Timeout Policy parameter. Perform one of the following:
• To disable timeout restrictions for the user, set the Dormant Account Deletion Timeout
Policy parameter to No Delete Timeout.
• To configure a user-specific timeout value, set the Dormant Account Deletion Timeout
Policy parameter to User Defined. The default value set is 10000 days. The range is from
1 to 10000 days.
• To apply the global timeout configuration for the user, set the Dormant Account Deletion
Timeout Policy parameter to Global (As in User Settings).
11.12 Configuring the maximum concurrent user

sessions
You can configure the maximum number of concurrent user sessions allowed on the
5520 AMS server. A login attempt that would exceed this limit is denied, with one
exception. A user whose account includes the superuser role can always log in,
regardless of this configuration or the limits of your 5520 AMS license.
Procedure 61 To configure the maximum concurrent user sessions
2 Configure the maximum number of concurrent GUI user sessions. The range is from 1 to 400.
11.13 Configuring the maximum users displayed in

Administration tree
When the number of users populated in 5520 AMS are less than or equal to the
maximum users set in the User Settings of the Administration Tree, the 5520 AMS
lists all the users in the EMS Administration→User Management→Users. To set the
maximum limit on the users displayed in the Administration tree, see Procedure 62.

However when the number of users populated in 5520 AMS exceed the value set in
the maximum number of users displayed in Administration Tree, the user list is
replaced with a Search User icon
With the search option, you can get the desired user details quickly than scrolling a
long list of users in the AMS GUI; see Procedure 63.
Procedure 62 To configure the maximum number of users displayed in

Administration Tree
2 Configure the maximum number of users displayed in Administration Tree under the System
Settings in the General tab. The range is from 1 to 2000.
Procedure 63 To search for a user from the Administration Tree
Note — This procedure can be performed only when the number of

users exceed the maximum users displayed in the Administration Tree.
1 In the Administration Tree, choose EMS Administration→User Management→Users
2 Click the Search User icon ( )
A Search window is displayed.
3 In the Search window, choose one of the following options:
• New search (remove existing results): To display only the desired user
• Add the results to the existing ones: To display the required user including the existing
users. This is the default option.

After selecting the option, to search for a user, select the check box for one or more of the
following attributes, and then enter a search criteria to get the required search result.
• Name
• Full User Name
• Email Address
• Description
To display alarms on the user object, you can select the option “In addition, also show objects
with alarms”.
4 Click Finish to display the required user.

Administrator Guide NE tasks
NE tasks
12 NE tasks overview
13 Managing NE communication and information
14 Managing SNTP and time zones
15 Managing subscriber search attributes
16 Managing External TL1 Gateways
17 NE tasks performed from the 5520 AMS server
18 Backing up and restoring NE software
19 Managing links between NEs

NE tasks Administrator Guide

Administrator Guide NE tasks overview
12 NE tasks overview
12.1 Overview of this volume
12.1 Overview of this volume

The NE tasks volume includes procedures that apply to all or most NEs. Some
procedures or parameters included in this volume may not apply to all NEs.
The Operations and Maintenance guide for the NE includes a chapter that describes
which of the chapters in the NE tasks volume are applicable to your NE. Where
differences exist, the chapter provides the location in the Operations and
Maintenance guide for the NE where the information can be found.

NE tasks overview Administrator Guide

Administrator Guide Managing NE communication and information
13 Managing NE communication and

information
13.1 NE communication and information overview
13.2 Retrieving NE information
13.3 Configuring automatic supervision on newly created NEs
13.4 Generating lists
13.5 NE list
13.6 NE agent list
13.7 NE balancing
13.8 Configuring NAT
13.1 NE communication and information overview

The 5520 AMS communicates with NEs primarily using SNMP. You can create
SNMP profiles to set the default parameters for NE communication. See Section 20.3
for more information on managing SNMP settings. You can also communicate with
compatible NEs using a TL1 Gateway or TL1 or CLI cut-throughs. See Chapter 16
for information about managing TL1 Gateways. For information about using
cut-throughs, see the 5520 AMS User Guide. For backups, FTP or SFTP is used. For
information about backing up and restoring NE information, see the 5520 AMS User
Guide.
On a standalone or clustered system, you can generate NE and agent lists. Lists can
be generated manually or using a cron job.
You can use NAT to route communication between the 5520 AMS and NEs if you are
using a standalone system.
13.2 Retrieving NE information

The storage location of NE backup files depends on the IP address of the NE. You
can retrieve the IP address of an NE without access to the GUI.

Managing NE communication and information Administrator Guide
Procedure 64 To retrieve the IP address of an NE by the NE name
2 Retrieve the IP address of the NE by typing:
ams_retrieve_ip_by_nename.sh NEname ↵
where:
NEname is the name of the NE.
The script returns the IP address of the NE. The IPv4 and IPv6 address formats are
supported.
13.3 Configuring automatic supervision on newly

created NEs
The 5520 AMS provides an option to automatically supervise an NE from the time it
is created.
Note — By default, the zero touch provisioning (ZTP) NEs are
not supervised. The 5520 AMS receives a trap from the NE and
starts supervision.
Procedure 65 To configure automatic supervision of newly created NEs

Perform the following procedure to configure automatic supervision of NEs from the 5520 AMS.
1 In the Administration Tree, choose EMS Administration→Configuration

Supervision→Supervision Settings.
Result: The Object Details Supervision Settings window appears.
2 Select the Start Supervision at NE Creation check box.
3 Click the Apply icon ( ) to save the configuration.

Result: The newly created NEs are supervised automatically.
13.4 Generating lists

To run a partner application in conjunction with the 5520 AMS, you need to access
the list of NEs or agents on the 5520 AMS server. To generate an output file that lists
either all of the NEs or the agents that are supervised by the 5520 AMS, run one of
the following two scripts on the 5520 AMS server:
• getAgentlist.sh
• retrieve_nes.sh
The output file for either script is generated as a flat file that is compatible with the
URL Provider format. You can export the output files from the 5520 AMS server to a
.csv file. You can also create a cron job on the server to generate the files
periodically.
The output of the script is stored in the file $TEMP_DUMPFILE. The location of the
file is /tmp/netlist-dump_result
An example of using the script is:
getAgentlist.sh -u username -p [password] ↵
To run the scripts, you must enter -u username -p password. The username and
password must be associated with the user role that has the NE List - NBI function.
See 9.1.4 for information about functions.
Note 1 — If the password contains the special characters,
escape the special meaning of the characters by preceding
each special character with the backslash character (\). For
example, if the password is !@#ams$%ûser&*, enter
\!\@\#ams\$\%\ûser\&\*.
Note 2 — The script will generate a list of NEs in the user’s
allowed PAP groups only. To generate a complete list, the
Allowed PAP groups parameter for the user must include all
PAP groups.

13.4.1 Mandatory and optional arguments

The following arguments are mandatory or optional, depending on which script you
are running:
• -f argument – (mandatory for NE list) specifies a filename to which to dump the
output.
• -u argument – (mandatory for NE list and agent list) specifies a username.
• -p argument – (mandatory for NE list and agent list) specifies a password.
• -s argument – (mandatory for NE list) specifies the node model to be filtered.
There can be multiple filters, and each should follow the -s model. For example,
to retrieve all NEs of a certain type for a specific release, you could enter -s NE
type.release.number. Alternately, to retrieve all the agents for a certain NE type,
you could enter -s NE type.
13.5 NE list
The NE list script generates a list of NEs and also provides support to filter the list of
Agents based on NE type.
The NE list script returns a flat list of NEs with information in the following format:
NE Name NE IP AddressSNMP Port NumberSNMP Read CommunitySNMP Write
Community
The IPv4 and IPv6 address formats are supported.
retrieve_nes.sh -f dumpFilename -u username -p [password] [-s filter 1 [-s
filter 2 ]..] ↵
An example of the NE list returned by the script is:

NE_GPON IP_Address 161 public public
To perform the procedures in this section, you need to be able to log in to the
5520 AMS server as amssys. See Procedure 8 to log in to a 5520 AMS server as
amssys.

Procedure 66 To generate an NE list

Perform this procedure to manually generate a flat list of NEs that are supervised by the
5520 AMS.
2 To run the default NE list script, type:
retrieve_nes.sh -f filename -u username -p [password] ↵
where:
filename is the name of the file to which to dump the output.
username is the username for a user role that has the NE List - NBI function.
password is the password for a user role that has the NE List - NBI function.
Procedure 67 To generate an NE list using a cron job
Caution — The password you enter in the crontab file is in plain text and
is not secured. Therefore, it is not recommended to perform this
procedure due to security issues.
Perform this procedure to set up a cron job to periodically generate the NE list.
2 Verify that an appropriate editor is set.
3 For periodic generation of an NE list, type:
crontab -e ↵
A file is opened, using the editor you configured.

4 Add a line to specify how often you need to run the script; for example, the following line will
run the script at 3:15 a.m. every day of the week:
15 3 * * * amssys_home_account/retrieve_nes.sh -f filename -u username

-p password ↵
where:
amssys_home_account is the home account of amssys. For example, /var/opt/ams/users/amssys/bin/. This
directory depends on the values provided during the 5520 AMS installation.
filename is the name of the file to which to dump the output.
5 Save the file and quit the editor.
13.6 NE agent list

The NE agent script returns a flat list of the following OAM properties of the NE
agents, separated by tabs:
• NE name • SNMPv1/2 write community

• Agent name • SNMPv3 context name
• Agent type • SNMPv3 security level
• Model • SNMPv3 security name
• Agent IP address • SNMPv3 authorization protocol
• SNMP version • SNMPv3 authorization
• SNMP port password
• SNMPv1/2 read community • SNMPv3 privacy protocol
• SNMPv3 privacy password

amssys.

Procedure 68 To generate an agent list

Perform this procedure to generate a flat list of NE agents that are supervised by the 5520 AMS.
2 To run the default agent list script, type:
getAgentlist.sh -u username -p [password]↵
where:
Procedure 69 To generate an agent list using a cron job
Caution — The password you enter in the crontab file is in plain text and
is not secured. Therefore, it is not recommended to perform this
procedure due to security issues.
Perform this procedure to set up a cron job to periodically generate an agent list.
2 Verify that an appropriate editor is set.
3 Add an entry to cron for periodic execution by typing:
crontab -e ↵
A file is opened, using the editor you configured.

4 Add a line specifying how often you need to run the script; for example, the following will run
the script at 3:15 a.m. every day of the week:
15 3 * * * amssys_home_account/getAgentlist.sh -u username -p password >

filepath
where:
amssys_home_account is the home account of amssys. For example, /var/opt/ams/users/amssys/bin/. This
directory depends on the values provided during the 5520 AMS installation.
filepath is the path to the file to which to dump the output.
5 Save the file and quit the editor.
13.7 NE balancing
The NE balancing script performs a query in the database and displays the list of NEs
with the NE type and release and associated application server for each. If an NE is
not associated with an application server, the associated application server appears
as blank.
Before you proceed, you need to be able to log in to the 5520 AMS server as amssys.
See Procedure 8 to log in to a 5520 AMS server as amssys.
To check the status of rebalance of NE or NEs, use the ams_show_ne_balancing.sh
script. For details on the ams_show_ne_balancing script, refer to the section 31.24.
13.8 Configuring NAT

You can use a NAT server between the 5520 AMS server and the NEs, and between
the 5520 AMS server and the client. For information about configuring the 5520 AMS
server to support NAT between the server and the client, see the 5520 AMS
Installation and Migration Guide.
If you are using a NAT server between the 5520 AMS server and the NEs you need
to configure DCN settings in the 5520 AMS GUI. DCN settings provide a translation
table showing the translated 5520 AMS server IP address for each subnetwork of
NEs that is behind the NAT server. The 5520 AMS uses the translation table to fill in
its IP address in IP packets sent to the NEs in each subnetwork.
The NAT server can be used for address translation or can serve as a gateway to
route traffic between the 5520 AMS server and the NEs. Table 28 shows the
supported configurations.

Table 28 NAT between the 5520 AMS server and the NEs
Server description NEs have public IP NEs have private IP

addresses addresses
5520 AMS servers have public IP No gateway device is required. This configuration is not
addresses Do not configure DCN supported.
settings.
5520 AMS servers have private A gateway device is required If the 5520 AMS servers and
IP addresses to route traffic from the NEs to the NEs are in the same
the 5520 AMS server. subnet:
Configure DCN settings. No gateway device is required.
Do not configure DCN
settings.
If the 5520 AMS servers and

the NEs are in different private
subnets:
A gateway device is required
to route traffic from one subnet
to the other.
Configure DCN settings.
Procedure 70 To configure DCN settings
1 In the Administration Tree, choose EMS Administration→EMS System→Site→DCN Settings.
The AMS Translated IP Addresses table is displayed, with a column for each provisioned
application server.
2 Select the Enable NAT check box.
Result: The table becomes configurable.
3 Click Add.
Result: A row appears in the table.

4 Configure the parameters for each NE subnetwork.
Note — The IPv4 and IPv6 address formats are supported.

Administrator Guide Managing SNTP and time zones
14 Managing SNTP and time zones

14.1 SNTP overview
14.2 Creating an external SNTP server
14.3 Time zone overview
14.4 Updating time zone information in the NE
14.1 SNTP overview

SNTP is used by NEs that support SNMP to:
• Provide accurate time stamps for NE-facing services and events such as alarms
and state changes
• Trigger periodic actions such as schedules and PM collection
SNTP relies on a central server to provide a UTC reference to its clients. The NEs
periodically poll the server to re-align their internal clocks. Time references are
translated from UTC into local time by user interfaces such as the NE CLI and the
5520 AMS GUI.
You can configure and enable SNTP settings on the 5520 AMS to manage NEs with
an SNTP server. The SNTP parameters that are supported depend on the type of
NE.
When the SNTP settings on the 5520 AMS are enabled, the settings are applied at
the start of supervision on each NE, provided that SNTP is enabled in the NE system
parameters. The SNTP parameters on the NE are specific to the NE and can be used
to override the global parameters applied from 5520 AMS after supervision is started.
For information about how to configure the SNTP parameters on an NE and to
enable SNTP on an NE, see the Operations and Maintenance guide for the NE. The
procedures in this chapter provide information about how to configure the global
SNTP settings on the 5520 AMS.
Nokia recommends that you synchronize the NEs using SNTP if you need to use
time zone management.
Note — By default, SNTP is disabled on the 5520 AMS.

Managing SNTP and time zones Administrator Guide
14.1.1 Configuring SNTP

You need to install, run, and monitor SNTP server processes. The information for
those procedures is not included in the 5520 AMS documentation. This chapter
describes how to configure SNTP settings that are provided in the Administration
perspective of the 5520 AMS GUI.
SNTP information within the 5520 AMS is managed on a per-site basis to
accommodate possible geographic redundancy.
When the 5520 AMS is configured to automatically enable SNTP in the NE, it
automatically configures the NE with SNTP settings when supervision is started on
the NE. When automatic SNTP configuration is enabled, you can also configure
whether and how SNTP settings are conveyed to an NE.
Three default SNTP options are defined in the Administration perspective:
• Use AMS Local SNTP Server – you must configure the server UDP port number
and polling rate, but not the IP address because the address will be automatically
assigned by the 5520 AMS. Use this setting to run SNTP processes on all
5520 AMS servers.
• Disable SNTP in NE.
• Do Not Overwrite SNTP in NE (default).
You can create multiple external SNTP servers.
When you configure SNTP server information, enter an IP address and subnet to
optimize the choice of which SNTP server to assign to each NE. The 5520 AMS uses
a best/longest match approach on the IP subnets to choose the most appropriate
SNTP settings for an NE.
Note — If multiple SNTP servers are defined for the same

subnet matching an NE IP address, the 5520 AMS randomly
assigns one of the SNTP servers to the NE. When no matching
SNTP server is found for an NE IP address, the 5520 AMS
raises a local alarm. This alarm is cleared by adding another
SNTP server or by extending the subnet mask appropriately.
When the 5520 AMS server is started up for the first time, the default IP address and
subnet of the Do Not Overwrite SNTP in NE option are 0.0.0.0 and 0.0.0.0. These
settings apply to all agents that are in a site object containing this setting. You can
change these settings for the SNTP server type, and you can also apply the
0.0.0.0/0.0.0.0 setting to any other SNTP server type. However, only one SNTP
server type per site can have this IP address and subnet at the same time. If you
have one SNTP server type with these settings and need to configure a different
SNTP server type with them, you must change the settings for the first SNTP server.
Configuring the SNTP protocol in a NE is part of the initial commissioning of the NE.
Reconfiguration may occur later for a set of NEs to fine-tune the protocol or when
SNTP servers are moved from one IP address to another. To apply SNTP
reconfiguration to NEs, you must stop and restart supervision on the NEs.

If you are using a local SNTP server in a 5520 AMS cluster, you typically run one
SNTP server process on each 5520 AMS server. The 5520 AMS automatically
assigns the correct IP address to the server.
14.2 Creating an external SNTP server

Perform this procedure to create an external SNTP server in the Administration
perspective.
The 5520 AMS uses the subnet address and subnet mask parameters to determine
which SNTP server to assign to a particular NE. The subnet address parameter is
the subnet realm for which the SNTP server settings will be applied. The subnet
mask is the range of IP addresses for which the SNTP server settings will be applied.
See the following examples:
• Subnet address: 0.0.0.0
Subnet mask: 0.0.0.0
The SNTP server settings will be applied to all supervised NEs.
• Subnet address: 10.10.10.1
Subnet mask: 255.255.255.0
The SNTP server settings will be applied to NEs with IP addresses between
10.10.10.1 and 10.10.10.254.
When the Settings Type is set to Disable SNTP in NE use AMS Local SNTP Server,
the default subnet address is blank. When the Settings Type is set to
Do Not Overwrite SNTP in NE, the default is 0.0.0.0. When the subnet address is
0.0.0.0, the server settings will be applied to the entire network, regardless of any
other match.
Procedure 71 To create an external SNTP server
1 In the Administration Tree, choose EMS Administration→EMS System→Site.
2 Right-click SNTP server and choose Create→SNTP Server.
Result: The Create SNTP Server window opens, and displays the SNTP server parameters.
3 Configure the parameters as described in Table 78.
4 To apply the SNTP settings to the NEs, you must stop and restart supervision of the NEs.
For information about stopping and starting supervision, see the Operations and
Maintenance guide for the NE.

14.3 Time zone overview

Time zone management is disabled by default in the 5520 AMS. If time zone settings
are not configured, alarm and event timestamps are reported in the local time for the
5520 AMS GUI, and CLI and TL1 timestamps are reported in UTC. You can
configure the 5520 AMS to recognize the time zones where NEs in your network are
located and report timestamps according to NE local time.
During the MS Windows service pack installation, the time zone information is also
updated. If an MS Windows PC has a time zone that is patched during a service pack
installation, then the java process that is started after the service pack installation has
a default time zone that is different from the time zone that is set in the machine. For
example, because of a name change, the time zone name for India was modified
from "(GMT +530) Chennai, Calcutta, Mumbai, New Delhi" to "(GMT +530) Chennai,
Kolkata, Mumbai, New Delhi". This modification came into effect when the service
pack for MS Windows was installed. Subsequent time zones in 5520 AMS were
affected and showed GMT or another time zone. If this problem is observed, check
that the time zone is correctly configured in MS Windows.
If this solution does not solve the problem, then perform the following procedure on
each MS Windows PC running the 5520 AMS:
Procedure 72 To modify the time zone
1 Open the 5520 AMS GUI.
2 Choose Windows → Preferences.
Result: The Preferences window opens.
3 Choose General → Date/Time Format.
4 Select the correct time zone from the Time Zone drop-down menu.
5 Click OK.
Result: The required time zone is selected.
See Section 20.25 for information about configuring time zone settings in the Administration
perspective. See the 5520 AMS User Guide for information about setting the time zone on an NE
as part of NE creation.

14.3.1 Updating time zone data in the 5520 AMS

Before you proceed, you need to install the mandatory packages required by Red
Hat Enterprise Linux systems. For more information, see 5520 AMS Server
Configuration Technical Guidelines.
In the Red Hat Enterprise Linux systems, the 5520 AMS server software is prepared
with the latest available time zone data. You may need to update time zone data
periodically, for example, if the rules for DST have changed in the time zones you
use.
In Windows systems, if you detect a problem with the time zone, the 5520 AMS client
needs to be downloaded or installed so that the timezone information is updated.
Note — Ensure that all the 5520 AMS servers in a cluster is

maintained properly. The time zone in the active and standby
application and data servers must always be synchronized.
14.4 Updating time zone information in the NE

Perform the following procedure to change the time zone management information
for an NE object in the 5520 AMS.
Caution — The local time on the NE itself should be configured
in UTC. This will ensure accurate timestamps.
Before you proceed, time zone settings must be configured. See Section 20.25.
Procedure 73 To change time zone information for an NE
1 Navigate to the NE.
2 Choose a time zone from the drop-down list for the Time Zone parameter.


Administrator Guide Managing subscriber search attributes
15 Managing subscriber search

attributes
15.1 Subscriber search attributes overview
15.2 Configuring subscriber search attributes
15.3 Managing subscriber search attributes
15.1 Subscriber search attributes overview

To configure a port on an NE, the user needs to enter subscriber information. The
subscriber search attributes define the format of subscriber information. The
subscriber search attribute categories also define the subscriber filters in the Find
and Search by functions in the 5520 AMS GUI.
See the 5520 AMS User Guide for information about the Find and Search by
functions.
15.2 Configuring subscriber search attributes

You can define the required format for subscriber information using regular
expressions. An example of a regular expression is:
[0-9][-][0-9]{3}[-][0-9]{4}
This regular expression requires numbers to be entered in the format x-xxx-xxxx, for
example, 1-123-1234.
For a phone number complying with the North American Numbering Plan,
NPA-NXX-xxxx, the regular expression is:
[2-9]{1}[0-8]{1}[0-9]{1}[-][2-9]{1}[0-9]{2}[-][0-9]{4}

Managing subscriber search attributes Administrator Guide
If the user enters subscriber information that does not comply with the required
format, the 5520 AMS generates an error message. The format must be corrected
before the configuration can be saved.
Note 1 — If a regular expression is entered or changed after
subscriber information is configured and the configured
information does not match the regular expression, the
5520 AMS GUI will generate an error message in the Object
Details view. If you need to make any changes to the object
details, the format must be corrected before the configuration
can be saved.
Note 2 — You cannot configure a regular expression for a serial
number. Serial numbers are not arbitrary strings, and are
imposed by the equipment.
The 5520 AMS uses the following reserved keywords for the Customer ID
parameter:
• Available
• Reserved
• Faulty
• -Passive-
Reserved keywords do not generate error messages. You do not need to include the
reserved keywords in your regular expression.
Procedure 74 To define the format for a subscriber attribute
1 In the 5520 AMS menu, choose Window→Show View→Other.
Result: The Show View window opens.
2 Choose Other→Subscriber Search Attribute Categories and click OK.
Result: The Subscriber Search Attribute Categories view opens.
3 In the Category/Attribute Name panel, expand the attribute name and choose the attribute
type you need to configure.
4 Click the Edit format icon ( ).
Result: The Edit Attribute window opens.

Table 29 Define format for a subscriber attribute parameters
Configured Enter or modify the new regular expression.

Regular
Expression
Enable Test Enabling the option:

• Tests the configured regular expression against the value entered to test.
• Makes the Value To Test field available.
Value To Enter the value to test against the regular expression.

Test
Note 1 — While configuring a regular expression for a custom field,

allow an empty string for no errors to appear for an empty custom field.
To enable an empty string, append |(^$) to the regular expression.
Note 2 — While configuring an SMA Attributes for an NE in the Object

Details view, if the format of the attribute does not match the pre-defined
format of the subscriber attribute, you will receive an error message and
the Apply icon ( ) will be disabled.
6 Click OK.
Note — You can revert the changes before clicking the Apply icon ( ).
See Procedure 79
Note —
• OK will be enabled when the value-to-test matches the regular

expression.
• The definition of the attribute format will be effective at the next login.
15.3 Managing subscriber search attributes

In the Subscriber Search Attribute Categories view, you can create and manage
attribute categories.

The attribute categories contain a subset of subscriber attributes:
• Phone number • IP address

• CPE name • VoIP Service Customer Id
• Serial number • Termination ID
• SLID • Customer ID
• CES Service Customer Id • CPE IP Address
• EPON ONT MAC Address • Logical Authentication ID
• MAC Address • ONT Serial Number
• PPPoE User Name • TID Name
• User Account • User Name
Location • IP Host address
There is also an Not Collected for SMA category that contains all of the subscriber
attributes not associated with a category. The Customer ID attribute is shown under
Not Collected for SMA category depending on the NE type.
Note 1 —
• Unicity Check identifies the uniqueness of the value to be set

for an SMA attribute against the values in the SMA
database.
• Enabling unicity checks has performance impacts.
Configuring an attribute with Unicity Check enabled will take
several seconds in very large configurations.
• Attributes with Unicity Check enabled will not be displayed in
the multiple edit wizard. See the 5520 AMS User Guide for
information.
Note 2 — When a NE plug is installed in 5520 AMS, to improve

the performance, ensure to move the SMA attributes that are
not used to Not Collected for SMA category.
Note 3 — By default, the custom fields attributes are added to
Not Collected for SMA category which is applicable for
inventory collection.
Procedure 75 To create a subscriber search attribute category

3 Click the Add New Category icon ( ).
Result: The Create Category window opens.
4 Enter the category name and click OK.
Result: The new subscriber search attribute category appears in the Category/Attribute
Name column.
See Procedure 79
Procedure 76 To edit a subscriber search attribute category
3 Select a category from the Category/Attribute Name column, and click the Edit Category icon
( ).
Result: The Edit Category window opens.
4 Edit the parameters as described in Table 30.

Table 30 Edit a subscriber search attribute category parameters
Category The name of the subscriber search attribute category.

Name
Unicity Check Enables or disables the unicity check for the category.
Note —
• When Unicity Check is enabled on an SMA attribute, prior to setting a

non-default value for such an attribute, the AMS GUI queries the SMA
database to verify if an attribute with the same value already exists.
When the unicity check fails, the setting of the value is aborted and an
error is displayed.
• Unicity check against default values are not performed. For example,
an ONT Serial Number - ALCL00000000.
• The duplicates in the database prior to enabling unicity check will not
be detected.
• The unicity check is case insensitive. For example, toto, Toto and
ToTo will be considered as duplicates.
• The unicity check includes newly entered values only after 30
seconds.
• The change in the unicity check will take effect at the next login.
5 Click OK.
See Procedure 79
Procedure 77 To move an attribute to a different subscriber search attribute

category

3 Expand the category that contains the attribute you want to move.
4 Choose the attribute you need to move and perform one of the following steps:
• Drag the attribute from the current category to the target subscriber search attribute
category.
• Use the Move Attributes icon.
• Click the Move Attributes icon ( ).
Result: The Move Attributes window opens.
• Select the target category name and click OK.
Result: The attribute moves from the current category to the target subscriber search
attribute category.
• Right-click on the attribute and select Move to, then choose a target category name.
See Procedure 79
Procedure 78 To delete a subscriber search attribute or attribute category

When you delete a subscriber search attribute, it is moved to the Not Collected for SMA category.
When you delete a subscriber search attribute category, its attributes are moved to the Not
Collected for SMA category.
3 Choose an attribute or attribute category and click the Delete icon ( ).
Result: A confirmation window opens.
4 Click OK.

Result: The deleted attribute or attributes from the deleted category are moved to the Not
Collected for SMA category.
See Procedure 79
Procedure 79 To revert the changes in subscriber search attribute categories view

Perform the following procedure to revert the last operation performed in the Subscriber Search
Attribute Categories view.
3 Click the Revert icon ( ).
Result: The last change made in Subscriber Search Attribute Categories view is reverted.
Note — You cannot revert the changes after clicking the Apply icon
( ).

Administrator Guide Managing External TL1 Gateways
16 Managing External TL1 Gateways

16.1 Managing External TL1 Gateways overview
16.2 Using an External TL1 Gateway in a cluster
16.3 Multiple External TL1 Gateways
16.4 Configuring an External TL1 Gateway connection
16.5 Logging in to an External TL1 Gateway
16.6 Managing command templates and batch executions
16.7 Managing TNM users
16.8 Viewing External TL1 Gateway information
16.9 Managing alarm logs
16.1 Managing External TL1 Gateways overview

The 5520 AMS manages the External TL1 Gateway using the External TL1 Gateway
Manager view. The 5520 AMS allows a user with administrator privileges to establish
a TL1 session from the 5520 AMS client using the External TL1 Gateway interface
to the NE.
The 5520 AMS is integrated with the External TL1 Gateway interface in standalone
mode, which allows the gateway administrator to add or delete NE entries by logging
in to the gateway using the admin interface. When a new entry is added or deleted
from the 5520 AMS, the same entry is updated in the NE configuration file by sending
the appropriate TL1 command using the admin interface.
Note — There are a list of commands which are applicable for
the admin interface only. For example, RTRV-GW-NECONFIG
is one of them. When the External TL1 Gateway is integrated
with 5520 AMS, the admin interface is used by 5520 AMS. So
the operator can not open an admin session separately. For
more information see the 5520 AMS External TL1 Gateway
User Guide.
The External TL1 Gateway Manager allows the administrator to:

• Configure External TL1 Gateways
• Add, modify, view, or delete a TNM user profile
• Change an External TL1 Gateway user password

Managing External TL1 Gateways Administrator Guide
• Terminate TNM sessions

• View External TL1 Gateway statistics
The administrator can establish an External TL1 Gateway session by choosing an
agent on the NE and choosing External TL1 Gateway. From the NE, the
administrator can configure the NE using TL1 commands, view alarms and requests,
start and stop batch execution actions, and load and clear command templates.
When the administrator connects to the External TL1 Gateway using the Admin
connection type, there can be only one admin session. However, when the
administrator connects using the TNM or OSS connection type, the administrator can
open another 5520 AMS client and connect as another TNM or OSS user using the
External TL1 Gateway Manager.
Users with non-administrator privileges can start and stop batch execution actions,
load and clear command templates, and send provisioning commands to the NE.
Occasionally, IP address used by the External TL1 Gateway might be active on the
previously active server. On the new server the IP address might not be active as the
operating system indicates the IP might be in use. In this scenario, you need to
manually disable the IP on the previously active server and manually enable it in the
current active server.
16.2 Using an External TL1 Gateway in a cluster

If you are using redundant application servers, you can use the External TL1
Gateway integration script to integrate the External TL1 Gateway with the cluster.
The integration ensures that an OSS connection to the External TL1 Gateway always
reaches the active application server.
In a cluster installation at a single site or in a geographically-redundant installation
where the sites are in the same sub-network, you can create a virtual IP address for
the cluster. The OSS communicates with the External TL1 Gateway using the virtual
IP address.
Table 31 lists the tasks for setting up the External TL1 Gateway for use in a cluster
or geographically-redundant environment.
Table 31 Set up the External TL1 Gateway for use in a cluster
Task See
On Red Hat Enterprise Linux systems, configure an Ethernet bonding Red Hat® Enterprise Linux®
interface on each application server and create an Ethernet bonding documentation
group.
(1 of 2)

Task See
Install the External TL1 Gateway on each application server. 5520 AMS External TL1
Gateway Installation Guide
Run the External TL1 Gateway integration script on each application Procedure 80
server.
Configure the External TL1 Gateway settings in the Site object. Section 20.33
Select the Connection to External TL1 GW, Sync NE List, and Use
Single External LT1 GW Server check boxes.
Create the External TL1 Gateway server in the 5520 AMS GUI. Procedure 82
(2 of 2)
Procedure 80 To configure the External TL1 Gateway using the External TL1
Gateway integration script
Perform this procedure to set up the External TL1 Gateway for use in a cluster.
Before you proceed:
• On Red Hat Enterprise Linux systems, an Ethernet bonding interface must be configured
on each application server. The Ethernet bonding interfaces must be configured as an
Ethernet bonding group.
• You need the virtual IP address for the cluster, if you need to use one.
• The External TL1 Gateway must be installed.
2 Run the integration script by typing:
ams_exttl1_integration.sh configure ↵
The script confirms that the 5520 AMS is installed in a cluster:
Detecting setup.
-> Found cluster.
3 The script prompts you for the directory where the External TL1 Gateway is installed:
In which directory is the 5520TL1GW installed [ /opt/nokia (default) ]?
Press ↵ if the External TL1 Gateway is installed in the /opt/nokia directory, or enter the path
to the directory and press ↵.
4 The script prompts you to confirm whether you will be using a virtual IP address:
Do you want to use a single virtual IP address for OSS communication [

yes (default) | no ] ?

Press ↵ if you have configured a virtual IP address, or type n and press ↵.
5 If you answered yes to the prompt in step 4, the script prompts you for the virtual IP address:
Provide the virtual IP address to be used for OSS communication:
Enter the virtual IP address and press ↵.
6 The script prompts you for one of the network interfaces:
Provide one of the network interfaces to use for OSS communication:
Enter the name of one of the network interfaces in the Ethernet bonding group and press ↵.
The script completes the configuration and displays the following message:
Writing configuration
Ready
The integration of the 5520 AMS and the External TL1 Gateway is configured.
Procedure 81 To unconfigure the External TL1 Gateway using the External TL1
Gateway integration script
Perform this procedure to prepare the External TL1 Gateway for uninstallation. For information
about uninstalling and migrating the External TL1 Gateway, see the 5520 AMS External TL1
Gateway Installation Guide.
Caution — This is a service affecting procedure because it will stop

both the External TL1 Gateway and the 5520 AMS.
2 Run the integration script by typing:
ams_exttl1_integration.sh unconfigure ↵
The script confirms that the 5520 AMS is installed in a cluster and that a configured
integration is present:
Detecting setup.
-> Found cluster.

-> Found configured AMS/TL1GW integration
3 The script prompts you to confirm:
If they are running, the 5520 AMS and the 5520 TL1GW will be stopped
before unconfiguring.
Are you sure you want to unconfigure [ yes | no (default) ] ?
Press ↵ to continue.
The script displays status messages showing the processes being stopped:
->Stopping 5520TL1GW
o Disabling 5520TL1GW
o Stopping 5520TL1GW
->Stopping 5520AMS
Stopping all AMS processes...
Stopping Process Monitor
Stopped Process Monitor
Stopping JBoss
Stopped Jboss
Stopping database
Stopped database
All AMS processes stopped
->Unconfiguring virtual IP address
Ready
The integration of the External TL1 Gateway is unconfigured. You can proceed with migration
or uninstallation.
16.3 Multiple External TL1 Gateways

You can use multiple External TL1 Gateways if needed.

You can associate an NE to an External TL1 Gateway when you create it, or change
the association at any time. For information about creating an NE, see the 5520 AMS
User Guide.
Caution — To avoid potential synchronization issues, verify
that the NE name does not include the following characters:
comma (,), semicolon (;), and colon (:).
The Use Single External TL1 Gateway Server check box in the Site settings is
selected by default. If you use two or more External TL1 Gateway servers, you must
deselect the check box. See Section 20.33 for more information. An error is
generated if the check box is selected and you attempt to create a second External
TL1 Gateway server.
Table 32 lists the access privileges that are required for the main menu.
Table 32 Access privileges
Menu option or icon To See Operator profile
CLI TNM ADMIN
Network Tree view
NE→Agents→Agent→Exter Open a new user Procedure 89 ✓ ✓ ✓

nal TL1 Gateway session
External TL1 GW Servers in the Administration tree
External TL1 GW Create an External Procedure 82 ✓ ✓ ✓

Servers→Create→External TL1 GW server
TL1 Gateway Server
External TL1 GW Delete an External Procedure 83 ✓ ✓ ✓

Server→Delete TL1 GW server
External TL1 GW Associate Procedure 85 ✓ ✓ ✓
Server→Associate NEs unassigned NEs to
an External TL1
GW server
External TL1 GW Disassociate NEs Procedure 87 ✓ ✓ ✓

Server→Disassociate NEs from the External
TL1 GW server
External TL1 GW Establish TL1 GW Procedure 88 ✓ ✓ ✓

Server→External TL1 GW connection
Manager
External TL1 GW Manager view
View menu→Configure Configure or Procedure 90 ✓ ✓ ✓

External TL1 Gateway modify an External
TL1 GW
Login icon Log in to the Procedure 91 ✓ ✓ ✓

External TL1 GW
Manager
(1 of 2)

Menu option or icon To See Operator profile
CLI TNM ADMIN

View menu→Change Change an Procedure 92 ✓
Password External TL1 GW
user password
View menu→Load Load command Procedure 93 ✓ ✓ ✓

Commands Template templates
External TL1 GW Send TL1 Procedure 94 ✓ ✓ ✓

Manager→Send option commands
View menu→Clear Clear command Procedure 95 ✓ ✓ ✓

Commands Template templates
View menu→TNM User Add/modify/lists Procedure 98, ✓

Profiles TNM user profiles 99
View menu→Terminate Terminate TNM Procedure 101 ✓

TNM Sessions sessions on the
External TL1 GW
View menu→External TL1 View External TL1 Procedure 102 ✓
GW Statistics GW statistics
View menu→About TL1 View External TL1 Procedure 103 ✓
Gateway GW release and
licence information
(2 of 2)
Procedure 82 To create an External TL1 Gateway server
1 In the Administration Tree, choose EMS Administration→EMS System→Site→External TL1

GW Servers.
2 Right-click External TL1 GW Servers and choose Create→External TL1 GW Server.
Result: The Create External TL1 GW Server window opens.
3 Enter a name for the External TL1 Gateway in the Gateway Name field and click Next.
4 Configure the parameters.
Note — If you are configuring an External TL1 Gateway server for a

cluster, enter the virtual IP address for the IP address parameter.
5 Click Finish to create the External TL1 GW server.

Procedure 83 To delete an External TL1 Gateway server

GW Servers→External TL1 GW Server.
2 Right-click External TL1 GW Server and choose Delete.
Result: The External TL1 GW Server window is deleted.
Note — You cannot delete an External TL1 Gateway server instance

when an NE is manually associated with the External TL1 server.
Procedure 84 To export External TL1 Gateway settings

GW Servers→External TL1 GW Server.
2 Choose File→Export.
Result: The Export window opens.
3 In the Export window, select the following check boxes under the Application Filter:
• Cluster Settings
• External TL1 Gateway
4 Click Finish.
Result: The Export progress window shows the export progress bar.
The Export Result window displays the export status.

Procedure 85 To associate all unassigned NEs to an External TL1 Gateway server

GW Servers.
2 Right-click the External TL1 Gateway server with which you need to associate NEs and
choose Associate NEs. All NEs that had not been associated with an External TL1 Gateway
server are associated with the server.
Note 1 — If you are logged in to the External TL1 Gateway when you
associate NEs, your session will be disconnected and you will need to log
in again.
Note 2 — TL1 Gateway can only manage an NE with an IP, where the
first and last octet are non-zero. For example, 172.21.132.0 or
0.21.132.33 are considered as invalid IP address of an NE.
Procedure 86 To associate one NE to an External TL1 Gateway server
Result: The Object Details opens.
2 Click the TL1 tab.
3 In the External TL1 GW Server field, click Browse and navigate to the server you need to
assign the NE to.
4 The NE is now managed by the External TL1 Gateway.
To view the list of NEs associated with a gateway, log in to the External TL1 Gateway. See
Procedure 91.
Note — TL1 Gateway can only manage an NE with an IP where the first
and the last octet are non-zero. For example, 172.21.132.0 or
0.21.231.33 are considered as invalid IP address of an NE.

Procedure 87 To disassociate NEs from an External TL1 Gateway server

GW Servers.
2 Right-click External TL1 GW Server and choose Disassociate NEs.
Result: The 5520 AMS disassociates all NEs from the gateway.
Note 1 — The NEs will not be automatically associated with another

External TL1 Gateway server. See Procedure 85 to associate the NEs
with another server.
Note 2 — If you are logged in to the External TL1 Gateway when you
disassociate NEs, your session will be disconnected and you will need to
log in again.
16.4 Configuring an External TL1 Gateway

connection
The configuration of the External TL1 Gateway connection settings must be
performed once by a user with administrator privileges.
Procedure 88 To establish an External TL1 Gateway connection

There should not be another admin session established with the External TL1 Gateway.

GW Servers and choose the External TL1 Gateway server you need to connect to.
2 Configure the settings as described in Table 70.
3 Click the Apply icon ( ) to save the settings.
4 Right-click External TL GW Server and choose External TL1 GW Manager.
Result: The External TL1 GW Manager window opens.
5 Log in to the TL1 GW Manager as ADMIN, TNM, or OSS as described in Procedure 91.

Procedure 89 To start a new External TL1 Gateway user session from the NE
1 In the Network Tree view, navigate to an NE and choose Agents→ Agent.
2 Right-click Agent and choose External TL1 Gateway.
Result: The TL1 Gateway Login page opens.
3 Enter the user name and password.
Result: The External TL1 Gateway view opens a user session for the NE.
Procedure 90 To configure or modify an External TL1 Gateway
1 Verify that the External TL1 Gateway is connected to the 5520 AMS. See Procedure 88 to
establish an external TL1 gateway connection.
2 Log in to the External TL1 Gateway Manager using the Admin connection type.
3 In the External TL1 GW Manager view, click the View Menu icon ( ), and choose Configure
External TL1 Gateway.
Result: The Gateway Configuration window opens with the OSS Interface tab selected by
default.
4 Click the OSS Interface, NE Interface, or General tab, and configure the parameters as
required.
5 Click OK to save the configuration.
Note — The change can take up to 90 seconds to be reflected in the

GUI.

16.5 Logging in to an External TL1 Gateway

You can log in to an External TL1 Gateway using the External TL1 Gateway Manager
or through an NE. When you use the External TL1 Gateway Manager, you can log in
to the External TL1 Gateway using the following login connection types:
• Admin: Allows a user to connect to the External TL1 Gateway through the Admin
port that is configured in the External TL1 Gateway settings. An Admin user can
perform administrative tasks on the External TL1 Gateway and:
• Configure the TNM user profile.
• Terminate TNM sessions.
• Change External TL1 Gateway passwords.
• View External TL1 Gateway statistics.
• TNM: Allows a user to connect to the External TL1 Gateway through the TNM
port:
• When the user chooses the Alarm channel type, the user cannot send any
provisioning commands to the NE. The user receives alarms in the Alarms window
for all of the NEs managed by the External TL1 Gateway.
• When the user chooses the Provisioning channel type, the user can perform
provisioning tasks using the TL1 Commands field for the NEs that are managed by
the External TL1 Gateway. However, this user only receives alarms from the NEs to
which the user logged in for provisioning. You can only log in to the External TL1
Gateway using the TNM connection type if a TNM user profile is configured. See
Section 16.7 for information about managing TNM users.
• OSS: Allows a user to connect to the External TL1 Gateway through the OSS port.
After the user logs in to the External TL1 Gateway Manager, the user can use the
ACT-USER TL1 command to log in to any NE that is managed by the External TL1
Gateway.
Procedure 91 To log in using the External TL1 Gateway Manager

The External TL1 Gateway must be connected on the 5520 AMS. See Section 16.4 for information
about configuring an external TL1 gateway connection.
1 Open the External TL1 GW Manager view.
2 Click the Manager Login Action icon ( ).
Result: The TL1 Gateway Manager login window opens.
3 Choose one of the following connection types:
• ADMIN,
• TNM
• OSS

4 Enter the username that corresponds to the connection type. The name is the username that
you entered when you configured the gateway.
5 Enter the password that corresponds to the connection type. The password is the password
that you entered when you configured the gateway.
6 For the TNM connection type, choose the channel type: Alarm, Provisioning, or Alarm
Provisioning.
7 Click Finish. When you successfully log in to the External TL1 Gateway, the available NEs
are listed in the TL1 GW Manager view.
If you are logged in to the External TL1 Gateway as a non-administrator, you can use this
view to:
• Provision NEs using TL1 commands. To send a TL1 command, enter or choose the
command in the Command field, and click Send.
• Configure how alarms, requests, and responses are displayed:
• To save TL1 data, click the Save icon ( ).
• To clear TL1 data, click the Eraser icon ( ).
• To disable the display of the data, select the Disable Alarms check box.
Procedure 92 To change an External TL1 Gateway user password

Before you proceed, the External TL1 Gateway must be connected on the 5520 AMS. See section
16.4 for more information.
1 Log in to the External TL1 Gateway Manager using the Admin connection type.
2 In the TL1 GW Manager view, click the View Menu icon ( ), and choose Change Password.
Result: A window opens.
3 Click Yes to proceed.
Result: The Change Password window opens.
4 Enter the current user password.
5 Enter the new password (from 4 to 32 characters).
6 Re-enter the password.

7 Click OK to save the changes. You are automatically logged out of the External TL1 Gateway
Manager view.
8 Open the Administration perspective.

GW Servers and choose the External TL1 Gateway.
10 Enter the new password in the Admin Password and Re-Type Admin Password fields.
Note — The password must match the one you entered in the External
TL1 Gateway Manager view.
11 Re-enter the password in the Re-Type Admin Password field.
16.6 Managing command templates and batch

executions
You can create a flat file to store frequently used TL1 commands. The file is called a
command template. You need to store the template in the directory where the
5520 AMS client is running. After you load the template, the commands are listed in
the Commands drop-down menu in the TL1 GW Manager view. After a command
template is loaded, the user can choose the command from the menu and send it.
Batch files are text files that are used to send TL1 commands, as defined in the batch
file, to the External TL1 Gateway. Commands are sent serially. The batch file must
be created locally, on the machine where the client is running. You can perform batch
execution actions using the External TL1 Gateway Manager or from the External TL1
Gateway view on an NE.
Procedure 93 To load command templates on the External TL1 Gateway

Before you proceed, the External TL1 Gateway must be connected on the 5520 AMS. See Section
16.4 for more information.
1 Log in to the External TL1 Gateway Manager with the OSS or TNM connection type.
See Section 16.5 for information about Logging in to an External TL1 Gateway.
2 In the TL1 GW Manager view, click the View Menu icon ( ) in the top right corner.

3 Choose Load Commands Templates.
Result: A file browser window opens.
4 Navigate to the command template that you need to load.
5 Click Open.
Result: The template loads and the operation runs in the background.
Procedure 94 To send TL1 commands
1 Log in to the External TL1 Gateway Manager as a TNM user. See Procedure 91.
2 Choose one of the following methods to enter a TL1 command in the Command drop-down
list:
• Choose a command template from the Command drop-down list.

• Type the command in the Command drop-down list. For more information on TL1
commands, see 5520 AMS External TL1 Gateway User Guide.
3 Click Send.
Result: The command is sent to the gateway. The response to the command sent is
displayed in the Request/Response panel of the External TL1 GW Manager.
4 Perform any of the following steps:
• Click the Save icon ( ) next to the Request/Response panel to save the log of requests
sent to the External TL1 Gateway and responses received from it, which is displayed in
the Request/Response panel, to a .txt file locally.
• Click the Clear icon ( ) to clear the requests and responses from the
Request/Response panel.
Procedure 95 To clear command templates on the External TL1 Gateway

You can clear a command template that has been loaded on the External TL1 Gateway using the
External TL1 Gateway Manager or the External TL1 Gateway view on an NE.

Before you proceed:
• The External TL1 Gateway must be connected on the 5520 AMS. See Procedure 90 to
configure or modify an External TL1 Gateway.
• A command template must be loaded on the External TL1 Gateway. See Procedure 93
to load command templates on the External TL1 Gateway.
1 Log in to the External TL1 Gateway Manager with the OSS or TNM connection type.
See Section 16.5.
2 In the TL1 GW Manager view, choose the View Menu icon ( ).
3 Choose Clear Commands Templates.
Result: The template is removed.
Procedure 96 To start batch execution actions on the External TL1 Gateway

The External TL1 Gateway must be connected on the 5520 AMS. See Procedure 90.
1 Log in to the External TL1 Gateway Manager. See section 16.5.
2 To start the batch execution action, click the Batch Execution Action icon ( ) in the TL1 GW
Manager view.
Result: A file browser window opens.
3 Navigate to the script file that you need to run. This file is stored where the 5520 AMS client
runs. See the 5520 AMS External TL1 Gateway User Guide for more information.
4 Choose the file and click Open.
Result: The batch execution action starts and runs in the background.
Procedure 97 To stop batch execution actions on the External TL1 Gateway

You can stop a batch execution action after the action has been started. When you start the batch
execution action, the Stop Batch Execution Action icon is red. When the batch execution action is
not running, the Stop Batch Execution Action icon is dimmed.

Before you proceed:
• The External TL1 Gateway must be connected on the 5520 AMS. See Procedure 90.
• A batch execution action on the External TL1 Gateway must be started. See
Procedure 96.
1 Log in to the External TL1 Gateway Manager, using the OSS or TNM connection type.
See Section 16.5.
2 To stop a batch execution action that is running in the background, click the red Stop Batch
Execution icon ( ).
16.7 Managing TNM users

TNM user profiles are used to manage the TNM users of an External TL1 Gateway.
Procedure 98 To add a TNM user profile on the External TL1 Gateway

The External TL1 Gateway must be connected on the 5520 AMS. See Procedure 90 to configure
or modify an External TL1 Gateway.
You need to create a TNM user for the IP address of each of the following:
• The 5520 AMS server. In a cluster environment, you need a user for each application
server.
• The External TL1 Gateway.
1 Log in to the External TL1 Gateway Manager using the Admin connection type. See
Section 16.5.
Note — This procedure assumes that a TNM user profile has not been
configured on the External TL1 Gateway. Therefore, you must log in to
the External TL1 Gateway using the Admin connection type. You can only
log in to the External TL1 Gateway using the TNM connection type when
a TNM user profile is configured.
2 In the TL1 GW Manager view, click the View Menu icon ( ), and choose TNM User Profiles.
Result: The TNM User Profile window opens and displays any existing TNM user profiles.
3 Click Add.

Result: The Add/Edit User Profile window opens.
4 Enter the username for the TNM user profile.
5 Enter the password for the TNM user profile.
6 Re-enter the password.
7 Enter the IP address for the TNM user profile. This is the IP address from which a TNM user
can connect to the External TL1 Gateway.
8 Click Finish.
Result: A window confirms that a TNM profile was added successfully.
9 Repeat steps 3 to 8 for each IP address.
Procedure 99 To list TNM user profiles
Procedure 91 to log in to the External TL1 Gateway Manager.
2 In the External TL1 GW Manager view, click the View Menu icon ( ), and choose TNM User
Profiles.
Result: The TNM user Profiles window opens and displays any existing TNM user profiles.
Procedure 100 To remove a TNM user profile

1 Log in to the External TL1 Gateway Manager. See Section 16.5.
2 In the TL1 GW Manager view, click the View Menu icon ( ) in the top right corner and
choose TNM User Profiles.
Result: The TNM User Profile window opens and displays any existing TNM user profiles.
3 Choose the Set of TNM profiles you need to remove and click Remove.

Result: The TNM profiles for the 5520 AMS server and the External TL1 Gateway are
removed from the TNM User Profile window.
4 Click Finish.
Result: A window confirms that a TNM profile was removed successfully.
Procedure 101 To terminate TNM sessions on the External TL1 Gateway

Perform this procedure to terminate TNM sessions on the External TL1 Gateway.
Before you proceed the External TL1 Gateway must be connected on the 5520 AMS.
See Procedure 90.
Section 16.5.
2 In the TL1 GW Manager view, click the View Menu icon ( ) in the top right corner and
choose Terminate TNM Sessions.
Result: The Terminate TNM User Session window opens and displays a list of TNM user
sessions that are currently running. This window will be empty if no user sessions are
running.
3 Enter a value from 5 to 99 s in the Auto Refresh Timer field.
4 Click Start.
Result: The Terminate TNM User Session window displays information about user sessions
that are currently running. The window is updated for every configured interval specified in
step 3.
5 To stop the display of information in the Terminate TNM User Session window at any time,
click Stop.
6 To terminate a TNM user session, choose the session that you need to terminate in the
Terminate TNM User Session window, and click Terminate.
7 Click Close to close the Terminate TNM User Session window.

16.8 Viewing External TL1 Gateway information

You can view External TL1 Gateway statistics, release and license information.
Procedure 102 To view External TL1 Gateway statistics

Section 16.5.
2 In the TL1 GW Manager view, click the View Menu icon ( ), and choose External TL1
Gateway Statistics.
Result: The Gateway Statistics window opens.
3 Enter a value from 5 to 99 s in the Auto Refresh Timer field.
4 Click Start.
Result: The Gateway Statistics window displays information about the External TL1
Gateway. The window is updated for every configured interval specified in step 3.
5 To stop the display of information in the Gateway Statistics window at any time, click Stop.
6 Click Close to close the Gateway Statistics window.
Procedure 103 To view External TL1 Gateway release and license information
1 Log in to the External TL1 Gateway Manager. See Section 16.5.
2 In the External TL1 GW Manager view, click the View Menu icon ( ), and choose About
TL1 Gateway.
Result: The About TL1 Gateway window opens and displays release and license information
about the External TL1 Gateway.
3 Review the information and click OK to close the window.

16.9 Managing alarm logs

The following procedures describe how to save or clear alarm logs, or disable alarms
from the NE.
Procedure 104 To manage alarm logs
1 Log in to the External TL1 GW Manager as a TNM user, using the TNM user credentials. See
Procedure 91.
Result: The alarm logs are displayed in the Alarms panel in the External TL1 GW Manager
view.
• Click the Save icon ( ) to save the alarm log as a .txt file locally.
• Click the Clear icon ( ) to clear the alarm logs from the Alarm panel.
• Select the Disable Alarms check box to stop displaying alarms from the NE.


Administrator Guide NE tasks performed from the 5520 AMS server
17 NE tasks performed from the

5520 AMS server
17.1 Server tasks overview
17.2 Updating the NE plug-in file
17.3 Creating NEs from the 5520 AMS server
17.4 Managing splitter
17.5 Configuring NEs using the ams_ne_cli script
17.1 Server tasks overview

This chapter describes procedures for NE management that are performed from the
5520 AMS server. Not all procedures or all parameters apply to all NEs.
Before you can perform any of the procedures in this chapter, you need to be able to
log in to the server as amssys. See Procedure 8 to log in to a 5520 AMS server as
amssys.
17.2 Updating the NE plug-in file

You need to use the most recent version of the plug-in for your NE. If a new version
of a plug-in has been issued and you have an earlier version installed, you need to
update the plug-in file. See the 5520 AMS Installation and Migration Guide for
information on the tasks to update the NE plug-in to a new version.
17.3 Creating NEs from the 5520 AMS server

You can create NEs from the 5520 AMS server using a script called ams_ne_mgr.
The script reads an input file that contains the NE creation parameters and creates
the representation of the NE in the 5520 AMS.
Perform the following procedures to create the input file and create the NEs.
17.3.1 Before you proceed

You must have verified connectivity to the NE. See the 5520 AMS User Guide.

NE tasks performed from the 5520 AMS server Administrator Guide
If you are placing the NE in a group, the group must be created. See the 5520 AMS
User Guide.
Depending on the configuration of the 5520 AMS, the name you assign to an NE may
have to match the NE System ID. See Procedure 159.
If it is necessary, you must obtain the System ID of the NE before creating the NE in
the 5520 AMS GUI. For the procedure to obtain the NE System ID using CLI and TL1
commands, see the NE hardware documentation.
SNMP profiles must be created. See Procedure 137 to create an SNMP profile.
If the NE is behind a NAT server, DCN settings must be configured before you can
supervise the NE. See Procedure 70 to configure DCN settings.
If you need to set up time zone management, time zone settings must be configured.
See Procedure 163 to configure time zone settings.
If you will be applying a TL1 Gateway ID, the External TL1 Gateway must be created
and the Use Single External TL1 GW Server check box in the Site object must not
be checked. See Chapter 16.
If you will be applying templates, template groups, or PAPs, they must be created.
See the 5520 AMS User Guide for information about templates.
You must be able to log in to the 5520 AMS server as amssys or as a user in the
amssys group. For information on adding a new user account to the amssys group,
see Section 9.3.
You need the username and password of a 5520 AMS user with the AMS NBI - Edit
function, for example, a user with the Administrator role. You can enter the username
and password when you run the script, or you can use the password encryption tool.
See Procedure 33 to run the password encryption script.
Procedure 105 To create an input file for the ams_ne_mgr script with option
-createNE
$AMS_LOCALDATA_HOME/oss/conf/ams_ne_mgr.csv
3 Configure the parameters as comma-separated values with one line for each NE.
Table 33 describes the parameters.

Table 33 Input file parameters
Group Name Yes The group you need to create the NE in.
Parent NE Group Name No The name of the parent NE group.
NE Name Yes The name of the NE. The name cannot contain special
characters ($, #, ^, &, *). (1) (2)
PAP No The PAP of the NE. The default is defaultPAP.
NE Type Yes The type of the NE, for example, 7342 ISAM FTTU.
NE Version Yes The NE release number, for example, 4.6.
Single IP Address No The allowed values are:

true
false
The default is true.
The parameter indicates that the NE has one IP address.
Main IP Address No(3) The IP address of the NE. IPv4 and IPv6 address
formats are supported.
Secondary IP Address No If Single IP Address is set to false, the IP address of the
second agent, for example, the SHub. IPv4 and IPv6
address formats are supported.
Main SNMP Profile Name No(3) The SNMP profile for the NE
Secondary SNMP Profile Yes, for The SNMP profile for the second agent, for example, for
Name NEs with the SHub
two agents
ENV Alarm Template No The name of the environmental alarm template to assign
Name to the NE
Template Group Name No The multiple template group versions for deployment to
assign to the NE.
Formats for creating NE with template group:
• Template Group Name:Version Number : This
format can be used only for one template group.
For example, TGV2ISAM:1
• /name=template Group Name/version=version
number : This format can be used for one or more
template groups and can be passed using a '|'
delimiter to this parameter.
For example,
/name=TGVISAM/version=1|/name=TGV1ISAM/ve
rsion=2
Deploy After Next Start No The allowed values are:

Supervision true
false
The default is false.
The parameter indicates that the template group should
be deployed when supervision is started on the NE.
(1 of 3)


Selected EMS Tracing No Select the tracing level of EMS.
Level Using the "-modifyNE" option you can modify multiple
values of the "selectedEmsTracingLevel" attribute. For
example, MObject|Metadata|Alarms to DB.
CLI User Name No The username to use for CLI cut-throughs to the NE
CLI Password No The password to use for CLI cut-throughs to the NE
TL1 GTWY ID No The ID of the External TL1 Gateway to assign to the NE
TL1 Session No The allowed values are:

enabled
disabled
The default is disabled.
This parameter will be blank if TL1 gateway plugin has
not been installed.
TL1 Username No The username to use for TL1 cut-throughs to the NE

TL1 Password No The password to use for TL1 cut-throughs to the NE
TL1 Port No The port number you need to assign for TL1
communication. (6)
Enable OSS Provisioning No LOCKED or UNLOCKED. The default is UNLOCKED.

This parameter is only required if you have installed
certain 5529 Enhanced Applications.
Timezone No The time zone to apply to the NE, for example

Europe/Rome. The default is time zone not managed.
longitude No Integer represents longitude and is a positive number.(5)
latitude No Integer represents latitude and is a positive number.(5)
[customFields]* No Format of the custom field is

cf=/<attributeName>=<attributeValue> (4)
cf is the keyword of the custom field.
attributeName is the customfield name.
attributeValue is the custom field value.
alarmSilentMode No The allowed values are:
TRUE
FALSE
Target SW Release (7) No Specifies the target NE SW release. Format of a target

software release
is=:<NE_TYPE>:<NE_SW_RELEASE>
where:
<NE_TYPE> is type of the NE, <NE_SW_RELEASE> is
the NE software release.
Download and Activate No Specifies the NE must be supervised after the software
SW at Start Supervision (7) download and activation.
You must first enter the target SW release in the Target
SW Release parameter to enter a value this parameter.
(2 of 3)


Target Script or Archive (7) No Target script in the available scripts for the same NE
family. The scripts are located at,
$AMS_EXTERNAL_SHAREDDATA_HOME/ne/script/
Other Command Line No Additional input parameters of the script.

Parameters (7) The Other Command Line Parameters parameter is not
applicable when no value is associated with Target
Script or Archive parameter.
Execute Script at Start No Specifies whether the script needs to be executed during
Supervision (7) supervision.
You must first enter a target script in the Target Script or
Archive parameter to enter a value for this parameter.
ANV Process Name(8) No Creates an NE which is managed by Nokia Access

Virtualizer Adaptor. Supported on SX16F NE.
When a single ANV process is configured in the 5520
AMS, providing the ANV process name for the creation
of a device managed by Nokia Access Virtualizer
Adaptor is optional.
Configuration Template(8) No Enter the name of the template. Example: testSX

Adding a Configuration template when creating a Nokia
Access Virtualizer device helps you to pre-provision the
device infrastructure and to ensure continued
connectivity with the on-line devices.
If no Configuration template exists with the same name
NE type and NE release, the command will fail.
(3 of 3)
Notes
(1) NE names are case insensitive. For example, you cannot create an NE with the name Node55 and another NE
with the name NODE55.
(2) The NE name should not include the following characters: comma (,), semicolon (;), and colon (:).
(3) Yes, if the NE is managed using SNMP. For an UNMANAGED NE, the IP address is not required.
(4) NE custom fields should be added at the end of a line of the input file passed to the ams_ne_mgr script. Each
line contains information about a single NE to create.
(5) The parameters, MapInfo_longitude and MapInfo_latitude are available only when a geographic map license is
installed on the 5520 AMS.
(6) The parameter, tl1port attribute is deprecated and is ignored.
(7) This parameter is applicable only to NE type which supports zero touch provisioning features. For more
information, see the 5520 AMS Administrator Guide.
(8) The parameters “ANV Process Name” and “Configuration Template” are applicable only for NE creation when
using Nokia Access Virtualizer Adaptor which is a licensed product. For more information about Nokia Access
Virtualizer Adaptor, contact your Nokia account representative.
An example of an input file entry for an NE is:
Access
Network,RK11S1,7342 ISAM FTTU,4.7,true,124.120.111.211,SNMP1,SNMP2,,,,i
sadmin,password@,SUPERUSER,password,,,
Network,test,defaultPAP,7342 ISAM
FTTU,4.7,false,2.2.9.6,2.2.3.2,public,NETMAN

,,,,,,,,,,,,,15,15,cf=/test=test
Procedure 106 To add NEs using the ams_ne_mgr script

the ams_ne_mgr script.
ams_ne_mgr [options] input_file ↵
where:
$AMS_LOCALDATA_HOME/oss/conf/ams_ne_mgr.csv.
Table 34 Options for the ams_ne_mgr script
Option Description
ams_mgr.conf. The configuration changes to the properties file must be
done on the active data server.
-efile file Specify the name of the password file created in Procedure 33, which is
used by the script to get username and password. The file must be in the
shared directory of the data server,
$AMS_SHAREDDATA_HOME/config. The default password file is
ams.password.
local_data_dir/ams/local/release/log.
(1 of 2)

Option Description
-action action Action to take. The options are:
• createNE
• startSupervision
• createNEAndStartSupervision
• enableMaintenanceMode
• disableMaintenanceMode.
• modifyNE
The default is createNEAndStartSupervision.
-mdNm name Managed domain name. The default is AMS.
-username The username of a 5520 AMS client user with the AMS NBI - Edit function.
username(1)
-password password(1) The user password

(2)
-keystore key The full path to the keystore file. By default, the 5520 AMS retrieves the
path from the properties file.
-keypass password The password for the keystore file. By default, the 5520 AMS retrieves the
password from the properties file.
The default URL is https://server:8443, where server is the host name or
IP address of the 5520 AMS server.
If you are using HTTP, enter http://server:8080/.
(2 of 2)
Notes
If the password includes single quotes, you can use one of the following:
3 The script executes, displaying success messages for each NE created. A log file is created
called ams_ne_mgr.log.
Note — When the NE is created using the ams_ne_mgr script, a unique

Resource Management Universal ID is created automatically by the 5520
AMS which is a read-only field. See the 5520 AMS User Guide for more
information.

Procedure 107 To create an input file for ams_ne_mgr script with option -modifyNE
2 Perform any of the following:
• If you are logged in as amssys, open the following sample input file in a text editor:
$AMS_LOCALDATA_HOME/oss/conf/ams_ne_mgr-modify.csv
• Create a new file in an editor.
3 Configure the parameters as comma-separated values with one line for each user.
An example of an input file entry for adding a user is:
ISAM90,aliasName=myISAM,deployAfterNextStartSupervision=true,groupName=
Network/myGroup
17.4 Managing splitter

You can manage splitters from the 5520 AMS server using a script called as
ams_splitter_manager. This script behaves in the same way as that of the
ams_ne_mgr script. Similarly, the ams_splitter_mgr reads an input file, where the
splitter parameters are provided in the input file.
Perform the following procedure to create the input file and manage the splitters. See
section 17.3.1 for more details.

Procedure 108 To create an input file for the ams_splitter_mgr
• If you are logged in as amssys then open the default input file in the text editor:
AMS_LOCALDATA_HOME>/oss/conf/ams_splitter_mgr.csv
3 Configure the parameters as comma-separated values with one splitter per line. Table 35
describes the input file parameters.
splitterFriendlyName Yes Friendly name of the splitter

object
name No The splitter name
splitRatio Yes The splitter ratio
latitude No Integer represents the

latitude value and it is a
positive number
longitude No Integer represents the
longitude value and it is a
positive number
An example of an input file entry for a splitter is:
iSAM17:/rack=1/shelf=1/slot=LT1/port=1/splitter=1,0.086111111
17.5 Configuring NEs using the ams_ne_cli script

You need to create a CLI input command text file before you can run the ams_ne_cli
script. If you are configuring more than one NE, you need to create an NE list text file.
The format of the CLI input command text file is:

login:username
password:password
prompt:prompt
!CLI Commands
!comment
command
command
...
Enter as many comments and commands as you need.
Caution — The CLI Commands line must be included to

indicate the start of the CLI commands in the input command
file.
Table 36 describes the parameters.

Table 36 CLI input command text file parameters
username CLI username
password CLI password
prompt Prompt from which the CLI commands will be executed
comment Use an exclamation point (!) in front of comments
command CLI command, such as “show trap manager”
The following is a sample CLI input command file:

login:isadmin
password:ANS#152
prompt:#
!CLI Commands
!Show trap manager entries
show trap manager
!Log out of the session
logout
The following is a sample NE list text file:

143.209.48.76
143.209.48.77
143.209.48.78
143.209.48.79

Procedure 109 To configure NEs using the ams_ne_cli script

Before you proceed:
• You must be able to log in to the 5520 AMS server as amssys.
• You must have a CLI account on an NE.
• When you are configuring more than one NE, a text file must be created that lists the IP
addresses of the NEs.
• A CLI input command file must be created.
Caution — When a NE is configured using only CLI Cut Through

Secure, the ams_ne_cli script does not run.
For information about using cut-throughs, see5520 AMS User Guide.
To configure cut through settings, see Section 20.18.
• To configure one NE, type:
ams_ne_cli neAddr inputCommandFile outputCommandFile timeout ↵
• To configure multiple NEs, type:
ams_ne_cli NeIpList inputCommandFile outputCommandFile timeout ↵
• To connect to an NE or multiple NEs using SSH or telnet type:
ams_ne_cli -protocol ↵
Where the argument -protocol is optional can be any of the following options:
telnet Using telnet protocol to connect to the NEs.
ssh Using ssh protocol to connect to the NEs
telnetfirst The first instance uses telnet protocol to connect to the NEs. In case the
connection fails, the system tries to setup an SSH connection.

sshfirst The first instance uses ssh to connect to the NEs. In case the connection fails, the
system connects using telnet. This is the default option.
• To get help for the ams_ne_cli script, type:
ams_ne_cli-help ↵
where:
neAddr is the IP address of an NE. IPv4 and IPv6 address formats are supported.
NeIpList is a text file that lists the IP addresses of the NEs.
inputCommandFile is the text file containing the CLI commands.
outputCommandFile is the text file that will contain responses to the CLI commands.
timeout is the timeout, in seconds (default is 10), and is optional.

Administrator Guide Backing up and restoring NE software
18 Backing up and restoring NE

software
18.1 Overview
18.2 Backing up and restoring NE software
18.3 Viewing backup or restore status
18.4 Managing NE backup files
18.5 Checking an NE backup
18.6 Checking backup of multiple NEs
18.7 Backing up and restoring the NE from the Software System

Parameters object
18.1 Overview
The 5520 AMS allows you to back up or restore the selected NE database. By
default, the 5520 AMS retains only five database backup files, deleting the oldest file
when a sixth backup file is created. You can configure the number of retained files.
See Chapter 21 for the procedures to configure the number of backup files that are
stored on the 5520 AMS. You can also configure individual backup files to be
retained indefinitely.
The Backup view displays the available NEs that you can back up and restore. You
can perform a backup and restore operation at the Access Network level or from the
individual NE.
Optionally, you can apply preconfigured schedules to perform backup operations.
See Chapter 21 for detailed information on backing up the 5520 AMS database and
the procedures to set up scheduled backup activities.

Backing up and restoring NE software Administrator Guide
18.1.1 Verifying backup files periodically

Be sure to verify your backup files periodically. Nokia recommends that you restore
and test your backup files on a test system to make sure that:
• The data is being backed up correctly.
• The restore procedures are valid.
Before restoring an NE backup, you can use Procedure 117 to check whether the
backup file is consistent and not corrupted.
18.2 Backing up and restoring NE software

Perform the procedures in this section to back up or restore an NE.
Before you proceed:
• The NE must be supervised.
• The maximum number of concurrent SSH connections must be configured.
For more information on configuring the maximum number of concurrent SSH
connections, see the 5520 AMS Installation and Migration Guide.
Procedure 110 To back up the NE
Note — The 5520 AMS supports the back up of multiple NEs at the
same time.
2 To open the Backup & Restore view, perform one of the following steps:
• Right-click the NE in the Network Tree and choose Backup & Restore→Backup.
Result: The Backup NE window opens with the NE selected. Go to step 6.
• Click the Open Perspective icon ( ) and choose Backup Restore.

Result: The Backup Restore perspective opens.
3 Click Backup in the Backup Restore Tasks panel.
Result: The Backup NE window opens.
4 Click Add to open the NE Selection window.

5 Perform the following to select NEs:
i Click Select NEs or Select NE Groups.
ii Use the filters in the Filters panel and click Build List.
Result: The NEs appear in the list on the right side of the window.
Note — In the Name field, you can enter part of the name or use the
asterisk (*) as a wildcard. Enter one string at a time.
iii Choose NEs from the list and click OK.
The NE Selection window closes and the selected NEs or groups appear in the Selected
NEs panel of the Backup NE window. To remove any of the selected NEs or NE groups,
choose the NE or group in the Selected NEs panel, and click Remove.
6 If you are performing the backup operation for migration of an NE which supports two types
of backup files, select the Including OAM Channel Information (For Migration Purpose Only)
check box, to back up files including the OAM channel information
However, if the NE supports only one type of backup file, then irrespective of whether
Including OAM Channel Information check box is selected or unselected, back up is taken
depending on what the NE supports.
7 If you want to retain the backup file when the 5520 AMS deletes backup files, select Never
delete these backup files unless the NE is deleted check box.
8 Configure the number of automatic retries of the backup operation, in case the action fails, in
the Number of Retries field. The default value for this parameter is 0, and the allowed range
is from 0 to 10.
9 Configure the duration (in minutes) for which the Action Manager needs to wait to
automatically retry a failed action in the Delay Between Action Retries field. This parameter
is applicable only if retries are configured for the backup operation in the Number of Retries
field. The default value of this parameter is 10 minutes, and the allowed range is from 0 to
1000 minutes.
Note — When a backup operation is initiated for selected NEs, a job is

initiated for each NE. If an automatic retry is configured for the backup
operation in the Number of Retries field, when all jobs related to the
backup operation are completed with status as ‘Success’ or ‘Failure’, the
Action Manager waits for a duration as configured in the Delay Between
Action Retries field, and then automatically retries all failed jobs. The
failed action is color-coded in red in the Action view, and the number of
automatic retries pertaining to the action is listed in the corresponding
Pending Auto Retries column in the Action view.

10 Optionally, enter a description in the Description field.
11 In the Schedule field, click Browse to choose the time to perform the backup operation.
Result: The Select Schedule window opens.
• Choose Schedule now to run the backup operation immediately. Click OK.
• Choose the name of a schedule to run the backup operation at a specified time. Click OK.
• Click Create to create a schedule.

See Chapter 22 for the procedures to configure schedules.
13 Click Finish to start the backup process.
14 Click Yes to confirm that you need to start the backup process.
Result: A window opens and provides details about the progress of the backup operation.
Click OK.
A Backup window opens, indicating the progress of the backup operation. The status in the
Action view panel shows the percentage of completion and the number of errors. When the
backup operation is completed or failed, an Action Details window opens showing the Target,
Description, Status and Additional Information.
The new backup file is listed in the Backup File Management window, replacing the older
backup file. If OAM information is included, the value in the OAM column is set to Yes.
Procedure 111 To restore an NE
Caution — When you restore an NE, a service interruption occurs. This

procedure deletes the selected NE database and restores the most
recent backup database. During the restore operation you are unable to
perform NE-related tasks on the selected NE.
2 To open the Restore view, perform one of the following steps:
• Select the NE in the network tree and choose Backup & Restore→Restore. Result: The
Restore NE window opens with the NE selected. Go to step 7.

When the NE has an IACM and SHub agent, right-click the IACM agent.
• Click the Open Perspective icon ( ) and choose Backup Restore.

Note — You can only restore one NE at a time.
3 Choose Restore from the Backup Restore Tasks panel.
Result: The Restore NE window opens.
4 Click Browse to open the Agent Selection window.
5 In the Filters panel, choose the required NE filter options and click Build List.
Result: The NE agents that match the search criteria are displayed in the Agent Selection
window.
6 Choose the NE agent in the Agent Selection window for which you need to perform the
restore and click OK.
Result: The NE agent is displayed in the Agent field.
7 Choose the individual backup file you need to restore. If there is a version mismatch, an error
message is displayed.
8 If you do not need to validate the file version you are restoring, select Forced Restore.
9 Click Finish to start the restore process.
Result: A confirmation window opens and displays the message indicating that the restore is
a service-affecting operation.
10 Click Yes to confirm that you need to perform the restore operation.
A Restore window opens, indicating the progress of the restore. The status in the Action view
panel shows the percentage of completion and the number of errors. When the restore is
completed or failed, an Action Details window opens showing the Target, Description, Status
and Additional Information.

18.3 Viewing backup or restore status

After you have performed a backup or a restore operation, you can review the status
of the operation. The Action view is updated dynamically. You do not need to refresh
the screen to see the latest backup and restore status.
Procedure 112 To view the backup or restore status
1 Click the Open Perspective icon ( ) and choose Backup Restore.
2 In the Action panel, click the Action Filter icon ( ).
Result: The Action Filter window opens.
3 In the Action Filter window, select one or more filter criteria.
The filter criteria are:
• User—actions performed by an individual user

• Application—the application that performs the action, such as BackupRestore
• Action—the action performed, such as Backup
• Description—the value entered in the Description field when the action was performed
• Started Before—view actions that started before the selected time/date
• Started After—view actions that started after the selected time/date
Note — You can view actions that started during a specific duration by
selecting both “Started Before” and “Started After” action filters.
4 Click Finish to apply the filter.
Result: The status of the actions appears in the Action view panel.
Note — You can also view the Backup Restore Status and the Last
successful Backup status of an NE from the Network perspective in the
NE Object Details→General Tab→Additional Data.
Auto Refresh should be enabled for dynamic updates, if not you have to
refresh the NE object details for any latest status updates.

18.4 Managing NE backup files

By default, the 5520 AMS stores the five most recently backed up files for the NE.
When you create a sixth backup file, the 5520 AMS automatically deletes the oldest
file in the table. The number of retained backup files is configurable.
See Chapter 21 for the procedures to configure the number of backup files that are
stored on the 5520 AMS.
You can configure individual backup files to be retained indefinitely. See
Procedure 110.
The Backup File Management view allows you to view, copy, delete, and
synchronize the backup files for an NE.
The 5520 AMS formats the NE backup file name as:
IP address_agent name_software_oam auto removal_yyyy-mm-dd-hh-mm-ss.gz
where:
• IP address is the IP address of the NE. IPv4 and IPv6 address formats are
supported.
• agent name is the name of the agent in the 5520 AMS, for example, IACM.
• software is software load running on the NE at the time the backup was taken.
• oam is the y if the backup file contains the OAM data, otherwise it is n.
• auto removal is y if the backup file should be auto removed otherwise it is n.
• yyyy-mm-dd-hh-mm-ss is the date and time the backup was taken.
For example, an NE backup file can be named as follows:

For IPv4 address formats:
100.10.10.10_IACM_L6GQAA37.046_ny_2009-12-31-17-22-10.gz.
For IPv6 address formats:

2003:0:0:0:0:0:0:52_IACM_L6GPAA58.146_yy_2018-06-21-14-52-39.gz
You can retrieve the IP address of an NE from the Object Details view or using a
script on the 5520 AMS server. See Section 13.2
Caution — Nokia recommends that you must not delete or
move the NE backup files using UNIX commands on the AMS
data server. Ensure to use the 5520 AMS GUI to manage the
NE backup files as explained in this section.

Procedure 113 To view and filter NE backup files
1 Click the Open Perspective icon ( ) and choose Backup Restore.
Result: The Backup Restore perspective opens. The NE backup files are displayed.
2 In the Backup File Management panel, click the Filter icon ( ) to open the Backup Filter
window.
3 In the Backup Filter window, click Add to open the NE Selection window.
i Click Select NEs.
Alternatively, you can click the Select NE Groups and choose a group.
The NE Selection window closes and the selected NEs or groups appear in the NE filter
panel of the Backup Filter window. To remove any of the selected NEs or NE groups,
choose the NE or group in the NE panel, and click Remove.
5 Configure the other parameters in the Backup Filter window.
6 To save your filter, enter a name in the All Filters field and click Save.
7 Click OK.
Result: The backup files are displayed in the Backup File Management panel.
Note — The Auto Removal column indicates which backup files are
retained when the 5520 AMS deletes backup files. When the Auto
Removal value is No, the 5520 AMS retains the file indefinitely. See
Procedure 155 for information about how to configure the maximum
number of backup files for each NE that the 5520 AMS must retain.

Procedure 114 To copy NE backup files

Perform this procedure to copy backup files to or from the 5520 AMS server. The 5520 AMS
copies the setting for the Never delete these backup files parameter.
1 View the NE backup files. See Procedure 113 to view and filter NE backup files.
2 Choose Copy Backup files from the Backup Restore Tasks view.
Result: The Copy Backup Files window opens.
Note — Files can be copied to or from locations in the shared data

directory on the 5520 AMS server, or locations that can be accessed from
the 5520 AMS client.
3 Select the option for the action you need to perform. Choose one of the following:
• Copy the backup file from one NE to another NE

• Export a NE backup file to a file on the server or on the client
• Import a NE backup file from the server or on the client
• Import all NE backup files from a directory on the server
Click Next.
4 In the From and To areas, click Browse to specify an NE, file, or location. To specify a file on
the 5520 AMS client, select the Client option, and then click Browse.
5 Click Finish to copy the file.
Procedure 115 To align the 5520 AMS database with stored NE backups
Perform this procedure to remove backup records from the database that do not have
corresponding NE backup files on the 5520 AMS server. You can also remove backup files that
do not have corresponding backup records in the database.
1 View NE backup files. See Procedure 113 to view and filter NE backup files.
2 In the Backup File Management panel, click the Align EMS database with stored NE Backups
icon ( ).
Result: The Align window opens.

3 (Optional) Select the Also remove the unreferenced NE backup files from the disk check box.
4 Click OK.
Result: The Sync Backup window opens while the 5520 AMS scans the backup database.
The Action Details window opens when the alignment is complete and displays the job status.
Procedure 116 To delete NE backup files
1 View the NE backup files. See Procedure 113 to view and filter NE backup files.
2 Choose the files you need to delete from the table, and click the Delete icon ( ).
Note — You can delete one or more backup files at the same time.
3 Click Yes to confirm the deletion of the backup files.
18.5 Checking an NE backup

Before restoring an NE backup, you can use Procedure 117 to check whether the
backup file is consistent and not corrupted.
Before you proceed, ensure that the NE software files are downloaded to the NE and
a successful backup is performed.
Note 1 — If the NE supports the PBMT File Preparation tool, it
must be run before checking backup consistency.
Note 2 — In the case of 7342 ISAM FTTU NEs, the NE backup
consistency check will fail if the backup to be validated is taken
without selecting the Including OAM Channel Information
option. The System Health Check (SHC) tool returns “3:Not a
proper database” in case of a failure. In case of ISAM NEs, the
PBMT can check a backup with or without selecting the
Including OAM Channel Information option.

Procedure 117 To check NE backup consistency
• Use the Backup Restore perspective.

• Click the Open Perspective icon ( )
Result: The Open Perspective window opens.
• Choose Backup Restore and click OK.
• Click Check Backup Consistency in the Backup Restore Tasks view.
Result: The Check Backup Consistency Window opens.
• Click Browse.
Result: The Agent Selection window opens.
• In the Filters panel, choose the NE filter options and click Build List.
Result: The NE agents that match the search criteria are displayed in the Agent
Selection window.
• Choose an NE agent and click OK.
Result: The NE agent is displayed in the Agent field.
• Right-click the NE and choose Backup & Restore→Check Backup Consistency.
Result: The Check Backup Consistency window opens, with the NE selected in the Agent
field.
• Right-click the NE and choose Backup & Restore→Check Backup Consistency.

Result: The Check Backup Consistency window opens, with the NE selected in the Agent
field.
Note — If a backup check server object is defined in the 5520 AMS and
a manual backup check is triggered using a Check Backup Consistency
wizard for all ISAM and 7342 ISAM FTTU NEs, then the backup check
happens on the remote server.
2 In the Check Backup Consistency window, select a backup file.
Note 1 — In the case of ISAM NEs, the NE software package includes

the PBMT migration tool, which checks the consistency of the ISAM NE
backup.
Note 2 — In the case of the 7342 ISAM FTTU NEs, the Check Database
and Check PON Bandwidth and T-Cont check boxes are selected by
default. Select the Repair Database check box, if required.
If a backup check server object is defined in the 5520 AMS, then the
following check boxes are disabled:
• Check Database
• Repair Database
• Check PON Bandwidth and T-Cont

Result: The check is performed and the result is displayed.
3 View the logs or the traces by clicking Show Log or Show Traces.
You can view the consistency log from the AMS client:
• Navigating to EMS Administration → EMS System → Site → Application & Data Servers
→ Data Server.
• Right-click the Data Server and choose Actions → Show Log File.
The View Server File dialog opens.
• Click the ( ) icon to view all the log files. Consistency log is one of them.
Note — The Consistency Log is stored in a hierarchical structure. For

example, if NE IP for which you have triggered a consistency check is
135.249.41.20, then the consistencyLog is stored as follows:
$AMS_EXTERNAL_SHAREDDATA_HOME/ne/backup/consistencyLog/
135/249/41/20/27_admin_135.249.41.20_IACM_OSWPAA55.439_yy_2
017-03-03-12-31-44.gz_03Mar2017-12-33-10/logfile.log , trc.log
4 Click Copy to Clipboard to save the results.
18.6 Checking backup of multiple NEs

You can check the backup of multiple ISAM and 7342 ISAM FTTU NEs using OFLMT
tool in an external server that reduces the impact on the AMS VM there by increasing
performance.
Note — The manual backup check of multiple NE’s is not

supported.
If a backup check server exists:

• The backup consistency check of ISAM and 7342 ISAM FTTU NE backup file
selects the backup check server to run the check.
• After every successful NE backup, backup consistency check is triggered
automatically for the backup file with backup check server.

Procedure 118 To install vprocmon.bin file in an external server

Perform this procedure to enable the external server to communicate with the 5520 AMS in order
to perform backup consistency check for ISAM and 7342 ISAM FTTU NEs.
1 Log in to the remote server as root.
2 To download the vprocmon.bin file, type:
wget http://ams-app-server:8080/vprocmon/vprocmon.bin ↵
where ams-app-server is the IP address of the 5520 AMS Application Server.
Note 1 — If the 5520 AMS is https enabled, then type:
wget https://ams-app-server:8443/vprocmon/vprocmon.bin ↵
Note 2 — If the 5520 AMS Application Server is not using a certificate

signed by an authorized Certificate Authority, then type:
wget --no-check-certificate
https://ams-app-server:8443/vprocmon/vprocmon.bin ↵
3 When the vprocmon.bin file is downloaded, modify the permissions on the file. In the external
server, type:
chmod u+x vprocmon.bin ↵
4 Execute the following command to install the vprocmon.bin file:
./vprocmon.bin ↵
5 The installer prompts you for the location of the SSH tools:
Enter the path to the SSH tools [ /usr/bin (default) ]:
6 The installer prompts you for the location of the installation directory:
In which top directory do you want to install the software [ /opt

(default) ]?
7 The installer prompts you for the location of the configuration files:
In which top directory do you want to save the configuration files [

/etc/opt (default) ]?

8 The installer prompts you for the location to save the data files:
In which top directory do you want to save the data files [ /var/opt
(default) ]?
9 The installer prompts you to enter one or more IP addresses on which the AMS server can
be reached:
Provide one or more IP address(es) on which the AMS server can be reached
(comma separated list):
Result: The installer prompts you to confirm the IP address:
The IP address(es) are <IP_Address_of_AMS_Server>.
Is this correct [ yes | no (default) ]?
10 The installer prompts you to confirm the installation:
Are you sure you want to install [ yes | no (default) ]?
11 The installer prompts you for the password:
Enter the password for 'amssys' user (no space allowed) [ amssys
(default) ]:
Result: The vprocmon.bin file is installed in the external server and the vprocmon service is
started automatically.
Procedure 119 To create multiple NEs backup consistency
Applies to — Procedure 119 is applicable for 7302/ 7330/ 7356/ 7360/

7362/ 7363/ 7367 ISAM and 7342 ISAM FTTU NEs.
Before you proceed, ensure that the vprocmon.bin file is installed in the external server. See
Procedure 118.
1 In the Administration Tree, choose EMS Administration→ EMS System→ Site→ Backup
Check Servers.
2 Right-click Backup Check Servers and choose Create→ Backup Check Server.
Result: The Create Backup Check Server window opens.

3 Enter the Name and click Next.
4 Enter the IP address, Number of Parallel Checks and Work directory.
Note — Number of Parallel Checks can be maximum 10.
5 Click Finish.
Result: The backup check is performed and the results are displayed in the remote server,
as per the NE IP address.
Note — If the backup check fails, an alarm is raised. The alarm is

cleared after the subsequent backup check is successful.
Procedure 120 To synchronize the NE tools

If a new NE software is created, the NE tools synchronizes automatically and are copied to the
remote server. Similarly, when an existing NE software is deleted, the respective NE tools are
removed from the remote server. This happens only if the backup check object is defined in the
AMS.
Perform the following procedure to synchronize the NE tools to the backup check server. To
synchronize the NE tools, you need to have the Backup Check Server - Edit function.
Note — If you try to synchronize the NE tools immediately after the

backup check server is created, the synchronization fails with the error
“Backup Check server not reachable”. It is recommended to wait for a few
minutes after creating the backup check server and then proceed to
synchronize the NE tools.
1 In the Administration Tree, choose EMS Administration→ EMS System→ Site→ Backup
Check Servers.
2 Right-click the backup check server for which you need to synchronize the NE tools and
choose Actions→ Synchronize NE Tools.
Result: The 5520 AMS attempts to synchronize the NE tools for the selected backup check
server.

When the sync is complete, the Action Details view displays the results of the sync if the sync
was successful or not, and if not successful it displays possible reasons for failure.
18.7 Backing up and restoring the NE from the

Software System Parameters object
You can initiate a backup or restore operation from the Software System Parameters
object. Initiating a backup or restore sets the file transfer protocol parameter in the
NE so that the NE can send the backup file to an external server.
Procedure 121 To initiate an NE backup or restore when the 5520 AMS is used as a
craft terminal
1 Navigate to the NE and choose Infrastructure→Software→Software System Parameters.
2 In the FTP Server Configuration pane, choose the file transfer protocol from the Protocol
Type drop-down menu.
3 Click the Apply icon ( ) to save the change.
Result: The protocol is set in the NE.
4 Right-click Software System Parameters and choose one of the following:
• Actions→Initiate Backup
• Actions→Initiate Restore
Result: The backup or restore is started. The command returns immediately and does not
wait for the operation to complete. It does not report success or failure.

Administrator Guide Managing links between NEs
19 Managing links between NEs

19.1 Configuring link management settings
19.2 Creating links from the 5520 AMS application server
19.3 Creating a Media Gateway from the 5520 AMS application server
19.4 Creating hub-subtended clusters
19.1 Configuring link management settings

You can configure link management settings from the Administration perspective for
GPON and G6 links. You must be a user with the Administrator role. For information
about user accounts, see Chapter 9.
Procedure 122 To configure link management settings
Warning — The link management settings must not be modified if a

VoIP service is already configured or a G6-GPON link is created because
modifying the settings corrupts the IP address allocation.
Caution — Nokia recommends that you perform this procedure after

the 5520 AMS is installed for the first time and do not modify the settings
after they have been configured.
1 In the Administration Tree, choose EMS Administration→Configuration→Link

Mgmt→G6-GPON Links.
Result: The link management settings are displayed in the Object Details view.

Managing links between NEs Administrator Guide
Table 37 Link management settings
Setting Description
G6-GPON Links
VoIP Client Address Allocation Mode Specifies whether the 5520 AMS automatically
generates an IP address for the ANM-GbE port
on the G6.
The options are:
• Fixed Map
• No Fixed Map
When the parameter is set to Fixed Map, the

5520 AMS creates IP addresses for the
ANM-GbE port.
Maximum Number of G6-GPON Association Specifies the maximum number of GPON-G6

links that can be created using the same G6
ANM-GbE port IP address.
The options are 1 and 4.
Disabled when the VoIP Client Address
Allocation Mode parameter is set to No Fixed
Map.
Limit Max. Number of ONTs per PON at 32 By default this check box remains unchecked.
When this check box is selected, only one IP
address along with the broadcast IP address can
be configured on the selected ANM-GbE port for
this association.
Note — The Link Management service generates an API to get the

default values for the ANM Port IP Address 1, Broadcast IP Address 1,
ANM Port IP Address 2, Broadcast IP Address 2, IP Netmask,
tertiaryPortIpAddress, tertiaryBcastIpAddress, quaternaryPortIpAddress
and quaternaryBcastIpAddress (respectively corresponding to
portIpAddress, bcastIpAddress, secondaryPortIpAddress,
secondaryBcastIpAddress, ipNetmask,tertiaryPortIpAddress
tertiaryBcastIpAddress,quaternaryPortIpAddress and
quaternaryBcastIpAddress attributes in the TopologicalControlMgr web
service) during an attempt to create a G6-GPON association. The
defaults must depend on the used OLT and the "VoIP Client Address
Allocation Mode" G6-GPON Links settings.

19.2 Creating links from the 5520 AMS application

server
You can create links from the 5520 AMS application server using a script called
ams_link_mgr. The script reads an input file that contains the link creation
parameters and creates the links in the 5520 AMS.
Perform the following procedures to create the input file and create the links.
Before you proceed:
• You must be able to log in to the 5520 AMS application server as amssys or as a
user in the amssys group. For information on adding a new user account to the
amssys group, see Section 9.3.
• The cards that will be link endpoints must be configured as NTA.
Edit - User function, for example, a user with the Administrator role. See
Chapter 9. You can enter the username and password when you run the script, or
you can use the password encryption script. See Procedure 33 to run the
password encryption script.
Procedure 123 To create an input file for the ams_link_mgr script
$AMS_LOCALDATA_HOME/oss/conf/ams_link_mgr.csv ↵
3 Configure the parameters as comma-separated values with one line for each link. If the
parameter value includes a comma, precede it with a backslash (\).
The parameter details for different link creation are available in Table

Table 38 Link creation parameter details
See For parameter details of
Table 39 7342 ISAM FTTU /7360 ISAM and G6

links
Table 40 7302 ISAM/7330 ISAM FTTN/7356 IS

AM FTTB/7360 ISAM FX links
Table 41 ISAM-MDU links
Table 42 NE-NE links
Table 39 Input file parameters for G6-GPON links
aEndTP Yes Name of the A end termination point of the link, in the
following format:
<NeName>:/rack=<Rack>/shelf=<Shelf>/slot=<Slot>/port=<
Port>
zEndTP Yes Name of the Z end termination point of the link, in the
following format:
<NeName>:/rack=<Rack>/shelf=<Shelf>/slot=<Slot>/port=<
Port>
direction No Valid inputs are:

• CD_UNI: for unidirectional termination points
• CD_BI: for bidirectional termination points
type Yes The link type: G6_GPON.

vlanld Yes The VLAN ID for a VLAN-enabled IP Address.
portIpAddress(1) Yes The IP address of the G6 ANM Gbe port used in the link.
potsGroupIndex Yes The POTS group index of the link.

description No Description of the link.
ipNetmask(1) Yes The netmask for the G6 ANM Gbe Port IP address.
bcastIpAddress(1) Yes The broadcast IP address of the G6 Port IP address used in

the link.
vlanTagging Yes Whether VLAN tagging is enabled on the G6 Port IP address

of the link.
Valid values are ENABLED and DISABLED. The default is
DISABLED.
allowBcast Yes Whether Broadcast is enabled on the G6 Port IP address of

the link.
DISABLED.
defaultPriority Yes The default priority on the G6 Port IP address of the link. The
parameter must be an integer value. The range is 0 to 7.
(1 of 2)


rtpBearerPriority No The RTP priority on the G6 IP address of the link. The
parameter must be an integer value. The range is 0 to 7.
inbandMgt No Whether in-band management is enabled on the G6 Port IP

address of the link.
DISABLED.
rtpBearer No Whether RTP is enabled on the G6 Port IP address of the

link.
ENABLED.
signaling No Whether signaling is enabled on the G6 Port IP address of

the link.
ENABLED.
allowlcmp Yes Whether ICMP is enabled on the G6 Port IP address of the

link.
DISABLED.
circuitld No The G6 Port IP Address circuit identifier of the link.
secondaryPortIpAddress(1) No The secondary IP address of the G6 ANM Gbe Port

secondaryBcastIpAddress( No The secondary broadcast IP address of the G6 ANM Gbe
1) Port
tertiaryPortIpAddress(1) No The third IP address of the G6 ANM Gbe Port
tertiaryBcastIpAddress(1) No The third broadcast IP address of the G6 ANM Gbe Port

quaternaryPortIpAddress(1) No The fourth IP address of the G6 ANM Gbe Port
quaternaryBcastIpAddress( No The fourth broadcast IP address of the G6 ANM Gbe Port

1) attributes
ipAddressAdminState Yes To create the G6 IP address on a G6 ANM GbE port in the

unlocked state, as a part of creating a G6-GPON link.
The user should set the parameter to Unlocked. By default
the value is set to Locked.
(2 of 2)
Note
(1) IP addresses of portIpAddress, ipNetmask, bcastIpAddress, secondaryPortIpAddress,
secondaryBcastIpAddress, tertiaryPortIpAddress, tertiaryBcastIpAddress, quaternaryPortIpAddress and
quaternaryBcastIpAddress are auto-calculated when the VoIP Client Address Allocation Mode is “Fixed Map.”
An example of an input file entry for a 7342 ISAM FTTU and G6 link is:
GPON46_95_200:/rack=1/shelf=1/slot=NTA/port=1,g6_sim_118:/rack=1/shelf=
1/slot=1/port=1,CD_UNI,G6_GPON,1,,1,g6-gpon link
description,,,ENABLED,DISABLED,1,1,ENABLED,DISABLED,DISABLED-FORCED,ENA
BLED,1,,,,,,,Locked
An example of an input file entry for a 7360 ISAM and G6 link is:
ISAM222:/rack=1/shelf=1/slot=NTA/port=3,G6123:/rack=1/shelf=1/slot=1/po

rt=2,CD_UNI,G6_GPON,500,,1,g6-gpon
linkdescription,,,ENABLED,DISABLED,1,1,ENABLED,DISABLED,DISABLED-FORCED
,DISABLED,1,,,,,,,Locked
Table 40 Input file parameters for

7302 ISAM/7330 ISAM FTTN/7356 ISAM FTTB/ 7360 ISAM FX
links
aEndTP Yes Name of the A end termination point of the link, in the following
format:
<NeName>:/rack=<Rack>/shelf=<Shelf>/slot=<Slot>/port=<Port>
zEndTP Yes Name of the Z end termination point of the link, in the following
format:

type Yes The link type: ISAM_HUB_SUBTENDING.
topologyName No The topology name.
physicalLocation No The physical location of the link.
An example of an input file entry for a

7302 ISAM/7330 ISAM FTTN/7356 ISAM FTTB/7360 ISAM FX link is:
ISAM-EAST:/rack=1/shelf=1/slot=NTA/port=20,ISAM-WEST:/rack=1/shelf=1/sl
ot=NTA/port=40,,ISAM_HUB_SUBTENDING,,ISAM-LINK1,MONTREAL
Table 41 Input file parameters for ISAM-MDU links
aEndTP Yes Name of the A end termination point of the link, in the following
format:
zEndTP Yes Name of the Z end termination point of the link, in the following
format:
For a GPON ONT:
<NeName>:/rack=<Rack>/shelf=<Shelf>/slot=<Slot>/port=<Port>/
remote_unit=<Remote Unit>
Example: ISAM43:/rack=1/shelf=1/slot=LT2/port=1/remote_unit=1
For an NGPON2 ONT:
<NeName>:CG<cgId>.SCG<scgId>.ONT<ontId>
Example: ISAM_FX:CG1.SCG1.ONT1
(1 of 2)


type Yes The link type: ISAM_MDU.
(2 of 2)
An example of an input file entry for an ISAM-MDU link is:
##For ISAM-MDU association
#aEndTP,zEndTP,direction,type,description
#ISAM43_9:/rack=1/shelf=1/slot=NTA/port=3,ISAM43:/rack=1/shelf=1/slot=L
T2/port=1/remote_unit=1,CD_UNI,ISAM-MDU,isam-mdu description
An example of an input file entry for an NGPON2 ONT is:
ISAM_MX:/rack=1/shelf=1/slot=NTA/port=1,ISAM_FX:CG1.SCG1.ONT1,CD_BI,ISA
M-MDU,test description
Table 42 Input file parameters for NE-NE links

aEndTP Yes Name of the A end termination point of the link can be an Agent or
a Network Port in the following formats:
Agent: <NeName>:/type=Agent/<AgentName>
Network Port:
zEndTP Yes Name of the Z end termination point of the link can be an Agent or
a Network Port in the following formats:
Agent: <NeName>:/type=Agent/<AgentName>
Network Port:

type Yes The link type: NE-NE.

An example of an input file entry for an NE-NE link is:
##For NE-NE association
#aEndTP,zEndTP,direction,type,description
#ISAM1:/rack=1/shelf=1/slot=NTA/port=1,ISAM2:/rack=1/shelf=1/slot=NTA/p
ort=1,CD_BI,NE-NE,test description

#NE1:/type=Agent/IHUB,NE2:/type=Agent/SHUB,CD_BI,NE-NE,test description
#NE1:/type=Agent/IACM,NE2:/rack=1/shelf=1/slot=NTA/port=1,CD_BI,NE-NE,t
est description
Examples for creating NE-NE link
NE-NE link: Network port to Network port
#NodeName:/rack=1/shelf=1/slot=NTA/port=1,NodeName:/rack=1/shelf=1/slot
=NTA/port=1,CD_BI,NE-NE,test description
NE-NE link: Agent to Agent
#UNMANAGEDNE:/type=Agent/IACM,UNMANAGEDNE:/type=Agent/IHUB,CD_BI,NE-NE,
test description
NE-NE link: Agent to Network port
#UNMANAGEDNE:/type=Agent/IACM,NodeName:/rack=1/shelf=1/slot=NTA/port=1,
CD_BI,NE-NE,test description
NE-NE link: Network port to Agent
#NodeName:/rack=1/shelf=1/slot=NTA/port=1,UNMANAGEDNE:/type=Agent/IHUB,
CD_BI,NE-NE,test description
Examples for deleting NE-NE link
NE-NE link: Network port to Network port
#NodeName:/rack=1/shelf=1/slot=NTA/port=1,NodeName:/rack=1/shelf=1/slot
=NTA/port=2,NE-NE
NE-NE link: Agent to Agent
#UNMANAGEDNE:/type=Agent/IACM,UNMANAGEDNE:/type=Agent/IHUB,NE-NE
NE-NE link: Agent to Network port
#UNMANAGEDNE:/type=Agent/IACM,NodeName:/rack=1/shelf=1/slot=NTA/port=2,
NE-NE
NE-NE link: Network port to Agent
#NodeName:/rack=1/shelf=1/slot=NTA/port=1,UNMANAGEDNE:/type=Agent/IACM,
NE-NE
5 Run the password encryption script. See Procedure 33 to run the password encryption script.

Procedure 124 To add links using the ams_link_mgr script

the ams_link_mgr script on the same server.
ams_link_mgr [options] input_file ↵
where:
$AMS_LOCALDATA_HOME/oss/conf/ams_link_mgr.csv.
Table 43 Options for the ams_link_mgr script
Option Description

-debug Run the script in debug mode, showing each command in the script before it is
executed.
local_data_dir/ams/local/log, where local_data_dir is the directory where local
data is stored. By default, this is /var/opt.
-mdNm domain The management domain name used in the FDN of northbound objects. The
default is AMS.
username (1)
or -u username

password (1) (2)
or -p password
(1 of 2)

Option Description
-keystore key The full path to the keystore file. By default, the 5520 AMS retrieves the path from
the properties file.
-c Create links
-d Delete links
(2 of 2)
Notes
The script executes, displaying success messages for each user created. A log file is created
called ams_link_mgr.log.
19.2.1 Align and audit script overview

The G6-GPON link associating a G6 and a GPON had only one IP address
configured on the G6 ANM GbE/GbE-2 Port for releases prior to GPON R4.9. With
the introduction of the GPON R4.9 support in the 5520 AMS managed application, it
requires two IP addresses to be configured on the G6 ANM GbE/GbE-2 port, for each
G6-GPON link associating a GPON 4.9 to G6, when the following parameters are set
as follows:
• VoIP Client Address Allocation Mode is set to Fixed
• Maximum Number of G6-GPON Association is 1
• Limit Max. Number of ONTs per PON at 32 as false
This is necessary to support a GLT8 card, because with the increase in the number
of PON ports on this card, a second subnet is necessary. The first subnet and first IP
address of the association would cover all Voice H.248 services on PON 1 to 4 of a
GLT4/GLT8 card while the second subnet of the association would cover all Voice
H.248 services on PON port 5 to 8 on the GLT8 card. If any GPON R4.8 and below
release, which are currently involved in a G6-GPON link, is upgraded to release 4.9,
then there is a need to provision a second IP address for the association in
preparation of supporting voice H.248 services on a GLT8 card. The purpose of the

ams_audit_gbeportipaddress.sh script is to find out these newly upgraded GPON

R4.9 NEs that still have only one subnet defined for their G6-GPON associations.
The purpose of the ams_align_gbeportipaddress.sh script is to configure a second
subnet for the G6-GPON associations involving these newly updated GPON R4.9
NEs.
Procedure 125 Align the G6-GPON links in the 5520 AMS

Perform the following procedure to add missing ANM GBE port IP address and G6-GPON links to
support the GLT8-A card in the 7342 ISAM FTTU on 5520 AMS.
Before you proceed, the following G6-GPON links should be configured as follows. For more
information on G6-GPON links, see Procedure 122.
• Choose the VoIP Client Address Allocation Mode option as Fixed.

• Choose the Max. Number of G6-GPON Associations per ANM port IP Address option as
1.
• The Limit Max. Number of ONTs per PON at 32 field should be unchecked (that is false).
1 Log in to the 5520 AMS application server as amssys or amssys secondary group users.
i Navigate to the following directory or path:
cd lib/applicationserver/bin↵
ii Run the script by typing:
./ams_align_gbeportipaddress.sh [--force] -o <outputdir>↵
where:
--force adds additional GBE Port IP address on the G6 and the 5520 AMS database and bypass the NE
version check.
Use --force option to align the ANM GBE port IP addresses for the 7342 ISAM FTTU releases. If the
--force option is not used, then the ANM GBE port IP addresses aligns only with 7342 ISAM FTTU R4.9.
<outputdir> specifies the path of the output log file where the error or the information messages will be
logged.
Note 1 — Starting with 7342 ISAM FTTU R4.9 or later, the script adds
additional GBE Port IP address to G6 and the 5520 AMS database for the
Ethernet port links, by default. If the force option is specified then the
script will add the GBE port IP address on G6 port and the 5520 AMS
database for the all links, irrespective of the added Ethernet Port from the
node version.
Note 2 — If you do not specify an output directory, the script will read the
example output directory at $AMS_LOCALDATA_HOME/log.

Result: The script executes, displaying success messages for the created GBE Port IP address.
A log file is created called gbeport_align_output.txt. If errors are generated during IP address
creation, then an error log called gbeport_align_error.txt is created at the specified output
directory.
Procedure 126 Audit the provisioned link in the 5520 AMS

Perform the following procedure to display the missing IP addresses and the netmask values
created during the G6-GPON link creation. This procedure is used to validate the supported GBE
Port IP address for the G6-GPON created links.
Before you proceed, the following G6-GPON links should be configured as follows. For more
information on G6-GPON links, see Procedure 122.
• Choose the VoIP Client Address Allocation Mode option as Fixed.

• Choose the Max. Number of G6-GPON Associations per ANM port IP Address option as
1.
• The Limit Max. Number of ONTs per PON at 32 checkbox should be unchecked (that is
false).
1 Log in to the 5520 AMS application server as amssys or amssys secondary group users.
i Navigate to the following directory or path:
cd lib/applicationserver/bin↵
ii Run the script by typing:
./ams_audit_gbeportipaddress.sh [--force] -o <outputdir>↵
where:
--force validates the supported GBE Port IP address for the retrieved links.
Use --force option to validate the ANM GBE port IP addresses for the 7342 ISAM FTTU releases. If the
--force option is not used, then the ANM GBE port IP addresses are validated for 7342 ISAM FTTU R4.9
only.
<outputdir> specifies the path of the output log file where the error or the information messages will be
logged.
Note 1 — Starting with 7342 ISAM FTTU R4.9 or later, the script
validates the additional GBE Port IP address for the retrieved links for the
Ethernet Port links, by default. If the force option is specified, then the
script will audit the GBE port IP address for the all links, irrespective of the
added Ethernet Port from the node version.
Note 2 — If you do not specify an output directory, the script will read the
example output directory at $AMS_LOCALDATA_HOME/log.

Result: The script executes, displaying success messages for GBE Port IP address created. A log
file is created called gbeport_audit_output.txt.
19.3 Creating a Media Gateway from the 5520 AMS

application server
You can use the ams_mediagw_mgr script to create a Media Gateway for 7367
ISAM SX. The script reads the input file for creating the Media Gateway in the 5520
AMS Application server.
Perform the procedures described in this section to create the input file and the 7367
ISAM SX Media Gateway.
Procedure 127 To create an input file for the ams_mediagw_mgr script
$AMS_LOCALDATA_HOME/oss/conf/ams_mediagw_mgr script ↵
For information on copying the existing input file, see Procedure 31
3 Configure the parameters as comma-separated values with one line for each link. If the
The parameter details for Media Gateway creation are available in Table 44.

Table 44 Input file parameters for Media Gateway
neName Yes NE name; string
id Yes Object ID; always = 1
name Yes Media Gateway Name; string

Default value is AG.
ipAddress No Media gateway IP address

subnetMask No The subnet mask
(1 of 5)
vlanId Yes The VLAN ID; interger
medGwyTermFormat No The Termination Format Type; Enum

Type Possible values are:
• flat (default)
• hierarchy
pstnFormatString No The PSTN Format String

Default value is AL
routerIpAddress No The router IP address; string

udpPort No The UDP Port; interger 1..65534
Default value is 2944.
payloadType No The payload Type; integer 96..127

processingType No The Processing Type; Enum

Possible values are:
• audio (default)
• rfc2833
• both
ipConfigMode No The IP Address Config Mode; enum

• dhcp
• manual (default)
dhcpV4Option60 No The DHCPv4 Option 60; string
minDataJitterBuffer The Minimum Data Jitter Buffer Delay; integer 0.. 200
initDataJitterBuffer The Initial Data Jitter Buffer Delay; integer 0..200
maxWaitingDelay No The maximum waiting delays (s); integer 0.120

Default value is 5.
maxNetworkDelay No The maximum network delay (ms); integer 100..1000

maxTransactionTime No The Maximum Transaction Time (ms); integer 1000..300000



ephemeralTermPrefix No The Ephemeral Term Prefix; string
Default value is E.
ephemeralTermMin No The Ephemeral Term Minimum; integer 0..4294967295

ephemeralTermMax No The Ephemeral Term Maximum ; integer 0..4294967295

releaseType The Media Gateway Release Type; enum

• normal (default)
• never
midType No The Media Gateway Mid Type; enum

• ipv4
• ipv4-port (default)
• domain-name
• domain-name-port
• device-name
domainName No The Media gateway Domain Name; string

profileName No Profile Name; string
svcReasonFormat No The SVC Reason Format; string

• with-quotation
• without-quotation
callServerId No The Call Server Id; integer 0.. 2147483647

Default value is 0.
callServerType No The Call Server Type; enum

• general (default)
• lucent-fs5000
• alcatel-a5020
• alcatel-e10
• hw-soft3000
• zte-zxss
• siemens
• nortel
• ericsson
• meta-softswitch
• italtel
• comverse
• g6-gr303
• other-vendor3
• other-vendor4
• other-vendor16
• other-vendor17
(2 of 5)


primaryIpAddress No The Primary IP Address; string
primaryUdpPort No The Primary UDP Port; integer 1..65534

secondaryIpAddress No The Secondary IP address; string
secondaryUdpPort No The Secondary UDP Port; integer 1..65534

tertiaryIpAddress No The Tertiary IP Address; string
tertiaryUdpPort No The Tertiary UPD Port; integer 1..65534

quaternaryIpAddress No The quaternary IP Address; string
quaternaryUdpPort No The quaternary IP Port; integer 1..65534

Default value is 2944.signalingTrafficPriority
signalingTrafficDscp No The Signaling Traffic DSCP; integer 0..63
signalingTrafficPriorit No The Signaling Traffic Priority; enum

y Possible values are:
• bestEffort (default)
• background
• spare
• excellentEffort
• controlledLoad
• videoLessThan100msLatencyAndJitter
• networkControl
voiceTrafficDscp No The Voice Traffic DSCP; supported range is 0..63

voiceTrafficPriority The Voice Traffic Priority; enum
• bestEffort (default)
• background
• spare
• excellentEffort
• controlledLoad
• networkControl
requestID No The Request Id; integer 0..65535

Default value is 0.
(3 of 5)


eventList No The Event List; enum
• indicatestimalstedsigevent
• indicatealofevent
• indicatealonevent
• indicatealofstrictstateevent
• indicatealonstrictstateevent
• indicateocpmg_overloadevent
The values in the list are comma separated.
releaseDelay No The Release Delay before releasing all sessions (ms); integer 0..
900000
delayBeforeReduced No The Delay Before Reduced Battery State (ms); integer 0..120000
BatteryState Default value is 70000.
waitingReleaseDelay No The Graceful Waiting Release Delay (ms); integer 0..3600000
Default value is 0.
retransmissionMode No The Retransmission Mode; Enum

• fix (default)
• dynamic
retransmissionInterva No The Retransmission Interval (ms); integer 100..4000
l Default value is 4000.
maxRetransmission No The Maximum Retransmission (times); integer 7..11

Default value is 7.
timer No The Short Timer (s); integer 1..60

Default value is 5.
startTimer No The Start Timer (s); integer 0..99
longTimer No The Long Timer (s); integer 1..60

activeHeartbeatMode No The Active Heartbeat Mode; Enum

• fix (default)
• dynamic
activeHeartbeatInterv No The Active Heartbeat Interval (s); integer 0..65535

al
passiveHeartbeatMo No The passive Heartbeat Mode; Enum

de Possible values are:
• fix
• dynamic (default)
(4 of 5)


passiveHeartbeatInte No The Passive Heartbeat Interval (s); integer
rval 0..65535
Default value is 0.
provisionalResponse No The Provisional Response (ms); integer

0..10000
Default value is
1000.
adminStatus No The Media Gateway Administrative State; Enum

• locked (default)
• unlocked
(5 of 5)
19.3.1 Before you proceed

Ensure the following configurations are in place.
• Create a GPON-G6 link between the 7342 ISAM FTTU, to which the 7367 ISAM
SX is attached, and a G6. See 7342 ISAM FTTU Operations and Maintenance
Using The 5520 AMS guide.
• Create an ISAM-MDU link between the 7367 ISAM SX and the 7342 ISAM FTTU
ONT on which it is attached. See 7342 ISAM FTTU Operations and Maintenance
Using The 5520 AMS guide.
• Check there is no other Media Gateway created for 7367 ISAM SX.
• Ensure the 7367 ISAM SX NE is supervised.
• Ensure that the VoIP IP Address Allocation Mode is set to Fixed Map
• The input file “ams_mediagw_mgr.csv” must be created and it should contain an
entry for Media Gateway. For information about input file creation for Media
Gateway, see Procedure 127.
• Do not specify values for the attributes ipAddress, primaryIpAddress, and
subnetMask in the input file.
• Ensure that the following values are specified:
Mode = Flat
Prefix = tp
Format String = prefix<tidXXXX>

Procedure 128 To create a Media Gateway using ams_mediagw_mgr script
ams_mediagw_mgr \[options] \[inputFile]
where,
$AMS_LOCALDATA_HOME/oss/conf/ams_mediagw_mgr script.

Table 45 Options for ams_mediagw_mgr script
Option Description
-pfile \file Use different properties file.

Default = ams_mgr.conf
-efile \file Get 5520 AMS username/password from file.

Use createUsernamePassword to create the file.
-logdir \dir Directory used to store the log file.

-mdNm \mdNm Managed domain name.
Default= AMS
-username \user The username used to access the 5520 AMS with 'AMS NBI-Edit" function
in its role.
-u \user Same as the username option.
-password \pass The 5520 AMS user password.
-p \pass Same as password option
-keystore \key Full path to the keystore file.

Default = get value from the properties file
-keypass \pass Password for the keystore file.

Default = get value from the properties file
-nbihost \url The URL of the NBI client the 5520 AMS needs to connect to.
3 The Media Gateway interface is created in the Network tree. A log file named
ams_mediagw_mgr.log is created.
19.4 Creating hub-subtended clusters

You can create a cluster of hub-subtended 7302 ISAM/7330 ISAM FTTN/
7356 ISAM FTTB/7360 ISAM FX NEs from the 5520 AMS application server using a
script called ams_hub_sub_link_mgr. The script reads an input file that contains the
link creation parameters for each link and calls the ams_link_mgr script to create the
links. Each line in the input file represents one hub NE and its subtended NE end
points. For more information about the ams_link_mgr script, see Section 19.2.
Perform the following procedures to create the input file and create the cluster.
Before you proceed:
• The NEs that will belong to the cluster must be created and supervised.

• The cards that will be link endpoints must be configured as NTA.

• You must be able to log in to the 5520 AMS application server as amssys or as a
user in the amssys group. For information on adding a new user account to the
amssys group, see Section 9.3.
Edit - User function, for example, a user with the Administrator role. See
Chapter 9. You can enter the username and password when you run the script, or
you can use the password encryption script. See Procedure 33 to run the
password encryption script.
Procedure 129 To create an input file for the ams_hub_sub_link_mgr script
$AMS_LOCALDATA_HOME/oss/conf/ams_hub_sub_link_mgr.csv ↵
3 Configure the parameters as comma-separated values with one line for each hub NE. If the
Table 46 describes the parameters for each line of the input file.
Link Type The link type: ISAM_HUB_SUBTENDED.
Topology Name The name of the topology.
Hub SID The SID or IP address of the hub NE.

Hub1 end point The hub end point of the first link in the topology.
Sub 1 end point The subtended end point of the first link in the topology.
Sub 1 physical location The physical location of the subtended NE.
Sub 1 description Description of the link.
Hub x end point The hub end point for any additional links from the hub NE, where x is 2
or higher.
Enter this parameter for each additional link from the hub NE.
Sub x end point The subtended end point for hub end point x, where x is 2 or higher.
(1 of 2)

Sub x physical location The physical location of the subtended NE for end point x.
Sub x description Description of the link.
(2 of 2)
An example of an input file is:
ISAM-Hub-Subtended,Topology 1,143.209.40.98,SHUB 19,ISAM228 SHUB

24,Petaluma,"Input file: 1st line, 1st link",SHUB 20,ISAM150 SHUB 23,San
Rafael,"Input file: 1st line, 2nd link"
ISAM-Hub-Subtended,Topology 2,ISAM150,SHUB 22,143.209.40.98,SHUB 22,San

Francisco,"Input file 2nd line"
5 Run the password encryption script. See Procedure 33 to run the password encryption script.
Procedure 130 To create a cluster using the ams_hub_sub_link_mgr script

the ams_hub_sub_link_mgr script on the same server.
ams_hub_sub_link_mgr [options] input_file ↵
where:
example input file at $AMS_LOCALDATA_HOME/oss/conf/
ams_hub_sub_link_mgr.csv.

Table 47 Options for the ams_hub_sub_link_mgr script
Option Description
-mdNm domain The management domain name used in the FDN of northbound objects. The
default is AMS.
local_data_dir/ams/local/log, where local_data_dir is the directory where local
data is stored. By default, this is /var/opt.
username(1)
or -u username

password(1) (2)
or -p password
-keystore key The full path to the keystore file. By default, the 5520 AMS retrieves the path
from the properties file.
Notes
The script executes, displaying success messages for each user created. A log file is created
called ams_hub_sub_link_mgr.log.


Administrator Guide Managing administration settings
Managing administration settings

20 Managing administration settings

Managing administration settings Administrator Guide

20 Managing administration settings

20.1 Administration settings overview
20.2 Modifying GUI settings
20.3 Managing SNMP settings
20.4 Configuring SSH public key of the NE
20.5 Configuring file transfer protocol settings
20.6 Configuring a TL1/CLI protocol selection strategy for a reachability

test
20.7 Configuring TFTP server settings
20.8 Configuring TFTP client settings
20.9 Administrating alarms
20.10 Filtering alarms
20.11 Configuring EMS local alarms
20.12 Configuring alarm settings
20.13 Configuring NE Alarm Processing Settings
20.14 Configuring the suppression of toggling alarms
20.15 Creating NE environmental alarm templates
20.16 Customizing NE environmental alarm definitions
20.17 Configuring PM settings
20.18 Configuring cut through settings
20.19 Configuring NE backup settings
20.20 Configuring splitter settings
20.21 Configuring Action Manager settings

20.22 Configuring subscriber search settings
20.23 Configuring supervision settings
20.24 Configuring EMS tracing settings
20.25 Configuring time zone settings
20.26 Configuring user activity log settings
20.27 Configuring NE plug-in settings
20.28 Managing NE-based TL1 users from the 5520 AMS GUI
20.29 Copying NE plug-in settings
20.30 Configuring template settings
20.31 Managing users and settings
20.32 Managing license settings
20.33 Managing site settings
20.34 Authentication and Authorization
20.35 Configuring application server settings
20.36 Viewing data server settings
20.37 Configuring SNTP settings
20.38 Configuring inventory basic settings
20.39 Configuring proxy settings in the 5520 AMS clients to access the
Internet
20.40 Configuring the SIP file transfer protocols
20.41 Configuring FTP for SIP
20.42 Configuring AMS Settings for NBI
20.43 Configuring 5530 NA-F settings
20.44 Configuring HDM NBI settings

20.45 Configuring zero touch provisioning settings
20.1 Administration settings overview

This chapter describes the settings that you can configure, modify, or delete.
Duration parameters are expressed by a number followed by one of the following
units:
• s - second
• m - minute
• h - hour
• d - day
Additional settings are configurable with certain 5529 Enhanced Applications. For
more information, see the documentation for the application.
20.1.1 Comments in Administration Tree settings

This section describes the Administration Tree settings where you can add, modify,
or delete comments. It is recommended that a comment should be added to the
settings so that you can remember the settings which has been changed.
The below mentioned settings are applicable in the Administration Tree to add,
modify, or delete comments. For more information on how to add, modify, or delete
comments, see the 5520 AMS User Guide.
• Time zone settings
• Zero touch provisioning settings
• Template settings
• Splitter settings
• NE plug-in settings
• NE backup settings
• User activity log settings
• Internal TL1 GW settings
• EMS tracing settings
• PM settings
• Action manager settings
• Supervision settings
• NE detection settings
• Trap settings
• GUI settings

• EMS Alarm Severity Assignment

• Alarm settings
• NE alarm processing settings
• SIP settings
• NBI settings
• ANV settings
• Cut through settings
• TFTP server settings
• TFTP client settings
• User settings
• License settings
• HDM NBI settings
• 5530 NA-F settings
• DCN settings
• Basic settings
• Query settings
20.2 Modifying GUI settings

GUI settings are applied to all clients.
Procedure 131 To modify GUI settings
1 In the Administration Tree, choose EMS Administration→Configuration→GUI Settings.
2 In the Object Details view, configure the parameters as described in Table 48.

Table 48 GUI settings
GUI settings Description
Auto Refresh
Auto Refresh Interval The amount of time, in seconds, between each automatic refresh of the GUI, when
the user has Auto Refresh enabled
Auto Refresh Count The number of times that the GUI refreshes when the user has Auto Refresh enabled
Display Options
Display Primary Service State Displays the primary service state as a combination of the administrative
(locked/unlocked) and operational (up/down) states of an NE object in the Object
Details view and Table Views for an NE.
The three possible primary service states are:
Unlocked and up:
• IS-NR (In service and normal) - The object is fully operational and will perform as
provisioned.
Unlocked and down:

• OOS-AU (Out of service and autonomous) - The object is not operational because
of an autonomous event.
Locked and down:

• OOS-AUMA (Out of service and autonomous maintenance action) - The object is
not operational because of an autonomous event and has also been manually
removed from service.
• OOS-MA (Out of service and maintenance) - The object has been manually
removed from service.
On Invalid Deletion Specifies whether the 5520 AMS displays a warning or prohibits the deletion when
you try to delete a link that is in use.
Double-click On An Alarm Specifies whether the 5520 AMS shows the alarm details or navigates to the object
when you double-click on an alarm mnemonic icon.
Display Timestamp As Specifies the timestamp format for the 5520 AMS. The values are:
• Absolute Time Stamp
• Human Readable (e.g. “5 minutes ago”)
The default value is Human Readable format.
Clicking the background in the Specifies whether a particular object or the parent object is selected in the Graphical
Graphical View View by clicking the background. The values are:
• Select the parent object: The parent object is selected when you click the
background in the Graphical View.
• Do nothing (the selection does not change): The selected object does not change
when you click the background in the Graphical View.
The default value is Select the parent object.
Save Dialog
Use Restricted Save Dialog Restricts users to exporting files only to the location specified in the Default Path for
Locally Saved Files parameter.
Default Path for Locally Saved Files Specifies the location to which files are saved or exported by default.
Prepend Username for Locally When a user saves or exports a file, their username is prefixed to the filename.
Saved Files
(1 of 2)

GUI settings Description

Prepend Date for Locally Saved When a user saves or exports a file, the date and time are prefixed to the filename, in
Files the format yyMMddHHmmss.
NE
NE Release Notation Displays either the Release or the Feature Group of an NE (if applicable to the type
of NE). The NE release notation setting:
• Affects the display of NE release information in the NE object details.
• Does not affect the display of NE release information in the NE System and Agent
object details.
For 7302 ISAM/7330 ISAM FTTN R4.1 or later and 7330 ISAM FTTN FGN4.1 or later,
the NE release notation setting has no effect. For R4.1 or later NE plug-ins, the
5520 AMS GUI displays “R”, regardless of the NE release notation setting. For
FGN4.1 or later NE plug-ins, the 5520 AMS GUI displays “FGN”, regardless of the NE
release notation setting.
NE Name Wraps After In the Graphical View, the number of characters that are displayed in the NE name.
If the NE name is too long to be displayed on one line, the remaining characters are
displayed on a second line.
Force NE Name to Upper Case Forces NE names to be all in uppercase. You can enter the NE name in lowercase
when creating an NE, but if this parameter is enabled, the NE name will be re-named
all in uppercase when the NE is created.
Force NE Group Name to Upper Forces NE group names to be all in uppercase. You can enter the NE group name in
Case lowercase when creating the NE group, but if this parameter is enabled, the NE group
name will be re-named all in uppercase when the NE group is created.
Geographical map
Web Map Server URL (optional) Display the maps in the Map view when offline server is configured.
Default Map Provider Displays the map view as per the selected map provider. By default, Open Street
Maps is selected. The available options are:
• Open Street Maps
• Web Map Server
(2 of 2)
20.3 Managing SNMP settings

You can configure SNMP connections settings, NE detection settings, and SNMP
traps and retries, including monitoring and NTP registration. The parameters apply
to all SNMP communications between the 5520 AMS and the NEs. You can also
create, modify, and delete SNMP profiles and SNMPv3 users on the 5520 AMS.
For more information about NE detection and SNMP. See the 5520 AMS User
Guide.

Procedure 132 To configure SNMP connections
Caution — Consent from Nokia is required if you intend to modify the

default values of the SNMP connection settings. Contact your Nokia
representative for assistance.
1 In the Administration Tree, choose EMS

Administration→Configuration→SNMP→Connections.
Table 49 Connections settings
Settings Description
Configuration
Blocking Timeout to Get a The amount of time, in ms, an operation can wait for the NE SNMP
SNMP Connection interface before timing out.
Maximum Number of The maximum number of concurrent configuration operations that

Concurrent SNMP can connect to the NE SNMP interface.
Connections per Agent
Procedure 133 To configure NE detection settings
1 In the Administration Tree, choose EMS Administration→Configuration→SNMP→NE

Detection Settings.
Result: The NE Detection Settings are displayed in the Object Details view.

Table 50 NE Detection settings
General
IP Address Ranges The IP address ranges the 5520 AMS should search to detect NEs.
Enter up to 10 ranges, separated by commas.
IPV4 and IPV6 address formats are supported for this parameter
The format is IP address-#, where # is the number of addresses in
the range. For example, for IPv4, 120.0.0.0-10 would search 10 IP
addresses, starting with 120.0.0.0. Similarly, for IPv6, 2003::1-10
would search 10 IP addresses, starting with 2003:0:0:0:0:0:0:1.
Delay Before an Unreachable The maximum duration (in seconds, minutes, hours or days) that a
NE is Removed From the detected NE can remain in the detected NE list after becoming
Detected NE List unreachable. The format is a number followed by s, m, h, or d, for
example, 1 h.
NE Creation
Auto Create Select this check box to automatically create detected NEs in the
5520 AMS.
Group Creation Strategy Choose Use the System NE Location to create the NE in a group
based on its system location parameter.
Choose Specify a Default Group to set a group name.
Default Group If you chose Use Settings Value for the Group Creation Strategy
parameter, enter a group name.
NE Supervision
Auto Supervise Select this check box to automatically supervise NEs after detection
and creation.
Procedure 134 To configure SNMP traps
1 In the Administration Tree, choose EMS Administration→Configuration→SNMP→Trap

Setting.

Table 51 SNMP trap parameters
SNMP Trap Parameters
Port The lowest port to use
Trap Handling Threads The maximum number of traps that the server can process
at the same time. Nokia does not recommend changing this
parameter.
SNMP Trap Discard Threshold
Peak Rate (Traps/s) The peak rate of traps per second.

If the peak rate is reached for the peak duration, the
5520 AMS will drop the traps and raise an alarm.
Peak Duration (Min) The peak duration in minutes
SNMP Trap
Registration for Link Up/Down Traps Select this check box to enable the operational state
changes on physical ports.
Note- By default, only the network ports can send
notifications. If the settings are changed using the CLI or
the TL1, it is possible that operational state changes would
be reported on modems or ONTs which would lead to
flooding of messages towards the 5520 AMS. If this is the
case, deselect this check box
3 Click the Apply icon ( ) icon to save the changes.
Procedure 135 To configure SNMP retries
Applies to — This procedure applies to reachable NEs.
Caution — Contact your Nokia account representative before you

modify the SNMP retries parameters.

Note — See Procedure 159 to configure polling retransmission

parameters of isolated NEs.
1 In the Administration Tree, choose EMS Administration→Configuration→SNMP→Retries.
2 Configure the parameters as described in Table 52 for SNMP retransmissions of reachable

NEs.
Table 52 SNMP retries parameters
SNMP Retransmission Parameters
Timeout Before 1st Retransmission The length of time, in milliseconds, that the 5520 AMS
waits to receive a reply to an SNMP request before
retransmitting the request. The range is from 1000 to
42 000.
If the Timeout Before 1st Retransmission is X (sec) and
Maximum Number of Retransmission is (n), then the
timeout (T1) is calculated as follows:
T1= (2(n-n)X + … + 2(n-2)X + 2(n-1)X + 2(n)X)
The Timeout Before 1st Retransmission parameter is
multiplied by 2 for each additional retransmission. For
example, if the
Timeout Before 1st Retransmission parameter is set to
8000 ms and the
Maximum Number of Retransmissions parameter is set
to 2, the first retransmission will be sent after 8000 ms if no
reply is received. The second retransmission will be sent
after 16 000 ms (2 × 8000) if again no reply is received.
After 32 000 ms (2 × [2 × 8000]), if there is still no answer,
the retry will timeout. At 56 000 ms
(8000 + 16 000 + 32 000), the 5520 AMS will conclude that
the NE is not responding and report an SNMP Timeout
error.
Maximum Number of Retransmissions The maximum number of times that an SNMP request can
be retransmitted. A retransmission is sent only when a
response to an SNMP request is not received.
Degraded Communication Thresholds
Maximum Retransmission Ratio(1) The number of SNMP request retransmissions divided by

the total number of SNMP requests. When the maximum
retransmission ratio is reached, the 5520 AMS generates
an alarm.
Maximum Average Roundtrip Delay(1) The maximum average time, in milliseconds, between an
SNMP request transmission and the corresponding reply.
When the maximum average roundtrip delay is reached,
the 5520 AMS generates an alarm.
(1 of 2)

Minimum Number of Requests per The minimum number of SNMP requests to be considered
Hour before raising a Communication Degraded alarm.
The alarm can be cleared even when the minimum number
of requests is not reached.
The default value is 12 SNMP requests.
(2 of 2)
Note
(1) The communication degraded state for the two parameters, Maximum Retransmission Ratio and Maximum
Average Roundtrip Delay is checked every hour by the server, for all the NEs. So the Communication Degraded
alarms will always be raised and cleared at the same time within an hour.
20.3.1 Managing SNMP profiles

The SNMP connection information is configured in an SNMP profile. The SNMP
profiles can then be assigned to an NE. There is currently no default SNMP profile.
You must create the SNMP profiles you need to use.
An SNMP profile name must be unique. If you try to create an SNMP profile that uses
the same name as an existing SNMP profile, an error message is displayed and the
profile is not created.
When you create an NE, you can assign an SNMP profile to the NE. You can change
the version of SNMP for an NE by changing the SNMP profile assignment for the NE.
You can delete an SNMP profile only if it has not been assigned to an NE. However,
you can modify an SNMP profile even after it is assigned to an NE. After an SNMP
profile has been modified, the NEs that are using it start using the new parameter
values.
SNMP profiles are created, managed, and assigned to NEs in the 5520 AMS. SNMP
must also be configured on the NE, through CLI or the MIB.
You need to create SNMP profiles before you can assign them to NEs.
To create an SNMPv3 profile, you need to create an SNMPv3 user on the 5520 AMS.
You can do this before creating the SNMP profile or as part of the creation of the
profile. To create an SNMPv3 user on the NE, see the Operations and Maintenance
guide for the NE. For more information about SNMP, see the 5520 AMS User Guide.

Procedure 136 To create an SNMPv3 user on the 5520 AMS

Perform this procedure to create an SNMPv3 user on the 5520 AMS.
1 In the Administration Tree, choose EMS Administration→Configuration→SNMP→SNMPv3.
2 Right-click SNMPv3 User and choose Create→SNMPv3 User.
Result: The Create SNMPv3 User window opens.
3 Configure the parameters. See Table 53 to configure SNMPv3 user parameters.
Table 53 Create SNMPv3 User parameters
SNMP v3 User
User Name Indicates the security ID
Security Level A drop-down menu that lists the available supported security levels:
• Without Authentication and Without Privacy—Indicates that
messages between the agent and the manager are unauthenticated
and unencrypted
• With Authentication but Without Privacy—Indicates that messages
between the agent and the manager are authenticated by
unencrypted
• With Authentication and With Privacy—Indicates that messages
between the agent and the manager are both authenticated and
encrypted
Authorization Protocol A drop-down menu that lists the available supported protocols (MD5,
SHA1, SHA2-256(1), SHA2-512)(1)
Authorization Password(2) Used to specify the plain or encrypted password if the MD5, SHA1,
SHA2-256, or SHA2-512 protocol is selected (3)
Encryption Protocol A drop-down menu that lists the available supported privacy protocols
(DES, AES-128, AES-192, AES-256)
Encryption Password(2) Used to specify the privacy password for the encryption protocol (3)
Notes
(1) Due to the PBMT limitation on the NE migration tool, AMS does not support NE migration for those NEs which
are managed with SNMPv3 SHA2 encryption in RHEL 6 alone.
(2) You must create passwords that are at least eight characters long, even if the NE allows a shorter password.
(3) Passwords are encrypted in the 5520 AMS database.
4 Click Finish.

Procedure 137 To create an SNMP profile

Perform this procedure to create an SNMP profile. You need to create SNMP profiles before you
can create NEs on the 5520 AMS. For more information about SNMP, see the 5520 AMS User
Guide.
1 In the Administration Tree, choose EMS Administration→Configuration→SNMP.
2 Right-click SNMP Profile and choose Create→SNMP Profile.
Result: The Create SNMP Profile window opens.
3 Configure the parameters. See Table 54 to configure SNMP profile parameters.
Table 54 Create SNMP Profile parameters
Identification
Name Enter a unique name for the SNMP profile.
SNMP
Version Choose the SNMP version for the profile. The 5520 AMS supports
versions v1, v2 and v3. The default value is set to v3.
Port Enter port 161.
SNMP v1/v2
Read Community Indicates the SNMP community name for the agent. This field accepts a
unique character string. Record the names you enter here because you
must use the same names to configure these parameters on the NE.
Re-Type Read Enter the SNMP read community string again.

Community
Write Community Indicates the SNMP community name for the agent. This field accepts a
unique character string. Record the names you enter here because you
must use the same names to configure these parameters on the NE.
Re-Type Write Enter the SNMP write community string again.

Community
SNMP v3
Context Name Choose Automatic or Manual.

Assignment
Context Name Indicates the agent in the NE. If Context Name Assignment is set to
Automatic, this field is dimmed.
User Click Browse to open the Select User window.

Choose a user, or click Create to create one. See the 5520 AMS User
Guide.
SFTP Credentials When NE Acts as Server
User Name Indicates the SFTP client username on the NE.
(1 of 2)

Password Indicates the SFTP client password.
Re-Type Password Enter the SFTP client password again.
(2 of 2)
4 Click Finish.
20.4 Configuring SSH public key of the NE

The SSH public key is used to secure the SSH communication with the network
element by:
• enforcing the strict checking of the public key presented by the network element
in all SSH interactions such as secure CLI, secure TL1, SSH scripts, LRM and
software management.
• automating the learning of the SSH public key of the NE through a secure channel
(SNMPv3).
You can configure the SSH public key using the ‘Strict Host Key checking’ feature.
See procedure 138 to disable or enable the feature.
The Strict Host Key Checking feature is used to avoid man-in-the-middle attack. If
such an attack occurs, a standard OS or SSH error will be logged that the 5520 AMS
will return when using secure CLI, secure TL1, SSH scripts, LRM or software
management.
The 5520 AMS checks whether the NEs managed through SNMPv3 have an SSH
public key. If a SSH public key is not available in the NE, then the 5520 AMS will
instruct the NE to generate a new key, else the 5520 AMS will retrieve the key and
use it to populate the SSH known_hosts file.
When a new value for the SSH public key of the NE is generated, it is stored in the
database, and the 5520 AMS updates the known_hosts file of amssys user with the
new public key value in all the application servers.
When the feature is enabled, the entries in the known_hosts file are refreshed
everyday automatically in all the application servers. You can force the re-generation
of the known_hosts file, see Procedure 139.
For the frequency of the SSH public key generation checks, refer to Table 66.
You can manually generate the SSH public key. For more information, see the
Operations and Maintenance Guide for the NE.

Procedure 138 To configure SSH settings

Perform the following procedure to configure SSH settings.
1 In the Administration Tree, choose EMS Administration → Configuration → EMS/NE

Protocols → SSH Settings.
Result: The Object Details view opens and the ‘Strict Host Key Checking’ is selected by
default.
2 Select or deselect the ‘Strict Host Key Checking’, as required and click the Apply icon ( )
to save the changes.
Procedure 139 To refresh SSH server public keys in the SSH known_hosts file for all
NEs
Perform the following procedure to refresh the SSH server public keys in the SSH known_hosts
file for all NEs.
1 In the Administration Tree, choose EMS Administration → Configuration → EMS/NE

Protocols → SSH Settings.
2 Right-click SSH Settings and choose Actions → Refresh SSH Server Public Keys in the SSH
known_hosts File for all NEs.
Result: The Refresh SSH Server Public Keys confirmation window opens.
3 Click Yes to confirm.
Result: A window opens and provides details about the progress of the refresh action.
When the refresh action is completed, the Action Details window opens showing the Target,
Description, Status and Additional Information.
4 Click Close to close the Actions Details window.

20.5 Configuring file transfer protocol settings

You can choose the file transfer protocols the 5520 AMS uses to communicate with
the NEs. While communicating with a specific NE, the 5520 AMS will compare the
file transfer protocol settings between the NE and the 5520 AMS configuration.
Protocol having the highest security level, that is, SFTP will be used for file transfer.
During file transfer, if a high priority based protocol fails, the file transfer will fail
reporting an error message. For example, if a NE supports SFTP and TFTP, and
both are configured for use in this order, then the 5520 AMS will always use SFTP
for communicating with the NE, and if file transfer fails, then an error message is
displayed.
The configuration of file transfer protocols applies whether the 5520 AMS is sending
files to the NE or receiving files from it.
Table 55 details the file transfer protocols supported by each NE type.
Table 55 File transfer protocols supported by NE type
NE Type Protocols supported Additional information

7302 ISAM/7330 ISAM FTTN SFTP, TFTP —
7342 ISAM FTTU SFTP, TFTP —
GENBAND G6 SFTP, FTP The G6 NE can only use one

protocol at a time. If an SFTP
transfer fails, you will receive an
error message.
To configure file transfer protocols, you need to perform the following:
Note — The passwords for amsftp and amssftp need to be

changed in both the server and the GUI.
• Configure default user passwords. In the 5520 AMS Installation and Migration
Guide, see the following procedures:
• To change the password of a default user on the 5520 AMS application server
• To change the password of a default user on the 5520 AMS GUI
• Configure file transfer protocol settings. See Procedure 140 to configure file
transfer protocol settings.

Procedure 140 To configure file transfer protocol settings
1 In the Administration Tree, choose EMS Administration→Configuration→EMS/NE

Protocols→File Transfer Protocol Selection.
Result: The Object Details view opens. In the AMS Protocol Selection Strategy, the Use the
protocol configured in the NE strategy is selected by default and none of the protocols (SFTP,
FTP, TFTP) are selected by default.
Note — Before you enable the SFTP protocol, make sure that the SFTP
credentials are configured correctly.
• You must set the password to access the 5520 AMS SFTP file server
from the server and the GUI. In the Administration Tree, choose
Configuration→EMS/NE Protocols→File Server Credentials→SFTP
User. See also the procedure to change the password of a default
user on the server in the 5520 AMS Installation and Migration Guide.
The password is used for downloading OSWP software, backing up
and restoring, and downloading CDE profiles.
• You can set the username and password for the NE SFTP file server
in the SNMP profile used by the NE. The username and password are
used for downloading ONT software and viewing syslog files.
2 Select or unselect the check boxes for the file transfer protocols you do or do not want the
5520 AMS to use.
3 From the Strategy drop-down menu, choose Force the AMS protocol selection.
Result: In the AMS Protocol Selection, SFTP, FTP and TFTP protocols are selected by
default.
Procedure 141 To perform a file transfer test

Use this procedure to test if the files are being transmitted (send and receive) to the Application
servers correctly:
1 Navigate to the application server on which you want to perform a file transfer test by
choosing EMS Administration→EMS System→Site→Application & Data Servers in the
Administration Tree.
Result: Communication with the server must be established and ongoing, which is indicated
by the Up server status.

2 Right-click the Application server for which this test needs to be performed and choose
Actions→Test File Transfer.
Result: The 5520 AMS attempts to transfer files using each protocol selected in the File
Transfer Protocol Selection object details.
3 When the test is completed, the Action Details view displays the results of the test if the test
was successful or not, possible reasons for failure etc.
20.5.1 SFTP with key based authentication

SFTP with key based authentication reduces the chances of unauthorized access to
the SFTP server. This authentication method is used for automated file transfers. It
allows users to login to their SFTP server without entering a password.
To configure SFTP with key based authentication, the authorized_keys file
(<hostname>:/.ssh/authorized_keys) of the corresponding user in the SFTP server
(destination server) needs to be updated to include the public key of amssys user
from the 5520 AMS server. In a cluster setup, the public key of amssys user for each
application server must be added to the sftp server, since the public key is different
on each server.
When SFTP is selected as the protocol for file transfers and key based authentication
is configured, if the user provides a password, the password is ignored.
When key based authentication is not configured and an empty value is selected for
password, an error message indicating dataFileDestination: password info is
mandatory for protocol SFTP is updated in the error report.
20.6 Configuring a TL1/CLI protocol selection

strategy for a reachability test
At the system level, you can configure the strategy for which protocols (SSH, Telnet,
UDP) to test during a reachability test. Configuring the strategy allows you to rely on
the NE configuration or to force a protocol to be verified. The strategy can be the
protocol that is enabled by the NE, or a fixed protocol selection according to priority.
If the highest priority protocol, that is, SSH is not supported on the NE, or if the
protocol fails, then the reachability test is performed for the protocol selected to follow
next in priority.

The strategy to use the protocols that are enabled by the NE verifies only that the
TL1/CLI credentials are correct. The strategy to use a fixed protocol selection verifies
that the TL1/CLI credentials are correct and that the protocol configuration in the NE
is also correct. For example, the test will fail if a selected protocol is not enabled in
the NE.
Note — If the standard protocols are tested and working

successfully, then secure protocols will work successfully and
further tests are not performed. The regular reachability test
checks all the protocols on a single NE.
For information about how to perform a reachability test on an NE, see the 5520 AMS
User Guide.
Procedure 142 To configure a TL1/CLI protocol selection strategy for a reachability

test

Protocols→TL1/CLI Protocol Selection.
Result: The Object Details view opens with the Use the protocol configured in the NE strategy
selected by default and none of the protocols (SSH, Telnet, UDP) selected by default.
2 If you want to change the strategy, from the Strategy drop-down menu, choose Force the
AMS protocol selection.
Result: In the AMS Protocol Selection, all the protocols (SSH, Telnet, UDP) are selected by
default.
3 Select the check boxes for the TL1/CLI protocols you want the 5520 AMS to use.
20.7 Configuring TFTP server settings

Perform this procedure to configure the TFTP server settings.
Procedure 143 To configure TFTP server settings

Protocols→TFTP Server Settings.
Result: The TFTP Server Settings are displayed in the Object Details view.

Table 56 TFTP server settings
Configuration
Enable TFTP Server on the Select this check box to enable the TFTP server on the 5520 AMS.
EMS (Used for NE Backup, ...) The check box is not selected by default.
Disk Properties
Minimum Free Disk Space in The minimum free disk space (in kilobytes) required for TFTP write
KB to continue. TFTP write verifies that at least this much space is
always available on the server.
Properties Read Write
Socket Time Out The maximum duration (in s) The maximum duration (in s) that
that the Read socket waits for the server waits for the client to
an acknowledgement from the send a data packet.
client.
Number of Retries The maximum number of times The maximum number of times
that the server resends a data that the server resends
packet to the client. The server acknowledgement packets for a
must resend a data packet specific data packet received
when the acknowledgment from the client. The server has to
number received from the client resend an acknowledgment
does not match the block packet when the block number of
number of the data packet last the data packets last received
sent. does not match the number
expected by the server.
Number of Last Ack Retries - Configure this parameter for the
server to wait for retry attempts
from the client after sending the
last acknowledgement packet.
The duration (in s) the server will
wait is given by the Number of
Last Ack Retries multiplied by the
Socket Time Out parameter.
Note — Nokia recommends not storing manual files in AMS TFTP

HOME directory since AMS TFTP HOME directory is cleaned up during
AMS server startup.

20.8 Configuring TFTP client settings

Perform this procedure to configure file transferring attempts in the TFTP client
settings.
Procedure 144 To configure TFTP client settings

Protocols→TFTP Client Settings.
Result: The TFTP Client Settings is displayed in the Object Details view.
2 In the Configuration settings, enter the maximum number of times for which a file transfer can
be attempted.
20.9 Administrating alarms

Limiting the size of the current and historical alarm tables is essential to guarantee
that the 5520 AMS will operate at an acceptable performance level.
The size of the current and historical alarm tables affects the following:
• Response times from the user interface when querying, filtering, or sorting alarms
in the Alarm perspective
• 5520 AMS backup time and cluster synchronization time
The 5520 AMS provides mechanisms to reduce the number of alarms reported in
alarm tables.
When the size of the historical alarm table exceeds a threshold, the 5520 AMS
automatically enables a protection of the historical alarm table view.
20.9.1 Historical Alarm view protection

The alarm protection mode improves the performance of the GUI by limiting the
number of alarms that the 5520 AMS will extract from the database and display
within the GUI.

When this limit is exceeded, the 5520 AMS enters a protection mode and forces the
user to limit the search for alarms by only allowing the retrieval of historical alarms
from a smaller set of NEs.
20.9.1.1 Viewing historical alarms when view protection is

enabled
The following methods allow the retrieval of historical alarms when the view
protection is enabled:
• Right-click on an NE and choose Show→Alarms→ on Selected Object & Subtree.
In the Alarm view, choose Run in History from the menu.
• Right-click on an NE and choose Show→ Historical Alarms→ on Selected Object
& Subtree.
The navigation to the Historical Alarm view can be enabled when selecting an NE
group by changing the value of the Protect Alarm View if Number of NEs in Historical
Alarm Filter Exceeds parameter.
20.9.1.2 Configuring the Historical Alarm view protection

The maximum database size can be configured in the Administration perspective.
Choose EMS Administration→ Configuration→ Alarms→ Alarm Settings, and
configure the following parameters:
• Protect Alarm view if Historical Alarms Database Size Exceeds
• Protect Alarm view if Number of NEs in Historical Alarm Filter Exceeds
In the Alarm Settings Object Details view, you can configure the maximum database
size for the historical alarm database. The Historical Alarms Database Size
parameter displays the current database size.
Note 1 — The recommended maximum database size for the
historical alarm database is 1 GB.
Note 2 — The performance of the system reduces as the
historical alarm database size increases.
The database size can be monitored over time by opening the EMS Performance
Monitoring view and choosing Alarms→ Historical Alarm DB Size. You can also view
TCA alarm for historical alarm database size exceeding configured limit (for example,
if the configured limit is 1GB and then the TCA alarm is raised if historical alarm
database size exceeds 1GB) from Historical Alarm DB Size option.

20.9.2 Monitoring unstable services

If a service exceeds the configured threshold of the number of restarts allowed, and
the window between first restart and last restart of the service is less than the
configured time limit, then the service is considered unstable. The process monitor
stops restarting the unstable process. A 'Service Unstable' alarm is raised per server,
listing the concatenation of all services not running properly. The health of the server
is unhealthy if a Service Unstable alarm is reported on the server. For information on
the Service Unstable alarm, see Section 26.2. The alarm is cleared in the following
scenarios:
• When all processes are running properly.
• When the service is stopped using the ams_server stop <servicename>
command.
• When the ams_server stop command is executed.
• When the ams_server start command is executed.
Procedure 145 To clear the ‘Service Unstable’ alarm
1 See the ‘Service Unstable’ alarm details to find out the list of unstable services.
2 Stop the unstable service or services.
• To stop a specific unstable service, execute the following command:
ams_server stop servicename
• To stop the server (if multiple services are unstable), execute the following command:
ams_server stop
Result: The service does not appear in the list of unstable services after it is stopped
manually.
3 Bring up the unstable service or services.
• To restart a specific unstable service, execute the following command:
ams_server restart servicename
• To restart the server (if multiple services are unstable), execute the following command:
ams_server start
Result: The service is removed from the unstable services list in the alarm. If the problem is
still not fixed, the alarm is raised again.

20.10 Filtering alarms

The 5520 AMS provides multiple mechanisms to avoid overloading the current and
historical alarm tables with unwanted alarms. Figure 1 shows the acceptable alarm
event rates and overload protection mechanisms implemented by the 5520 AMS.
Figure 1 Acceptable alarm event rates and overload protection
mechanisms implemented by the 5520 AMS
20.10.1 Filtering alarms from the NE

To turn off the reporting mode of unwanted alarms, use the Alarm Severity
Assignment Template in the Template perspective.
To enable alarm filters to report one alarm for multiple occurrences of the same
alarm, use the Alarm Filter Templates in the Template perspective.
20.10.2 Filtering alarms from the 5520 AMS

The following methods allow you to filter alarms from the 5520 AMS:
• Filter out low severity alarms
• Save alarms to a file for offline analysis
• Suppress toggling alarms
• Move alarms to archive files

20.10.2.1 Filtering out low severity alarms

The alarm severity threshold can be configured from the Administration perspective.
Choose EMS Administration→Configuration→Alarms→Alarm Settings and
configure the EMS Severity Filtering Threshold parameter. Alarms with a severity
lower than the configured severity will not be uploaded. However, active low severity
alarms can be viewed by right-clicking on an NE in the Network Tree and choosing
Show→Current Alarms & Conditions→on Selected Object & Subtree.
20.10.2.2 Saving alarms to a file for offline analysis

Alarms that do not require immediate operator attention can be saved to files. These
files can then be used for offline analysis.
Saving alarms to a file can be configured from the Administration perspective. From
the Administration Tree, navigate to Configuration→Alarms →NE Alarm Processing
Settings→NE Alarm→Reporting Strategy and then, select Dump to File (from drop
down list).
Log file management and overload protection can be configured from the
Administration perspective. Choose EMS
Administration→Configuration→Alarms→Alarm Settings→NE Alarm Event Log
Filter.
20.10.2.3 Suppressing toggling alarms

Toggling alarms can be detected, suppressed, and replaced by a single derived
alarm that reports the toggling behavior of the suppressed alarm. The specific
problem of the toggling alarm is prefixed with the following string: [==TOGGLING==].
For example, [==TOGGLING==] Rack Power Fuse Broken Alarm.
You can configure toggling alarm suppression from the Administration perspective.
See Section 20.14.
20.11 Configuring EMS local alarms

Perform this procedure to configure the severity assignment of EMS local alarms,
and to turn on and off the reporting of these alarms.
Procedure 146 To configure EMS local alarms
1 In the Administration Tree, choose EMS Administration→Configuration→Alarms→EMS

Alarm Severity Assignment.
Result: The EMS Alarm Severity Assignment table appears in the Table View.

2 Select the alarm in the table. The alarm information is displayed in the Object Details view.
The Category, Domain, Object, Probable Cause, and Specific Problem parameters are not
configurable. However, you can configure the parameters as described in Table 57:
Table 57 EMS Alarm Severity Assignment settings parameters
Parameter Configuration
Severity Choose an alarm severity option from the drop-down menu.
Discarded Choose to discard the alarm by selecting the check box, or to not discard the
alarm by clearing the check box.
When the check box is selected, the Discarded parameter is set to true, and
the alarm is not reported. Also, any corresponding alarms are cleared from the
current alarm table.
When the check box is cleared, the Discarded parameter is set to false, and
the alarm is reported.
Custom Field 1 Enter any additional information on the alarm type.
Note — The custom fields added to the alarm types can be viewed and
used to filter the alarms in the Alarm View and the Historical Alarm View.
Note 1 — The new severity assignments are effective only for alarms
raised after the changes have been saved.
Note 2 — The status bar of the 5520 AMS GUI displays the aggregated
EMS alarms icon of the site next to the site icon, which shows the
aggregated alarm summary.
20.12 Configuring alarm settings

Perform the procedures in this section to configure alarm settings for current and
historical alarm storage periods.

Procedure 147 To configure alarm storage
Caution — Nokia recommends that you perform this procedure before

starting supervision on the NEs. If you perform this procedure after one
or more NEs are supervised by the 5520 AMS, you must start supervision
again on the NEs after you configure the EMS Severity Filtering
parameter.
1 In the Administration Tree, choose EMS Administration→Configuration→Alarms→Alarm

Settings.
Result: The Alarm Settings parameters appear in the Object Details view.
Table 58 Alarm settings parameters
Global GUI Settings
Alarm View Refresh Interval A time period, in seconds, before the Alarm view is
refreshed.
Compute and Display the TL1 AID Check the TL1 AID checkbox to compute the TL1
AID. The TL1 AID is displayed only for the following:
• TL1 AID column in the Alarm View
• Field selection drop down in the Alarm View
• Alarm Filter drop down
• Object Details view for the Alarm Object
You must log out of the client and log in again for a
change to this parameter to take effect.
Alarm View Coloring Scheme Option to display the entire row or only the Severity
column in the color of the alarm severity in the alarm
views. Select one of the following options from the
drop-down list:
• Alarm Severity Colors the Entire Row to display
the entire row in the color of the alarm severity
• Alarm Severity Colors the Severity Column Only
to display the Severity column in the color of the
alarm severity
Historical Alarm View Overload Protection

In Overload when Historical Alarms If the size of the historical alarms database exceeds
Database Size Exceeds the configured value, the alarm view is not displayed
so as to protect the alarm view response time.
(1 of 5)

When in Overload, Disable View When The alarm view is not displayed so as to protect the
Selected Number of NEs Exceeds alarm view response time if the following two
conditions occur:
• The number of NEs in the Historical Alarm Filter
exceeds the configured value
• The size of the historical alarms database
exceeds the configured value of the Protect
Alarm View if Historical Alarms Database Size
Exceeds parameter
Current to Historical
Automatic Moving Strategy When current alarms are to be moved automatically

to the Historical Alarm view.
Delay Before a Cleared Alarm is Moved A time period before a cleared alarm is moved from
From Current to Historical List the Alarm view to the Historical Alarm view.
The cleanup task is run every hour, which means that
the alarm will be moved to Historical Alarm at most
one hour after the configured delay time has passed.
For example, if the delay is set to 5 minutes, the alarm
will be moved effectively after an hour.
Minutes and seconds are ignored.
Historical Alarm Queue Size Size of the queue used to buffer historical alarms
before moving them to the Historical Alarm database.
Purging Historical
Delay Before an Alarm is Deleted from A time period before alarms are deleted from the
Historical List Historical Alarm view.
To configure this parameter, see Procedure 148.
Archiving Historical
(2 of 5)

Archiving Strategy The archiving strategy is so that the alarms can be
saved to disk for offline analysis instead of being
deleted. If FTP or SFTP file transfer is not selected,
alarms are archived in the shared directory, one file
per day under:
$AMS_EXTERNAL_SHAREDDATA_HOME/alarmar
chiving/alarms-archive_<YYYY>_<MM>_<DD><alp
haChar>.csv, where:
<YYYY>, <MM> and <DD> represents the date (year,
month, and day) at which the alarms were cleared
and <alphaChar> is empty or contains the next
alphabetic character.
If compression is enabled, the file name will be
alarms-archive_<YYYY>_<MM>_<DD>_<HH><alph
aChar>.csv.gz.
If an alarm archive file with the same name already
exists, then the filenames will have a sequential
alphabetic character appended to the name, for
example, alarms-archive_2012_08_20_20a.csv.gz
and alarms-archive_2012_08_20_20b.csv.gz. This
may happen if there are repeated application server
switchovers within the same day causing several
similarly named alarm archive files to be present.
If FTP or SFTP file transfer is selected, the alarm
archive file is transferred to the configured remote
FTP or SFTP location. If the copy or file transfer of the
alarm archive fails, an alarm is raised. Use Procedure
240 to manually purge and archive the alarm log.
Delay Before an Alarm is Deleted from the A time period before alarms are deleted from the
Alarm Archive shared directory where they are archived.
The parameter is enabled when the Archiving
Strategy parameter is set to When Alarms are Moved
from Current to Historical or When Alarms are Purged
from Historical.
Compress Alarm Archive When the parameter is enabled, the alarm archive
files are compressed in the shared directory or
configured FTP/SFTP location daily to minimize disk
space usage.
The parameter is enabled when the Archiving
Strategy parameter is set to When Alarms are Moved
from Current to Historical or When Alarms are Purged
from Historical.
File Transfer
Protocol The protocol selected for file transfer.

The allowed values are:
• No file transfer (Keep files in ‘shared/common’)
• FTP
• SFTP
The default value is No file transfer (Keep files in

‘shared/common’). If this option is selected, the
archive is copied to
$AMS_EXTERNAL_SHAREDDATA_HOME/alarmar
chiving/.
(3 of 5)

Remote Host Valid IP address of the remote FTP or SFTP host.
This parameter is disabled if Protocol is set to No file
transfer (Keep files in ‘shared/common’).
Directory The directory for file transfer in the remote FTP or

SFTP host.
Username The username to log in to the remote FTP or SFTP

host.
Password The password to log in to the remote FTP or SFTP

host.
Re-Type Password
EMS Severity Filtering
Threshold (Lower severities will not be The severity threshold to reduce the number of
collected from the NE) alarms reported to the 5520 AMS. Alarms of a
severity lower than the threshold are not collected
from the NE.
Alarm Table Size Threshold
Number of Current Alarms
Raise Alarm if Total Number of Current The 5520 AMS raises a local alarm when the number
Alarms Exceeds of alarms in the current alarm table exceeds the
configured value. The 5520 AMS clears the local
alarm when the number of alarms falls under the
configured value.
Historical Alarms Database Size The 5520 AMS raises a local alarm when the number
of alarms in the historical alarm database exceeds the
configured value. The 5520 AMS clears the local
alarm when the number of alarms falls under the
configured value.
Do Not Export on Server if Historical Alarms The 5520 AMS does not export alarms on the server
Database Size Exceeds if the size of the historical alarm database exceeds
the configured value. The default value is 200 MB.
This parameter controls the export of alarms during
an AMS migration either using the export script or
through the menu File → Export from the client.
Configuring the historical alarm database to a value
higher than 200 MB will result in increasing the
migration time. Nokia recommends not to exceed 200
MB for the historical alarm database size.
The Export wizard or script do not report an error
when alarms are suppressed due to this setting.
The parameter Maximum Number of Historical
Alarms Exported on Server is replaced by the new
parameter Do Not Export on Server if Historical
Alarms Database Size Exceeds from R9.2.10.
NE Alarm Event Log Filter
(4 of 5)

Discard Alarm Event if Rate Exceeds The 5520 AMS removes alarm events from the NE
Alarm Event Log Filter queue when the alarm rate, in
events/s, exceeds the configured value. The
additional events will not be logged.
Delay Before an Alarm is Deleted from the A time period before alarm event logs are deleted
Alarm Event Log from the shared directory where they are archived.
Compress Alarm Event Logs When the parameter is enabled, the alarm event log
archive files are compressed in the shared directory
or configured FTP/SFTP location daily to minimize
disk space usage.
File Transfer

• FTP
• SFTP
The default value is No file transfer (Keep files in

‘shared/common’). If this option is selected, the
archive is copied to
$AMS_EXTERNAL_SHAREDDATA_HOME/alarmfilt
ering/.

Directory The directory for file transfer in the remote FTP or

SFTP host.
Username The username to log in to the remote FTP or SFTP
host.
Password The password to log in to the remote FTP or SFTP

host.
Re-Type Password
Miscellaneous
Bulk Alarm Block Size The maximum number of alarms retrieved from the
database in one go. For example, when cleaning up
historical alarms, moving cleared current alarms to
historical.
(5 of 5)

Procedure 148 To configure the delay before an alarm is deleted from the Historical
Alarm view
Caution 1 — Modifying the 'Delay Before an Alarm is Deleted from

Historical List' parameter deletes all historical alarms from the 5520 AMS
database.
Nokia recommends that you configure the parameter only when you
install the 5520 AMS.
Caution 2 — When importing alarm settings, ensure to match the value

of the 'Delay Before an Alarm is Deleted from Historical List' parameter in
the current release and the exported alarm settings in the earlier
5520 AMS release. The parameter will not be imported and an import
failure will be reported, if:
• The parameter values do not match

• There are historical alarms in the database
For information on the data migrated from earlier 5520 AMS releases,
see the 5520 AMS Installation and Migration Guide.
The configured delay is a minimum (or guaranteed) delay. Additional granularity in the timestamps
of the historical alarms has been introduced. For example, when the delay is set to 30 days,
historical alarms are cleared in batches of two days. In this case, the oldest alarms that are kept
in the historical database at any time are between 30 and 31 days old. The longer the delay is, the
longer the granularity is. For a configured delay of 20 days or less, the granularity is 1 day.
1 In the Administration Tree, choose EMS Administration→Configuration→Alarms.
2 Right-click the Alarm Settings object and choose Actions→Modify Delay Before an Alarm is
Deleted from Historical List.
Result: The Modify Delay Before an Alarm is Deleted from Historical List window opens.
3 Configure the parameter.
4 Click Finish.
Result: The change takes effect within the hour that follows.

20.13 Configuring NE Alarm Processing Settings

The 5520 AMS provides you with a tool to filter NE alarms, and to dump the NE
alarms that do not require immediate action to a .csv file stored on the application
server, as required. You can also choose both to dump the NE alarms to a file and
to report the NE alarms.
Use the NE Alarm Processing Settings to allow the processing of relevant NE alarms
only, and to save the remaining alarms to a file for statistical analysis. The NE alarms
that are saved to a file and unreported are not propagated to the Network Tree, not
visible in the Alarm perspective views, and not forwarded to the northbound interface.
Perform this procedure to configure the NE Alarm Processing Settings.
Before you proceed, the NE support plug-ins must be installed and activated.
Procedure 149 To configure NE Alarm Processing Settings
1 In the Administration Tree, choose EMS Administration→ Configuration→ Alarms→ NE

Alarm Processing Settings.
Result: The NE Alarm Processing Settings table appears in the Table View.
Note — The NE Alarm Processing Settings feature does not support

7324 RU alarms.
2 Select the alarm in the table.
Result: The alarm information is displayed in the Object Details view.
The Category, Domain, Object, TL1 Alarm Condition, Probable Cause, and Specific Problem
parameters are not configurable. However, you can configure the parameters as described
in Table 59:

Table 59 NE Alarm Processing Settings parameters
Parameter Configuration
Reporting Strategy Choose one of the following reporting strategy options from the drop-down
menu.
• Report alarm
• Dump to file
• Dump to file & report alarm
The default value is set to Report alarm.
Toggling Alarm Choose to suppress the toggling alarm by selecting the check box, or to not
Suppression suppress the toggling alarm by clearing the check box.
By default, the Toggling Alarm Suppression checkbox is not selected.
Toggling Threshold Enter the toggling threshold value.

The Toggling Threshold is enabled only when the Toggling Alarm Suppression
checkbox is selected.
Move to History Choose one of the following options from the drop-down menu.
• Always: The alarms are always moved to historical alarm table.
• Based on Alarm Age: The alarms are suppressed from historical alarm
table based on the defined alarm age.
The default value is set to Always.

You can set the Move to History parameter to Based on Alarm Age for less
important alarms and when the alarm age is for short period. The alarm can be
moved to historical alarm table or archived or discarded based on the
configurations made in the Alarm settings. For more information on Alarm
settings, see Procedure 150.
The alarm age is calculated as the difference between the raised time and
cleared time of the alarm.
The alarms is handled in the following ways:
• When the Alarm Age of an alarm is less than the Move to History
Min.Alarm Age value, then the alarm is discarded if the Archiving Strategy
is set to Never in the alarm settings or else it is archived.
• When the Alarm Age of an alarm is more than the Move to History
Min.Alarm Age value, then the alarm is moved to historical alarm table.
Move to History Min. Enter the minimum age of alarms. Below this age, the alarms will be
Alarm Age suppressed from historical alarm table.
This parameter is enabled only when the Move to History parameter is set to
Based on Alarm Age.
The default value is set to 5 seconds.

Note —
• The custom fields added to the alarm types can be viewed and used
to filter the alarms in the Alarm View and the Historical Alarm View.
• Define the NE Alarm Processing Settings for other NE alarms, as
required.
3 Click the Apply icon ( ) save the changes.
Note — If FTP or SFTP file transfer is not selected, the 5520 AMS starts
dumping alarm information to a log file, and stores one file per hour to the
following directory in the data server:
$AMS_EXTERNAL_SHAREDDATA_HOME/alarmfiltering/
If FTP or SFTP file transfer is selected, the alarm event log file is
transferred to the configured remote FTP or SFTP location. If the copy or
file transfer of the alarm event log archive fails, an alarm is raised. Use
Procedure 240 to manually purge and archive the alarm event log.
The alarm event log file follows the following naming convention:
/alarms-filtered_<YYYY>_<MM>_<DD>_<HH><alphaChar>.csv
where:
<YYYY> is the year
<MM> is the month
<DD> is the date
<HH> is the hour

alarms-filtered_<YYYY>_<MM>_<DD>_<HH><alphaChar>.csv.gz.
If an alarm event log file with the same name already exists, then the
filenames will have a sequential alphabetic character appended to the
name, for example, alarms-filtered_2012_08_20_20a.csv.gz and
alarms-filtered_2012_08_20_20b.csv.gz. This may happen if there are
repeated application server switchovers within the same day causing
several similarly named alarm event log files to be present.
The alarm event log file contains the following information for each alarm:
Alarm Domain, Alarm Category, Source Friendly Name, Event Type,
Event Time Stamp, Alarm Severity, Probable Cause, Probable Cause
Mnemonic, Specific Problem, Additional Info, Service Affecting Type,
Groups.

20.14 Configuring the suppression of toggling

alarms
Alarms that toggle are alarms that are constantly being raised and cleared, often
rapidly, because of an intermittent fault. This alarm toggling can result in a flood of
alarms and make it difficult for the user to locate the source of the fault. In large
networks, this flooding may result in the creation of millions of historical alarms,
which can negatively affect the performance of the 5520 AMS.
The 5520 AMS provides you with a tool to detect and suppress toggling alarms
raised by an NE for each object instance and alarm type. A source alarm is an alarm
that is reported by the NE. A derived alarm is an alarm that is reported by the
5520 AMS when it detects a toggling source alarm. When the toggling source alarm
is detected, the 5520 AMS stops reporting the alarm and raises a derived alarm on
the object instance that is reporting the toggling source alarm.
You can configure whether a source alarm, if toggling, can be suppressed and set
the toggling threshold. The toggling threshold is the number of raised alarms for the
corresponding object instance an alarm type has reached in the current time window
(and which is greater than the number of alarms raised in the previous time window)
to have the source alarm suppressed and a derived alarm reported on the same
object and with the same severity. The time window is fixed at one hour. At every
measurement window, the <count> occurrences in the hour before <time> counter is
updated in the Additional Info/Text field where <count> is the number of times the
alarm occurred in that hourly measurement window for that NE, and <time> is the
time of the measurement expressed in UTC. For example, if the toggling threshold is
80 and the number of raised alarms for a particular alarm type exceeds 80 in one
hour, then the source alarm is suppressed and a derived alarm is raised. If within one
hour the number of raised alarms is less than 80, then the toggling alarm is cleared.
The value of the toggling threshold is only valid when the toggling suppression is
enabled.The event start time of a toggling alarm is the time at which the first instance
of the alarm occurred and not the time of the last alarm.
Derived alarms are raised on the same object as the source alarm, so they contribute
to the same object and aggregation alarm icons. They also contribute to the alarm
summary icons. Derived alarms are displayed in the current and historical alarm
views with the same characteristics, except that the specific problem for the alarm
indicates that it is derived from a toggling source alarm. The specific problem is
prefixed with the following string: [==TOGGLING==]. For example,
[==TOGGLING==] Rack Power Fuse Broken Alarm. The derived alarms are not
considered to be EMS alarms, so are not displayed in the EMS alarm severity
assignment profile. Stopping supervision of an agent clears all alarms raised on the
NE, including derived alarms. All derived alarms for which alarm toggling
suppression is disabled are cleared every hour.
Any issues that occur as a result of the transition period immediately following the
increase or decrease of the toggling threshold will be resolved after approximately
two hours.

When modifying the configuration of alarm toggling suppression (enabling/disabling

suppression or modifying the toggling threshold) on a live 5520 AMS where NEs are
supervised and reporting toggling alarms, the rare case can occur where the toggling
source alarm and corresponding derived alarm are raised on the same object, and
neither the source alarm nor the derived alarm is raised on an object while the alarm
is on in the NE. This issue will resolve itself after approximately two hours. Or, you
can force the 5520 AMS to resolve the issue by stopping and starting supervision of
the affected NE.
Toggling alarm suppression is only applicable to reported alarms. If an alarm is
configured to be reported and logged to a file, the logging to file is not affected by the
toggling alarm being suppressed.
Note 1 — The suppression of toggling alarms is not enabled on
the following:
• Spatial and temporal alarm filters
Note 2 — Alarms with the INACT TL1 alarm condition always
have alarm toggling suppression enabled.
Note 3 — The suppression of toggling alarms is supported on
the following NE types:
• 7302 ISAM/7330 ISAM FTTN/7356 ISAM FTTB/7360 ISAM
FX-12/7362 ISAM DF/7363 ISAM MX/7367 ISAM SX
• 7302 ISAM xVPS
• 7342 ISAM FTTU
Perform this procedure to configure the suppression of toggling alarms and configure
the toggling threshold.
Before you proceed, the NE support plug-in must be installed and activated.
Procedure 150 To configure the suppression of toggling alarms
1 In the Administration Tree, choose EMS Administration→Configuration→Alarms→NE Alarm

Event Log Filter.
2 Choose the NE Alarm Event Log Filter for which you want to configure toggling alarm
suppression.
Result: The Object Details window opens.
3 Select or deselect the Toggling Alarm Suppression, as required.
A selected check box indicates that toggling suppression for the alarm is enabled (True). If
the check box is not selected, the toggling suppression is disabled (False). The True and
False values, and toggling threshold value, display in the Table View.

4 Configure the Toggling Threshold parameter as required to configure the toggling threshold
setting for the alarm.
Note — The window of time in which the toggling threshold is monitored

to determine if the threshold has been exceeded or not is fixed at one
hour. See Section 20.14 for more information.
6 Log out of the client and log in again for the changes to take effect.
Note — If you enable and then disable alarm toggling suppression in the
same GUI session and attempt to filter alarms on a specific problem
without performing step 6, you may experience problems with the
filtering. The workaround in this case is to re-enable the alarm toggling
suppression in the same GUI session and set the alarm’s toggling
threshold to a very high value.
20.15 Creating NE environmental alarm templates

The NEs have terminals that can be attached to external switches and sensors. The
NE terminals are connected to the NT boards and are supported in the software as
environmental alarms. The environmental alarms can be, for example, cabinet door
alarms, power alarms, temperature sensor alarms, and water sump alarms.
Perform this procedure to create NE environmental alarm templates.
Before you proceed, the NE support plug-in must be installed and activated.
Procedure 151 To create environmental alarm templates
1 In the Administration Tree, choose EMS Administration→Configuration→Alarms.
2 Right-click ENV Alarm Template and choose Create→ENV Alarm Template.
Result: The Create ENV Alarm Template window opens.
3 Configure the parameter as described in Table 60.

Table 60 ENV Alarm Template parameters
Name Name of the environmental alarm template
Probable Cause Description of the probable cause for the alarms.

A default definition is provided for each alarm but
you can customize them to reflect the specific
use of the alarms.
4 Click Finish.
20.16 Customizing NE environmental alarm

definitions
Perform this procedure to provide meaningful descriptions for NE environmental
alarms so that the Probable Cause parameter accurately describes the alarm use in
specific applications.
Before you proceed:
• The NE support plug-in must be installed and activated.
• An ENV Alarm Template object must be created. See Procedure 151 to create
environmental alarm templates.
Procedure 152 To customize environmental alarm definitions
1 In the Administration Tree, choose EMS Administration→Configuration→Alarms→ENV

Alarm Template.
2 Select an ENV Alarm Template (name) object.
Result: The ENV Alarm Template table appears in the Object Details view, and displays
information in the following columns: Domain, Mnemonic, and Probable Cause. You can
customize the alarm definitions in the Probable Cause column.

3 To customize an alarm definition, perform the following:
i Click a table cell in the Probable Cause column. The cell becomes a text box, and you
can edit the definition.
ii Enter a meaningful definition for the environmental alarm to reflect the specific alarm
use.
20.17 Configuring PM settings

You can configure PM settings. The values for the Default Polling Interval and
Default For Time Duration parameters in PM Settings are displayed as default values
when you create monitoring tasks. Users can modify these defaults for each
monitoring task they create. For more information about managing PM counters and
monitoring tasks, see the Operations and Maintenance guide for the NE.
Procedure 153 To configure PM settings
1 In the Administration Tree, choose EMS Administration→Configuration→PM Settings.

Table 61 PM settings
Setting Description
Properties
Max. Monitors Per User The maximum number of monitoring tasks that a user can
create.
Max. Active Monitors Per User The maximum number of active monitoring tasks for a user.
Default Polling Interval The duration (in seconds) that elapses between polls.
Default For Time Duration The duration (in seconds) of the PM task collection. Data is
collected for the specified amount of time.
Max. Monitored Records The maximum number of records to monitor per PM task.
Page Size (Data View) The maximum number of pages to display PM records in the
Data view.
Page Size (Global Monitoring view) The maximum number of pages to display PM tasks in the
Global Monitoring view.
20.18 Configuring cut through settings

You can configure cut through settings. The settings apply to TL1 and CLI
cut-throughs on the NE. For more information about using cut-throughs, see the
Note — If a user has changed the CLI prompt then the prompt
must end with “$<space>“or “#<space>“.
Procedure 154 To configure cut through settings
1 In the Administration Tree, choose EMS Administration→Configuration→Cut Through

Settings.

Table 62 Cut through settings
Setting Description
General
Cut Through Timeout The length of time, in minutes, before an inactive cut through
will time out.
Auto populate Credentials Select the check box so that the TL1 and CLI cut-through
username and password configured in the NE object details
are populated automatically in the Cut Through window.
20.19 Configuring NE backup settings

Perform the procedure in this section to configure NE backup settings.
Procedure 155 To configure NE backup settings
1 In the Administration Tree, choose EMS Administration→Configuration→NE Backup

Settings.
Result: The NE Backup settings are displayed in the Object Details view.
Note — To configure backup settings that are specific to an NE plug-in,

see Procedure 164 to configure NE plug-in settings.

Table 63 NE backup settings
Setting Description
Backup Auto-Removal
Maximum Number of Backup Files Specifies the maximum number of the most recently backed
(per NE) up files for each NE that the 5520 AMS must retain
indefinitely. The default value is 5.
20.20 Configuring splitter settings

You must enable the management of splitters from the Administration perspective to
be able to create splitters under a PON port.
Procedure 156 To configure splitter management settings
1 In the Administration Tree, choose EMS Administration→Configuration→Splitter Settings.
Result: The Splitter settings are displayed in the Object Details view.
Table 64 Splitter settings
Setting Description
General
Enable Splitter Management Enables splitter management
Warning — Disabling splitter management (after it is enabled and

splitters are configured and linked to ONTs) will remove all splitters and
splitter links from the 5520 AMS system.

20.21 Configuring Action Manager settings

You can configure Action Manager settings which allow you to schedule the following
tasks affecting the Action Manager:
• Movement of completed actions from the Action view to the Historical Action view
(by default, this occurs every 7 days).
• Deletion of actions from the Historical Action view (by default, this occurs every
30 days).
Note — The 5520 AMS checks the threshold for moving

completed actions to the historical view, and deleting actions
from the historical view every 1 hour. The period between these
checks may cause slight delays before actions are moved or
deleted according to the configured schedule.
Procedure 157 To configure Action Manager settings

Perform this procedure to configure the Action Manager, scheduling periodic movement and
deletion of actions.
1 In the Administration Tree, choose EMS Administration→Configuration→Action Manager

Settings.
Result: The Action Manager settings are displayed in the Object Details view.
Table 65 Actions settings
Setting Description
Completed to Historical
Delay Before a Completed Action is The duration (in seconds, minutes, hours or days) before a
Moved to the Historical List completed action in the Action view is moved to the Historical
Action view. The format must be # s, m, h or d. For example, 10 d.
Removal from Historical
Delay Before an Action is Deleted The duration (in seconds, minutes, hours or days) before a
from Historical List completed action in the Historical Action view is deleted. The
format must be # s, m, h or d. For example, 10 d.

20.22 Configuring subscriber search settings

You can configure subscriber search settings to enable searching based on
attributes that are stored in the 5520 AMS database. For more information about
subscriber attribute searching, see Chapter 15.
Procedure 158 To configure subscriber search settings
1 In the Administration Tree, choose EMS Administration→Configuration→Subscriber

Search→Subscriber Search Settings.
2 Configure the parameters and click the Apply icon ( ).
3 If you enabled or disabled the Display ONT POTS Port Phone Number parameter, restart the
5520 AMS client.
20.23 Configuring supervision settings

Perform the procedure in this section to configure supervision settings.
Procedure 159 To configure supervision settings
Applies to — This procedure applies to isolated NEs only.
Caution — Contact your Nokia account representative before you

modify the polling parameters.

Note — See Procedure 135 to configure SNMP retries parameters of

reachable NEs.
1 In the Administration Tree, choose EMS Administration→Configuration→Supervision

Settings.
Result: The supervision settings are displayed in the Object Details view.
Table 66 Supervision settings
Setting Description
Polling
Polling Period The duration (in s) that elapses between polls of the NEs to confirm
their reachability.The default is 300s.
In case of unreachable or isolated NEs or agents, the polling timeout
is 12 seconds.(1)
SNMP Retransmissions for Polling of Isolated NEs
Timeout Before 1st The duration (in s) that the 5520 AMS will wait to conclude that the
Retransmission NE is not responding.
If the Timeout Before 1st Retransmission is Y (sec) and Maximum
Number of Retransmission is (m), then the timeout (T2) is calculated
as follows:
T2= (2(m-m)Y + … + 2(m-2)Y + 2(m-1)Y + 2(m)Y)
The Timeout Before 1st Retransmission parameter is multiplied by
2 for each additional retransmission. For example, if the
Timeout Before 1st Retransmission parameter is set to 4 s and the
Maximum Number of Retransmissions parameter is set to 2, the
first retransmission will be sent after 4 s if no reply is received. The
second retransmission will be sent after 8 s (2 × 4) if again no reply
is received. After 16 s (2 × [2 × 4]), if there is still no answer, the
retry will timeout. At 28 s (4 + 8 + 16), the 5520 AMS will conclude
that the NE is isolated after all retries have failed.(1)
This parameter is also configured in the SNMP retries settings.
The value of Timeout T2 (mentioned in the above formula) should
be less than the value of Timeout T1 which is mentioned in the Table
52: SNMP retries parameters.
Maximum Number of The number of times an SNMP polling request can be

Retransmissions retransmitted.(1)
Supervision
Align NE System ID with NE Select this check box to configure the 5520 AMS to automatically
Name at Start Supervision change the NE’s System ID to match the NE name. (2)
If the System ID and the NE Name do not match, an NE user label
mismatch alarm is reported when supervision is started. For more
information about alarms, see Chapter 26.
(1 of 2)

Setting Description
Start Supervision at NE Select this check box to configure the 5520 AMS to automatically
Creation begin supervising a NE when one is created.
On Unreachable NE, Start Configures the behavior of the 5520 AMS when supervision starts
Supervision on an NE but the NE is unreachable. There are two options:
• Keeps Trying (State becomes “Supervising”): the 5520 AMS
places the NE in a Supervising state and attempts to connect to
the NE repeatedly. When the NE becomes available, the state
is changed to Supervised.
• Fails (State becomes “Declared”): the 5520 AMS returns the NE
to the Declared state.
Registration Checks
Number of Polling Cycles The number of polling cycles between two registration checks. In a
Between Registration Checks registration check, detailed connectivity checks are performed on
trap registration, trap bitmask and SNTP. These settings need to be
correct in order for AMS to receive correct notification of the NE
changes. AMS tries to resolve any issues with these settings. The
range is from 2 to 1000. The default is 48.
For example, when the value '48' is set for this parameter, these
additional checks are performed every 48 polling cycles. So, if the
polling period is set to 300 seconds (5 min), the registration check
will be performed every 4 hours (every 48 polling cycles).
If the Trap Bitmask is overwritten by the operator in the 5520 AMS
GUI, then its value is set to default during registration check.
Number of Polling Cycles The number of polling cycles between two CLI connection checks.
Between CLI Connection In a CLI connection check, detailed connectivity check is performed
Checks on the NE. The range is from 6 to 1000000. The default is 288.(3)
For example, when the value '288’ is set for this parameter, the
connectivity check is performed every 288 polling cycles. So, if the
polling period is set to 300 seconds (5 min), the CLI connectivity
check will be performed every 24 hours (every 288 polling cycles).
Number of Polling Cycles The number of polling cycles between two SSH server public key
Between SSH Server Public checks. The range is 0 to 2147483647. The default is 6.
Key Checks
(2 of 2)
Notes
(1) The parameter is only applicable to isolated NEs. For non-isolated NEs, the retransmission settings under
SNMP settings are applicable. For more information, see Procedure 135.
(2) If the NE is not a 7302 ISAM or 7330 ISAM FTTN or 7360 ISAM FX, System IDs cannot be longer than 20
characters. If the NE is a 7302 ISAM or 7330 ISAM FTTN or 7356 ISAM FX, System IDs cannot be longer than
64 characters. If the NE name is more than the specified character limit for the NE type, the System ID will not
be changed.

(3) When the value is set to 1000000, the CLI connectivity check is not performed on the NE, not even during server
restart or start supervision.
Note — The Supervision Polling settings determine the minimum and

maximum time for raising NE Isolation alarm.
The formula to calculate the minimum time for an NE isolation alarm is as

follows:
Tmin =  T × 2(N)
N = 0→R
where:
• Tmin is the minimum time for an NE isolation alarm.

• R is the maximum number of SNMP retransmissions.
• T is the timeout before first SNMP retransmission.
• N is the value, ranging from 0, 1, 2.....R.
The formula to calculate the maximum time for an NE isolation alarm is

as follows:
The maximum time to raise an isolation alarm = Polling period + Tmin
The Table 67 provide examples of the calculation of minimum and

maximum to raise an isolation alarm based on the sample values of
polling period, timeout before first retransmission, and maximum number
of retransmissions.

Table 67 Minimum and maximum time calculation for NE isolation alarm
Polling Timeout Before Maximum Minimum time to Maximum time to

period 1st Number of raise isolation raise isolation
(in Retransmission Retransmissions alarm (in alarm (in
seconds) (in seconds) (in seconds) seconds) seconds)
300 4 1 12 312
300 4 2 28 328
300 4 3 60 360
300 15 1 45 345
20.24 Configuring EMS tracing settings

You can configure the EMS tracing level on unknown NEs and non-NE objects. See
Procedure 160 to configure EMS tracing settings. The EMS traces are the traces
from the 5520 AMS for unknown NEs and non-NE objects. To configure EMS tracing
settings, you need to have the EMS Tracing - Edit function.
To configure the EMS Detailed Tracing for an NE, see Procedure 161.
To reset the tracing level to the default on all NEs, see Procedure 162.
Procedure 160 To configure EMS tracing settings
Note — Increasing the tracing level decreases the performance level of

the 5520 AMS.
1 In the Administration Tree, choose EMS Administration→Configuration→EMS Tracing

Settings.
Result: The EMS tracing settings are displayed in the Object Details view.
2 Configure the settings as required.

Procedure 161 To configure the EMS Detailed Tracing for an NE
Note — Increasing the tracing level decreases the performance level of

the 5520 AMS.
1 Choose an NE in the Network Tree.
See the 5520 AMS User Guide for information about using the Multiple Edit function to
configure multiple NE objects at one time.
2 In the Object Details view, click the Additional Info tab.
3 Configure the parameters as required.
Procedure 162 To reset the tracing level to the default on all NEs
1 In the Administration Tree, choose EMS Administration→Configuration→EMS Tracing

Settings.
2 Right-click EMS Tracing Settings and choose Actions→Reset Tracing to Default on all NEs.
Result: The Reset Tracing to Default on all NEs window opens.
3 Click Finish.
Result: The EMS tracing level on all NEs is reset to the default value.
20.25 Configuring time zone settings

You can configure the 5520 AMS to recognize the time zones where the NEs in your
network are located.
Time zone management is disabled by default. If time zone settings are not
configured, alarm and event times are displayed in the Alarm view according to the
local time of the 5520 AMS GUI. The CLI and TL1 command line and timestamps will
be displayed in UTC.

Time zone management must also be configured in the NE when the NE is created
in the GUI. The time zones you configure become available to the operator in the
Create NE window. See the 5520 AMS User Guide for information about creating an
NE.
Time zones are displayed in the following region-based format:
(UTC offset) Region/Example city (time zone abbreviation/DST rule)
More than one time zone may exist for the same region and UTC offset, depending
on DST rules. For example:
• (UTC-07:00) America/Denver (MST/MDT)
• (UTC-07:00) America/Phoenix (MST, no DST)
Because the US state of Arizona, where the city of Phoenix is located, does not use
DST two time zones are available. You need to choose the correct time zones for the
locations of your NEs. This will ensure accurate DST updates.
The time zone management function will update the UTC offset on the NE based on
the NE configuration settings when you manually resynchronize the alarms between
the NE and the 5520 AMS database. As a result, if you suspect a time zone
discrepancy is at the root of a problem that you are troubleshooting, then you can
manually resynchronize the NE and 5520 AMS database alarms to clear the problem
potentially. See the procedure to manually resynchronize alarms in the 5520 AMS
User Guide.
Nokia recommends that you synchronize the NEs using SNTP if you need to use
time zone management. See Chapter 14 for information about configuring SNTP.
You may need to update time zone data periodically. See Section “Updating time
zone data in the 5520 AMS” to update time zone data in the 5520 AMS.
Note — In the event that in the 5520 AMS GUI the NE System
object displays a time zone value for the NE that is not correct,
and the time zone for the NE is not set to be managed, Nokia
recommends that you modify the time zone in the Windows OS:
apply a different time zone in the Windows date and time
properties and then apply the correct time zone.
This workaround relates to a Java issue in Windows and only
needs to be performed once in the lifetime of the machine.
Table 68 describes how alarm time stamps are displayed if time zones are
configured and at least two NEs are located in different time zones.

Table 68 Alarm and event time display behavior with time zones config-
ured and NEs in different time zones
Event type Example Received Cleared NE event NE

time time time(1) cleared
time(1)
NE event LINKDOWN event GUI time GUI time NE local NE local

time time
AMS-related NE NE backup failed GUI time GUI time NE local NE local

event (local alarm time time
reported on an NE)
AMS event not License expired GUI time GUI time — —

related to an NE
Note
(1) This column will only appear in the Alarm view if time zone settings are configured and at least two NEs are in
different time zones.
Procedure 163 To configure time zone settings

Use the following configurations to view the time zones in the 5520 AMS and the NE:
1 In the Administration Tree, choose EMS Administration→Configuration→Time Zone

Settings.
2 Select the Manage NE Time Zones check box to manage time zones. The following
parameters are enabled only if the Manage NE Time Zones check box is selected:
• Display NE Timestamps in Object Details as

• Display ‘Event/Cleared’ Time in Alarm Views as
• Display ‘NE Event/Cleared Time’ Columns in Alarm Views
• NE Time Zones
3 To configure the 5520 AMS GUI to display the NE local time for all time stamps in the Object
Details view of the NE, select NE Local Time from the Display NE Timestamps as drop-down
list.
4 Select GMT/UTC from the Display ‘Event/Cleared’ Time in Alarm Views as drop-down list to
display Event Time and Cleared Time in Alarm Views in GMT/UTC. By default, the Event
Time and Cleared Time parameters in the Alarm Views display the GUI Local Time.

5 Select one of the options from the Display ‘NE Event/Cleared Time’ Columns in Alarm Views
drop-down list:
• Only if there are at least 2 time zones selected (this is the default option)
• Always
6 In the NE Time Zones section, perform the following steps to select the time zone required
to manage an NE:
i Choose the time zone from the Available list.
ii Click the right arrow beside the Selected list.
Result: The time zone appears in the Selected list.
Note — If the time zone in the server is set as a region-based time zone,
for example, (UTC+01:00) Europe/Paris (CET/CEST), the time zone will
appear in the Selected list by default. If the time zone is configured in a
different format, for example, CET, there will be no default time zones in
the list.
8 Log out of the client and log in again for the changes to take effect.

You can configure user activity log settings, purge and archive alarm or user activity
log files. For more details, refer to the section 27.2.
20.27 Configuring NE plug-in settings

You can configure the settings specific to NE plug-ins. Not all parameters apply to all
releases of an NE.
Procedure 164 To configure NE plug-in settings
1 In the Administration Tree, choose EMS Administration→Configuration→NE Plug Specific

Settings.
2 Choose the NE plug-in type and release you need to configure settings for.

Result: The NE plug-in settings are displayed in the Object Details view.
3 Configure the settings. See the Operations and Maintenance guide for the NE for more
information.
20.28 Managing NE-based TL1 users from the

5520 AMS GUI
You can manage NE-based TL1 users from the 5520 AMS GUI. You can enable or
disable the synchronization of TL1 credentials (user name and password) in an NE
with the TL1 credentials configured in the 5520 AMS GUI. The TL1 credentials are
configured in the 5520 AMS GUI at NE creation or by modifying the NE object details.
Synchronization is disabled by default.
Nokia recommends that you enable the synchronization strategy when configuring
5520 AMS administrative settings for the first time before creating any NEs in the
GUI. At a later date, if the TL1 credentials for an NE are added or modified, the
changes are propagated immediately to the NE. See 20.28.1 for more information.
If you initially did not enable the synchronization strategy when starting the
5520 AMS for the first time and decide to enable it at a later time, see 20.28.2.
The NE must be reachable for the TL1 credentials to be synchronized. If the NE gets
disconnected from the 5520 AMS and the TL1 credentials are modified in the
5520 AMS GUI while the NE is unreachable, when the NE becomes reachable again,
the TL1 credentials in the NE are updated automatically.
The 5520 AMS checks if the TL1 user already exists in the NE and if it does, only the
password is updated. If the TL1 user does not already exist in the NE, the TL1 user
is created in the NE.
The NE also needs to be configured using a TL1 command to enable access to the
TL1 users. See 20.28.3 for more information.
This feature applies to NE types and releases that have support for TL1 user
configuration. For example, 7342 ISAM FTTU, Release 4.8.

20.28.1 Enabling the TL1 credentials synchronization

strategy
To enable the synchronization strategy for TL1 credentials between the 5520 AMS
and NE, you must select the Update the TL1 Credentials in the NE when changing
them in the NE Object Details parameter in the NE Plug Specific Settings in the
Administration Tree. See Section 20.27 for more information on configuring NE
plug-in settings. The parameter is deselected by default.
Your user role must have the NE - CLI/TL1 Credentials function to be able to modify
the parameter. See Table 19 5520 for more information.
20.28.1.1 NE TL1 user parameters managed through the

5520 AMS GUI
In addition to the TL1 user name and password, the following NE TL1 user
parameters are available for configuration in the Administration Tree:
• Privilege Level for Maintenance Commands
• Privilege Level for Provisioning Commands
• Privilege Level for Security Commands
• Privilege Level for Test Commands
• Maximum Password Age and Maximum Username Age
These parameters are applicable to all NE TL1 users on a given NE. The same
parameters are available for each TL1 user on a given NE under the Infrastructure
object.
These parameters are available to configure when the Update the TL1 Credentials
in the NE when changing them in the NE Object Details parameter is selected. See
the Operations and Maintenance guide for the NE.
20.28.2 Updating TL1 credentials in multiple NEs

If you initially did not enable the synchronization strategy when starting the
5520 AMS for the first time and decide to enable it at a later time when your NEs have
already been added to the GUI, you must update the TL1 credentials for all the NEs
using the multiple edit function. This operation allows the TL1 credentials of all the
NEs to be synchronized at one time. The operation is also recommended for other
cases where the TL1 password must be changed across all NEs, such as a security
breach or a change in security policy. See the 5520 AMS User Guide for more
information about performing multiple edits.

Then, select the Update the TL1 Credentials in the NE when changing them in the
NE Object Details parameter in the NE Plug Specific Settings in the Administration
Tree so that in future if an NE gets disconnected, its TL1 credentials can be
synchronized automatically when the NE becomes reachable again. See
20.28.3 Configuring the NE to enable access to TL1 users

The NE has a parameter that can enable or disable the permission to change
passwords. When the parameter is enabled, you can create or modify a TL1 user on
the NE, as well as set the system parameters. The parameter is set using TL1. The
parameter is disabled by default.
1 Make sure the 5520 AMS is configured to manage the NE using SNMPv3 with
the authPriv security level.
2 Run the SET-SECU-SYS TL1 command on the NE and set the SNMPSECURITY
parameter to ENABLED.
20.29 Copying NE plug-in settings

You can copy NE plug-in settings from one NE plug-in object to one or more other
NE plug-in objects.
The settings that can be copied between NE plug-ins are software management and
backup and restore settings, as well as the Unlock ONT When Setting an Actual
Serial Number parameter. Only the settings that are available on both the source and
destination NE plug-in objects are copied.
Procedure 165 To copy NE plug-in settings
1 In the Administration Tree, choose EMS Administration→Configuration→NE Plug Specific

Settings.
2 Right-click the NE plug-in type and release you need to copy the settings for and choose
Actions→Copy From.
Result: The Copy NE Plug Specific Settings window opens.
3 Select an NE plug-in type and release in the Available panel and click the right-arrow.
Result: The selected NE plug-in is transferred to the Selected panel.
4 Click Finish.

20.30 Configuring template settings

Perform the procedure in this section to configure the template settings.
Additional template settings are configurable with certain 5529 Enhanced
Applications. For more information, see the documentation for the application.
Procedure 166 To configure template settings
1 In the Administration Tree, choose EMS Administration→Configuration→Template Settings.
Table 69 Template settings
Setting Description
Maximum Number of The maximum number of templates that can be added to a template
Templates per Template group version.
Group Version
Maximim Number of The maximum number of templates or template groups that can be
Templates/Template Groups displayed in the Template Tree. By default, this option is set to 4000.
Displayed in the Tree If the number of templates/template groups exceeds this limit, a
search button will be displayed in the Template Tree.
Align Service ID with VLAN ID Select this check box to align the service ID with the VLAN ID during
during Template Deployment VLAN template deployment. This check box is selected by default.
This default option benefits operators managing the NE from the CLI,
when the Service ID and VLAN ID are equal.
If this setting is enabled, then the L2 Service object is created in the
NE with the service ID equal to the VLAN ID that is defined in the
template definition (when the identifier is not provided during
deployment) or the VLAN ID that is provided as an argument (when
the identifier is provided during deployment).
If this setting is disabled, then the L2 Service object is created in the
NE with the service ID based on next available service ID number.
This was the behavior prior to R9.2.30.
3 Click the Apply icon ( ) icon to save the changes.
20.31 Managing users and settings

User management settings allow you to create and manage users and user sessions
on the 5520 AMS. For information about creating and managing users and sessions,
see Chapter 9 and Chapter 11.

20.32 Managing license settings

The license settings allow you to configure the threshold for license alarms and the
time when subscriber information is collected. For information about license alarms,
see License alarms.
Procedure 167 To configure the license alarm threshold

Perform this procedure to configure the threshold at which a Warning alarm is issued for counted
licenses.
1 In the Administration Tree, choose EMS Administration→License→License Settings.
2 In the Warning Threshold field, enter a value that is at least zero and less than 100.
3 Click the Apply icon ( ) icon to save the change.
Procedure 168 To configure the daily license collection start time
1 In the Administration Tree, choose EMS Administration→License→License Settings.
2 In the Licence Collection Start Time panel, configure the parameters for the time you need
the license collection to start.
3 Click the Apply icon ( ) to save the change.
Result: The change will be effective after the next scheduled collection.
20.33 Managing site settings

You can configure parameters for NE balancing based on custom group,
authentication and the External TL1 Gateway from the Site object.

Procedure 169 To configure site settings
1 In the Administration Tree, choose EMS Administration→EMS System→Site.
Result: The site settings appear in the Object Details view.
Table 70 Site settings
Setting Description
General
Type Indicates the type of the site, where the possible values are Simplex or Cluster. It is a
read-only parameter.
Status Indicates the status of the site, where the possible values are Healthy or Degraded. It is
a read-only parameter.
Enable NE Balancing Based On Select this check box to enable the NE balancing based on the custom group.
Custom Group The check box is not selected by default.
Standard NE rebalancing is based on the number of NEs and NE type/release. Enabling
this parameter will add a custom group to this criteria.
Note - The custom group related options supported for the ams_show_ne_balancing.sh
script are available only if this setting is selected. For more details on the supported
options, refer to the section 31.24.
Custom Group For NE Balancing The NEs are moved from most loaded Application server to the least loaded Application
server based on the number of NEs and NE type/release, and they can be combined
with the custom group.
The drop-down list display the custom groups that are created, along with the following
default custom groups:
• Sub Type
• Time Zone
This parameter is enabled only when the Enable NE Balancing Based On Custom
Group check box is selected.
Configuration File Changes The polling period for which the configuration files are audited by the 5520 AMS.
Detection Period The format of the value for this setting is <x> <y> where x is a number and <y> is the
duration that is, m (minutes), h (hours), or d (days).
By default, the value is 1 d. The acceptable values are 0, 1 d to 30 d, where 0 indicates
that this setting is disabled.
(1 of 4)

Setting Description
Authentication / Authorization The types of authentication and authorization used by the 5520 AMS server. The
Sources options are:
• Internal Database / Internal Database - Internal Database for Authentication and
Authorization.
• LDAP / Internal Database - LDAP for Authentication and Internal Database for
Authorization.
• RADIUS / Internal Database - RADIUS for Authentication and Internal Database for
Authorization.
• LDAP / LDAP - LDAP for Authentication and Authorization.
• RADIUS / RADIUS - RADIUS for Authentication and Authorization.
• Client OS / Internal Database- Client OS for Authentication and Internal Database
for Authorization.
For more information about Authentication and Authorization sources, see section
20.34.
For information about managing RADIUS and LDAP authentication, see 20.34.1 and
20.34.2.
RADIUS Server – Authentication and Authorization
IP Address or Hostname The IP address or hostname of the RADIUS server if you are using RADIUS
authentication.
Port The port number of the RADIUS server if you are using RADIUS authentication.
Secondary IP Address or Host The IP address or hostname of the secondary RADIUS server.
Name
Secondary Port The port number of the secondary RADIUS server if you are using RADIUS
authentication.
Password The password for the RADIUS server and client if you are using RADIUS authentication.
Re-Type Password
Timeout The timeout, in seconds, when contacting the RADIUS server.
Number of Retries The number of times to retry the connection to the RADIUS server.
Authentication Scheme Choose CHAP or PAP.
Description Description of the RADIUS server.
RADIUS Server – Accounting
IP address or Host Name The IP address or hostname of the RADIUS server if you are using RADIUS accounting.
Port The port number of the RADIUS server if you are using RADIUS accounting.
Secondary IP Address or Host The IP address or hostname of the secondary RADIUS server.
Name
Secondary Port The port number of the secondary RADIUS server if you are using RADIUS
accounting.
Password The password for the RADIUS server and client if you are using RADIUS accounting.
Re-Type Password
Timeout The timeout, in seconds, when contacting the RADIUS server.
Number of Retries The number of times to retry the connection to the RADIUS server.
LDAP Server
(2 of 4)

Setting Description
Protocol Unsecure LDAP or Secure LDAP
URL The URL of the LDAP server. For example, yourserver:port, where yourserver is the
DNS or IP address of the LDAP server and port is the network TCP port of the LDAP
server. The default TCP ports for LDAP servers are:
• Unsecure LDAP server: 389
• Secure LDAP server: 636
Secondary URL The URL of the second LDAP server for authentication. If the first server fails,
authentication will be directed to the second server.
Bind DN The user DN to authenticate the LDAP client to the server. For example, domain name
of sample.com, cn=Directory Manager,dc=sample,dc=com, where cn is the common
name and dc is the domain component.
Context DN The fixed DN of the context from which to start the user search. For example, dc=sample
dc=com, where dc is the domain component.
Password The password used to authenticate the LDAP client to the server for user and roles
queries.
Description Description of the LDAP server.
Role–Based Authorization (2)
Role DN The fixed DN of the context to search for user roles. For example, dc=sample dc=com,
where dc is the domain component.
Role Filter A search filter to locate the roles that are associated with the authenticated user. For
example, member={1}.
Role Name Attribute ID The name of the role attribute of the context that corresponds to the name of the role.
For example, cn.
Base Filter A search filter used to locate the context of the user to authenticate. For example,
uid={0}.
Role Attribute ID The name of the role attribute of the context that corresponds to the name of the role.
For example, dn.
External TL1GW Settings
Connection to External TL1GW A check box to establish a connection to External TL1 Gateway servers on the
5520 AMS. The check box is deselected by default.
For information about managing External TL1 Gateways, see Chapter 16.
Sync NE List A check box to specify that the 5520 AMS server should synchronize the NE List with
the TL1 Gateway servers.
Use Single External TL1 GW A check box to specify that only one TL1 Gateway server can be created for the site. If
Server the check box is not selected, multiple TL1 Gateways can be used. In this case, you
need to manually associate NEs to the TL1 Gateways.
DCN Server Settings
DCN Servers An IP address that can be used to test connectivity to the DCN.
Separate the multiple IP addresses with commas.
DCN Connectivity Test (3)
List of Devices to be Tested List of DCN server IP addresses and hostnames that are tested to determine whether
the servers are reachable.
Separate the multiple IP addresses and hostnames with commas.
(3 of 4)

Setting Description
Test Performed Every The time period (in minutes) that elapses between each DCN connectivity test.
Max. Retries per Test The maximum number of times that the DCN connectivity test is retried within the
specified time period before the 5520 AMS declares that the DCN server is
unreachable.
(4 of 4)
Note
(1) Standard NE rebalancing is based on the number of NEs and NE type/release.
(2) The Role-Based Authorization setting contains parameters for authentication. The following parameters are mandatory depending on the
type of authentication and authorization selected.
• For LDAP authentication - Role DN, Role Filter and Base Filter
• For LDAP authorization - Role Name Attribute ID and Role Attribute ID
(3) The DCN Connectivity test in Red Hat Enterprise Linux is done by establishing a TCP connection port 7 (Echo) of the destination host.
Note — If you change the selection of the Use Single External TL1 GW
Server check box, you must log out of the 5520 AMS client and log in
again to see the effect of the change.
20.34 Authentication and Authorization

The 5520 AMS supports some options for Authentication and Authorization which
are configurable from the Site object in the administration perspective. See Table 71
and Table 72 for more information.
Table 71 describes the Authentication modes.

Table 71 Authentication modes
Authenticatio Description
n options
Internal In this mode of authentication, the password is provided when a user log in is
Database checked against the password value stored in the 5520 AMS database. Users can
change their password from the 5520 AMS GUI.
Password complexity rules and password expiration period are applicable.
RADIUS or In this mode of authentication, the password is provided when a user log in is
LDAP checked against the password value stored in the remote authentication server.
Such users cannot change their password from the 5520 AMS GUI.
Password complexity rules and password expiration period are not applicable.
Client OS In this mode of authentication, the authentication is performed at the OS level,

therefore, the password in the AMS GUI login dialog is not checked.
Select the check box ‘Use Internal Database’ to enable local authentication against
the AMS internal database when a user is created manually.
Note — In RADIUS or LDAP authentication and Client OS

authentication modes, the security administrator can create
special users which are authenticated against the 5520 AMS
database.
Table 72 describes the Authorization modes.

Table 72 Authorization modes
Authorization options Description
Internal Database In this mode of authorization, every user is created in the

5520 AMS database by the security administrator. The
security administrator assigns privileges to each user
using roles, allowed PAP groups, and other user
properties.
(1 of 2)

Authorization options Description

Radius or LDAP • If a user is not created in the 5520 AMS database, but
still logs in, then:
• The password provided by the user is validated
with the password stored in the remote
authentication and authorization server.
• The user privileges are discovered from the
remote authentication and authorization server.
• During the authorization process, the AMS filters out
non-AMS roles from the list of roles returned by the
RADIUS or LDAP server and if the server does not
return any value, the login fails.
• In this mode of authorization, the security
administrator can create special users which are
authenticated and authorized against the 5520 AMS
database.
When a user is created manually by not selecting the
check box ‘Use Internal Database’, then:
• If the remote server is not reachable, a user
created in the 5520 AMS is used.
• If the remote server is reachable and accepts
request, a user discovered from the remote server
is used. When the remote server denies request,
the login fails.
(2 of 2)
20.34.1 RADIUS authentication

RADIUS is a networking protocol that provides centralized access and authorization
for users to connect to and use a network service, and makes a record of this access
in the accounting feature of the server. Roles and administrative privileges for
5520 AMS users are configured in the 5520 AMS, and cannot be configured using
RADIUS. Use the following procedures to manage RADIUS settings.
5520 AMS server as amssys.

Procedure 170 To enable RADIUS authentication

Before you proceed:
• The RADIUS server must be installed and configured.
• The RADIUS server must have access to 5520 AMS usernames and passwords. How the
RADIUS server stores and accesses the usernames and passwords depends on its
implementation. For example, certain RADIUS servers can use a flat text file, LDAP, or
SQL.
• Verify that the existing 5520 AMS usernames and passwords are configured in the
RADIUS server.
• When users are added to the 5520 AMS, update the RADIUS server with the
usernames and passwords.
1 In the Administration Tree, choose EMS Administration→EMS System.
2 Click the active site you need to enable RADIUS authentication for.
Result: The site settings are displayed in the Object Details view.
3 To enable RADIUS server authentication, set the Authentication Source parameter to

Radius.
4 Create 5520 AMS users. See Section 9.2 for more information. Verify that all usernames and
passwords are also defined in the RADIUS server.
Note — The password that you assign to the 5520 AMS user is stored
in the 5520 AMS database. This 5520 AMS user password does not
override the password specified in the RADIUS server.
AMS reapplies the authentication configuration dynamically, without a

server reboot.
For information on RADIUS configuration parameters, see Table 70.
For information on Radius Authentication server logs, see Appendix 32.
Procedure 171 To revert to database authentication

After you enable RADIUS authentication, if the RADIUS or LDAP server is not reachable or if the
RADIUS or LDAP server configuration is incorrect, you cannot log back in to the 5520 AMS.

To resolve the problem with the RADIUS or LDAP server, you need to log in to the 5520 AMS and
check the configuration. For log in access, you need to revert to database authentication using the
switch authentication script.
1 Log in as amssys to the 5520 AMS server workstation where database is running.
2 Start the switch authentication script by typing:
ams_switch_authentication_local.sh ↵
The 5520 AMS switch authentication script starts.
3 The following prompt appears:
Are you sure you need to switch to the local database authentication [no
(default) | yes ]?
To start the switch to database authentication type:
yes ↵
The 5520 AMS authentication type is changed to database authentication.
4 Restart the 5520 AMS server workstation.
5 Log in to the 5520 AMS as an administrator, as described in Procedure 6.
6 Verify that the RADIUS or LDAP server configuration parameters are correct using the
5520 AMS GUI.
7 Verify the RADIUS or LDAP server configuration on the 5520 AMS server workstation.
8 Correct any RADIUS or LDAP server configuration problems.
9 Enable RADIUS authentication as described in Procedure 170 or LDAP authentication as

described in Procedure 174.

Procedure 172 To disable RADIUS authentication
2 Click a site to display the site settings in the Object Details view.
3 To disable RADIUS server authentication, set the Authentication Source parameter to

Internal Database.
Note — AMS reapplies the authentication configuration dynamically,

without a server reboot.
20.34.2 LDAP authentication

LDAP authentication must be enabled on the 5520 AMS to perform LDAP queries on
an LDAP server.
LDAP Certificate based on MD5 algorithm is not supported from AMS 9.6.03 or later
releases, it is recommended to generate a certificate using more secure alternatives
such as SHA1,SHA2-256 and SHA2-512 algorithms on the LDAP server.
Procedure 173 LDAP authentication based on MD5 algorithm

Perform the following procedure if you are migrating from Release 9.6 to Release 9.6.03. You can
enable the MD5 based authentication using java.security policy. However, it is not recommended
to modify the java.security file due to security vulnerability issues.
It is recommended to obtain a SHA1, SHA2-256, or SHA2-512 certificate for LDAP authentication
from Release 9.6.03 or later.
1 Navigate to the following path:
cd /usr/lib/jvm/java-1.8.0-openjdk.x86_64/jre/lib/security/

2 Open java.security file using VI editior and remove MD5 from the following lines
jdk.certpath.disabledAlgorithms
jdk.jar.disabledAlgorithms
jdk.tls.disabledAlgorithms
3 Save the file and restart the AMS server.
Procedure 174 To enable LDAP or LDAPS authentication

Before you proceed:
• An LDAP server must be installed and configured as described in the documentation for
your LDAP server.
• The LDAP server must have access to 5520 AMS usernames and passwords using a flat
file or LDAP.
• Verify that existing 5520 AMS usernames and passwords are configured in the
LDAP server.
• When users are added to the 5520 AMS, update the LDAP server with the
usernames and passwords.
2 Click the active site that you need to enable LDAP for.
3 Set the Authentication Source parameter to LDAP.
4 Configure the LDAP Server parameters in the Object Details view, to match the way they are
configured on the LDAP server. For information about LDAP settings, see Table 70.
5 Create 5520 AMS users, see Section 9.2 creating user accounts from the 5520 AMS GUI.
Verify that all usernames and passwords are also defined on the LDAP server.
Note — The password that you assign to the 5520 AMS user is stored
in the 5520 AMS database. This 5520 AMS user password does not
override the password specified in the LDAP server.
AMS reapplies the authentication configuration dynamically, without a

server reboot.

Procedure 175 To disable LDAP authentication
2 Click the site that you need to disable LDAP for.
3 To disable LDAP server authentication, set the Authentication Source parameter to Internal
Database.
Note — AMS reapplies the authentication configuration dynamically,

without a server reboot.
Procedure 176 To add a CA certificate for LDAPS

To use LDAPS, you need to add a CA certificate in the 5520 AMS client. Perform this procedure
if you will be using LDAPS for authentication. You can add multiple CA certificates.
1 In the Administration Tree, choose EMS Administration→EMS System→LDAP Server CA

certificates.
2 Right-click LDAP Server CA certificates and choose Create→CA Certificate.
Result: The Create CA Certificate window opens.
3 Navigate to the directory where your certificate is stored and open the file that you need to
use.
4 Copy the certificate details and paste them into the Certificate field.
5 Enter a name for the certificate and click Finish.
Result: The CA certificate appears in the Administration Tree.
Note — The expiry date of the certificate appears in the Object Details
view for the certificate. When the certificate has expired, any login
attempts by LDAP users will fail.

20.34.3 LDAP authorization

A user in the LDAP server will have the authorization attributes which are defined in
the dictionary file. The dictionary file for LDAP server is local.schema. This dictionary
file (i.e the local.schema) has to be installed in the LDAP server before using the
LDAP for authorization. Authorization attributes are non-mandatory attributes.
The location of the LDAP dictionary file, local.schema is:
/var/opt/ams/shared/ams-<release>-<build>/remote-authorization/LDAP/local.sche
ma
Note — To integrate the dictionary file with the LDAP server,
add an include statement in the sldap.conf file that can be found
in the ldap installation root directory and then restart the LDAP
server.
LDAP authentication will work for the users created in the LDAP
server without the local.schema file.
20.34.4 RADIUS authorization

Any RADIUS server which supports addition of vendor-specific attributes can be
used for AMS authorization. The dictionary file for RADIUS server is dictionary.ams.
This dictionary file has to be installed in the RADIUS server before it is used for
authorization. The 5520 AMS works if all the attributes are defined as in the
dictionary.ams file.
The location of the RADIUS dictionary file, dictionary.ams is:
/var/opt/ams/shared/ams-<release>-<build>/remote-authorization/Radius/dictionary
.ams
Note — To integrate the dictionary file (dictionary.ams) with

FreeRadius server, add an include statement ($INCLUDE
dictionary.ams) by modifying the dictionary file available at
FreeRADIUS.net\share\freeradius\dictionary.
RADIUS authentication will work for the users created in the
RADIUS server without the dictionary.ams file.
20.34.5 LDAP/RADIUS authentication and authorization

If an LDAP or RADIUS server is used for authentication and authorization, and a user
is not defined in the 5520 AMS database, a user is created by the 5520 AMS with a
default value for the parameters that are supported and not supported in the LDAP
or RADIUS server.

In case of a Role attribute, no default value is used and the login fails when no valid
Role is returned.
Table 73 describes the parameters that apply to LDAP or RADIUS server when you
create or modify user accounts. ‘Discoverable values’ are the values which can be
retrieved from an LDAP or RADIUS database. When the values are not present in
the LDAP or RADIUS database, then the ‘Default values’ will be taken.
See Table 73 for information on user accounts for an LDAP or RADIUS server. See
Procedure 29 to create a user account.
Table 73 User account parameters for LDAP/RADIUS server
Parameters Discoverable Default value Attribute Name in Parameter Error Case

value when not LDAP/RADIUS syntax
discovered Dictionary
Common tab
Description (1) Yes Empty Nokia-AMS-Descrip String None
tion
Password No Empty - - -
Change Password on Next No Disabled - - -

Login
Bypass Password Aging No Disabled - - -

Check
Roles (1) (2) Yes Empty Nokia-AMS-Role (5) String Filters out roles
unknown in the
AMS.
Login fails if no
known Role remains
after filtering.
Allowed PAP Groups (1) (3) Yes allPAPs Nokia-AMS-Allowed String Filters out PAP
PapGroup Groups unknown in
the AMS.
Login fails if no
known PAP group
remains after
filtering.
Maximum Number of Yes 1 Nokia-AMS- Integer [1..1000] Login fails if value is

Concurrent Sessions MaxNumberOfConc not set in range
urrentGUISessions [1...1000]
Locked No Disabled - - -
Advanced tab
Use Global Login Message No Selected (Yes) - - -
Login message (1) Yes Empty Nokia-AMS- String None

(Disabled) LoginMessage
Address filter (4) Yes Empty Nokia-AMS-Filtered IPv4 Login fails if IPv4
IPAddress Address[prefix Address List is
length] invalid.
(1 of 2)

Parameters Discoverable Default value Attribute Name in Parameter Error Case

value when not LDAP/RADIUS syntax
discovered Dictionary

Use Internal Database No No - - -
Inactivity
Inactivity Logout Timeout Yes Global Nokia-AMS-Inactivit GLOBAL, If the value is set out
yLogoutTimeout USER, NONE of range, then the
user login fails.
Logout Timeout Yes Empty Nokia-AMS-Logout Integer Login fails if value is

(Disabled) Timeout [5..525600] not set in range
[5..525600]
Inactivity Lock Screen Timeout Yes Global Nokia-AMS-Inactivit GLOBAL, If the value is set out
yLockScreenTimeo USER, NONE of range, then the
ut user login fails.
Lock Screen Timeout Yes Empty Nokia-AMS- Integer Login fails if value is
(Disabled) LockScreen [3..525600] not set in range
Timeout [3..525600]
Dormant Account
Dormant Account Lock Policy No Global - - -
Dormant Account Deletion No Global - - -

Policy
Miscellaneous
Hidden Account (Operations No - - - -

are not logged)
(2 of 2)
Notes
(1) RADIUS has a limitation of 247 characters.
If Roles or PAP Groups created exceeds the limitation of 247 characters, then such roles or PAP Groups will not be discovered in RADIUS.
For example, if multiple roles are created with 128 characters each, then only one role is discovered in RADIUS.
(2) For Roles, RADIUS supports multi-valued attributes. Attributes with multiple values are separated by a comma. For example,
Nokia-AMS-Role=”Constructor,License-Admin”.
(3) For Allowed PAP Groups, LDAP supports multi-valued attributes. The same attribute name can be repeated with different values in the
definition of a user.
For example, Nokia-AMS-AllowedPapGroup=”North”,Nokia-AMS-AllowedPapGroup=”South”.
For Allowed PAP Groups, RADIUS supports multi-valued attributes. Attributes with multiple values are separated by a comma. For example,
Nokia-AMS-AllowedPapGroup=”North,South”.
(4) For Address filter, LDAP supports multi-valued attributes. The same attribute name can be repeated with different values in the definition
of a user.
For example, Nokia-AMS-FilteredIPAddress = “192.168.99.0/24,Nokia-AMS-FilteredIPAddress =192.168.95.0/24”.
For Address filter, RADIUS supports multi-valued attributes. Attributes with multiple values are separated by a comma. For example,
Nokia-AMS-FilteredIPAddress = “192.168.99.0/24,192.168.95.0/24”.
(5) Nokia-AMS-Role is applicable only for RADIUS. Refer to Table 70 for LDAP: Role-Based Authorization.

20.34.6 RADIUS Accounting

In the 5520 AMS, RADIUS accounting (refer to IETF RFC 2866, “RADIUS
Accounting”) is used only for centralizing security or logging of a user log in and log
out in the AMS server.
When a user successfully logs in to the 5520 AMS, an accounting request is sent to
the configured RADIUS accounting server with the following attributes:
• User-Name
• Login-IP-Host
• Login-Service
• Login-TCP-Port
• NAS-Identifier
• NAS-IP-Address
• NAS-Port-Type
• Acct-Status-Type
• Acct-Session-Id
• Acct-Authentic
Note — In case of a cluster, the GUI sessions are distributed

among all the application servers. Hence the exact IP address
of the application server (NAS-IP-Address) where the particular
session is logged in is sent to the server.
When a user logs out from the 5520 AMS for any reason such as idle timeout, admin
reset and so on, an accounting request containing the attributes mentioned in the
successful user log in, along with the following attributes is sent to the configured
RADIUS accounting server:
• Acct-Session-Time
• Acct-Terminate-Cause
The value of account terminate cause (Acct-Terminate-Cause) is returned based on
the following mapping table:
Table 74 Mapping of Termination Causes
5520 AMS Termination Cause Acct-Terminate-Cause
Normal Logout User Request
Inactivity Timeout Idle Timeout
Session deleted by admin or other users Admin Reset
Server down or switch-over NAS Reboot
Change password User Request
User locked Admin Reset
(1 of 2)

5520 AMS Termination Cause Acct-Terminate-Cause

User Address filter changed Admin Reset
Internal kill by 5520 AMS server, when the Lost Service

session is created, but not updated after 5
minutes (1)
Other Acct-Terminate-Cause attribute is not

sent when the cause is not known
(2 of 2)
Notes
(1) This situation occurs when the 5520 AMS client is killed or disconnected and the session is not terminated
properly on the server.
The accounting request is sent to the accounting server. When the accounting
response is not received after the configured timeout, the 5520 AMS re-sends the
accounting request to the server. When the configured number of retries is
exhausted, an error is logged in the 5520 AMS security log, with the same category
or level as an authentication failure.
RADIUS accounting supports redundancy of sending accounting requests. When the
configured number of retries is exhausted, with a secondary accounting server
configured, the 5520 AMS sends the accounting request to the secondary server and
retries using the configured values for timeout and number of retries.
Note — When login or log out is performed as a result of
processing a SOAP/XML request from the 5520 AMS or 5529
Enhanced Applications, no accounting request is sent to the
RADIUS accounting server.
20.35 Configuring application server settings

You can configure the application server settings. An Application Server object is
created during the installation process. For more information, see the 5520 AMS
Installation and Migration Guide.
Procedure 177 To configure application server settings
1 In the Administration Tree, choose EMS Administration→EMS System→Site→Application &

Data Servers→Application Server.
Result: The application server settings are displayed in the Object Details view.
2 Configure the settings as described in Table 75. See Table 76 for information about the
Software/Plug-in Version settings.

Table 75 Application server settings
Setting Description
Intra Cluster Communication
Host Name Displays the host name of the application server.
Cluster IP Address Displays the IP address of the application server.
Port Number Displays the port number of the application server.
Server Status
Status Displays the status of the application server. The value is Up or

Down. The Up value indicates that communication with the server
is established. The Down value indicates that communication with
the server is not established.
Master Server Displays whether the application server is the master server. The
value is true or false.
Health Displays the health of the application server.
Settings
Capacity to Handle NE SNMP Specifies the capacity of the application server to handle NE
Traps SNMP traps.
Total Number of Parallel Jobs Specifies the total number of parallel jobs that can be handled by
the application server. The value depends on the power of the
application server.
Number of Parallel Jobs The table displays the number of jobs that can be handled by the
application server for each job queue. For the 5520 AMS system,
the table indicates how to allocate the total number of parallel jobs
(value of Total Number of Parallel Jobs parameter) to each queue.
The numbers in the table are percentages or absolute numbers of
jobs. There is a minimum guaranteed number of jobs and a
maximum number of jobs allowed per queue. Contact your Nokia
representative if you intend to change any values in the table. For
the job tuning information table for setups with 8vCPUs or less,
see the 5520 AMS Solution Planning Guide.
Software / Plug-in Version
Operating System Specifies the operating system information of the 5520 AMS
server, such as name of the OS, its architecture, and version.
Version Specifies the software version.
Build Number Specifies the build number.
Build Date and Time Specifies the build date and time.
Active Plug-ins Lists the active plug-ins, and their release number, version, and
build number.

Procedure 178 To view 5520 AMS version and plug-in details

Perform this procedure to see which release, patches, emergency fixes, and plug-ins (including
5529 Enhanced Applications and their components) are running on the application server.

Data Servers→Application Server.
2 Choose the Software/Plug-in Version pane to view the details. Information about the
5520 AMS core appears in the Version, configuration file name appears in the Golden SW
Label, Build Number, and Build Date and Time fields. Information about plug-ins appears in
the Active Plug-ins table.
Table 76 describes the items that appear in the Software/Plug-in Version pane.
Table 76 Version and plug-in details
Version or Name Version Core Build Aligned Example

plug-in Number (1)
(example)
5520 AMS core — release — 400217 + 9.7.0

number.0
5520 AMS ams release — 400217 - —
patch number.patch
number (2)
Emergency ams-ef release — 400217 - 9.7.01ef1

fixes number and
EF version
5529 Enhanced app-application application The release 400217 - app-idm

Applications release number of
number the
5520 AMS
core the
plug-in was
built for
NE plug-ins for combo-NE plug-in The release 400217 + combo-is
the 5520 AMS type-NE release version number of am-5.8
core number the
5520 AMS
core the
plug-in was
built for
Note
(1) The Aligned column indicates if the component is aligned with the GoldenEMSSwConfig file or not. If the
component is present in GoldenEMSSwConfig file, then ‘+’ is displayed. If it is a component that is not expected
or added manually, then ‘-’ is displayed.

(2) A final digit greater than 0 indicates a patch.
20.36 Viewing data server settings

You can view the data server settings. A Data Server object is created during the
installation process. For more information, see the 5520 AMS Installation and
Migration Guide.
Procedure 179 To view data server settings

Data Servers→Data Server.
Result: The data server settings are displayed in the Object Details view.
2 View the settings in the Object Details view. Table 77 describes the settings that are
displayed in the Object Details view.
Table 77 Data server settings
Setting Description
Intra Cluster Communication

Host Name Displays the host name of the data server.
Cluster IP Address Displays the IP address of the data server.
Server Status
Preferred Server This check box is selected if the data server is the preferred data
server.
Master Server Displays the data server role. The check box is selected if the data
server is the active data server.
Health Displays the health of the data server.
Software / Plug-in Version
Operating System Specifies the operating system information of the 5520 AMS
server, such as name of the OS, its architecture, and version.

20.37 Configuring SNTP settings

After an SNTP server has been installed on the 5520 AMS, you can configure some
of the server settings. For information about managing SNTP, see Chapter 14.
Procedure 180 To configure SNTP settings
1 In the Administration Tree, choose EMS Administration→EMS System→Site→SNTP Server.
2 Click the SNTP server that you need to configure.
Result: The SNTP server settings are displayed in the Object Details view.

Table 78 SNTP server settings
Setting Description
Identification
Name The name of the SNTP server
Settings Type The type of SNTP settings to use on the NE. Options are:
• Use AMS Local SNTP Server (use this to run SNTP
processes on all 5520 AMS servers)
• Disable SNTP in NE
• Do Not Overwrite SNTP in NE
• External SNTP Server x
SNTP Settings
Server IP Address The IP address of the SNTP server. For a local SNTP server, this
IP address is automatically assigned by the 5520 AMS. IPv4 and
IPv6 address formats are supported for this parameter.
Server Port The server port of the SNTP server. The port is used only when
the Settings Type is set to Use AMS Local SNTP Server or
External SNTP Server x.
Polling Rate The polling rate of the SNTP server. The polling rate applies only
when the Settings Type is set to Use AMS Local SNTP Server or
External SNTP Server x.
NE Assignment
Subnet Address The subnet realm for which the SNTP server will be used.
Subnet Mask The range of IP addresses for which the SNTP server will be
used.
20.38 Configuring inventory basic settings

The 5520 AMS performs an automatic collection of inventory basic data once a day.
The 5520 AMS uses the collected inventory data in many ways. For example, to
support the find feature, where you can find objects by selecting the object type, such
as NEs, Subracks, Boards and so on.
Use Procedure 181 to configure the parameters that apply to inventory basic data
collections, real-time updates, and overload protection.
You can also perform forced collections of inventory basic data at any time. See
Chapter 21.

Procedure 181 To configure inventory basic settings
1 In the Administration Tree, choose EMS Administration→Inventory→Basic Settings.
Result: The inventory basic settings are displayed in the Object Details view.
2 Configure the inventory basic settings, as required. Table 79 describes the parameters
available on the Basic Settings page.

Table 79 Basic Settings parameters
Parameter Description Value
Background Collection
Automatic Network Collection This setting controls the background The default is Default Network
at collection of basic inventory data. A Collection.
default collection schedule is predefined
and associated with this setting, so that
an inventory data collection runs once a
day on the entire network. Click Browse
to create a new schedule, as required.
Click Go To to view the default schedule
details and to modify the schedule if
needed.
The parameter does not display in the
5520 AMS GUI when certain
5529 Enhanced Applications are
installed. See the documentation for the
application for more information.
Real-Time Update
Real-Time Update Enabled Select this check box to enable real-time Enabled or disabled.
updates. The default is Enabled.
Process Pending Changes The frequency of pending change The range is 10 s to 300 s.
Every processing by the 5520 AMS. For The default is 30 s.
example, if the default value is chosen,
the 5520 AMS processes pending
changes every 30 s.
Resynchronization of Out of Sync NEs
Automatic Resynchronization Select this check box to enable automatic The default is Enabled (selected
of Out of Sync NEs resynchronization of out of sync NEs. check box).
If the check box is checked, the
5520 AMS will collect data for the out of
sync NEs every five minutes. The
collection will not appear in the Action
Manager.
Number of Failures Causing The maximum number of times the The range is 1 to 2147483647.
the Collection to Stop 5520 AMS will attempt to collect data for The default is 3.
out of sync NEs. If the number of retries is
exceeded, the automatic collection of out
of sync NEs is stopped.
Delay to Resume Stopped A time period (in seconds, minutes, hours The default is 1 d.
Collection or days) for the collection to resume on
out of sync NEs. The 5520 AMS decides
which collection should be resumed once
in every hour.
The format of the specified duration must
be # s, m, d, or h.
Overload Protection

Parameter Description Value

Maximum Number of Events The maximum number of change events The range is 10000 to 500000.
in Queue that can be pending at one time. The default is 50000.
When the maximum number of events in
the queue is reached, incoming
notifications are dropped. The NEs that
raised these notifications are set to out of
sync and resynchronized later.
Collection
Maximum Number of Objects The maximum number of objects for The range is 50 to 1000.
per Request which the 5520 AMS collects inventory The default is 100.
data from the network in a collection
request.
20.38.1 Collection failure alarms

An inventory data collection that fails is associated with an alarm. Open the Alarm
view, and look for inventory data collection alarms. Table 80 shows the main
attributes of the inventory data collection alarms. See Table 26-8 for information
about other inventory alarms.
Table 80 Inventory collection alarms
Probable cause / Specific Default Category / Repair action

Mnemonic Problem severity / Service
Default affecting
reporting
Synchronization Inventory Major Eqt Check NE is reachable and

Problem Automatic On No supervised. Run Collection
SYNC Collection on NE.
Stopped
Synchronization Inventory Major Eqt Check NE is reachable and

Problem Collection On No supervised. If you are using
SYNC Failure one of the 5529 Enhanced
Applications for inventory
collection, verify that the NE
software version is
compatible with the
Enhanced Application
software version.
Synchronization Inventory Out Of Major Eqt Check NE is reachable and

Problem Sync On No supervised. Run Collection
SYNC on NE.
(1 of 2)

Probable cause / Specific Default Category / Repair action

Mnemonic Problem severity / Service
Default affecting
reporting
Synchronization NRTU Inventory Major Eqt Verify that the NE is

Problem Collection On No reachable and supervised.
SYNC Failure Run NRTU collection on the
NE
(2 of 2)
Investigate and resolve each inventory data collection failure. The 5520 AMS logs
the cause of the inventory data collection failure in the inventory.log file. You can find
this log file on the server, in the $AMS_LOG_DIR directory.
The most common causes of an inventory data collection failure are:
• The NE is not supervised by the 5520 AMS.
• The 5520 AMS does not support the NE plug-in software load.
• The 5520 AMS NE support plug-in is not installed.
Take the appropriate action to resolve an inventory data collection failure. After the
issue is resolved, perform a forced inventory data collection. See chapter 21 for
information about performing forced collections of inventory basic data.
20.39 Configuring proxy settings in the 5520 AMS

clients to access the Internet
You can configure the proxy settings in the 5520 AMS client to access the Internet
using the Internal Web Browser available in the client.
For Windows clients, the proxy settings are applied from Windows and no
configuration is needed.
For Red Hat Enterprise Linux clients, refer to Procedure 182 to configure the proxy
settings to access the internet.
Note — The 5520 AMS client login function does not support
SOCKS Proxy servers.
Procedure 182 To configure the proxy settings in the 5520 AMS Red Hat Enterprise
clients to access the Internet
1 Navigate to the directory where the 5520 AMS Red Hat Enterprise Linux client is installed.
2 Open amsclient.ini and add the following lines.

-Dnetwork.proxy_host=proxy_address
-Dnetwork.proxy_port=port
where:
proxy_address is the proxy address to use.
port is the port to use.
3 Save the file and restart the client.
Result: The proxy settings are configured.
20.40 Configuring the SIP file transfer protocols

To transfer the XML files from the AMS server to the FTP server that houses the SIP
server, the SIP file transfer protocol can be configured for SFTP, FTP or SCP using
the 5520 AMS clients.
Procedure 183 To configure the SIP file transfer protocols using the 5520 AMS GUI
1 In the Administration Tree, choose EMS Administration→ Configuration→ SIP Settings.
2 In the Object Details view, choose the file transfer protocol from the File Transfer Protocol
drop-down menu.

Result: The default protocol is SFTP.
Note —
• While transferring the XML files from the AMS server to the
FTP server that houses the SIP server, the protocol handling
script is invoked by the 5520 AMS, and calls the appropriate
script based on the SIP file transfer protocol selected (SFTP,
FTP or SCP).
• For SSH authentication of the SCP or SFTP session, Nokia

recommends that the public key be added to the ssh
authorized_keys file on the FTP server, which the
5520 AMS uses an SCP or an SFTP session to transfer the
XML files, so that a password is not required.
• The operator has to enter the SFTP, FTP or SCP username,

password and remote root directory information in the script
after the migration is completed.
20.41 Configuring FTP for SIP

Table 81 lists the tasks for configuring FTP for SIP.
Table 81 Configure SIP
Task See
Configure an FTP server for SIP Procedure 184

Create an anonymous FTP user Procedure 185
Configure the 5520 AMS to upload Procedure 186

the SIP configuration file to an
external FTP server

Procedure 184 To configure an FTP server for SIP

The default FTP server IP address is the IP address of the server that is running the 5520 AMS.
1 Click the Open Perspective icon ( ) and choose Administration.
Result: The Administration Tree opens.
2 Choose EMS Administration→Configuration→SIP-FTP→SIP Settings.
Table 82 provides guidelines for configuring the parameters.
Table 82 Guidelines for SIP parameters
Applies to Parameter Guidelines

All releases FTP Server IP Address To configure the 5520 AMS server as the FTP
(1) server, enter the IP address of the 5520 AMS
server.
To configure an external FTP server, enter the
IP address of the external FTP server.
R4.6.0 or later FTP Server User Name When you enter a username and password, the
values are displayed in the FTP user name and
FTP Server Password password parameters on the FTP tab of the
VoIP Service object.
When you do not enter a user name and
password, you must use anonymous access to
the FTP server. Nokia recommends that you do
not use the amsftp username and password as
the FTP server username and password.
All releases File Transfer Protocol Specify the file transfer protocol, (FTP, SCP or
SFTP) to be used for transferring the SIP files
between AMS and the external FTP server.
Note
(1) When the 5520 AMS is a standalone server, the FTP server can be configured on the 5520 AMS server. When
the 5520 AMS server is part of a cluster, configure an external FTP server.

Procedure 185 To create an anonymous FTP user

The ONT port configured for SIP uses an anonymous username and password to retrieve the VoIP
configuration file. The 5520 AMS FTP server requires an anonymous FTP user in the
$AMS_SHAREDDATA_HOME/ne directory.
Create an anonymous FTP user when the 5520 AMS server is configured as the FTP server for
SIP.
Note — When the FTP server is configured on a external server, you

must create an anonymous FTP user on the external server.
You need root privileges to create an anonymous FTP user on the 5520 AMS server.
1 Log in to the 5520 AMS server as amssys.
Note — The root user cannot access the absolute path of

$AMS_SHAREDDATA_HOME. Ensure to log in as amssys to access the
path and then login as a root to execute the absolute path.
2 Execute the following command to find out the absolute path of the
$AMS_SHAREDDATA_HOME directory:
env | grep AMS_SHAREDDATA_HOME
The absolute path to the shared data directory is displayed.
For example:
AMS_SHAREDDATA_HOME=/var/opt/ams/shared/ams-9.7-385564
Make a note of this absolute path, as you need to provide this path, while executing the
command to create an anonymous FTP user as a root user.
3 Log in to the 5520 AMS server as:
su root
4 Create an anonymous FTP user by typing:
usermod -c “account” -d
<absolute_path_of_$AMS_SHAREDDATA_HOME_variable>/ne -g amssys -s
/bin/true ftp ↵
Where:
<absolute_path_of_$AMS_SHAREDDATA_HOME_variable> is the path you noted in step

2.

For example:
usermod -c “account” -d /var/opt/ams/shared/ams-9.7-385564/ne -g amssys

-s /bin/true ftp ↵
5 Synchronize the /etc/shadow file by typing:
pwconv ↵
a Edit the /etc/vsftpd/vsftpd.conf file and ensure that the anonymous_enabled is set to
YES and add anon_world_readable_only=NO, and then save and close the file.
anonymous_enable=YES
anon_world_readable_only=NO
b After editing the vsftpd.conf file, restart the system and then start the vsftpd service and
configure it to start during boot.
service vsftpd restart (on RHEL 6.x)
systemctl restart vsftpd (on RHEL 7.x)
chkconfig vsftpd on
7 Setup SELINUX file context so anonymous FTP can access the files. Perform one of the
following steps:
a If semanage is not installed, then create the file

/etc/selinux/targeted/contexts/files/file_contexts.local and add the following entry:
<absolute_path_of_$AMS_SHAREDDATA_HOME_variable>/ne(/.*)?<
tab>system_u:object_r:public_content_t:s0
For example:
/var/opt/ams/shared/ams-9.7-385564/ne(/.*)?<
tab>system_u:object_r:public_content_t:s0
b If semanage is installed, then run:
semanage fcontext -a -t public_content_t
“<absolute_path_of_$AMS_SHAREDDATA_HOME_variable>/ne(/.*)?”
For example:
semanage fcontext -a -t public_content_t
/var/opt/ams/shared/ams-9.7-385564/ne(/.*)?

8 Update SELINUX file context for the files:
restorecon –vvFR
<absolute_path_of_$AMS_SHAREDDATA_HOME_variable>/ne
Where:

2.
For example:
restorecon –vvFR
/var/opt/ams/shared/ams-9.7-385564/ne
9 Update SELINUX permissions to allow FTP to write to the file system if the server is used for
G6 backups using FTP:
setsebool -P allow_ftpd_anon_write=1
Note — This step is not required when G6 backups are set up to use
SFTP.
10 In a terminal window, type:
ftp AMS_IP_address ↵
where AMS_IP_address is the IP address of the 5520 AMS. IPv4 and IPv6 address formats are supported.
Note — RHEL does not install the ftp command by default. To add this
command you can run ‘yum install ftp’.
11 When prompted for a user ID, type:
anonymous
12 When prompted, type the e-mail address for the password.
13 List the directories by typing:
ls ↵

Verify that there is a directory labeled SIP.
Procedure 186 To configure the 5520 AMS to upload the SIP configuration file to an
external FTP server
Perform this procedure to configure an external FTP server to which the 5520 AMS uploads the
SIP configuration file.
Before you proceed:
• You need root user privileges.
• An external FTP server must be configured. See Procedure 184.
2 For a root user, the $AMS_SHAREDDATA_HOME variable is not available to the shell.
Execute the following command to find out the absolute path of the
$AMS_SHAREDDATA_HOME directory:
env | grep AMS_SHAREDDATA_HOME
The absolute path to the shared data directory is displayed. For example:
AMS_SHAREDDATA_HOME=/var/opt/ams/shared/ams-9.4.00-999000
Make a note of this absolute path, as you need to provide this path, while executing the
command to change directory to the shared data directory as a root user.
3 Log in to the 5520 AMS server as root.
4 Change directories by typing:
cd <absolute_path_of_$AMS_SHAREDDATA_HOME_variable>/ne/sip/bin ↵
Where:

2.
5 Copy and rename the copyXmlToExternalServer.pl.template file by typing:
cp copyXmlToExternalServer.pl.template copyXmlToExternalServer.pl ↵
6 Open the copyXmlToExternalServer.pl script for editing and change the FTPUSER,
FTPPASSWD, and REMOTEFTPROOT lines to the following:

FTPUSER=”anonymous”
FTPPASSWD=”anonymous”
REMOTEFTPROOT=”/”
20.42 Configuring AMS Settings for NBI

Perform this procedure to set the parameters of AMS Settings.
Procedure 187 To configure AMS settings for NBI using 5520 AMS GUI
1 In the AMS Administration Tree, choose the EMS Administration → Configuration → NBI →
EMS NBI Settings.
2 In the Object Details view, choose and configure the AMS settings as required. Table 83
describes the parameters available on the AMS Settings.

Table 83 Parameters of AMS Settings
Parameters Description
Operation Timeout Indicates the operation timeout (secs). The valid values range
from 60 to 3600. The default value is 180.
Heartbeat Enabled Indicates whether the Heartbeat event notification is enabled or

not. The valid values are true or false. The default value is true.
Heartbeat Interval Indicates the interval at which the Heartbeat event is generated.
The valid values range from 1 to 900.The default value is 60.
Domain Name Indicates the NBI name. Default value is AMS.
Keep Configuration Keeps the default roles, functions and properties in case the AMS
NBI is undeployed, else this parameter removes these values.
The valid values are true or false. The default value is true.
JMS Delivery Mode Indicates the delivery mode for JMS messages to specify whether
messages are lost or can be recovered if the JMS provider fails.
The valid values are NON_PERSISTENT and PERSISTENT. The
default value is NON_PERSISTENT.
Max Concurrent Operations Indicates the maximum number of concurrent operations. The
valid values range from 1 to 20. The default value is 3. It is
applicable to all AMS NBI operations, except the executeAction
parameter.
Max Concurrent ExecuteAction Operations Indicates the maximum number of concurrent operations for the
executed action. The valid values range from 1 to 50000. The
default value is 50.
NE Group Creation Indicates whether a new NE is created under the group name or
a new group is created with the name of the NE being created by
the createManagedElement operation.
The valid values are “Use Group Name Attribute Value” and “Use
NE Name When Group Name Attribute is Empty”. The default
value is “Use Group Name Attribute Value”.
When the value is set to “Use Group Name Attribute Value”, the
5520 AMS looks for the group with the name in groupName
attribute and creates the NE under this group. If no value is
provided in groupName, the NE is created under the Group
Network folder.
When the value is set to “Use NE Name When Group Name
Attribute is Empty”, there are two behaviors:
• When the user sends the operation without any value in the
groupName attribute, the 5520 AMS creates a new group
under the Group Network folder with the name of the
systemName value (which is the NE name being created). If
the group already exists, or the group exists but not directly
under the Group Network, then the 5520 AMS uses this
existing group and creates the NE under it.
• When the user sends the operation with a name in
parentNeGroupName, the 5520 AMS looks for the folder
name in which the NE with this name (value of
parentNeGroupName) exists, and creates a new NE in the
same folder. If the group already exists, then the 5520 AMS
uses this existing group and creates the NE under it.

20.43 Configuring 5530 NA-F settings

You can configure 5530 NA-F settings to view the OTDR summary, start OTDR, view
OTDR measurements and topology on a GPON PON port. For more information
about OTDR, see the Operations and Maintenance Guide of the NE.
Before you proceed, the 5530 NA-F server must be installed and activated.
Procedure 188 To configure 5530 NA-F settings

Perform the following procedure to configure the 5530 NA-F settings.
1 In the Administration Tree, choose the EMS Administration → EMS System→ Site
(server_name) → 5530 NA-F Settings.
where server_name is the name of the server.
Table 84 5530 NA-F Settings
General
Enable OTDR Status & Results Select this check box to enable OTDR. Ensure to enable this
check box after data migration to enable OTDR.
Communication with 5530 NA-F

IP Address The IP address of the 5530 NA-F server.
Port Number The TCP port number of the 5530 NA-F server. Default value is
80. The value 0 indicates that the port is not used.
NBI Username The default username to log in to the 5530 NA-F NBI.
NBI Password The default password to log in to the 5530 NA-F NBI.
Re-type NBI Password
Raise Alarm When Cannot Connect To 5530 Select this check box to raise alarms when the 5520 AMS cannot
NA-F Server connect to the 5530 NA-F server.
Interval Check The time interval to check if the 5530 NA-F connection is
established.
Refresh
OTDR View Refresh Interval A time period, in seconds, before OTDR view is refreshed.

20.44 Configuring HDM NBI settings
Caution — This feature has been deprecated and is no longer

supported. It should not be used.
For more information about management of ONT devices using the TR-69 protocol
in the 5520 AMS GUI, see the Operations and Maintenance Guide of the NE.
Before you proceed, the HDM Lite version must be installed and configured on the
5520 AMS server.
Procedure 189 To configure HDM NBI settings

Perform the following procedure to configure the HDM NBI settings.
1 In the Administration Tree, choose the EMS Administration → EMS System→ Site
(server_name) → HDM NBI Settings.
where server_name is the name of the server.

Table 85 HDM NBI Settings
General
Enable TR-069 Management Select this check box to enable TR-069 management.
If this check box is not selected, the remaining parameters in this
view are disabled, and the TR-069 management parameters in
the ONT object are also disabled. All device configuration in the
HDM is removed.
Communication with HDM
IP Address The IP address of the HDM server. Only IPv4 version is

supported.
Port Number The TCP port number of the HDM server. Default is 7005. 0
indicates that the port is not used.
NBI Username The default username to log in to the HDM NBI.
NBI Password The default password to log in to the HDM NBI.
Re-type NBI Password

Raise Alarm When Cannot Connect To HDM Select this check box to raise alarms when the 5520 AMS cannot
Server connect to the HDM server.
Interval Check The 5520 AMS periodically polls the HDM Server to check if the
connection to the HDM server is established; and raises an alarm
when the request times out or is rejected due to incorrect
credentials. The default polling frequency is 15 minutes.
20.45 Configuring zero touch provisioning settings
Note 1 — The Zero Touch Provisioning feature is supported

only on SNMP managed 7362 ISAM DF-16GW, 7360 ISAM
SF-8, 7363 ISAM MX, 7367 ISAM SX-16, 7367 ISAM SX-48U,
7367 ISAM SX-8F, 7367 ISAM DX-16F R5.5 NEs and 7367
ISAM SX-16VP, 7367 ISAM SX-12VP, 7367 ISAM SX-8VP,
7367 ISAM SX-48V, 7367 ISAM DX-48V R6.0.01 NEs when
used with an Ethernet uplink. The Zero Touch Provisioning
feature is not supported on 7360 ISAM FX NE.
Note 2 — Automated turn up of NetConf/YANG managed
devices involves using Nokia Access Virtualizer.

Procedure 190 To configure zero touch provisioning settings

Perform the following procedure to configure the zero touch provisioning settings.
1 In the Administration Tree, choose the EMS Administration → Configuration → Zero Touch
Provisioning → Zero Touch Provisioning Settings.
Table 86 Zero touch provisioning Settings
General
Enable Zero Touch Provisioning Select this check box to enable zero touch provisioning.
By default, the option is not selected.
SW Download Settings (1)
Replace passive SW if present Select this check box to replace the existing passive software.
By default, the parameter is selected.
Reduce existing SW on NE (Delete unwanted Select this check box to reduce existing software on an NE and to
SW files) delete the unwanted software files.
By default, the parameter is not selected.
Number of Retries Configure the number of retries for the software download for zero
touch provisioning enabled NEs.
The default value is 0.
Delay Between Action Retries Configure the duration (in minutes) for which the software
download needs to wait to automatically retry a failed action in the
Delay Between Action Retries field. This parameter is applicable
only if retries are configured for the software download operation
in the Number of Retries field.
The Delay Between Action Retries parameter is disabled when
the Number of Retries parameter value is set to 0.
The default value is 10 minutes.
Notes
(1) You need to enter CLI username and password if software upgrade is enabled.

Administrator Guide Managing data
Managing data
21 Managing data

Managing data Administrator Guide

21 Managing data
21.1 Managing data overview
21.2 Backing up the 5520 AMS database
21.3 Restoring the 5520 AMS database
21.4 Backing up the 5520 AMS software
21.5 Restoring the 5520 AMS software
21.6 Exporting and importing data
21.7 Exporting data to a file in CSV format
21.8 Performing a forced collection of inventory basic data
21.9 Splitting and concatenating a backup file
21.1 Managing data overview

The 5520 AMS includes tools that allow you to back up and restore all of your data,
and export and import selected data.
Note — Before you proceed:
• Make sure your user account is assigned a role that includes

the necessary functions to perform the procedures in this
chapter. See Table 19 for more information on 5520 AMS
function descriptions.
• The maximum number of concurrent SSH connections must
be configured. This is a pre-requisite for backing up 5520
AMS database. For more information on configuring
maximum number of concurrent SSH connections, see the
5520 AMS Installation and Migration Guide.
21.1.1 NE backup and restore

Section 21.2 and Section 21.3 describe how to back up and restore data used by the
5520 AMS and its associated 5529 Enhanced Applications. See Chapter 18 for the
procedures to back up and restore NE software and databases. See Section 22.9 for
the procedures to schedule an NE backup or restore.

21.1.2 Verifying backup files periodically

Verify your backup files periodically. Nokia recommends that you restore and test
your backup files on a test system to make sure that:
• The data is being backed up correctly.
• The restore procedures are valid.
21.2 Backing up the 5520 AMS database

You can back up the 5520 AMS database using a backup script included with the
5520 AMS installation. You should back up the database regularly.
You can run the backup script manually or as a scheduled task. You cannot run two
backup operations concurrently. If you attempt to run the backup script while a
backup is in progress, the second script will fail and display an error message.
Note 1 — Nokia recommends that you perform backup and
restore procedures when the activity on the 5520 AMS is low.
For example, at midnight.
Note 2 — Nokia recommends that you monitor the backup
directory for sufficient disk space.
The database backup script creates a compressed .tar or .gz file with a filename and
location that you specify when you run the script.
Note 1 — Do not back up the database to the /tmp directory or
the shared data directory. The default shared data directory is
/var/opt.
Note 2 — On a server running the Red Hat Enterprise Linux
operating system, do not back up the database to the /tmp
directory, the shared data directory or the LVM volume of the
database storage directory.
If the standby data server that is running the backup script fails before the backup
operation is complete, the script does not resume automatically when the server
restarts. You must manually run the backup script on the new standby data server,
or on the original standby data server after it resumes operation.
Note — When the 5520 AMS backup is running on the data

server, the server status goes to degraded state and the
database process status goes to waiting startup state.

21.2.1 Data preserved in a backup

When you run the backup script, the following data is copied and stored in a single
compressed .tar file:
• All persistent data from the 5520 AMS database
• Data maintained by enhanced programs data from the database, provided the
enhanced program is collocated with the 5520 AMS (for example, not installed in
standalone mode on a separate server)
• Configuration data files
• NE backup files
• NE software, including software loads and tools
Note — The 5520 AMS software is not backed up in this

process. See Section 21.4 for information about backing up the
5520 AMS software.
21.2.2 Backup log files

The backup and restore operations create log files. By default, the following files are
located in the $AMS_DEBUG_DIR directory.
• ams_backup.trace and ams_restore.trace
Logging levels are defined in the ams.conf file using the variable
AMS_SCRIPTS_TRACELEVEL. The possible logging levels are:
• 1: Error
• 2: Major
• 3: Info (default)
• 4: Debug
• 5: Method
21.2.3 Backing up in a cluster

When several 5520 AMS application and database servers are associated in a
cluster, you can use the same procedure to back up the data on any one of the
standby data servers. You must run the backup script from the standby data server.
AMS provides an option for the user to forcefully run on the active data server with
the -f option, which is not recommended. If more than one site is configured, perform
the backup at the active site. The backup data file will be located on the server from
which you ran the backup script or a remote server depending on the option you
selected before executing the script.

amssys.
Procedure 191 To back up the 5520 AMS database
1 Log in to the 5520 AMS data server as amssys.
2 To start the backup script, perform one of the following steps:
• To include NE backups in the backup, type:
ams_backup.sh <destination URL>↵
where:
destination URL is the location where the generated backup file will be stored. This can be a local file or
a location on a remote server. For backup file transfer to a remote server, both ftp and sftp protocols are
supported.
For example:
ams_backup.sh ftp://username:password@desHost/backupFile
ams_backup.sh /var/opt/ams/users/amssys/test123
• To exclude NE backups, type:
ams_backup.sh -c <destination URL>
Note — This option backs up the database, but not the common
directory, which contains the NE backup files.
• To force the backup of the active data server in a 5520 AMS cluster, type:
ams_backup.sh -f <destination URL>
The -f option is mandatory in the following cases:

• You cannot run the backup on the standby data server, for example, if the standby server
is not synchronized with the active server, or is not reachable.
• The cluster has only one data server.
• To compress the backup file in the local system in the .gzip format, type:
ams_backup.sh -z <destination URL>
The backup file will be saved as .tar.gz. If the file format is not specified, the backup will
be saved in .tar format in the local system. For external server, the file will be
automatically compressed and transferred in .tar.gz format.
Result: The 5520 AMS backup script starts. The following is a sample of the script output.
**** Starting AMS backup process ****

AMS backup is successful. Check log files for detailed status.
The database backup file is stored with the filename and location that you specified when you
ran the script in step 2. Backup log files (ams_backup.trace) are stored in a traces folder,
which is located in the $AMS_DEBUG_DIR directory.
Procedure 192 To back up the 5520 AMS database in a geo-redundant cluster
1 Log in to the 5520 AMS data server in the active site as amssys.
2 To start the backup script on the standby data server in the active site, type:
ams_backup.sh <destination URL>
where:
destination URL is the location where the generated backup file will be stored. This can be a local location or
a location in a remote server.
For example:
ams_backup.sh ftp://username:password@desHost/backupFile
ams_backup.sh /var/opt/ams/users/amssys/test123
Result: The 5520 AMS backup script starts. The following is a sample of the script output.
**** Starting AMS backup process ****
AMS backup is successful. Check log files for detailed status.

Procedure 193 To back up the NE backup database

Perform this procedure to create a backup file of the NE backup database only. You can choose
to include or exclude the NE backup files.
2 To start the backup script, perform one of the following steps:
• To include NE backups in the backup file, type:
ams_nebackup.sh backupfilename.tar
where:
backupfilename is the name of the backup file that is generated by the script.
For example:
ams_nebackup.sh /var/tmp/backup_today.tar
• To exclude NE backups, type:
ams_nebackup.sh -c backupfilename.tar
Note — This option backs up the NE backup database, but not the
common directory, which contains the NE backup files.
Result: The 5520 AMS NE backup script starts. The following is a sample of the script output.
**** Starting AMS NE backup process ****
AMS NE backup is successful. Check log files for detailed status.

21.2.4 Scheduling backups

You can use the ams_schedule_backup script to schedule regular backups of the
5520 AMS database. The ams_schedule_backup script creates cron jobs to run the
ams_backup.sh script. You can save the backup files to the server, or FTP, or SFTP
them to a different location.
Note 1 — You cannot use both the FTP and the SFTP options
together.
Note 2 — The 5520 AMS depends on SSH key infrastructure to
configure SFTP as transfer method.
In a cluster environment, you can run the ams_schedule_backup script on all data
servers, and set all data servers to run the backup schedule at the same time. The
schedule will run the backup on the slave data server if database and shared file
system replication are in sync. If database and shared file system replication are not
in sync, the backup will run on the active master server. In a geographically
redundant installation, the schedule will back up the standby data server in active
and standby sites.
Table 87 describes the options for the script. You can enter options on the command
line, or use a configuration file to provide options. The configuration file,
ams_schedule_backup.env, is provided with the 5520 AMS server software and
includes the default values.
Note — Migration to a new release of the 5520 AMS does not

remove schedules from the server. After migration you need to
run the ams_schedule_backup script on all data servers, using
the -bs YES option to remove all previous schedules.
Table 87 Options for the ams_schedule_backup script
Option Value Description

-int — Run the script in interactive mode. A menu is presented for the
backup and FTP settings.
-bn YES or NO Add a new backup schedule.(1)
-bs YES or NO Remove all existing schedules.

If -bn and -bs are both set to YES a new schedule is created and
all previous ones are deleted. If -bn is set to YES and -bs is set
to NO a new schedule is created and the previous ones remain.
If -bn and -bs are both set to NO all existing schedules remain
and no new ones are added(1).
-bd The full path to a The directory where backup files will be stored. The directory
directory on the must exist and be owned by amssys.(1)
server
-bt A time in the format The time the backup will be run. To enter multiple times, use
hh:mm double quotes, for example “02:00 04:00”.(1)
-bf A number The number of backup files to keep. One file will be kept per day
unless the files are saved to different directories.(1)
(1 of 2)

Option Value Description

-bo -c or blank The option to pass to the ams_backup.sh script. Enter -c to
exclude NE backup files.
-bb YES or NO Remove all existing backup files in the backup directory.
-bz YES or NO Compress the backup file using gzip.(1)
-fe YES or NO Enable automatic FTP transfer of the backup file. The default is
NO.
Only one FTP server can be configured from the command line.
To set up multiple FTP servers, run the script in interactive
mode.(1)
-se YES or NO Enable automatic SFTP of the backup file. The default is NO.
Only one SFTP server can be configured from the command
line. To set up multiple SFTP servers, run the script in interactive
mode.(2)
-fa A hostname or IP The hostname or IP address to FTP or SFTP the backup file.(1)
address
-fu A username The username to access the remote FTP or SFTP server.(1)
-fp A password The password to access the remote FTP server.(1)
-fd A directory name The name of the directory to store data in the remote server. The
FTP or SFTP user must be the owner of the destination directory
and must have write permission to the directory.(1)
-fm An e-mail address The e-mail address to send the status of the FTP or SFTP
transfer.
(2 of 2)
Note
(1) Example of script usage:
ams_schedule_backup-bn YES -bd/var/opt/ams/local/amsbackup -bt “13:46”-bf 3

-fe YES -fa 10.150.1.30 -fu testuser -fp userpasswd -bz YES -fd
/Your_Directory
(2) Example of script usage:
ams_schedule_backup -bn YES -bs YES -bd /builds -bt “16:26” -bf 1 -bb NO -bz
YES -se YES -fa 10.150.1.30 -fd /Your_Directory -fu testuser
Before you proceed:

• You must be able to log in to the 5520 AMS data server as amssys.
• The directory you where the backup files will be stored must exist and be owned
by amssys.

Procedure 194 To modify the default options for the ams_schedule_backup script
1 Log in to the data server as amssys.
2 Open the following configuration file for editing:
vi amssys_home_account/bin/ams_schedule_backup.env ↵
where amssys_home_account is the home account of amssys. This directory depends on the values provided
during the 5520 AMS installation.
4 Save and close the file. The script will be run using the values you have entered unless a
different option is entered on the command line.
Procedure 195 To schedule backups of the 5520 AMS database
1 Log in to the data server as amssys.
2 Run the ams_schedule_backup script by typing one of the following:
• To run the script with the options saved in ams_schedule_backup.env, type:
ams_schedule_backup ↵
• To set options that are different from the defaults, type:
ams_schedule_backup options ↵
where:
options is the options you need to over-ride.
For example, entering ams_schedule_backup -bt 02:00 -fe YES -fa 124.120.0.0 fu ftpuser
-fp ftppass -fm user@domain.com will create a cron job to backup the database at 2:00
AM and FTP the backup file to 124.120.0.0. The credentials for the FTP server are ftpuser
and ftppass. When the transfer is complete, an e-mail will be sent to user@domain.com.
• To run the script in interactive mode, type:
ams_schedule_backup -int ↵
The database will be backed up according to the parameters you entered.

21.3 Restoring the 5520 AMS database

You can restore the 5520 AMS database using restore scripts that are installed
You can restore the backup on the same server, or on a server with a different IP
address. If you are restoring the backup on a different server and the old server had
less than 4 GB RAM, the new server must have the same amount of memory as the
old server. Otherwise, the new server can have more memory than the old one.
The 5520 AMS must be installed in the same configuration, that is, a single server or
a cluster.
In a simplex setup, the 5520 AMS restore may fail due to a database behavior. In this
rare occurrence, perform the procedure to forcefully recover database data. See
https://mariadb.com/kb/en/mariadb/xtradbinnodb-recovery-modes/
21.3.1 Restoring the 5520 AMS database on the same

server
Before you proceed:
• You must be able to log in to the 5520 AMS server as amssys. See Procedure 8
to log in to the 5520 AMS server as amssys.
• You must have created a 5520 AMS backup file from which to restore the
database.
• You must stop all 5520 AMS application and data servers before restoring data.
See appendix 31.2 for information about using the ams_server script to stop a
server. When you are using the 5520 AMS in a cluster, stop the application and
data servers by using the ams_cluster script to stop the servers in a cluster.
See 31.7 for more information.
Note 1 — Before you can restore a 5520 AMS backup file,

make sure that the server on which you are restoring the
backup file has been started at least once to create the
5520 AMS database. For example, restoring a backup file will
fail on a newly installed server that has never been started.
Note 2 — If you restore the database on the non-preferred data
server on a cluster with redundant data servers, then you must
run the 'ams_server start.sh' script on the same server the
ams_restore.sh script was run. Ensure that the database server
is active (and the 5520 AMS server is starting up or running if
on database/application), before starting any other servers in
the cluster.

Procedure 196 To restore the 5520 AMS database on the same standalone server
1 Log in to the active 5520 AMS data server as amssys.
2 Stop the 5520 AMS server by typing:
ams_server stop ↵
3 Start the database restore script by typing:
ams_restore.sh backupfilename.tar ↵
where:
backupfilename is the name of the backup file you need to restore from.
For example:
ams_restore.sh /var/tmp/backup_today.tar
4 Start the 5520 AMS server by typing:.
Procedure 197 To restore the 5520 AMS database on the same cluster
1 Log in to the active 5520 AMS data server in the cluster as amssys.
2 Stop the servers in the cluster by typing:
ams_cluster stop ↵
where:

For example:
4 Once the 5520 AMS database restore is successful, start the servers in the cluster by typing:
ams_cluster start ↵
cluster
1 Log in to any of the 5520 AMS servers in the standby site as amssys.
2 Stop the servers in the standby site cluster by typing:
3 Log in to the active 5520 AMS data server in the active site as amssys.
4 Stop the servers in the active site cluster by typing:
5 Start database restore on the active data server in the active site by typing:
where:
For example:
6 Once the AMS database restore is successful, start the servers in the active site cluster by
typing:
7 Start the servers in standby site cluster by typing:

simplex
1 Log in to the 5520 AMS server in the standby site as amssys.
ams_server stop ↵
3 Log in to the 5520 AMS server in the active site as amssys.
ams_server stop ↵
5 Start database restore on the active site by typing:
where:
For example:
6 Once AMS database restore is successful, start the server in the active site by typing:
7 Start the server in the standby site by typing:

Procedure 200 To restore the NE backup database

Perform this procedure to restore the NE backup database only.
1 Log in to the active 5520 AMS data server as amssys.
2 Start the restore script by typing one of the following:
• To include NE backups in the restore, type:
ams_nerestore.sh backupfilename.tar ↵
• To restore only the NE backup database, type:
ams_nerestore.sh -b backupfilename.tar ↵
where:
21.3.2 Restoring the 5520 AMS database on a new server

(cold standby)
To restore the database on a different server, all settings on the new server must be
the same as on the old server, except IP address and site name.
You will need a new license key for the new server. See Chapter 5 for information
about licenses.
Before you proceed:
• You must be able to log in to the 5520 AMS server as amssys. See Procedure 8
to log in to a 5520 AMS server as amssys.
• You must have created a 5520 AMS backup file from which to restore the
database.

• The 5520 AMS software must be installed on the new server with a new IP
address and site name. All other settings must be the same as on the old server
(including 5520 AMS version, machine role, directories, and plug-ins).
• You must stop all 5520 AMS application and data servers before restoring data.
See appendix 31.2 for information about using the ams_server script to stop a
server. When you are using the 5520 AMS in a cluster, stop the application and
data servers by using the ams_cluster script to stop the servers in a cluster.
See 31.7 for more information.
Note 1 — Before you can restore a 5520 AMS backup file,

make sure that the server on which you are restoring the
backup file has been started at least once to create the
5520 AMS database. For example, restoring a backup file will
fail on a newly installed server that has never been started.
Note 2 — If you restore the database on the standby data
server on a cluster with redundant data servers, then you must
run the 'ams_server start.sh' script on the same server the
ams_restore.sh script was run. Ensure that the database server
is active (and the 5520 AMS server is starting up or running if
on database/application), before starting any other servers in
the cluster.
Perform one of the following procedures to restore the 5520 AMS database on a
different server:
• On a new standalone server (see Procedure 201)
• On a new cluster (see Procedure 202)
• On a new geo-redundant cluster (see Procedure 203)
• On a new geo-redundant simplex (see Procedure 204)
Procedure 201 To restore the 5520 AMS database on a new standalone server
ams_server stop ↵
ams_restore.sh -n backupfilename.tar ↵
where:
For example:
ams_restore.sh -n /var/tmp/backup_today.tar

4 Start the 5520 AMS server by typing:.
5 Apply licenses to the server. See chapter 5.
Note — You must obtain and apply new licenses that contain the host
ID of the current server.
Procedure 202 To restore the 5520 AMS database on a new cluster
1 Log in to the active 5520 AMS data server in the cluster as amssys.
2 Stop the servers in the cluster by typing:
where:
For example:
The ‘-n’ option restores the database without the license.
4 Once the AMS database restore is successful, start the servers in the cluster by typing:.
5 Apply licenses to each server in the cluster. See Chapter 5.

Procedure 203 To restore the 5520 AMS database on a new geo-redundant cluster
1 Log in to any of the 5520 AMS servers in the standby site as amssys.
2 Stop the servers in the standby site cluster by typing:
3 Log in to the preferred 5520 AMS data server in the active site as amssys.
4 Stop the servers in the active site cluster by typing:
5 Start database restore on the active data server in the active site by typing:
where:
For example:
6 Once AMS database restore is successful, start the servers in the active site cluster by
typing:
7 Start the servers in standby site cluster by typing:
8 Apply licenses to the servers in the active and standby sites. See chapter 5.

Procedure 204 To restore the 5520 AMS database on a new geo-redundant simplex
1 Log in to the 5520 AMS server in the standby site as amssys.
ams_server stop ↵
3 Log in to the 5520 AMS server in the active site as amssys.
ams_server stop ↵
5 Start database restore on the active site by typing:
where:
For example:
6 Once AMS database restore is successful, start the server in the active site by typing:
7 Start the server in the standby site by typing:
8 Apply licenses to the servers in the active and standby sites. See Chapter 5.

21.4 Backing up the 5520 AMS software

You can back up the 5520 AMS software and associated plug-ins and packages
using a software backup script provided with the 5520 AMS. The software backup
script creates a binary file that can be used to reinstall the 5520 AMS.
Note — The 5520 AMS database is not backed up in this

process. See Section 21.2 for information about backing up the
5520 AMS database.
If the application server that is running the software backup script fails before the
software backup operation is complete, the script does not resume automatically
when the server restarts. You must manually run the software backup script on the
new application server, or on the original application server after it resumes
operation.
21.4.1 Backup log files

The software backup operations create a log file named ams_sw_backup.log. By
default, the file is located in the $AMS_LOG_DIR directory.
21.4.2 Backing up in a cluster

When several 5520 AMS application servers are associated in a cluster, you can use
the same procedure to back up the 5520 AMS software on any one of the application
servers. You must run the backup script from master or non-master application
server. If more than one site is configured, perform the backup at the active site. The
backup software file will be located on the server from which you ran the backup
script.
amssys.

Procedure 205 To back up the 5520 AMS software
2 Start the backup script by typing:
ams_sw_backup.sh backup_name ↵
where backup_name is a name for the backup, which is used as a prefix for the backup file produced by the
script.
3 The script executes, creating a backup file in the directory where you executed the script. The
backup file is named in the following format:
backup_name.hostname.bin ↵
where:
backup_name is the name for the backup that you defined in step 2.
hostname is the host name of the system on which you performed the backup.
21.5 Restoring the 5520 AMS software

You can restore the 5520 AMS software using a binary file produced using the
software backup script. Executing the binary file creates an installation of the
5520 AMS.
If an installation of the 5520 AMS still exists on the data server you need to restore,
you must uninstall the 5520 AMS before you can restore the software. See the
5520 AMS Installation and Migration Guide for information about uninstalling the
5520 AMS.
Note — The server where you are restoring the software must
have the same host name as the server where you backed up
the files. Performing a software restore on a different server
causes the restore operation to fail.
21.5.1 Restore log files

The software restore operation creates an entry in the install.log file. By default, the
file is located in the local data directory that you specified during installation. See the
5520 AMS Installation and Migration Guide for information about the install.log file.

Procedure 206 To restore the 5520 AMS software
1 Log in to the 5520 AMS server you need to restore, as root.
Note — The 5520 AMS software can also be restored using the
software backup script.
2 Copy the .bin backup file you created in Procedure 205 to the shared data directory.
3 Start the software restore by typing the name of the .bin backup file and pressing ↵. The
5520 AMS begins to install.
4 See the procedures in Section 21.3 if you need to restore the 5520 AMS database as well.
21.6 Exporting and importing data

The 5520 AMS has an Export tool that allows you to export data from the 5520 AMS
server. The 5520 AMS also has an Import tool that administrators can use to import
application data from an export .tar.gz file that is created on another 5520 AMS
server.
Note 1 — Do not perform export and import operations at the
same time on the same 5520 AMS server.
Note 2 — A consistency check for duplicate alarms is not
performed when you import historical alarms. All historical
alarms are imported regardless of the fact that they may
already be present in the historical alarm list.
Note 3 — The operators with the function ‘Import/Export - Edit’
in the 5520 AMS can export and import the AMS data even
when they are not allowed to view or edit the data. This is also
applicable to the PAP groups, where operators are able to
export and import NEs that do not belong to their own PAP
groups. In other words, the security function ' Import/Export -
Edit' replaces other operator privileges.
Warning — To avoid crashing of 5520 AMS, Nokia

recommends you to limit the number of exported historical
alarms.

For information about migrating data from earlier releases or from another EMS, see
the 5520 AMS Installation and Migration Guide.
Procedure 207 To export data using the 5520 AMS GUI

Before you perform a large export operation, back up your data. For more information, see Section
21.2.
1 Log in to the 5520 AMS client and close all active user sessions, other than the administrator
session. See Chapter 11.
Result: The Export window opens, showing the directory on the 5520 AMS server to which
data will be exported.
Note — When the 5520 AMS is installed in a simplex or cluster setup,

the export files destination path is always
$AMS_EXTERNAL_SHAREDDATA_HOME/export/ams/export.tar.gz
3 In the Export window, select the check boxes for the application filters or click Select All to
select all filters.
Note 1 — You can export operator default templates for configuration.

For more information, see Chapter 23.
Note 2 — To selectively export records of User management and

Templates applications, see Procedure 208 for more information.
4 To add an NE filter, click Select NE Filter and click Add.
Result: The NE Selection window opens.
Some applications can be filtered based on NE information. The Select NE Filter check box
is enabled when one of these applications is selected for export.
Note — When you export NEs from one server to another, make sure
you export all applications that contain NE specific data (these are the
applications mentioned above). For example, exporting NEs with splitters
requires to select the following two applications:
• 'Link Management' for the links between PON port, Splitters, and
ONTs.
• 'Subscriber Search Categories, Custom Fields & Objects" for the
Splitter objects and their attributes.

5 Select the filters in the Filters panel and click Build List.
Note — The Name filter returns partial matches.
6 Select NEs from the list and click OK.
Result: The NE Selection window closes and the selected NEs appear in the NE Filter panel
of the Export window.
7 Click Finish.
Result: An Export Result view displays the export file name and the successful, ignored, and
failed records from the export.
• To store the information in the Export Results window, click Copy to Clipboard.
Result: All entries created are copied to the clipboard. Paste the results into a text editor
and save the file.
• To view the log summary for each application, click View log file.
• To close the window, click OK.
Procedure 208 To selectively export records using the 5520 AMS GUI
Applies to — This procedure applies to the User Management and

Template applications only.

Table 88 Types of records for selective export
Application Record Type Filter attributes
User Management Role Name

Description
Allowed Functions
User Name
Description
Roles
Allowed PAP Groups
PAP Name
Description
PAP Group Name

Description
Templates and Jobs Any or Template Template name
Template type
Template version
Note — The linked templates within a template definition are not

exported.You have to select the linked templates in the filtered export.
When the linked templates are not included in the export file, then the link
in the template will be empty (i.e no link template will be defined for the
related attribute). For more information on Templates, see the 5520 AMS
User Guide.
1 Log in to the 5520 AMS client and close all active user sessions, other than the administrator
session. See Chapter 11.
Result: The Export window opens, showing the directory on the 5520 AMS server to which
data will be exported.
Note — When the 5520 AMS is installed in a simplex or cluster setup,

the export files destination path is always
3 In the Export window, select the check box for the application which you need to selectively
export.
Result: The Filter option is enabled when ‘User Management’ or ‘Templates and Jobs’
application is selected.

4 Click Filter.
Result: The Enable Filter window opens.
5 Choose one of the following:
• Select all objects - This is the default option selected, if this option is selected, selective
filtering is not applied. Click Finish. The Filter option is set to No in the Export window. All
records are exported. Proceed to step 12.
• Select a subset of objects - If you select this option, you can select records to be exported
by applying filter criteria.This option enables the ‘Selected Records’ frame in the Enable
Filter window. Proceed to step 6.
Note — You can filter and export only 5000 records.
6 Click Add to build a list based on a criteria and select records for export.
Result:The Select Records to Export window opens.
i Select the type of record to be filtered in the Record Type drop-down list (for example,
Any).
Note — If the Record Type ‘Any’ is selected then all the records will be
retrieved. The operator has to select the user and their roles or PAPs
together.
ii Select one of the following options in the Filter panel:
• Match all of the following - to match all of the defined filter criteria.
• Match any of the following- to match any of the defined filter criteria.
iii From the first drop-down menu, select an attribute (for example, Name).
iv From the second drop-down menu, select an operator (for example, Contains).
v In the field, enter a string for the filter (for example, Admin).
vi To add more filter phrases to your filter, click the ‘+’ and repeat steps iii to v.
Click ‘-’ to remove the filter phrases. See Table 88 for types of application records and
types of filter attributes for filtering.
vii Click Build List.

Result: The records that match the filter criteria are displayed in the Filtered Records
panel.
8 Select the records that you want to export or click Select All to select all filtered records for
export.
Note — If you want to deselect the selected filtered records, click

Deselect All.
9 Click Apply.
Result: The selected records from the ‘Filtered records’ panel in the Filter window are moved
to the Selected Records panel in the ‘Enable Filter’ window.
10 Click Finish in the Filter window.
Result: The ‘Select Records to Export’ window is closed.The selected filtered records are
reflected in the ‘Enable Filter’ window.
Warning — If you select the Select all objects option when there are
filtered records in the Selected Records panel, a message is displayed:
Are you sure you want to clear the filter?
If you click OK, the filtered records are cleared from the Selected Records
panel.
Select the Select all objects option only if you want to clear the filtered
records.
11 Click Finish in the Enable Filter window.
Result: The Filter option is set to Yes in the Export window.
12 To add an NE filter, click Select NE Filter and click Add.

Some applications can be filtered based on NE information. The Select NE Filter check box
is enabled when one of these applications is selected for export.
Note — When you export NEs from one server to another, make sure
you export all applications that contain NE specific data (these are the
applications mentioned above). For example, exporting NEs with splitters
requires to select the following two applications:
• 'Link Management' for the links between PON port, Splitters, and
ONTs.
• 'Subscriber Search Categories, Custom Fields & Objects’ for the
Splitter objects and their attributes.
13 Select the filters in the Filters panel and click Build List.
Note — The Name filter returns partial matches.
14 Select NEs from the list and click OK.
Result: The NE Selection window closes and the selected NEs appear in the NE Filter panel
of the Export window.
15 Click Finish to close the Export window.
Result: An Export Result view displays the export file name and the successful, ignored, and
failed records from the export.
• To store the information in the Export Results window, click Copy to Clipboard.
Result: All entries created are copied to the clipboard. Paste the results into a text editor
and save the file.
• To view the log summary for each application, click View log file.
• To close the window, click OK.

Procedure 209 To import data using the 5520 AMS GUI

Before you proceed:
• The data you are importing must first be exported to a 5520 AMS server.
• You may have to copy the export .tar.gz file to the server to which you need to import if
the export file is available on a different machine.
The path to the export file is:
Note 1 — A user whose role includes the Import/Export - Edit function

will be able to import data for NEs, users, and templates, regardless of
whether the role also includes the Edit functions for NEs, users, or
templates. For more information about roles and functions, see
Chapter 9.
Note 2 — When you are importing software management and jobs, first
place the software package in the following location in the server where
you are importing the data:
• $AMS_EXTERNAL_SHAREDDATA_HOME/ne/software, in case of
NE software packages
• $AMS_EXTERNAL_SHAREDDATA_HOME/ont/software, in case of
ONT software packages
1 From the 5520 AMS GUI, choose File→Import.
2 In the Import window:
i Click Browse.
Result: The Files in shared data directory window opens, showing the export directory
in the shared data directory on the server.
ii Choose export→ams and the export file you need to import.
iii Click Finish.
Result: The Import window displays the path and file you have chosen.
iv Click Next.
Result: The second Import window opens. The Import File Info panel shows the
information included in the import file. The Application Filter panel shows the
applications from which you can import data.

3 In the Application Filter panel, select the applications from which you need to import data.
You can click Select All if you need to include all applications in the import.
Note 1 — You can import operator default templates for configuration.

For more information, see Chapter 23.
Note 2 — Select the Overwrite check box to overwrite the duplicate

records. This step applies only to the User Management application.
The following warning message is displayed in the Import window:
Enabling ‘Overwrite’ will modify existing objects when records with the
same name are imported. Use with care.
4 Click Finish.
Result: An Import Result window displays the results, including successful, ignored, failed,
and overwritten records, from the import process.
5 Click OK to close the Import Result window.
Result: An Import/Migration window opens, prompting you to restart the 5520 AMS client for
the changes to take effect.
6 Click Yes to restart the client immediately.
Note — To replicate custom groups across different releases of

5520 AMS, you need to select the following options when
exporting data.
• Custom Group
• Filters
• Subscriber Search Attribute Categories, Custom Fields &
Objects (incl. Splitters)
21.7 Exporting data to a file in CSV format

The 5520 AMS View Menu provides you with the option to save data from the
Object Details view or the Graphical view in CSV format. For more information, see
the 5520 AMS User Guide.
The Object Details and Graphical views can contain a large amount of data. After
saving the data to a .csv file, you can analyze the file content using desktop
applications or scripts.

The 5520 AMS saves the data using configurable field separators or delimiters. To
be able to process the saved data, you need to set the field separator in the
5520 AMS GUI to match the field separator configured on your workstation. In the
Windows environment, the value of the field separator depends on the configured
Regional and Language Options, and is related to how your system displays numeric
values. Look for the List separator parameter in the Regional and Language Options,
and ensure that the CSV Separator parameter in the 5520 AMS GUI is set to the
same value.
Use Procedure 210 to set the field separator in the 5520 AMS GUI.
Procedure 210 To configure the field separator in the 5520 AMS GUI
1 From the 5520 AMS menu bar, choose Window→Preferences.
2 Click General to display the General GUI Preferences panel.
3 Type a field separator (delimiter) in the CSV Separator box.
4 Click Apply to save the changes.
5 Click OK to close the Preferences window.
21.8 Performing a forced collection of inventory

basic data
In addition to the daily automatic network collection, the 5520 AMS provides you with
the option to perform forced collections of inventory basic data at any time. Use
Procedure 211 to perform a forced inventory data collection.
The forced inventory data collection can be disabled. See Table 89 for the reasons
why the forced data collection can be disabled, and the corrective actions that you
need to take to fix the problem.
Table 89 Disabled forced inventory data collection—reasons and correc-
tive actions
Reason Corrective action
The NE is not supervised. Perform an NE supervision.
(1 of 2)

Reason Corrective action

The NE is not reachable. Perform an NE reachability test.
The userID does not have Administrator Add the applicable Administrator privileges to the
privileges. userID.
(2 of 2)
Procedure 211 To perform a forced inventory data collection
1 In the Network Tree, click an NE group or on one or more NEs to select them.
2 Right-click the NE selection, and choose Inventory→Collect.
Result: Selecting this option performs a forced collection of data. The Basic Inventory
Collection window opens, and shows the operation progress.
Note — You can also view the operation progress in the Progress view.
To open the Progress view, choose Window→Show
View→Other→Platform→Progress, and click OK.
3 To get more details about the inventory data collection while the operation is running, do the
following:
i Click the Open Perspective icon ( ), and choose the Action Manager perspective to
open the Action table.
ii In the Action table, double-click the row that corresponds to your forced inventory data
collection.
Result: The Action Details window appears.
Note — An inventory data collection that has started on an NE does not

stop if you click Cancel. However, if you cancel an inventory data
collection on an NE group or multiple NEs, the 5520 AMS cancels the
data collection on the subsequent NEs after completing the current NE
data collection.
21.9 Splitting and concatenating a backup file

You can split a backup file into multiple fragments in order to store it on external
media, such as a DVD or tape backup using the operating system commands.
Procedure 212 describes how to split a backup file into fragments. Procedure 213
describes how to concatenate the fragments into a backup file.

Procedure 212 To split a backup file
1 Create a backup file, as described in section 21.2 or section 21.4.
3 Split the backup file by typing:
split -b file_size backup_file
where:
file_size is the size of the fragments, in bytes. You can enter a value in kb followed by k, or a value in Mb
followed by m (for example, using a value of 1024m creates fragments 1024 Mb in size).
backup_file is the backup file you created in step 1.
4 Copy the fragments to your external media backup.
5 If required, erase the backup file or file fragments on the 5520 AMS data server.
Procedure 213 To concatenate a split backup file
2 Create a directory named AMS_RESTORE. Nokia recommends that you create the directory
outside of the 5520 AMS directory structure, and on a volume with available space that is
greater than twice the size of the backup file.
3 Copy the fragments of the backup file to the AMS_RESTORE directory.
4 Concatenate the fragments by typing:
cat backup_file* > backup_file.tar
where backup_file is the name of the backup file you split in Procedure 212.
5 If required, erase the file fragments in the AMS_RESTORE directory.
6 If required, restore the 5520 AMS using the backup file, as described in section 21.3 or
section 21.5.

Administrator Guide Managing schedules, links, and codes
Managing schedules, links, and

codes
22 Managing schedules
23 Managing customized web links and operator defaults
24 Managing CPE vendor ID and country codes

Managing schedules, links, and codes Administrator Guide

Administrator Guide Managing schedules
22 Managing schedules
22.1 Schedules overview
22.2 Creating a simple schedule
22.3 Creating a complex schedule
22.4 Viewing a list of schedules
22.5 Modifying a schedule
22.6 Modifying a task
22.7 Unscheduling a task
22.8 Deleting a schedule
22.9 Scheduling an NE database backup
22.1 Schedules overview

You can create and configure schedules using the 5520 AMS. After you create a
schedule, you can assign the schedule to 5520 AMS tasks such as downloading or
activating software files and backing up the database.
more information.
22.1.1 Schedule view

The Schedule view allows you to create, view, modify or delete simple and complex
schedules. The Schedule view is located in the Scheduler perspective.
The Schedule view contains three panels:
• List of schedules—allows you to create, modify, and delete simple and complex
schedules.
• Schedule details—displays the configuration information for the selected
schedule, information about the last time that the schedule was executed, how
many times the schedule will be activated, and which user created the schedule.
• List of Jobs—displays the tasks to which the selected schedule is assigned.
Allows you to modify task details and unschedule a task.

Managing schedules Administrator Guide
22.1.2 Effect of DST changes

After a DST change, a schedule may appear to be off by one hour, or it may appear
to execute twice at the same time.
22.1.2.1 Simple schedules

A simple schedule allows you to schedule the execution of tasks at regular intervals.
If a simple schedule is configured to execute daily at 3:00 a.m., after a spring DST
change when the clock moves forward, the schedule will execute at 4:00 a.m. The
interval is the same, but the time has moved ahead. During the autumn change from
DST, the schedule will appear to execute twice.
Note — In this case, if an index or filename is based on the

timestamp, the data may be overwritten.
22.1.2.2 Complex schedules

A complex schedule allows you to schedule the execution of tasks at specific times,
according to the Gregorian calendar. If a complex schedule is configured to execute
daily at 10:00 a.m., the schedule will continue to execute daily at 10:00 a.m. even
after a DST change. This means that the actual time interval between the execution
of the schedule on the Saturday morning before a DST change and the first
execution of the schedule on the Sunday morning following the DST change will be
23 hours (spring DST change) or 25 hours (autumn DST change).
You should consider the effect of creating a complex schedule that executes
between midnight and 3:00 a.m. when DST changes occur (the critical window of
time depends on the DST event). Depending on the schedule and the specific DST
event, the scheduled execution may be skipped or may appear to not execute for one
or two hours.
In the United States, DST changes occur at 2:00 a.m. If you have a complex
schedule that executes daily at 2:15 a.m., then on the day that DST starts, the
scheduled execution will be skipped because 2:15 a.m. never occurs that day. If you
have a complex schedule that executes every 15 minutes, then on the day that DST
ends you will have one hour during which no scheduled executions occur. This is
because when 2:00 a.m. arrives, it becomes 1:00 a.m. again. Because all of the
scheduled executions during the 1:00 a.m. hour have already occurred, and the next
scheduled execution is at 2:00 a.m., no executions will occur for the next hour, until
it is 2:00 a.m.

22.2 Creating a simple schedule

A simple schedule allows you to complete a task at a specific time or to repeat a task
for a specified number of times in a period. For more complicated scheduling options,
see Section 22.3.
After you create a simple schedule, you can assign the schedule to 5520 AMS tasks
such as downloading or activating software files, and backing up or restoring the
database.
Procedure 214 To create a simple schedule
1 In the Schedule view, in the List of schedules panel, click Add Schedule.
Result: The Add Schedule window opens.
2 Verify that the Simple Schedule is selected.
3 Configure the parameters in the Add Schedule window, as described in Table 90.

Table 90 Add Schedule - Simple Schedule parameters
State Active allows this schedule to be assigned to tasks or jobs in the 5520 AMS.
Start Displays a calendar and a clock to set the start date and time for the current schedule
Date/Time
End Displays a calendar and a clock to set the end date and time for the current schedule
Date/Time
Simple Adds a simple schedule

Schedule
Interval One of the following:

• Once: to execute this schedule once, starting at the specified start time
• Minute: to execute this schedule once every specified number of minutes
• Hour: to execute this schedule once every specified number of hours
• Day: to execute this schedule every day at the specified time
• Week: to execute this schedule every week at the specified time
Repetitions The number of times you that you need the schedule to execute. Then, select the
check box next to Every and enter the interval in days.
For example, if you enter 10 in the Repetitions field and enter 2 as the interval, the
schedule runs every second day, starting at the value specified in the Start
Date/Time field, for 10 times.
4 Click Finish to create the simple schedule. The schedule is added to the List of Schedules in
the Schedule view, which is described in section 22.4.
22.3 Creating a complex schedule

A complex schedule provides more flexible scheduling options than a simple
schedule. You can repeat a task multiple times on specific days of the week or
month.
After you create a complex schedule, you can assign the schedule to 5520 AMS
tasks such as downloading or activating software files, and backing up or restoring
the database.
Procedure 215 To create a complex schedule
1 In the Schedule view, in the List of schedules panel, click Add Schedule.
Result: The Add Schedule window opens.
2 Configure the parameters in the Add Schedule window, as described in Table 91.

Table 91 Complex schedule parameters
State Active - allows this schedule to be assigned to tasks or jobs in the 5520 AMS.
Suspended - prevents this schedule assignment in the 5520 AMS.
Start Displays a calendar and a clock to set the start date and time for the current
Date/Time schedule.
End Date/Time Displays a calendar and a clock to set the end date and time for the current
schedule.
Complex Adds a complex schedule.

Schedule
Daily Specifies that the schedule is executed daily.
Weekly Specifies that the schedule is executed weekly.

You must also select the days of the week you need to execute the schedule.
Days of week If you set the schedule to Weekly, select the check boxes for the days on which you
need to execute the schedule.
Monthly Specifies that the schedule is executed monthly.

You must also configure the Day of Month parameters.
Day of Month If you set the schedule to Monthly, you can configure the schedule to run on the first
or last day of the month, every nth day of the month, or every x day of every x week.
3 Click Finish to create the complex schedule.
Result: The schedule is added to the List of Schedules in the Schedule view, which is
described in Section 22.4.
22.4 Viewing a list of schedules

The Schedule view contains three different panels: List of schedules, Schedule
details, and List of Jobs. See Schedule view in Section 22.1 for more information.
To view the details for a schedule, choose a schedule from the List of schedules
panel in the Schedule view. The details for the selected schedule are displayed in the
Schedule details and List of Jobs panels.
22.4.1 Viewing a list of schedules for an NE

To view a list of schedules for a single NE, right-click on the NE in the Network Tree
and choose Show→Schedules. The Show Schedules window opens.

The Show Schedules window only displays the schedules that are planned for the
selected NE, and the jobs associated with those schedules directly interact with the
selected NE. For example, an NE backup or NE software download. Examples of
jobs that do not interact with the NE, and so are not displayed in the Show Schedules
window, include exporting data from the 5520 AMS server and querying NE
attributes using certain 5529 Enhanced Applications.
22.5 Modifying a schedule

Perform the following procedure to modify a simple or complex schedule.
Procedure 216 To modify a schedule
1 In the Schedule view, choose a schedule from the List of schedules panel.
2 Click Update Schedule.
Result: The Schedule window opens.
3 Modify the parameters, as described in Table 90 (simple) or Table 91 (complex), as required.
4 Click Finish.
22.6 Modifying a task

You can change the selected NEs and NE groups for a scheduled task. Use the
following procedure to modify a task.
Procedure 217 To modify a task
1 In the Schedule view, choose a scheduled task from the List of Jobs panel.
2 Click Job Details.
Result: The Job Details window appears. The details of the operation are displayed in the
Details section.

3 To add an NE to the list of Selected NEs or Excluded NEs, perform the following:
i Click Add in the Selected NEs or Excluded NEs panel.
ii Click the Select NEs or Select NE Groups.
iii Use the filters in the Filters panel and click Build List.
iv Choose NEs from the list and click OK.
Result: The NE Selection window closes and the selected NEs or groups appear in the
specified panel of the Job Details window.
4 To remove any of the selected NEs or NE groups, choose the NE or group in the panel, and
click Remove.
5 Click Finish.
22.7 Unscheduling a task

Perform the following procedure to unschedule a task.
Procedure 218 To unschedule a task
1 In the Schedule view, choose a scheduled task from the List of Jobs panel.
2 Click Unschedule Job.
3 Click Yes.

22.8 Deleting a schedule

Perform the following procedure to delete a schedule.
Before you proceed, unschedule all tasks that are associated with the schedule that
you want to delete. See Procedure 218 to unschedule a task.
Procedure 219 To delete a schedule
1 In the Schedule view, choose a schedule from the List of schedules panel.
2 Click Delete Schedule.
3 Click Yes.
22.9 Scheduling an NE database backup

You can schedule backup tasks to allow you to complete NE backups on a specified
date and time or to repeat these tasks at specified intervals. For example, you can
back up the NEs every night at midnight or on the last Friday of every month.
Note 1 — You cannot schedule a backup of the 5520 AMS
database. The 5520 AMS database must be manually backed
up and restored, as described in Chapter 21.
Note 2 — To schedule a backup of the entire network or part of
the network, Nokia recommends that you use the “Select NE
Groups” option in the NE Selection window. This ensures that
each scheduled backup includes new NEs that have been
added to the network.

Procedure 220 To schedule an NE database backup from the perspective bar
Note — The 5520 AMS supports the backup of multiple NEs at the
same time.
1 Click the Open Perspective icon ( ), and choose Backup Restore.
Result: The Backup Restore view opens.
2 In the Tasks view, choose Backup.
Result: The Backup NE window opens.
3 Click Add in the Selected NEs panel.
i Click Select NEs.
Alternatively, you can click Select NE Groups and choose a group.
The NE Selection window closes and the selected NEs or groups appear in the Selected
NEs panel of the Backup NE window. To remove any of the selected NEs or NE groups,
choose the NE or group in the Selected NEs panel, and click Remove.
5 Perform the following if you need to exclude NEs. For example, if you selected an NE group
in step 4 and need to exclude NEs or groups that are within the selected group from the
backup.
i Click Add in the Excluded NEs panel.
ii Click Select NEs.
iii Use the filters in the Filters panel and click Build List.

iv Choose NEs from the list and click OK.
Alternatively, you can click Select NE Groups and choose a group.
The NE Selection window closes and the selected NEs or groups appear in the
Excluded NEs panel of the Backup NE window. To remove any of the excluded NEs or
NE groups, choose the NE or group in the Excluded NEs panel, and click Remove.
6 Choose the schedule to apply to this task:
i Click Browse besides the Schedule field.
ii Choose a schedule from the list and click OK.
Note — To create a schedule, click Create, which opens the Add

Schedule window.
Note — When you back up the NE, the 5520 AMS creates an NE
backup file in the $AMS_LOCALDATA_HOME/ne/backup directory.
The 5520 AMS formats the NE backup filename as

yyyy-mm-dd-hh-mm-ss.backup (for example,
2008-10-14-11-37-01.backup).
In the Schedule view, this backup activity is listed in the List of Jobs panel. See Section 22.4
for information about viewing schedules.
Procedure 221 To schedule an NE database backup from the Network Tree
2 Right-click an NE, and choose Backup & Restore→Backup.

Result: The Backup Restore view opens with the Backup tab selected by default and the NE
displayed in the Selected NEs panel.
3 Choose the schedule to apply to this task:
i Click Browse beside the Schedule field.
ii Choose a schedule from the list and click OK.
Note — To create a schedule, click Create, which opens the Add

Schedule window.
Note — When you back up the NE, the 5520 AMS creates an NE
backup file in the $AMS_LOCALDATA_HOME/ne/backup directory.
The 5520 AMS formats the NE backup filename as

yyyy-mm-dd-hh-mm-ss.backup (for example,
2008-10-14-11-37-01.backup).
In the Schedule view, this backup activity is listed in the List of Jobs panel. See Section 22.4
for information about viewing schedules.


Administrator Guide Managing customized web links and operator
defaults
23 Managing customized web links

and operator defaults
23.1 Managing customized web links overview
23.2 Adding a customized web link
23.3 Modifying a customized web link
23.4 Deleting a customized web link
23.5 Duplicating a customized web link
23.6 Managing operator default templates
23.7 Creating an operator default template
23.8 Viewing operator default templates
23.9 Duplicating operator default templates
23.10 Modifying operator default templates
23.1 Managing customized web links overview

The 5520 AMS allows administrators to add customized web links on NE objects for
the NE types and releases that are supported by the installed NE plug-ins, on the
objects defined in the Administration Tree, and in the Tools menu. The links can be
a URL to a website or e-mail address. For example, the specified website can
provide more information about the NE object or troubleshooting information for an
alarm on the object, or be a web interface on external equipment. The e-mail URL
can be the e-mail address of support staff. The customized web link can be
configured to establish links on an entire NE object, such as the slot, or on a specific
attribute of the object, such as the board type.
You can add customized web links to objects and attributes using the Customized
Web Links view. After the links are created, you can access them in the
Administration or Network perspectives by:
• Right-click on the object in the tree and choose Web Links→Customized web link
name
• Select the object in the tree, click the Web Links icon drop-down menu in the
Object Details view, and choose the link. If there are multiple links for the selected
object, click the Web Links icon directly will open the first link in the drop-down list.

Managing customized web links and operator Administrator Guide
defaults
To view web links on alarms or historical alarms, go to the Alarm perspective and
right-click on an alarm and choose Web Links→Customized web link name.
Before you proceed, ensure that your user account is assigned a role that includes
the necessary functions to perform the procedures in this section.
See Table 19 for more information.
23.1.1 Customized Web Links view

To open the Customized Web Links view, open the Administration perspective and
choose Window→Show View→Customized Web Links.
The Customized Web Links view displays an overview of all the links that have been
defined in the 5520 AMS. See Table 92.
Table 92 Customized Web Links view
Column Description
NE Type / Release Displays the NE type and release for the NE object to which
a customized web link is added. Also displays ‘Platform’ for
an object defined in the Administration Tree to which a
customized web link is added.
Object Displays the object selected for NE type and release or
platform to which a customized web link is added.
Displayed if.. Displays the selected attribute condition for the object.
...contain... Displays the substring that must be contained in the attribute

value to allow the web link to be displayed.
Link Alias Displays the name of the web link as it appears in the Object
Details view or in the tree menus.
URL Displays the URL for the web link.
You can use the icons in the toolbar of the Customized Web Links view to compress
the table and add , modify , delete , or duplicate links.
23.1.2 Dynamic data

Configuring the dynamic data allows you to add constructing keywords in the
specified URL. A string of keywords based on the configured dynamic data
parameters is generated and inserted in the specified URL at the position of the
cursor. If the cursor is not present in the specified URL, then the string is appended
to the URL.

defaults
The keywords are evaluated when the URL is validated, depending on the context.
The 5520 AMS replaces the keywords enclosed in the angle brackets (< >) by their
actual values. For example, if you selected the AMS Site Name parameter, the <site>
string is added to the specified URL. When the URL is validated, the string is
replaced by the name of the 5520 AMS site. If you select the application server IP
address, the <appServer> string is added to the specified URL. When the URL is
validated, the string is replaced by the application server IP address to which the
5520 AMS client is connected. If you select the object full friendly name option, the
<MO_name> string is added to the specified URL. When the URL is validated, the
string is replaced by the full friendly name of the NE object. This object is the object
that is currently displayed in the Object details view.
23.2 Adding a customized web link

Procedure 222 describes how to add a customized web link to an object or attribute.
You can also add a web link to an alarm, historical alarm, or any NE object per NE
family. Links can be defined with any valid website or e-mail URL. If you enter a
website URL, when you click on the web link on the object, the web browser defined
in the 5520 AMS GUI preferences opens and the URL is accessed. If you enter an
e-mail URL, when you click on the web link, a new message window from your e-mail
client opens, in which you can compose a message.
Procedure 222 To add a customized web link
1 Open the Administration perspective and choose Window→Show View→Customized Web

Links.
Result: The Customized Web Links view opens.
2 Click the Add icon ( ) in the Customized Web Links view.
Result: The Customized Web Link Details window opens.
Table 93 Customized web link parameters
NE Type / Release The type of NE and the release for which you need to create
the link.
To add a web link for an alarm or historical alarm, or to add
a web link in the Tools menu, choose the Platform object.
(1 of 2)

defaults
Object The type of objects that are available for the selected NE
type and release.
To add a web link for an alarm or historical alarm, choose the
Alarm or Historical Alarm object.
To add a web link in the Tools menu, choose the Tools menu
object.
Display the link only if Link is always displayed on the object if the check box is not
selected. Select the check box to configure the Attribute and
Contains parameters. This check box is not selected by
default.
Attribute The types of attributes on the selected object. This

parameter is enabled only when the Display the link only if
check box is selected.
Contains Identifies the substring that must be contained in the

attribute value to allow displaying the link. This parameter is
enabled only when the Display the link only if check box is
selected.
Alias The name of the link as it will appear in the Object Details
view or in the Tools menu.
Link The URL of the link. There are two URL types: website and
e-mail.
(2 of 2)
4 Insert dynamic data for the URL by performing the following steps:
Note — The dynamic data string is generated in the URL where the
cursor is positioned. If the cursor is not present in the URL field, then it is
appended to the URL.
i Click Insert Dynamic data.
Result: The Insert Dynamic Data window opens.
ii Select a keyword type:
• Attribute Value — Defines attribute value keywords for the URL (default).
• Object Full Friendly Name — Defines object full friendly name keywords for the URL.
• Comment Value — Defines comment value keywords for the URL.
• Current User Name — Defines current user name value keywords for the URL.
• AMS Site Name — Defines the 5520 AMS site name as the keyword for the URL.
• Application Server IP Address — Defines the application server IP address keyword
for the URL.
iii Configure the parameters as described in Table 94.

defaults
Table 94 Dynamic data parameters
Attribute Value
Object Identifies the object type on which the attribute value is

defined.
The default value is the object selected in the Customized
Web Link Details window.
Attribute Identifies the attribute of the selected object from which the
value will be taken.
Replace the space character by Indicates which operator has to be used to modify the value
of the selected attribute.
Modify Attribute Value Indicates how much has to be added or subtracted for the
attribute value.
Object Full Friendly Name
Object Indicates the object full friendly name of an NE object.

The Object Full Friendly Name inserts the tag
<fn=MO_name> in the Link field where MO_name is the
internal name of the NE object. When the link is evaluated to
build the final URL, any occurrence of the tag
<fn=MO_name> is replaced by the full friendly
name of the NE object.
For example: <fn=nemodel.GPON.4.9#slot> is evaluated to
Slot:My_NE_123:IACM:R1.S1.LT3 in the final URL.
Comment Value
Object Identifies the object type on which the comment value is

defined.
The default value is the object selected in the Customized
Web Link Details window.
WEBLINK Key Identifies the key of a comment on the selected object from
which the value will be taken.
The key must be added as a comment to the object in the
Network Tree using the format: WEBLINK(Key)=value. For
example; if the comment “WEBLINK(ip_addr)=172.31.1.1”
is present on an object, then using the key “ip_addr” will
result in 172.31.1.1 being evaluated in the URL.
Application Server IP Address Indicates the application server IP address to which the
5520 AMS client is connected.
The Application Server IP Address inserts the tag
<appServer> in the Link field. When the link is evaluated to
build the final URL, any occurrence of the tag <appServer>
is replaced by the IP address of the application server to
which the GUI is connected.
iv Click Finish.

defaults
Result: The Insert Dynamic Data window closes.
5 Click Finish.
Result: The web link is displayed in the Customized Web Links view table.
23.3 Modifying a customized web link

Procedure 223 describes how to modify a customized web link. Only one web link
can be modified at a time.
Procedure 223 To modify a customized web link

Links.
2 Select a link from the Customized Web Links view table.
3 Click the Modify icon ( ) in the Customized Web Links view.
Result: The Customized Web Link Details window opens.
Note — Only the Alias and Link parameters can be modified.
5 To insert dynamic data for the URL, perform the following steps:
Note — The dynamic data string is generated in the URL where the
cursor is positioned. If the cursor is not present in the URL field, then it is
appended to the URL.
i Click Insert Dynamic data.
Result: The Insert Dynamic Data window opens.

defaults
ii Select a keyword type:
• Attribute Value — Defines attribute value keywords for the URL (default).
• Comment Value — Defines comment value keywords for the URL.
• Current User Name — Defines current user name value keywords for the URL.
• AMS Site Name — Defines the 5520 AMS site name as the keyword for the URL.
iii Configure the parameters as described in Table 94.
iv Click Finish.
Result: The Insert Dynamic Data window closes.
6 Click Finish.
Result: The modified web link is displayed in the Customized Web Links view table.
23.4 Deleting a customized web link

Procedure 224 describes how to delete a customized web link.
Procedure 224 To delete a customized web link

Links.
2 Select one or more links from the Customized Web Links view table.
3 Click the Delete icon ( ) in the Customized Web Links view.
Result: A confirmation dialog box opens.
4 Click Yes to confirm the deletion.
Result: The selected links are deleted from the Customized Web Links view table.

defaults
23.5 Duplicating a customized web link

Duplicating links allows you to copy one or more links from one NE type and release
to another. The link alias must not already exist on the selected NE type and release
to which you are copying the link, otherwise the duplication operation will fail. The
object and attribute must also exist on the selected NE type and release to which you
are copying the link, otherwise the duplication operation will fail.
Procedure 225 describes how to duplicate a customized web link.
Procedure 225 To duplicate a customized web link

Links.
2 Select one or more links from the Customized Web Links view table.
3 Click the Duplicate icon ( ) in the Customized Web Links view.
Result: The Duplicate Links window opens.
4 Select the NE type and release to which you want to copy the links. You can select multiple
NE types and releases.
5 Click Finish.
Result: The links are copied to the new NE type and release and displayed in the Customized
Web Links view table.
23.6 Managing operator default templates

The 5520 AMS allows you to create and save configuration templates. You can
browse the default configuration templates for each object type by viewing the
Operator Defaults view.
Before you proceed, ensure that your user account is assigned a role that includes
the necessary functions to perform the procedures in this section. See Table 19 for
more information.

defaults
23.7 Creating an operator default template

Procedure 226 describes how to define a set of default values for modifiable data in
the 5520 AMS.
Procedure 226 To create an operator default template
• In the Create window or Actions window for the object type for which you are configuring
a default template, click Save As for Operator Defaults.
• In the Object Details view for the selected object, click the View Menu icon ( ), and
choose Operator Defaults→Save As.
Result: The Save New Operator Defaults window opens.
2 Enter the parameters for the new operator default configuration.
Note — To make this template the one selected by default, select the
Preferred check box. Only one template can be the preferred default.
3 Click Finish.
Result: The new operator default template is now available to use when creating the same
object type.
23.8 Viewing operator default templates

Procedure 227 describes how to view all available configurable default templates.
You can view the default names, the NE to which they apply, the window in which
they appear, and the basic preferences.
Procedure 227 To view operator default templates
1 From the 5520 AMS menu, choose Window→Show View→Other.
2 Choose Other→Operator Defaults and click OK.

defaults
Result: The Operator Defaults view opens.
3 To display the operator defaults for a specific template, choose the template and click the
Show Details icon ( ).
Result: The View Operator Defaults window opens.
23.9 Duplicating operator default templates

Procedure 228 describes how to duplicate operator default templates from one NE
and copy them to another.
Procedure 228 To duplicate operator default templates
3 Choose the operator default template that you need to copy, and click the Duplicate icon.
Result: The Duplicate window opens.
4 Choose the NE to which you need to copy the operator default template.
5 Click Finish.
23.10 Modifying operator default templates

Procedure 229 describes how to modify operator default templates. You can modify
only the following parameters:
• Force This Operator Defaults
• Preferred Operator Defaults

defaults
Procedure 229 To modify operator default templates
• From the 5520 AMS menu:

• Choose Window→Show View→Other.
• Choose Other→Operator Defaults and click OK.
• Choose the operator default template that you need to modify, and click the Show
Details icon ( ).
Result: The View Operator Defaults window opens.
• In the Create window or Actions window for the object type for which you are modifying
an operator default template:
• Choose the operator defaults template name from the drop-down menu and click
Operator Defaults Save As.
Result: The Save New Operator Defaults window opens.
• Choose the operator defaults template name from the drop-down menu.
Note — When you opened the Save New Operator Defaults window from
the Create window or Actions window, you can create an operator default
template by typing a new name for the template.
2 Select or de-select the Force This Operator Defaults or Preferred Operator Defaults
parameters and click Finish.
3 Click OK.
Procedure 230 To delete operator defaults
3 Choose the operator default template that you need to delete, and click the Delete icon ( ).
Result: A confirmation window displays the following message:

defaults
Are you sure you want to delete the selected operator defaults?
4 Click Yes.

Administrator Guide Managing CPE vendor ID and country codes
24 Managing CPE vendor ID and

country codes
24.1 CPE vendor ID and country codes overview
24.2 Adding CPE vendor ID and country codes
24.3 Deleting CPE vendor ID and country codes
24.1 CPE vendor ID and country codes overview

The 5520 AMS is preconfigured with CPE vendor ID codes and ITU-T country codes.
The CPE vendor ID code provides the type of DSL modem being used by the
subscriber. The ITU-T country code provides the country in which the modem was
manufactured.
The CPE vendor-specific information is displayed in the Channel/RI tab of the Object
Details view for an ISAM LT slot (if an xDSL unit is planned).
You can manage the CPE vendor ID codes and ITU-T country codes. The CPE
vendor ID and country codes apply to all of the client sessions that access the
5520 AMS server.
more information.
24.1.1 ANSI and ETSI vendor identification numbers

Table 95 lists the ANSI and ETSI vendor identification numbers.
Table 95 CPE vendor identification numbers
Number Vendor Number Vendor
0000 none 002A Cabletron Systems, Inc.
0001 Not allocated 002B Davicom Semiconductor, Inc.
0002 Westell, Inc. 002C Metalink
0003 ECI Telecom 002D Pulsecom
0004 Texas Instruments 002E US Robotics
0005 Intel 002F AG Communications Systems
(1 of 3)

Managing CPE vendor ID and country codes Administrator Guide

0006 Amati Communications Corp. 0030 Rockwell
0007 General Data Communications, 0031 Harris

Inc.
0008 Level One Communications 0032 Hayes Microcomputer Products,

Inc.
0009 Crystal Semiconductor 0033 Co optic
000A Lucent Technologies 0034 Netspeed, Inc.
000B Aware, Inc. 0035 3 Com
000C Brooktree 0036 Copper Mountain, Inc.
000D NEC 0037 Silicon Automation Systems, Ltd.
000E Samsung 0038 Ascom

000F Northern Telecom, Inc. 0039 Globespan Semiconductor, Inc.
0010 PairGain Technologies 003A STMicroelectronics
0011 Paradyne 003B Coppercom
0012 Adtran 003C Compaq Computer Corp.

0013 INC 003D Integrated Technology Express
0014 ADC Telecommunications 003E Bay Networks, Inc.
0015 Motorola 003F Next Level Communications

0016 IBM Corp. 0040 Multi Tech Systems, Inc.
0018 DSC 0041 AMD
0019 Teltrend 0042 Sumitomo Electric
001A Exar Corp. 0043 Philips M&N Systems
001B Siemens Telecom Networks 0044 Efficient Networks, Inc.
001C Analog Devices 0045 Interspeed
001D Nokia 0046 Cisco Systems
001E Ericsson Information Systems 0047 Tollgrade Communications, Inc.
001F Tellabs Operations, Inc. 0048 Cayman Systems

0020 Orckit Communications, Inc. 0049 FlowPoint Corp.
0021 AWA 004A I.C.COM
0022 Nokia Network Systems, Inc. 004B Matsushita

0023 National Semiconductor Corp. 004C Siemens Semiconductor
0024 Italtel 004D Digital Link
0025 SAT - Société Anonyme de 004E Digitel

Télécommunications
0026 Fujitsu Network Trans. Systems 004F Nokia Microelectronics
0027 MITEL 0050 Centillium Corp.
(2 of 3)


0028 Conklin Corp. 0051 Applied Digital Access, Inc.
0029 Diamond Lane 0052 Smart Link, Ltd.
(3 of 3)
24.1.2 ITU-T country codes

Table 96 lists the ITU-T country codes.
Table 96 ITU-T country codes
Code Country Code Country

00 Japan 63 Laos (People’s Democratic
Republic)
01 Albania 64 Lebanon
02 Algeria 65 Lesotho
03 American Samoa 66 Liberia

04 Germany (Federal Republic of) 67 Libya
05 Anguilla 68 Liechtenstein
06 Antigua and Barbuda 69 Luxemburg

07 Argentina 6A Macao
08 Ascension (see Saint Helena and 6B Madagascar

Ascension)
09 Australia 6C Malaysia
0A Austria 6D Malawi
0B Bahamas 6E Maldives
0C Bahrain 6F Mali
0D Bangladesh 70 Malta
0E Barbados 71 Mauritania
0F Belgium 72 Mauritius
10 Belize 73 Mexico
11 Benin (Republic of) 74 Monaco
12 Bermudas 75 Mongolia
13 Bhutan (Kingdom of) 76 Montserrat
14 Bolivia 77 Morocco
15 Botswana 78 Mozambique
16 Brazil 79 Nauru
(1 of 4)


17 British Antarctic Territory 7A Nepal
18 British Indian Ocean Territory 7B Netherlands
19 British Virgin Islands 7C Netherlands Antilles

1A Brunei Darussalam 7D New Caledonia
1B Bulgaria 7E New Zealand
1C Myanmar (Union of) 7F Nicaragua
1D Burundi 80 Niger
1E Byelorussia 81 Nigeria
1F Cameroon 82 Norway
20 Canada 83 Oman
21 Cape Verde 84 Pakistan
22 Cayman Islands 85 Panama
23 Central African Republic 86 Papua New Guinea

24 Chad 87 Paraguay
25 Chile 88 Peru
26 China 89 Philippines
27 Colombia 8A Poland (Republic of)
28 Comoros 8B Portugal
29 Congo 8C Puerto Rico
2A Cook Islands 8D Qatar
2B Costa Rica 8E Romania
2C Cuba 8F Rwanda
2D Cyprus 90 Saint Kitts and Nevis
2E Czech and Slovak Federal 91 Saint Croix

Republic
2F Cambodia 92 Saint Helena and Ascension

30 Democratic People’s Republic of 93 Saint Lucia
Korea
31 Denmark 94 San Marino
32 Djibouti 95 Saint Thomas

33 Dominican Republic 96 Sao Tomé and Principe
34 Dominica 97 Saint Vincent and the Grenadines
35 Ecuador 98 Saudi Arabia
36 Egypt 99 Senegal
37 El Salvador 9A Seychelles
(2 of 4)


38 Equatorial Guinea 9B Sierra Leone
39 Ethiopia 9C Singapore
3A Falkland Islands 9D Solomon Islands

3B Fiji 9E Somalia
3C Finland 9F South Africa
3D France A0 Spain
3E French Polynesia A1 Sri Lanka
3F French Southern and Antarctic A2 Sudan

Lands
40 Gabon A3 Suriname
41 Gambia A4 Swaziland
42 Germany A5 Sweden
43 Angola A6 Switzerland
44 Ghana A7 Syria
45 Gibraltar A8 Tanzania
46 Greece A9 Thailand
47 Grenada AA Togo
48 Guam AB Tonga
49 Guatemala AC Trinidad and Tobago
4A Guernsey AD Tunisia
4B Guinea AE Turkey
4C Guinea Bissau AF Turks and Caicos Islands
4D Guayana B0 Tuvalu
4E Haiti B1 Uganda
4F Honduras B2 Ukraine
50 Hong Kong B3 United Arab Emirates

51 Hungary (Republic of) B4 United Kingdom
52 Iceland B5 United States
53 India B6 Burkina Faso
54 Indonesia B7 Uruguay
55 Iran (Islamic Republic of) B8 U.S.S.R.
56 Iraq B9 Vanuatu
57 Ireland BA Vatican City State
58 Israel BB Venezuela
59 Italy BC Vietnam
(3 of 4)


5A Côte d’Ivoire BD Wallis and Futuna
5B Jamaica BE Western Samoa
5C Afghanistan BF Yemen (Republic of)

5D Jersey C0 Yemen
5E Jordan C1 Yugoslavia
5F Kenya C2 Zaire
60 Kiribati C3 Zambia
61 Korea (Republic of) C4 Zimbabwe
62 Kuwait — —
(4 of 4)
24.2 Adding CPE vendor ID and country codes

Perform this procedure to add ANSI and ETSI CPE vendor ID codes and ITU-T
country codes.
Procedure 231 To add a CPE vendor ID and country code
1 In the Administration Tree, choose Window→Show View→Other→Other→CPE Vendor ID

Mapper.
Result: The CPE Vendor ID Mapper view opens.
2 Click Add.
Result: The Add Dialog window opens.

Table 97 Add Dialog window parameters
Parameter Options Description
Code See Section 24.1 for a list of Specifies the code for the
codes selected ITU-T country or
ANSI/ETSI vendor
Value See Section 24.1 for a list of Specifies the name of the
codes selected ITU-T country or
ANSI/ETSI vendor
Type ANSI & ETSI Vendor Specific Specifies the code type
Code
ITU-T Country Code
ITU-T Vendor Code
ITU-T Vendor Specific Code
24.3 Deleting CPE vendor ID and country codes

Perform this procedure to delete ANSI and ETSI CPE vendor ID codes and ITU-T
country codes.
Procedure 232 To delete CPE vendor ID and country codes
1 In the Administration Tree, choose Window→Show View→Other→Other→CPE Vendor ID

Mapper.
Result: The CPE Vendor ID Mapper view opens.
2 Choose a vendor code or country code that you need to delete.
3 Click Delete.
4 Click Yes to confirm the deletion.


Administrator Guide Cluster management
Cluster management
25 Cluster management
26 Configuring VM templates on the 5520 AMS application server

Cluster management Administrator Guide

25 Cluster management
25.1 Cluster management overview
25.2 Using more than one application server
25.3 Using more than one data server
25.1 Cluster management overview

You can install the 5520 AMS on a cluster of servers. In a cluster environment, one
or more application servers hosts the 5520 AMS, and one or more data servers hosts
the database. For information about installing the 5520 AMS in a cluster, see the
Most operations are performed the same way in a cluster environment as in a
standalone environment. If you are using a cluster, there are additional
considerations in the following situations:
Caution — If SSL is not enabled in a cluster, the connection

between the servers in a cluster is not secured.
• Licensing: You need a license for each application server in the cluster. See
chapter 5 for more information about licenses.
• SSL: If you are using SSL in a cluster, SSL must be enabled on every server in
the cluster and the keystore key and password must be the same. See Chapter 7
for more information about SSL.
• SNTP: You need to run one SNTP server process on each application server. See
chapter 14 for more information about SNTP.
• Using External TL1 Gateways: You need to configure a virtual IP address for the
cluster and one TNM user for each application server. See Chapter 16 for more
information about external TL1 gateways.
• Backing up the 5520 AMS database: Nokia recommends that you schedule
backups as a cron job in a cluster environment. See Section 21.2 for more
information about backing up the database.
You can use the ams_cluster script to monitor, stop and start a cluster. See
Section 31.7.

25.1.1 EMS alarms

EMS alarms must not be ignored, as they are critical to keep the cluster alive. The
5520 AMS fails to operate when the disk reaches full capacity, and the system
cannot write to the disk. Nokia recommends to define a wide margin on the threshold
to raise an alarm before the server runs out of disk space, so that the operator has
sufficient notice to take action on the alarm.
25.2 Using more than one application server

You can use multiple application servers to manage NEs. When more than one
application server is active, the load is distributed among the application servers.
During start supervision of an NE, the IP address of an application server is
registered with the NE for communication. Any operations that are performed on the
NE are performed by the associated application server.
You can view the IP address of the application server managing the NE in the Object
Details of the NE: click on the Additional Info tab.
You can enter IP addresses of DCN servers in the Administration perspective. See
Procedure 169 for more information. A DCN server can be a router or any IP address
that can be used to test connectivity to the DCN. The application server pings the
DCN servers and, if they are unreachable, raises the DCN Not Reachable alarm on
the application server object. The DCN Connectivity test in Red Hat Enterprise Linux
is done by establishing a TCP connection port 7 (Echo) of the destination host.
If the alarm is raised on an application server in a cluster, the 5520 AMS checks if
another application server exists in the cluster which is able to successfully ping the
DCN servers. If an application server without DCN reachability issues exists in the
cluster, the 5520 AMS executes the evacuate command on the server having DCN
reachability issues to move all the NEs managed by it to the application server having
DCN connectivity.
When the DCN connectivity is restored to the application server, you can execute the
unevacuate command on that application server to allow it to manage the NEs again,
if required. See Procedure 235.
The 5520 AMS does not execute the evacuate command automatically in the
following scenarios:
• When the DCN Not Reachable alarm is raised on all servers simultaneously in the
cluster.
• When the DCN Not Reachable alarm is raised on the last application server in the
cluster.
If an application server is added to the cluster, or an application server goes down or

is stopped, the 5520 AMS automatically rebalances the load by updating the
application server registration of NEs that were managed by the server.

In a cluster setup with three or more application servers, when the Master application
server loses communication with the cluster, the NEs will be rebalanced among the
other application server(s) within the cluster, and not on the isolated application
server.
Every five minutes, the 5520 AMS checks if the NEs are balanced correctly across
the cluster. If not, it will rebalance them.
You can add an argument to the ams_server stop script to stop a server without
rebalancing the load.
Processes that only need to run on one server, known as singleton processes, are
run on the first application server to start. This is the master application server. If the
master application server is not running, client sessions are disconnected. If other
application servers are not running, client sessions are maintained.
In a cluster environment, if one of the machines faces NIC failure the 5520 AMS GUI
cannot load the Object Details view till the reachable application server in the cluster
detects that there is no connectivity with the other server.
If an operation is performed after an application server has failed but before activity
switches to a redundant application server, the operation fails and client sessions are
disconnected. If the operation is performed on an NE that is associated with the
application server, an error message is displayed.
Note — A local cluster or 1+1 hardware configuration with a
shared SAN disk provides both high availability (distributing the
load amongst active application servers) and local redundancy
(database servers running in active and standby mode). In this
type of configuration, if you stop the active machine, all
processes and functionality are stopped on the active machine
and a switchover to the standby machine is initiated.
If a client disconnects from an application server and connects automatically to

another application server in a cluster, the client may fail to report the alarm
notifications from the application server for the duration of disconnection. For
information on the active client session behavior, see the 5520 AMS User Guide.
Collapse and expand the EMS Administration object in the Administration Tree view
to display the unreported EMS alarm events. Collapse and expand the Group
Network or NE object in the Network Tree view to display the unreported NE alarm
events.
Procedure 233 To stop an application server without rebalancing the load

Perform this procedure to temporarily stop an application server without changing the trap
registration of the NEs.
Caution — If the active data server is stopped, or put in maintenance,

the system can freeze for a short time. Nokia recommends that you only
run this script when you plan to have less than 10 minutes of downtime.

Before you proceed, you need to be able to log in to the 5520 AMS server as amssys. See
1 Log in to the application server as amssys.
2 Stop the server by typing:
ams_server stop maintenance ↵
The server is stopped. No rebalancing is performed.
3 When you are ready to start the server, no argument is needed. Type:
Procedure 234 To evacuate the NEs using the GUI

Perform this procedure to evacuate the NEs managed by an application server to the remaining
application servers.
Perform this procedure in one of the following scenarios:
• You encounter a problem with the application server managing the NEs.
• You want to manually balance the load by offloading an application server and distributing
the load over the remaining application servers.
• You encounter a problem with the DCN connection for the application server and do not
want to completely shut down the application server.
Note 1 — The evacuate option can be executed only on application

servers which are up.
Note 2 — Executing this command sets the relative capacity to manage

the NEs to zero.
Note 3 — NEs will not be created on or moved to an application server

from which the NEs are evacuated until an unevacaute command is
performed on the application server.
1 In the Administration Tree, choose EMS Administration → EMS System → Site → Application
& Data Servers.
2 Right-click the Application Server object from which you want to move the NEs to the
remaining application servers and choose Actions → Evacuate NE.

Result: A confirmation window is displayed.
3 To confirm the evacuate action, click Yes.
Result: A window opens and provides details about the progress of the evacuate action.
When evacuate action is completed, the Action Details view opens and displays the results
for the NEs that are evacuated.
Procedure 235 To unevacuate the NEs using the GUI

Perform this procedure to allow an application server, the NEs of which are already evacuated, to
manage the NEs again.
Note 1 — Performing this procedure sets the relative capacity to

manage the NEs to the specified application server and invokes the
rebalance action.
Note 2 — Executing this option does not move back the same NEs that
are evacuated.
1 In the Administration Tree, choose EMS Administration → EMS System → Site → Application
& Data Servers.
2 Right-click the Application Server object from which you want to move the NEs to the
remaining application servers and choose Actions → Unevacuate NE.
Result: The Unevacuate window is displayed.
3 To configure the Server Weight parameter, enter the relative capacity to manage the NEs.
Note — The default value of the Server Weight parameter is 1.
4 Click Finish.
Result: A window opens and provides details about the progress of the unevacuate action.
When the unevacuate action is completed, the Action Details view opens and displays the
results for the NEs that are unevacuated.

25.3 Using more than one data server

You can install redundant data servers in a cluster. For information on configuring
database redundancy, see the 5520 AMS Installation and Migration Guide.
If the active data server goes down, the standby data server becomes the active data
server. During the active data server switchover, all open client sessions are
disconnected with the message “Connection lost due to database down”.
Note — However, if the database comes up before the

configured value of the
<AMS_DELAY_TIME_SEND_DB_DOWN_EVENT>
parameter, then the GUI will not disconnect during database
switchover.
The Switchover Log view in the 5520 AMS GUI provides information about data
server switchover events. The Switchover Log includes the following information
about each switchover:
• Start date and time
• Reason for switchover
• Completion date and time
• Result (success or failure)
• For failed switchovers, details about the reason for the failure
See the 5520 AMS User Guide for information about opening a view.
25.3.1 Data server switchover conditions

Before performing an automated switchover of a data server, the 5520 AMS runs the
switchover_hook.sh script. By default, the script returns a value of 0 (True). You can
alter this script so that the script performs actions or checks for conditions before
permitting the switchover. If the script returns a value of 0, the switchover occurs
normally.
If the script returns any other value, the switchover does not occur. The script will be
called every 60 seconds unless another data server becomes active. If another data
server becomes active, the server is started as a non-active or standby data server.
Client sessions are disconnected when the database becomes unavailable.
If an active data server is not available in the cluster for more than three minutes,
then the application servers in the cluster will shut down.

The switchover_hook.sh script is located in the following directory:

$AMS_SOFTWARE_HOME/lib/dataserver/bin.
Note — In a cluster with a combination of application and data

servers (AD), if both the data servers are down due to split brain
condition, you must manually start the server which has the
most recent and complete data using ams_server start. After
the database server is active, use the ams_server start to bring
up the other database server as standby.
The ams_cluster start or restart brings up the most recent
active data server instead of the preferred data server.
25.3.2 Forcing a data server switchover

You can perform a forced data server switchover using a script. The script must be
run on the active data server.
Before you proceed, ensure that:
• The active data server is running, that is, the process monitor, database server,
and EMS services are running.
• You are able to log in to the active data server as amssys. See Procedure 8 to log
in to a 5520 AMS server as amssys.
Procedure 236 To force a data server switchover
1 Log in to the active data server as amssys.
• To perform the data server switchover, type:
ams_switch_active_dataserver ↵
• The script prompts you to confirm whether you want to continue the data server
switchover:
Do you continue switch database[ no (default) | yes ]?
• Enter yes to confirm.

• To force the data server switchover without the confirmation message, type:
ams_switch_active_dataserver -f ↵
Result: All active client sessions are disconnected with the message “Connection lost due to
database down” when the database becomes unavailable.


Administrator Guide Configuring VM templates on the 5520 AMS
application server
26 Configuring VM templates on the

5520 AMS application server
26.1 VM templates configuration overview
26.2 Cloning an application server
26.1 VM templates configuration overview

This chapter describes how to clone an application server running on a virtual
machine.
The 5520 AMS Release 9.4 supports the cloning of application servers. Thereby, you
can replicate the configuration of an application server on multiple application
servers in a 5520 AMS cluster. When using the cloning feature the installation and
configuration time taken on each application server in a cluster is reduced.
Note —
• Do not clone VMs running 5520 AMS data servers and

attach it to the same cluster. Such attempts cause system
malfunction.
• When planning for a new VM with an application server,
ensure that the 5520 AMS license supports the additional
application server.
26.2 Cloning an application server

Before you proceed:
• Create a virtual machine.
• Install the VMware tools.
• Install and configure the OS.
• Install the 5520 AMS with the required VAPs and NE plug-ins.
Procedure 237 To create a VM template

Perform the following steps to create a VM template.
1 Log on to VMware vSphere Web Client.
2 Identify a virtual machine as a reference machine from which you want to clone the template.

Configuring VM templates on the 5520 AMS Administrator Guide
application server
Select and right-click the reference virtual machine. Choose Template → Clone to Template.
3 Complete the Edit settings details.
• Enter the Template Name and select the Template Inventory Location. Click Next.
• Select the computer resource. Click Next.
• Select Storage. This must be a shared storage which is accessible from all the servers in
the cluster. Click Next.
• Click Finish.
Procedure 238 To instantiate a VM template to a run an application server

Perform the following steps to clone a VM template to run an application server using VMware
vSphere.
1 Log on to VMware vSphere Web Client.
2 Select and right-click the created template in Procedure 237. Select Deploy Virtual machine
from this Template.
Result: The Deploy From Template window opens
3 Provide the Edit settings details for the new virtual machine.
Table 98 Edit settings
Page Name Task
Select a name and Enter the new server name and select a location to store VM data. Click Next.
folder
Select a compute Select a host or a resource pool to run a virtual machine. Click Next.
resource
Select storage Select storage to save the VM files. This must be a shared storage which is
accessible from all the servers in the cluster. Click Next.
Select clone Select Customize the operating system check box. Click Next.
options
Customize guest Click the Create a new specification icon.

OS Result: The New VM Guest Customization Spec window opens.
For configuring the VM Guest Customization Spec, see Table 99
4 Select the created customization spec. Click Next.
5 Click Finish.

Administrator Guide Configuring VM templates on the 5520 AMS
application server
Result: The new application server is created and appears on the local host tree in the
VMware vSphere Web Client.
6 Select and right-click the new application server from the local host tree. Choose All vCenter
Actions → Power → Power On.
7 On the Summary tab, click Launch Console to open the new application server.
Table 99 VM Guest Customization Spec settings
Page Name Task
Specify Properties Enter the name for customization spec. Click Next.
Set Computer Select Enter a name option, type the machine name, and then enter the domain
Name name. Click Next.
Time Zone Select the details to set the time. Click Next.
Configure Network Select Manually select custom settings option. Click the Edit icon.
Result: The Edit Network window opens.
• Select the Use the following IP settings option.
• Enter the IP Address, Subnet Mask, and the Default Gateway.
• Click OK to close the Edit Network window.
Click Next.
Enter DNS Domain Enter the IP address for Primary DNS and add the DNS search path in the DNS
Settings and domain settings details. Click Next.
Ready to complete Click Finish on the New VM Guest Customization Spec window.

Configuring VM templates on the 5520 AMS Administrator Guide
application server

Administrator Guide Logs
Logs
27 Managing logs
28 Syslogs

Logs Administrator Guide

Administrator Guide Managing logs
27 Managing logs
27.1 Managing logs and audits overview
27.3 Viewing user activity logs
27.4 Filtering user activity logs
27.5 Saving user activity logs to file
27.6 Viewing user login statistics
27.7 Viewing tracing logs
27.8 Viewing system logs
27.9 Clearing log files
27.10 Configuring system logs
27.11 Configuring event log settings
27.12 Editing the log4j2.properties file
27.13 Viewing AMS GUI logs
27.14 Auditing configuration file changes
27.15 Backup and restore log files
27.1 Managing logs and audits overview

The 5520 AMS provides user activity logs, system logs, and configuration file audit
information. User activity logs can be used to view user activity on the 5520 AMS.
The logs can be stored on the server or the client or can be sent to a Syslog server.
System logs record key system events about alarms, security, SNMP tracing, server
activity, and software licenses. The audit function can be used to view the
configuration file changes and take the desired actions - accept the changes or revert
the changes.
more information.

Managing logs Administrator Guide

Perform the procedure in this section to configure settings for the user activity log.
Procedure 239 To configure user activity log settings
1 In the Administration Tree, choose EMS Administration→Configuration→User Activity Log

Settings.
Result: The user activity log settings are displayed in the Object Details view.

Table 100 User activity log settings
Setting Description
Purging
Delay Before a User Activity The duration (in days) that elapses before a User Activity Log is
Log is Removed from removed from the database. The format is # d (for example, 7 d).
Database
Archiving
(1 of 2)
Archiving Strategy The archiving strategy is so that the user activity logs can be saved
to disk for offline analysis instead of being deleted. If FTP or SFTP
file transfer is not selected, user activity logs are archived in the
shared directory, one file per day under:
$AMS_EXTERNAL_SHAREDDATA_HOME/ualarchiving/ual-archi
ve_<YYYY>_<MM>_<DD><alphaChar>.csv, where:
<YYYY>, <MM> and <DD> represents the date (year, month, and
day) at which the user activity logs were created and <alphaChar>
is empty or contains the next alphabetic character.
ual-archive_<YYYY>_<MM>_<DD>_<HH><alphaChar>.csv.gz.
If a user activity log archive file with the same name already exists,
then the filenames will have a sequential alphabetic character
appended to the name, for example,
ual-archive_2012_08_20_20a.csv.gz and
ual-archive_2012_08_20_20b.csv.gz. This may happen if there are
repeated application server switchovers within the same day
causing several similarly named user activity log archive files to be
present.
If FTP or SFTP file transfer is selected, the user activity log archive
file is transferred to the configured remote FTP or SFTP location. If
the copy or file transfer of the user activity log archive fails, an alarm
is raised. Use Procedure 240 to manually purge and archive the
user activity logs.
• Never
• When Records are Added to the Database
• When Records are Removed from the Database
If the archiving strategy is “When Records are Added to the

Database”, then each time a record is added to the UAL database,
it is also appended to the local archive file of the current day.
If the archiving strategy is “When Records are Removed from the
Database”, then each time a purge of the UAL database happens,
the purged records are appended to the local archive file
corresponding to the date of the “Event Time” of the record.
Delay Before a Record is A time period before user activity logs are deleted from the shared
Deleted from the Archive directory where they are archived.
The parameter is enabled when the Archiving Strategy parameter is
set to When Records are Added to the Database or When Records
are Removed From the Database.
This parameter is disabled if the Archiving Strategy is set to Never.
The default value is 7 d.

Setting Description
Compress Archive When the parameter is enabled, the user activity log archive files in
the shared directory are compressed daily to minimize disk space
usage.
The parameter is enabled when the Archiving Strategy parameter is
set to When Records are Added to the Database or When Records
are Removed From the Database.
This parameter is disabled if the Archiving Strategy is set to Never.
By default, this check box is selected, if the Archiving Strategy is not
set to Never.
File Transfer

• FTP
• SFTP
The default value is No file transfer (Keep files in ‘shared/common’).

If this option is selected, the archive is copied to
$AMS_EXTERNAL_SHAREDDATA_HOME/ualarchiving/.

This parameter is disabled if Protocol is set to No file transfer (Keep
files in ‘shared/common’).
Directory The directory for file transfer in the remote FTP or SFTP host.
Username The username to log in to the remote FTP or SFTP host.

Password The password to log in to the remote FTP or SFTP host.

Re-Type Password This parameter is disabled if Protocol is set to No file transfer (Keep
Syslog
Send User Activity Log When the parameter is enabled, the user activity log records are
Records to Syslog sent to syslog server so that a single user activity log record is not
lost.
The check box is deselected by default.
Application Name The name of the application that is logging into syslog server.
This field is disabled when Send User Activity Log Records to
Syslog parameter is not selected.
Default value is 5520AMS_UAL.
(2 of 2)

Procedure 240 To purge and archive alarm or user activity log files
If the copy of alarm or user activity logs to the $AMS_EXTERNAL_SHAREDDATA_HOME
directory fails due to some reason, or if the transfer of alarm or user activity logs to the remote
SFTP or FTP location fails due to password expiry or incorrect username, or other reasons, a
‘Alarm Archive Copy Failure’ or ‘User Activity Log Archive Copy Failure’ alarm is raised. Check the
file transfer settings in the Alarm Settings or User Activity Log settings in the Administration tree.
Check the intra-cluster links. Once the problem is corrected, you can manually purge and archive
the alarm or user activity logs using the following procedure. The alarm is cleared after the copy
or transfer of the archive is successful.
1 In the Administration Tree, choose any of the following options:
• Choose EMS Administration→Configuration→Alarms→Alarm Settings, to purge and

archive alarms.
• Choose EMS Administration→Configuration→User Activity Log Settings, to purge and
archive user activity logs.
2 Right-click Alarm Settings or User Activity Log Settings and choose Actions→Force Purge &
Archive.
Result: The Force Purge & Archive dialog opens, with the confirmation message: Are you
sure you want to force a purge and archive of the data now?
3 Click Yes.
Result: The alarm or user activity logs are purged and archived.
27.3 Viewing user activity logs

User activity logs show a list of tasks that are performed during client sessions by
one or more users, and the results of each action. Tasks that are logged include:
• NE creation and deletion
• Software backup
• Software restore
• Software download
• Attribute setting
When you choose a task in the user activity log, the arguments and result of the task
are displayed in the Object Details panel.

To facilitate audits of the changes made to objects using the 5520 AMS GUI, NBI or
server scripts, the Arguments of the User Activity Log records both the old and new
values of the changed attributes only.
Note 1 — Logging of old values is only provided for
modifications performed from the Object Details view in the
Network and Administration Tree. Logging of old values is not
supported for the modifications triggered from the following
operations:
• Multiple edits
• Actions or application specific menus
• Object deletion
• Application specific views such as editing a schedule or a
template
Note 2 — In the 5520 AMS GUI, only 255 characters of the

records in the Argument column are displayed. If the record
exceeds 255 characters, it is suffixed by an ellipsis (...).You can
view the full entry of such records by double-clicking the row in
the Object Details view.
Note 3 — The User Activity Log records are sent to syslog
server through syslog daemon. An alarm is raised when the
syslog daemon is down. The alarm gets cleared when the
syslog daemon is up and running.
The Result field includes the text of any error messages that were displayed for a
failed task. The Applications field displays the type of user activity performed by the
task. Table 101 applications in the user activity log view describes the applications
that appear in the user activity log.

Table 101 Applications in the User Activity Log view
Application User activity
Action Changes to action settings.
Alarm Changes to alarm settings, or performance of a follow-up action on

an alarm object, manual clearance of alarms from the Alarm view
Backup/Restore Performance of backup or restore operations, or changes to backup

and restore settings
Cut-Through Performance of any TL1 or CLI cut-through operation
Import/Export Performance of any data import or export operations
Licensing Addition, deletion, or modification to licenses for the 5520 AMS
Multiple Edit Edit of multiple objects at one time

NE List Changes to PAPs, creation, deletion, or supervision of NEs,
performance of reachability tests
NE type and release Creation, modification, and deletion for NEs of the specified type
(for example, GPON.4.4.10) and release
Operator defaults Changes to the default settings associated with operators
PM Changes to PM settings, start, stop, or restart object monitoring
Scheduler Changes to the Scheduler application
Security Changes to user settings, and deletion of active sessions
SIP Performance of any SIP operation

Site Changes to any settings on the Site object, including SNTP server
Software Download Performance of software download operations and changing

related settings
Template Creation, deletion, or deployment of templates
TFTP Server Changes to TFTP server settings
TL1 Gateway Performance of any TL1 Gateway operations, including logging in

to and out of the TL1 Gateway
User Management Creation, deletion, or modification of users and their roles
NBI application NBI user management operations, NBI NE management

operations and NBI Test and diagnostic operations
Note — If the check box ‘Hidden Account (Operations are not

logged)’ is enabled for an user account, actions of a user are
not logged in the user activity log.

Procedure 241 To view user activity logs
1 From the 5520 AMS main menu, choose Window→Show View→Other.
2 Expand Other in the Show View window.
3 Choose User Activity Log in the list of available views.
4 Click OK.
Result: The User Activity Log view opens.
5 Create and apply a filter, if required. See Section 27.4 for more information about filtering
user activity logs.
6 To find the IP address that corresponds to a session:
i View user activity for the User Management application.
ii Choose the Login activity for the session for which you need the IP address.
Result: The IP address appears in the Arguments field in the Object Details panel.
27.4 Filtering user activity logs

You can create, apply, save, and delete filters for the user activity log. You can create
private filters that are only available to your user account, and public filters that are
available to all users. For example, you can filter the list to show only the following
tasks:
• Performed by one or more user accounts
• Performed by one or more applications
• Performed within a specific period of time (either today, this week, this month, or
between two user-configured start and end times)
• Pertaining to NEs or objects whose names match user-configured filters
• Performed during a session where the session ID matches a user-configured filter
Procedure 242 describes how to apply a filter to the user activity log and
Procedure 243 describes how to delete a filter.

Procedure 242 To apply a filter to the user activity log
1 View the user activity log, as described in Procedure 241.
• To create a new filter, go to step 3.
• To load a saved filter, go to step 8.
3 Click the Filter icon ( ) and select Edit.
Result: The Filter Configuration window appears.
4 To create a simple filter, select the check box beside the attribute you need to filter and
configure the options.
For the Users, Applications, Operations and Date attributes, you can select multiple items
from the lists that are provided. For the NE Name, Object Name, Session, and Arguments
attributes, you must provide a string for the filter (for example, a session ID for the Session
attribute).
5 To create a complex filter, perform the following.
i Click the Advanced tab.
ii Select the Match all of the following or the Match any of the following, depending on your
requirements.
iii From the first drop-down menu, select an attribute (for example, User).
iv From the second drop-down menu, select an operator phrase (for example, Contains).
v In the field, enter a string for the filter phrase (for example, Admin).
vi To add more filter phrases to your filter, click the + and repeat steps iii to v.
6 Click OK.
Result: The new filter is applied to the user activity log.
7 Go to step 9.
8 Click the Filter icon ( ) and select the name of the saved filter you need to apply.
Result: The filter is applied to the user activity log.

9 To edit the active filter, perform steps 3 to 7.
10 To save your filter, perform the following.
i Click the Filter icon ( ) and select Save As.
Result: The Save Filter As window appears.
ii Enter a name for your filter in the Filter Name field.
iii Select Private or Public.
Private filters are only available to the user that created them. Public filters are available
to all users.
Procedure 243 To delete a filter
1 View the user activity log, as described in Procedure 241.
2 Click the Filter icon ( ) and select Delete.
Result: The Delete Filter window appears.
3 Select the filter you need to delete from the list.
4 Click OK.
Result: A confirmation dialog appears. Click OK to proceed.
5 The selected filter is deleted.
27.5 Saving user activity logs to file

Perform this procedure to save user activity logs to a file on a 5520 AMS client.

Procedure 244 To save user activity logs to file
1 Filter the set of user activity logs that you need to save. See Procedure 241 to view user
activity logs.
2 Click the View Menu icon ( ) and select Save As.
Result: A Choose file window opens.
3 Choose a location to save the file, and enter a name for the file.
4 Click Save.
Result: The log is saved to the file as a set of values separated by delimiters. The default field
delimiter is a comma. See Procedure 210 and the 5520 AMS User Guide for more
information.
27.6 Viewing user login statistics

Perform the following procedure to display user login statistics for a user account.
Procedure 245 To view user login statistics
2 Select the user account for which you want to view statistics.
3 Click the Statistics tab in the Object Details view to display the login statistics for the selected
user.
27.7 Viewing tracing logs

You can view different types of tracing log files from the 5520 AMS GUI, such as:
• Alarms
• Alarms DB
• Inventory
• Metadata

• MObject
• SNMP
Before you proceed, ensure that you have enabled the tracing levels. See
Procedure 161 for more information. Logs can be viewed only for enabled detailed
tracing levels.
Note — The tracing logs aggregate data from all the application
servers. The text at the top of the log files indicates if the
application server is reachable or not.
Procedure 246 To view and save tracing log files
1 Right-click an NE and choose Show→Log.
Result: The Show EMS Tracing Log dialog opens.
2 Select any one of the log types in the EMS Tracing field.
3 Click Finish.
Result: The View Server File dialog opens.
4 Select the log file and perform one of the following steps:
• Click Open to open and view the log file.

• Click Save on Client to save the log file to any location in the client.
27.8 Viewing system logs

You can view system logs from the Administration perspective. The logs are saved
and displayed according to your GUI preferences.
Procedure 247 To configure 5520 AMS GUI preferences for saving files
1 From the 5520 AMS menu bar, choose Window→Preferences.
2 Click General to display the General GUI Preferences panel.

3 To be asked where to save files each time, select the Always ask me where to save files
option. When you open a file from the GUI or click Save on Client, a Save As window opens.
4 To set a directory to save files to when opening them from the GUI, perform the following
steps:
i Select the Save files to.
ii Click Browse and navigate to the directory where you want to save the files. Click OK.
When you open a file from the GUI or click Save on Client, the file will be saved to the
directory you choose and opened.
Result: A Save As window will not open.
5 Click Apply to save the changes.
6 Click OK to close the Preferences window.
Procedure 248 To view system logs
1 From the Administration perspective, choose one of the following steps:
• EMS Administration→EMS System→Site→Application & Data Servers→Application

Server
• EMS Administration→EMS System→Site→Application & Data Servers→Data Server
2 Right-click the server object and choose Actions→Show Log File.
Result: The View Server File window opens and displays the available system logs.
3 Choose the log you need to view and click one of the following:
• Open
• Save on Client
Result: The file is saved or opened according to the GUI preferences you set in
Procedure 247.

Procedure 249 To tail system logs

Server
2 Right-click the server object and choose Actions→Show Log File.
Result: The View Server File window opens and displays the available system logs.
3 Choose the log you need to view and click Tail.
Result: The Tailing file: <log _name>.log window opens. The text area of the window displays
up to 100 lines of the content of the log. For example, if a log file consists of 1000 lines at the
time the tail request is sent to the server, only the last 100 lines of the log are displayed in
the Tailing file: <log _name>.log window. When a new response is received, the display rolls
over to the latest update.
You can perform any of the following actions, as required:
• Click Pause to pause the tailing of the log file.

• Click Resume to resume the tailing of the log file. The Resume option is visible only if you
have paused the tailing of the log file.
• Right-click and choose Select All to select the entire content of the log in the text area of
the Tailing log: <log_name>.log window. You can also select parts of the log in the text
area. Right-click and choose Copy to copy the selected content of the log file to the
clipboard.
Note 1 — Tailing more than 1 log file simultaneously could affect system
performance. It is recommended that no more than 5 log files be opened
simultaneously for tailing.
Note 2 — A maximum of 15 files can be opened for tailing at one time in

a client.
Note 3 — Tail requests are sent to the server at regular intervals. Even
when there are no new updates to the tailed log file, the client will send
requests for new content as long as the tail window is open for the log file.
In the case of errors, requests for tailing information will be retried 5 times,
after which the tail requests are stopped and the message "Error in tailing
file" is displayed in the tail window.

27.9 Clearing log files

The 5520 AMS controls the size of the log files. You can clear the contents of log files
using a script that is provided with the 5520 AMS. If you receive an alarm indicating
that log files are oversized, or if you need to clear space, use this script to empty the
log files.
Caution — Do not delete the 5520 AMS log files.
Before you proceed, you need to be able to log in to the 5520 AMS server as amssys.
See Procedure 8 to log in to a 5520 AMS server as amssys.
Procedure 250 To clear log files
1 Log in to the 5520 AMS application or data server as amssys.
2 Change to the scripts directory by typing:
cd bin ↵
3 Clear log files by typing:
./ams_reset_logs.sh ↵
The script confirms that the logs are reset:
Done! Logs are reset now.
27.10 Configuring system logs

System logs record the details of significant system events related to alarms,
security, SNMP tracing, server activity, and software licenses.
The 5520 AMS maintains the logs, traces and debug files as described in Table 102
and Table 103. You can configure many of these logs. See Procedure 251 to
configure system logs and Procedure 253 to enable or disable a log.
You can also modify the log level, log type, collect log or debug files and reset the
log or debug files, and enable or disable syslog mode, and change syslog facility on
all the 5520 AMS servers. For more information, see section 31.51

By default, the log files are stored in the $AMS_LOG_DIR directory and the traces
and debug files are stored in the $AMS_DEBUG_DIR directory.
Table 102 System log files
Filename Description Default Default

maximum maximum
file size number of
(Mbytes) archives
Configurable logs
ams_copy_datafiles.log Records activity of the script and logs 7 3

errors and warnings
backup.log Records NE backup activity 5 3
license.log Records license audits and the 5 3

addition or removal of licenses
security.log Records each time a user logs in to: 10 10

• start a client session
• logs out to end a client session
• fails authentication; the source IP
address of the user is logged
when the user login is success or
failure.
• accesses 5520 AMS client
distribution page to download the
AMS client.
• is locked out, or is unlocked
If the check box ‘Hidden Account

(Operations are not logged)’ is
enabled for an user account,
successful login and logout of the user
are not logged in the security.log.
server.log(1) Records the internal details of server 10 10

activity
migration.log Records the migration steps, migration 5 3

errors and warnings
inventory.log Contains information of inventory 20 10

collection jobs, real time update event,
and OSS job.
processmonitor.log(1) Records activity of the process monitor 10 3
replication.log Records details about replication 5 3

errors
Non-configurable logs
ams_ems_service.log Records starting of the process 5 3

monitor
geomonitor.log Records health status of each site at 10 3

regular intervals and logs related to the
geographic switchover in each server
(1 of 2)


maximum maximum
file size number of
(Mbytes) archives
snmpstats.csv Records details of SNMP timeouts and 5 3

average round trip time
switchover.log Records switchovers of the data 1 —

server in a cluster
test_extension.log(2) Records details about health check for AMS_TRA AMS_TRA

5520 AMS CELOG_M CELOG_M
AX_FILE_S AX_NUMB
IZE ER_FILE
ams_backup.log Records details about backup 1 3

operation
ams_restore.log Records details about restore 1 3

operation
ams_nebackup.log Records output of AMS NE backup 1 3

operation
ams_nerestore.log Records output of AMS NE restore 1 3

operation
importexport.log Records import and export activity 5 3
(2 of 2)
Notes
(1) An EMS alarm “One or more applications/plug-ins not running” will be raised by the application server if not all
applications, plug-ins, or services are running properly on any AMS server. Depending on the nature of the error
and AMS services startup success, raising the alarm may fail if alarm services do not start properly. In such
cases, the operator must check the system logs for errors (server.log and processmonitor.log).
(2) The AMS_TRACELOG_MAX_NUMBER_FILE and AMS_TRACELOG_MAX_FILE_SIZE are the variables
defined in procMon.conf file.
Table 103 Traces and debug files

maximum file maximum
size (Mbytes) number of
archives
alarm.log Records alarm resynchronization 10 3

events and changes to alarm
counters due to new or cleared
alarms
clustertopology.log Records changes to the master 5 3
application server (application server
switchover)
cutthrough.log Records activity of the CLI/TL1 5 3

cut-through application
server.log(1) Records the internal details of server 20 20

activity
(1 of 4)


archives
jboss_service.log Records AMS services deployment 10 10

(start/stop) log
remoting.log Records connection events of JMX 5 10

connection between servers in
cluster
netconftracing.log Records the NETCONF requests and 10 10

responses between AMS and
NETCONF agents
clitracing.log Records the requests and responses 5 3

between AMS and CLI-managed
agents, such as CMTS
backup_check_server.lo Debugs log for running backup 5 5

g consistency check on Backup Check
Server
backup_check_server_s Used to track the connection and 5 5

tatus.log communication between AMS server
and Backup Check Server
threadmonitor.log Records, if there are any threads 5 3

running for a long time
traps.log Records SNMP traps from NEs to the 5 3
5520 AMS
mobject.log Records invocations at the remote 10 10

layer
snmptracing.log Records details of SNMP tracing 10 10

getconfigxml.log(2) Records details about configurations AMS_TRACEL AMS_TRACE
OG_MAX_FIL LOG_MAX_N
E_SIZE UMBER_FILE
getconfigxml.trace(2) Records details about traces of AMS_TRACEL AMS_TRACE

configurations OG_MAX_FIL LOG_MAX_N
E_SIZE UMBER_FILE
jboss.jdk.stdouterr.log Records details about startup — —

information of JBoss application
naf.log Records details about 5530 NAF 5 3
nbi.log Records request invoked at the 5 10

north-bound interface. The log
contains the following information:
• SourceIP address
• X-Forwarded-For header
• Username
• NBI operation name
• Time and date of execution of an
NBI operation
performance.log Records details about performance 5 3
(2 of 4)


archives
processmonitor.err Records activity of the process — —

monitor errors
processmonitor.trace Records activity of the process 1 3

monitor tracing
report.log Records details about the reports 5 3

generated by 5520 AMS.
sma.log Records details about subscriber 5 5

management
sql.log Records details about total number of 5 3

queries
swmgmt.log Records details about software 10 10

management
templateperf.log Records details about template 5 3

performance
transaction.log Records details about the 5 10

transactions
twiddle.log Records details about twiddle 0.1 2

command
ams_backup.trace(2) Records details about backup AMS_TRACEL AMS_TRACE

operation tracing OG_MAX_FIL LOG_MAX_N
E_SIZE UMBER_FILE
ams_restore.trace(2) Records details about restore AMS_TRACEL AMS_TRACE
operation tracing OG_MAX_FIL LOG_MAX_N
E_SIZE UMBER_FILE
ams_nebackup.trace(2) Records details about NE backup AMS_TRACEL AMS_TRACE

tracing OG_MAX_FIL LOG_MAX_N
E_SIZE UMBER_FILE
ams_nerestore.trace(2) Records details about NE restore AMS_TRACEL AMS_TRACE

E_SIZE UMBER_FILE
update_firewall.log(2) Records details about updating the AMS_TRACEL AMS_TRACE
firewall OG_MAX_FIL LOG_MAX_N
E_SIZE UMBER_FILE
update_firewall.trace(2) Records details about update firewall AMS_TRACEL AMS_TRACE

E_SIZE UMBER_FILE
ams_geosetup.log(2) Records details about AMS cluster in AMS_TRACEL AMS_TRACE

geo-redundant setup OG_MAX_FIL LOG_MAX_N
E_SIZE UMBER_FILE
ams_geosetup.trace(2) Records details about traces of AMS AMS_TRACEL AMS_TRACE

cluster in geo-redundant setup OG_MAX_FIL LOG_MAX_N
E_SIZE UMBER_FILE
ndd_settings.log Records details about ndd tool that is 1 —

used to change the TCP-IP stack
settings
(3 of 4)


archives
database_access.log Records details about the connection 10 2

and disconnection actions to or from
the database by any user other than
the AMS user. This log contains the
details such as username,
timestamp, and database name
spring.log JBoss WildFly’s built-in log file, AMS 5 3

does not use it
hibernate.log JBoss WildFly’s built-in log file, AMS 5 3

does not use it
amssys.log Records details about all the scripts 30 20
when the Syslog mode is enabled.
The log file contains the script name,
level and message details. You can
change the default configuration for
amssys.log to adapt the size,
retention period from the
configuration file located in the path
/etc/logrotate.d/amssys.log
(4 of 4)
Notes
(1) An EMS alarm “One or more applications/plug-ins not running” will be raised by the application server if not all
applications, plug-ins, or services are running properly on any AMS server. Depending on the nature of the error
and AMS services startup success, raising the alarm may fail if alarm services do not start properly. In such
cases, the operator must check the system logs for errors (server.log and processmonitor.log).
(2) The AMS_TRACELOG_MAX_NUMBER_FILE and AMS_TRACELOG_MAX_FILE_SIZE are the variables
defined in procMon.conf file.
Data is added to each system log until the file reaches a user-configured size limit.
When the file reaches the size limit, the 5520 AMS renames the file by appending the
index number 1 to the filename (for example, system.log.1), and increments the
index numbers of all other archives for the same log. The 5520 AMS then creates a
new, empty system log file with the original filename to record further information.
New archives are continually created as each system log reaches its size limit, but
only a limited number of the most recent archives are retained. You can configure the
number of files to retain separately for each type of log file. When the number of
archives for a system log reaches this limit, the 5520 AMS deletes the oldest archive
whenever it creates a new archive of the same type.
amssys.

Procedure 251 To configure system logs
Note 1 — This procedure does not apply to setting the tracing level for
an NE. See Section 20.24 for information about configuring EMS tracing
settings using the 5520 AMS GUI.
Note 2 — It is recommended that you contact Nokia technical support for

assistance to perform this procedure.
cd $AMS_LOCALDATA_HOME/server/wildfly/server/amssys/configuration/
ii Execute the following command to open the file for editing in a text editor:
vi standalone-full-ha.xml
3 Search the standalone-full-ha.xml file for the section about the system log file you need to
configure. Each system log file has an entry resembling the following:
<property name="fileName" value="${jboss.server.base.dir}/debug/filename"/>
where filename is the name of the system log file you are configuring, such as alarm.log. See Table 102 for a
list of system log filenames.
4 Configure the parameters for the log file:
i To configure the maximum file size for the log file, find the first instance of the following
line below the line you found in step 3:
<property name="rotateSize" value="value"/>
where value is the current maximum file size for the log file. See Table 102 for the default values for each
type of log file.
Change the value to the new maximum file size.
ii Configure the maximum number of archive copies retained for the log file. Find the first
instance of the following line below the line you found in step 3:
<property name="maxBackupIndex" value="value"/>
where value is the current maximum number of archive files to retain. See Table 102 for the default
values for each type of log file.

Change the value to the new maximum number of archive files to retain.
5 Save and close the standalone-full-ha.xml file
Note — You need to restart the server for the configuration changes to
take effect. The 5520 AMS starts using the new values within a few
minutes after you save the standalone-full-ha.xml file.
Procedure 252 To change the log levels

Perform this procedure to change the log levels managed by ams.conf file. See Table 102 and
Table 103 for information on the log files managed by ams.conf file.
Note — It is recommended that you contact Nokia technical support for

cd $AMS_SOFTWARE_HOME/conf/
vi ams.conf
3 Edit the parameters described in Table 104. The possible values to be configured are
described in Table 105.
Table 104 Configuration parameters to change log levels
AMS_PROCESSMONITOR_TRACELEVEL This parameter is used to change the log levels for

processmonitor process
AMS_REPLICATION_TRACELEVEL This parameter is used to change the log levels for

replication process.
(1 of 2)

AMS_SCRIPTS_TRACELEVEL This parameter is used to change script log level
and some examples are:
• ams_updatefirewall
• ams_geo_configure
• ams_backup/ ams_restore
(2 of 2)
Table 105 lists the possible values to be configured:
Table 105 Possible scenarios and values
Possible scenario Value

ERROR 1
MAJOR 2
INFO 3
DEBUG 4
METHOD 5
4 Save and close the ams.conf file.
Note — You do not need to restart the server for the configuration
changes to take effect. The 5520 AMS starts using the new values within
a few minutes after you save the ams.conf file.

Procedure 253 To enable or disable a log
Note 1 — This procedure does not apply to setting the tracing level for
an NE. See Section 20.24 for information about configuring EMS tracing
settings using the 5520 AMS GUI. To enable SNMP tracing for an NE,
see Procedure 161.
Note 2 — It is recommended that you contact Nokia technical support for

cd $AMS_LOCALDATA_HOME/server/wildfly/server/amssys/configuration/
vi standalone-full-ha.xml
3 Search the standalone-full-ha.xml file for an entry similar to the following:
<logger category="LOGTYPE" use-parent-handlers="false">
<level name="TRACE LEVEL"/>
<handlers>
<handler name="LOGTYPE_FILE"/>
</handlers>
</logger>
where:
LOGTYPE is the type of log you need to configure: SECURITY, LICENSE, or ALARM.
TRACE LEVEL is one of the following: DEBUG, ERROR, INFO, or WARN.
LOGTYPE_FILE is one of the following: SQL_FILE, SECURITY_FILE.
For example:
<logger category="SECURITY” use-parent-handlers="false">
<level name="INFO"/>
<handlers>
<handler name="SECURITY_FILE"/>
</handlers>

</logger>
4 In the line <priority value=“TRACE LEVEL”/>, replace TRACE LEVEL with one of the
following:
• DEBUG: enables logging of all messages

• ERROR: enables logging of error messages only
• INFO: disables logging
• WARN: enables logging of warning or error messages
5 To disable tracing, perform the following:
i Reset the tracing to the highest level by changing the priority value to FATAL.
ii Wait several minutes for standalone-full-ha.xml file to process the change.
iii When the tracing level has changed, remove the category name, priority value, and
appender-ref ref lines for the category.
6 Save and close the standalone-full-ha.xml file.
Note — You need to restart the server for the configuration changes to
take effect. The 5520 AMS starts using the new values within a few
minutes after you save the standalone-full-ha.xml file.
27.10.1 Changing the log type

The logSettings.txt is an input file for the script ams_log_manager.sh that is meant
to modify the log settings that you can find in
$JBOSS_SERVER_DIR/configuration/standalone-full-ha.xml file. The content of the
file $AMS_EXTERNAL_SHAREDDATA_HOME/config/logSettings.txt is
automatically applied at application server startup. This applies to all application
servers in the cluster.
To change the log type, use the logSettings.txt file instead of using the script
interactively for the following reasons:
• The settings will be applied after an AMS upgrade or patch installation.
• The content of the file will be applied to all Application servers of a cluster.
• It allows to change the settings of several files in one go.
• It avoids a second restart after an AMS upgrade.
See Section 31.51 to change the log type using the script interactively.

Procedure 254 To change the log type

Perform the following procedure to change the log type managed by logSettings.txt file.
cd $AMS_EXTERNAL_SHAREDDATA_HOME/config/
vi logSettings.txt
3 Configure a single or multiple system log files for which you want to change the log type.
The format of the file must be:
filename,type,max,compress
where:
• filename is the name of the file (for example, ALARM_FILE)

• type is either 'size' or ‘duration’
• max is one of the following:
• number of KB if type is ‘size’
• number of days if type is ‘duration’
• compress is either ‘y’ or ‘n’
For example:
ALARM_FILE,size,5000000,n
4 Save and close the logSettings.txt file.
Table 106 lists the possible exit codes:

Table 106 Possible exit codes
Possible exit code Value
Success 0
File not found in 1

$AMS_EXTERNAL_SHAREDDATA_HOME/config
Syntax error, the content of the file is invalid 2
No active data server found 3

Other error 4
Note — You need to restart the server for the log configuration changes
to take effect across all the servers.
Procedure 255 To set logging level

Perform the following procedure to set the logging level.
Note — To set the logging level, the user should have the function
Cluster Settings- Edit enabled.
1 In the Administration Tree, choose EMS Administration →EMS System→Site
2 Right -click Site and choose Actions→Set Logging Level
Result: The Set Logging Level window opens.
3 Enter the Input Category.

4 Select one of the options from the Logging Level.
• ALL
• DEBUG
• ERROR
• FATAL
• INFO
• OFF
• TRACE
• WARN
5 Click Finish.
Procedure 256 To configure logging settings

Perform this procedure to configure logging settings.
Note — To configure the logging settings, the user should have the
function Cluster Settings- Edit enabled.
1 In the Administration Tree, choose EMS Administration →EMS System→Site
2 Right-click Site→Actions→Logging Settings
Result: The Logging Settings window opens.
3 Select one of the following option:
• Continue logging
• Suspend logging
4 Click Finish.

27.10.2 Configuring the expiry of database logs

The database stores a binary log file that describes the modifications to the
database. The binary log is used for replication and for certain data recovery
operations. There is a setting in database "expire_logs_days" (specified in my.cnf
file) which controls the number of days the logs are saved before their automatic
removal. The default value is set as 2 in 5520 AMS. This means if the redundant
database server or geo-standby site is down for more than two days after the
replication is started, a "full sync" is required. The logs will grow based on the number
of operations performed and the server will need to have enough disk space to create
logs for two days.
27.10.3 Auditing and identifying security violations

The following table describes the security action and the related log file information.
Table 107 Security actions and related log file
Security action Related log file

Track unsuccessful login attempts security.log
(1)
Track successful login attempts
Track if the maximum number of logins has been

exceeded
Track unauthorized attempts to access resources Not applicable
The command menu is hidden for the
commands that are forbidden for a
particular user. Hence the forbidden
commands cannot be executed.
Track configuration changes User Activity log

(2)
Track executed operations and related results
Track changes in user profiles
Notes
(1) The security.log file is a separate file that exists in the system.
(2) The user activities are logged in the AMS database and does not exist as a separate file. You can view the User
Activity log from the 5520 AMS GUI. For instructions, see Procedure 241.
27.11 Configuring event log settings

This section describes procedures to configure the event log settings using the Event
Manager.

Procedure 257 To configure event logs

Navigate to the Administration perspective of the AMS GUI and perform the following procedure
from the event manager for configuring the event logs.
1 In the Administration Tree, select EMS Administration→Configuration→Event→Event

Settings.
2 Select Object Details from the menu and configure the following settings in the Event Settings
form that opens:
i In Global GUI Settings, set the Event View Refresh Interval field to the required number
of seconds. The default value is 15 seconds.
ii In Event Table Size Threshold settings, set the Raise Alarm if Database Size Exceeds
field to the required size (ranging from 1 MB to 1000 MB). The default value is 1000 MB.
iii In Event Display Configuration, configure the time period (ranging from 1 to 24 hours)
for which the events need to be displayed in the event summary view in the Display
Events in the Event Summary Page in the Last field. The default value is 12 hours.
Configure the event row navigation by selecting one of the two options, Object Details
or NE Object Tree from the drop down list in the Double Click on Event Row Navigates
to field.
iv In Archiving, configure the following with the required values:
• Archiving Strategy: You can choose the required option to define when you want the
records to be added to the database.
• Delay Before an Event is Deleted from Archive: You can configure the time delay
before an event is deleted from the archives. Range is from 7 to 120 days. Default
value is 30 days. This holds true only if the archives are not yet transferred.
• File Transfer Protocol: You can define the protocol to be used for transfer of the
archived files to the database.
Note — You cannot edit the Purging parameter value. If this parameter
value is modified all the events are removed from the database. You can
modify this parameter value only from the Actions menu.

27.12 Editing the log4j2.properties file
Note 1 — It is recommended that you contact Nokia technical

support for assistance to perform the procedures mentioned in
this section.
Note 2 — To edit the log4j2.properties file, the user should have
the function Web Console - Debugger enabled.
The log4j2.properties file is a configuration file that is used for debugging the AMS
GUI issues. You can customize not only the output destination but also the output
format.
The file log4j2.properties is available in the Presentation server at
<AMS GUI installdir>\plugins\com.alcatel.axs.gui.platform_<version>\lib\
log4j2.properties.
where,
<AMS GUI installdir> refers to the name of the 5520 AMS installation directory. For
example, the installdir is C:\AMS9.7_Client\ams
<version> refers to the release number. For example, the version is

9.6.0.201705021400 in the directory
com.alcatel.axs.gui.platform_9.6.0.201705021400
To edit the log4j2.properties file from the AMS GUI, see Procedure 258. If required
you can undo the changes to the log4j2.properties file using the Restore to default
option; see Procedure 259.
Procedure 258 To edit the log4j2.properties file

Perform the following steps to edit the log4j2.properties file:
1 In the 5520 AMS GUI, choose

Help→Support→Configure Logs.
Result: The contents of the file log4j2.properties is displayed in the Configure Logs window.
2 After making the necessary changes in the file, click Finish.
3 Restart the AMS GUI to apply the changes.

Procedure 259 Restore to default option

Perform the following steps to restore the factory default setting:

Help→Support→Configure Logs
Result: The contents of the file log4j2.properties is displayed in the Configure Logs window.
2 Click Restore to default. The default values are set immediately and Configure Logs window
is closed automatically. To apply the changes made in the file, you need to restart the 5520
AMS GUI.
27.13 Viewing AMS GUI logs
Note — To view the GUI logs from the AMS GUI, you should
have the function Web Console - Debugger enabled.
You can view the following AMS GUI log files without logging on to a Presentation
server to debug GUI-related issues:
• output.log
• output.log.* (where * is a number)
• guiAlarmLog.log
• .log
• .bak_*.log (where * is a number)
Procedure 260 To view the AMS GUI logs

Perform the following steps to view the log files:

Help→Support→Show Logs
Result: The Show Logs window opens. All the log files present in the location
<workspace>\.metadata are listed in the Show Logs window.

2 Select a log file from the drop-down list. To reload or get the updated list of the log files, click
Refresh.
3 To close the Show Logs window, click Close.
27.14 Auditing configuration file changes

You can perform an audit of the configuration files from the 5520 AMS GUI to view
the configuration file changes that have taken place in the application and data
servers.
If there is any mismatch in the parameters configured in the application or data
server, an alarm is raised. You can perform repair actions given in the alarm to
address the error.
Procedure 261 To audit configuration file changes

Perform the following steps to audit the configuration file changes in the 5520 AMS GUI.

Server
2 Right-click the server object and choose Actions→Audit Configuration File Changes.
Result: The Audit Result for the selected server is displayed in the Results window. There
are two tabs in the window - Details 1 and Details 2.
In the Details 1 tab, the configuration file changes for ams.conf, amsgeomonitor.conf,
procMon.conf, and my.cnf are listed. The information that are displayed are:
• File name
• Parameter name of the file
• Default value of the parameter
• Last user accepted value of the parameter
• Current value of the parameter
The audit result for each file and parameter is either: Missing, Misaligned, or Aligned and the
results are indicated by icons. For more information on icons, see the 5520 AMS User Guide
In the Details 2 tab, the standalone-full-ha.xml file details are displayed.

3 You can click an entry in the Details 1 tab and do any of the following:
• Click Accept Current Value - This accepts the configuration file change and updates the
last accepted user value with the current value. The 5520 AMS system clears the alarm,
if it is reported for this parameter.
On clicking Accept Current Value, the audit result for the parameter is refreshed where
the Aligned and Misaligned icons for the parameter are displayed based on the
comparison between the parameter’s Current Value and Last User Accepted Value.
• Click Restore Default Value - The last accepted user value is updated to the default value.
You are prompted for a confirmation on server restart for the changes to take effect. Copy
the default value to the corresponding configuration file in the AMS server. The 5520 AMS
system clears the alarm, if it is reported for this parameter.
• Click Restore Last User Accepted Value - You are prompted for confirmation on a server
restart for the changes to take effect. Copy the last user accepted value to the
corresponding configuration file in the AMS server. The 5520 AMS system clears the
alarm, if it is reported for this parameter.
4 To copy the audit results, click Copy All. The results are copied to your machine.
27.15 Backup and restore log files

You can back up the log files for 5520 AMS database, software and restore the 5520
AMS software.
• Backup log files for 5520 AMS database, see section 21.2.2.
• Backup log files for 5520 AMS software, see section 21.4.1.
• Restore log files for 5520 AMS software, see section 21.5.1.

Administrator Guide Syslogs
28 Syslogs
28.1 Overview
28.2 Viewing syslog system parameters
28.3 Managing a syslog server
28.4 Configuring the syslog rotation settings
28.5 Viewing security log files
28.6 Viewing alarm logs
28.1 Overview
Syslog provides a logging facility to capture and log or broadcast system secure
access and configuration changes made using TL1, CLI, and authorization actions.
You can also use the 5520 AMS to view and configure syslog parameters such as
log rotation, server type, facility, and message severity.
You can disable the remote connection flag of the syslog daemon to forward the User
Activity Log records, write large number of iptables related data to the syslog files.
For more information, see the Syslog Configuration and Redirecting IP tables logging
sections in the 5520 AMS Server Configuration Technical Guidelines.
Table 108 describes the supported syslog message types.
See the CLI Commands guide for your NE for more information about CLI syntax,
and the Commands and Messages guide for your NE for more information about TL1
syntax.
Table 108 Syslog messages
Syslog message Description
Authentication actions Logs successful and unsuccessful login attempts. See

Chapter 11 for information about viewing sessions.
CLI configuration changes Logs CLI configuration changes made by users. See the
5520 AMS User Guide for information about CLI
configuration.
TL1 configuration changes Logs TL1 configuration changes made by users. See the
5520 AMS User Guide for information about TL1
configuration.
(1 of 2)

Syslogs Administrator Guide
Syslog message Description

CLI messages Broadcasts messages to all active CLI terminals. See
section 28.3 for information about configuring this
parameter.
TL1 messages Broadcasts messages to all active TL1 terminals. See

Section 28.3 for information about configuring this
parameter.
Tracing 1 Logs protocol tracing messages 1
Video CDR Logs video CDR messages
ipsecMsg Logs ipsec security log messages
eqpt Logs equipment events, for instance, protection switch
(2 of 2)
Authenticated users can also make configuration changes using TL1 and CLI.
Before you proceed, make sure your user account is assigned the necessary
functions to perform the procedures in this chapter. See Table 19 for more
information.
28.1.1 Architecture
Syslog is a subsystem designed to handle system security logging. Other
subsystems that have messages to be logged into the system log depend on the
syslog subsystem.
The syslog subsystem uses the syslog protocol, which is a transport mechanism for
sending event messages across an IP network. The receiving server is known as an
“event message collector.” System events may be sent at the start or end of a
process, or to transmit the current status of some condition or process in the
operating system or application.
If SFTP is used as the file transfer protocol, the correct login credentials must be
provided. You can set the username and password for the NE SFTP file server in the
SNMP profile used by the NE. See section 20.5 for more information.
When the 5520 AMS server acts the SFTP server, the credential for amssftp can be
provided from the external SFTP server.
The 5520 AMS behaves as an SFTP /TFTP server when files are opened at the NE’s
such as ISAM, ISAM FTTU etc. The 5520 AMS behaves as an SFTP/TFTP client
when performing operations such as NBI, backup, syslog and so on.

28.2 Viewing syslog system parameters

Use the procedure in this section to view syslog parameters on an NE.
Procedure 262 To view syslog system parameters
1 Navigate to the NE and choose Infrastructure→Syslog in the Network Tree.
2 Expand Syslog and choose Syslog System Parameters.
Result: The Object Details view opens and displays the syslog system parameters. See
Table 109.
Table 109 Syslog system parameters
General
Maximum Message Size Displays the maximum syslog message size in bytes
Storage Capacity
Free Displays available disk space for syslogs in bytes
Used Displays the amount of space used for syslogs in bytes
Reserved Displays the space reserved for syslogs in bytes

Total Displays the total free, used, and reserved space for
syslogs in bytes
28.3 Managing a syslog server

Use the procedures in this section to:
• Create a syslog server.
• Create a syslog server message.
Procedure 263 To create a syslog server
2 Right-click Syslog and choose Create→Syslog Server.

Result: The Create Syslog Server window opens and prompts you to configure the
parameters for the new syslog server.
3 In the Server Number field, use the default or enter a server index value for the new server.
The value must be an integer from 1 to 64, inclusive.
4 Click Next.
Result: The second Create Syslog Server window opens and prompts you to configure the
parameters for syslog server. Table 110 describes the parameters for a syslog server.
Table 110 Syslog server parameters
Name Specifies the name of the syslog server
Type Specifies the type of syslog server. See Table 111 for more
information about server types.
File name When the Type parameter is set to File, this parameter specifies
the local filename used by the syslog server.
IP Address When the Type parameter is set to UDP, this parameter

specifies the IP address of the syslog server.
File Size [B]/Port Number When the Type parameter is set to File, this parameter specifies
the maximum file size of the log file. If the Type parameter is set
to UDP, this parameter specifies the UDP port of the syslog
server.
5 Configure the parameters. Table 111 describes the syslog server type options.
Table 111 Syslog server type options
Options Description
File Specifies that syslog messages are logged to local files
UDP Specifies that syslog messages are sent to the IP address and
UDP port number of the syslog server
All CLI Specifies that syslog messages are sent to all CLI-type servers
All TL1 Specifies that syslog messages are sent to all TL1-type servers
All Users Specifies that syslog messages are sent to all users
6 If the State panel is visible, choose Enabled or Disabled from the Logging drop-down menu.
• Click Finish to create the syslog server and close the Create Syslog Server window.

Result: The new syslog server is displayed in the Network Tree as Syslog Server name,
where name represents the syslog server number and name.
• Click Back to change settings.
Procedure 264 To create a syslog server message

The server message type represents the input format used to communicate with the server. You
can create multiple messages for a syslog server message. See Table 108 for a list of syslog
server messages.
2 Right-click an existing syslog server and choose Create→Syslog Message.
Result: The Create Syslog Message window opens and prompts you to configure the
parameters for the new message.
3 Choose a message type from the Message Type drop-down menu.
Note — The system appends the syslog number to the message type
string.
4 Click Next.
Result: The second Create Syslog Message window opens and prompts you to configure
the parameters for the new message.
5 Choose a syslog facility. In the Facility drop-down menu, choose an option for the method to
send messages to the remote server.
6 Assign available severity filtering options to the message. In the Severity panel, choose an
option for the message severity filtering.
Use the left-arrow and right-arrow to add and remove the options from the Available and
Selected windows. Options in the Selected column will be applied and options in the
Available column are not applied.
7 Click Finish to create the syslog server message.
Result: The new syslog message is displayed in the Network Tree by message type.

28.4 Configuring the syslog rotation settings

This section provides the steps to configure the rotation strategy between the two NE
syslog files when the current log becomes full.
Only one backup file for the syslog is supported. For example, when the configured
syslog file is “A1”, you can have only two log files—“A1” and “A2”, where A1 will have
the latest messages.
You can initiate rotation from the GUI. System-initiated rotation occurs when the log
file size exceeds the configured reserve size (see section 28.2 for information about
viewing syslog parameters). During rotation, contents of the log file are moved to the
backup file and logging continues in the main log file.
You can configure the syslog server to upload the syslog file to the remote server on
rotation.
Procedure 265 To configure the syslog rotation settings
2 Expand Syslog and choose a Syslog Server.
Result: The Object Details view displays the syslog server parameters.
3 Configure the Upload Rotated Files to the Server parameter. The options are:
• Yes: When the log file is rotated with an associated secondary log file, the primary log file
is uploaded to the remote server. When you choose this option, you need to configure the
Upload Path parameter.
• No: When the log file is rotated, the contents are moved to the secondary log file. The
contents of the secondary log file will be overwritten with the next rotation.
Procedure 266 To rotate log files

Use this procedure to force a log file rotation from the GUI. If you need the log file to be uploaded
to the remote server on rotation, see Procedure 265.
1 Navigate to the NE and choose Infrastructure→Syslog→Syslog Server in the Network Tree.
2 Choose the syslog server for which you need to rotate the file.

3 Right-click the syslog server and choose Actions→Rotate File.
4 Click Finish to confirm the rotation.
28.5 Viewing security log files

Security logs record authentication transactions, including successful and
unsuccessful attempts to log in. A security log for an NE serves a similar purpose to
the User Activity Log for the 5520 AMS.
Security logs can be viewed in the GUI.
Not all users can view security logs. If you need to view security logs, see your
5520 AMS administrator.
Table 112 describes the tasks required to create a security log.
Table 112 Security log tasks
Task See
Create a syslog server with the Type parameter set to Procedure 263
File
Add a syslog server message to the server with the Procedure 264
Message Type parameter set to Authentication Actions
(Optional) Configure the syslog server to upload the file Procedure 265
to the remote server when the file is rotated
Procedure 267 To view a security log
1 Navigate to the NE and choose Infrastructure→Syslog→Syslog Server in the Network Tree.
2 Right-click the server you need to view the log for and choose Actions→View File. Click
Finish to confirm the action.

Result: The Result page window opens and displays the contents of the security log file.
Note — If the NE does not have a security log message file, the Result
page window will display xFTP Authentication failed, where xFTP is the
file transfer mode.
28.6 Viewing alarm logs

Use the procedure in this section to view alarm logs.
The alarm log information appears in table format. To interpret the numbers that are
displayed in the Alarm Type and Alarm Numbers columns, see the alarm
descriptions in the Operations and Maintenance guide for the NE. For example, in a
7342 ISAM FTTU, if the Alarm Type parameter value is 3 and the Alarm Numbers
parameter value is 8, search for the 3 / 8 alarm ID in the Operations and Maintenance
guide for the NE. In the context of this NE, 3 represents a plug-in unit (board) alarm
and 8 represents the specific alarm problem, which is Temperature Exceeded 80
Degrees.
The Index 1 and Index 2 parameter values do not need to be interpreted, however,
you can sort the alarm log information by their column headings. Multiple alarms with
the same index value indicates that the alarms were reported on the same object
instance. For more detailed alarm information, Nokia recommends that you use the
Alarm view to display alarms.
Procedure 268 To view alarm logs

Navigate to the NE and choose Infrastructure→Alarms→Log.
Result: A table of logged alarms opens in the Object Details view, as described in Table 113.
Table 113 Alarm log parameters
General
ID — Displays a number representing the alarm

reported
Alarm Type — Displays the number representing the type

of basic alarm to which the log refers
Alarm Numbers — Displays the numbers (within the alarm
type) of active alarms in the alarm log. (1)
(1 of 2)


Changed Alarm Numbers — Displays the alarm numbers (within the
alarm type) of changed alarms
Index 1 — Displays a number representing the object

instance on which an alarm change
occurred
Index 2 — Displays a number representing the object

instance on which an alarm change
occurred
Log Time date and time Displays the date and time the alarm
change was logged
Additional Information — Displays additional information
Basic Alarm ID — Displays a number representing the basic

alarm reported
(2 of 2)
Note
(1) Alarm number 0 indicates no alarms (within the alarm type) are active.


Administrator Guide Monitoring and fault management
Monitoring and fault management

29 Managing alarm rules
30 EMS performance monitoring

Monitoring and fault management Administrator Guide

Administrator Guide Managing alarm rules
29 Managing alarm rules

29.1 Overview of managing alarm rules
29.2 Managing alarm rules
29.3 Performance graphs for alarm rules
29.1 Overview of managing alarm rules

The 5520 AMS enables users to define alarm rules to modify the normal processing
of the alarms. The alarm rule can be defined to:
• Discard an alarm.
• Modify an alarm parameter.
• Append extra information to the Additional Info/Text field.
• Call a script.
When an alarm is raised, each active alarm rule defined in the rule set is evaluated
one after the other as per the order of the rules, before the alarms are forwarded to
the master application server. The action defined in the rule is executed only on the
alarms that match the alarm criteria and have a PAP ID equal to 0 or are included in
the PAP Groups of the user who created the rule.
The number of alarm rules defined cannot exceed 50. The number of active alarm
rules cannot exceed 20.
more information.
29.2 Managing alarm rules
Procedure 269 To open the Alarm Rules view

Perform the following procedure to open the Alarm rules view.
1 In the 5520 AMS GUI, open the Administration perspective.
2 Choose Window → Show View → Alarm Rules.
Result: The Alarm Rules view opens. The table displays the following information on the
configured alarm rules.

Managing alarm rules Administrator Guide
Table 114 Alarm Rules view parameters
Order Indicates the position of the rule in the rule set.
Rule Name Indicates the unique name of the rule.
PAP Groups Specifies a comma-separated list of the PAP Groups of the user who
created the rule. The rule will only be applied to the alarms that have
a PAP included in these PAP Groups.
Status Indicates whether the rule needs to be evaluated or not, when an

alarm is raised. If the status of the rule is Active, it needs to be
evaluated.
Avg Time (ms) Indicates the time taken to evaluate this rule and to execute the action.
An average is computed on the last 24 hours.
Hits/day (Total) Indicates the number of times this rule has been evaluated in the last
24 hours, irrespective of whether the filter criteria defined in the rule
matched or not.
Hits/day (Match) Indicates the number of times this rule has been successfully
evaluated in the last 24 hours, that is, the number of times the filter
criteria defined in the rule matched.
Last Failure Date Indicates the timestampc of the last failure. If no failure occurs, a dash
is displayed (-). An example of a failure can be script queue full or
script not found. If a failure occurs, it must be logged in the server.log
(ERROR level), including the ID of the alarm that could not be
processed.
Note
(1) You can define both alarm and source criteria.
Procedure 270 To add an alarm rule

Perform the following procedure to add an alarm rule.
1 In the Alarm Rules view, click the Add icon ( ).
Result: The Add New Alarm Rule window opens.
2 Configure the following parameters for the alarm rule:

Table 115 Add or modify an alarm rule
Parameter Description Allowed values
Rule Name Enter a unique name for the Any string from 1 to 255 characters.
alarm rule. Default value: empty
Action Select the action for the alarm Possible actions:

rule. • Discard the alarm
• Modify the alarm parameters
• Append extra information to the Additional Info/Text
• Call a script
Default value: Discard the alarm

Status Select the status of the alarm • Active - If the alarm rule status is Active, the rule is
rule. evaluated when an alarm is raised.
• Inactive - If the alarm rule status is inactive, the rule is
not evaluated when an alarm is raised.
Default value: Active
Alarm Criteria Define the criteria (attributes, • Match all of the following - The alarm rule will be
operator, value) for alarm rule processed if it matches all of the defined alarm
processing. You can define criteria.
multiple criteria. • Match any of the following - The alarm rule will be
Click + to add an alarm processed if it matches any of the defined alarm
criterion. criteria.
Click - to delete an alarm
criterion.
(1 of 2)

Parameter Description Allowed values

Source Criteria Select the NE family, NE • Match all of the following - The alarm rule will be
release, and object in this processed if it matches all of the defined source
section, and then define the criteria.
source criteria (object • Match any of the following - The alarm rule will be
attributes (including custom processed if it matches any of the defined source
fields), operator, value) for criteria.
alarm rule processing.
Click + to add a source
criterion.
Click - to delete a source
criterion.
Warning - Alarm rules that
include an attribute of the
object that reported the alarm
may seriously degrade the
performance of the alarm
chain. The operator must
take into account the time
taken to retrieve an attribute
from the NE. For example,
ONT attributes are retrieved
very slowly over the OMCI
channel. The operator must
check the "Avg Time" and
"Hits/day" columns of the
Alarm Rules view, or study
the EMS Performance
Graphs to determine if the
object attribute can be
defined in the alarm rule,
without impacting
performance.
NE Family (1) Select the NE family for which Depending on the NE plug-ins installed, some of the
the rule is defined. possible options are:
• Platform (refers to objects that do not belong to an NE
plug-in)
• ISAM/FTTB/FTTN
• GPON
• G6
Default value: empty
NE Release (1) Select the NE release for • All

which the rule is defined. • List of releases of the selected NE family
Default value: empty
Object Type Select an object of the NE All objects of the NE family and release that can report an
family and release for which alarm.
the rule is defined.
(2 of 2)
Note
(1) The default value of the NE Release parameter is set to All, when you select a value in the NE Family parameter.
(2) When a specific problem is selected as criteria, the toggle suppression enabled alarms are displayed with [==TOGGLING==] <Alarm>
parameter, this parameter is used only for the Alarm filters. To add or modify an alarm rule, choose the real <Alarm> parameter.

3 Click Next.
Result: The second Add New Alarm Rule window opens.
4 Depending on the action selected in the Action drop-down list, perform the relevant steps
specified in the following table:
Table 116 Add or modify a rule (continued)
If the selected Then: Expected result of rule

action is:
Discard the alarm A summary of the options selected is displayed. If the alarm matches the alarm criteria specified
Go to step 5. in the defined rule, the alarm is discarded.
Modify the alarm • In the Alarm Parameters section, choose If the alarm matches the alarm criteria specified
parameters the alarm parameter that needs to be in the defined rule, the specified alarm
modified, and the value to which it needs to parameters are modified to the defined value in
be modified. the alarm rule. The modified alarm is forwarded
• Click + to add another alarm parameter to to the next rule in the rule set.
modify. You cannot modify the (un)Acknowledged by,
• Click Next. (un)Acknowledged via IP Address, Assigned
• A summary of the options selected is by, and Assigned via IP Address parameters.
displayed. Go to step 5. When modifying:
• The "Acknowledged" field, then the
"(un)Acknowledged by" parameter will be
set to "" and the "(un)Acknowledged via IP
Address" will be set to "127.0.0.1".
• The "Assigned to" field, then the "Assigned

by" parameter will be set to "" and the
"Assigned via IP Address" will be set to
"127.0.0.1".
Append extra • Enter the text to be appended to the If the alarm matches the alarm criteria specified
information to the Additional Info/Text field of the alarm in the in the defined rule, the Additional Info/Text field
Additional Info/Text Free Text field. of the alarm is appended with the text defined in
Multi-line string is allowed in this field. the Text field of the alarm rule. The modified
alarm is forwarded to the next rule.
• Select an attribute of the object that
reported the alarm. If an object is not
defined in the Source Criteria of the first
page of the wizard, then you can define it
here, else the values defined in the first
page are used.
• Click Next.
• A summary of the options selected is
displayed. Go to step 5.
(1 of 2)

If the selected Then: Expected result of rule

action is:
Call a script • Enter the full path of the script including the If the alarm matches the alarm criteria specified
script name in the Script (Full Path) field. in the defined rule:
The recommended script path is • If the ‘Discard the alarm’ action is selected
$AMS_EXTERNAL_LOCALDATA_HOME, in the After the Script drop-down list, the
which, by default, is alarm will be discarded after the script runs.
/var/opt/ams/local/common. • If the ‘Forward the alarm to the next rule’
The path of the script entered in the field action is selected in the After the Script
must start with ‘/’. It must not end with ‘/’. drop-down list, the alarm will be forwarded
Environment variables cannot be entered. to the next rule in the rule set after the script
The script must exist in all application runs.
servers of a cluster.
• Select the action to be executed after the
script runs, namely:
• Discard the alarm
• Forward the alarm to the next rule
• In the Available column of the Script
Arguments section, choose the alarm
attributes that can be passed as script
arguments and move them to the Selected
column.
• Select an attribute of the object that
reported the alarm. If an object is not
defined in the Source Criteria of the first
page of the wizard, then you can define it
here, else the values defined in the first
page are used.
• Click Next.
• A summary of the options selected is
displayed. Go to step 5.
(2 of 2)
5 Click Finish.
Result: The alarm rule is added.
Note 1 — The alarm rule comes into effect only for new alarm events.
Existing alarms must be cleared manually, if required.
Note 2 — When 50 alarm rules already exist, if you add another rule, an
error ‘Maximum number of rules reached’ is displayed. Click Cancel.
Note 3 — When 20 active alarm rules already exist, if the status of the
new rule is set to Active, an error ‘Maximum number of active rules
reached’ is reported. Modify the status of the alarm rule to Inactive, and
click Finish to save the rule.

Procedure 271 To modify an alarm rule

Perform the following procedure to modify an alarm rule.
1 In the Alarm Rules view, choose the alarm rule that you want to modify.
2 Click the Modify icon ( ).
Result: The Modify Alarm Rule window opens.
3 Modify the parameters as described in Table 115.
4 Click Next.
Result: The second Modify Alarm Rule window opens.
5 Modify the parameters as described in Table 116.
6 Click Finish.
Result: The alarm rule is modified.
Note 1 — The changes to the alarm rule comes into effect only for new
alarm events. Existing alarms must be cleared manually, if required.
Note 2 — When 20 active alarm rules already exist, if you modify the
status of an inactive rule to Active, an error ‘Maximum number of active
rules reached’ is reported. Modify the status of the alarm rule to Inactive,
and click Finish to save the rule.
Note 3 — When a specific problem is selected as criteria, the toggle

suppression enabled alarms are displayed with [==TOGGLING==]
<Alarm> parameter, this parameter is used only for the Alarm filters. To
add or modify an alarm rule, choose the real <Alarm> parameter.
Procedure 272 To delete alarm rules

Perform the following procedure to delete alarm rules.
1 In the Alarm Rules view, choose the alarm rules that you want to delete.
2 Click the Delete icon ( ).
Result: The following message is displayed:

Are you sure you want to delete the selected alarm rules?
3 Click Yes to delete the selected alarm rules.
Procedure 273 To change the order of an alarm rule

Perform the following procedure to change the order of an alarm rule in the rule set.
1 In the Alarm Rules view, choose the alarm rule for which you want to change the order.
2 Perform any of the following steps, as required:
• Click the Move Up icon ( ) to move the alarm rule up by one position in the rule set.
• Click the Move Down icon ( ) to move the alarm rule down by one position in the rule
set.
• Click the Move to Top icon ( ) to move the alarm rule to the top-most position in the
rule set.
• Click the Move to Bottom icon ( ) to move the alarm rule to the bottom-most position
in the rule set.
Note — The Alarm Rules table is sorted by the Order column.
Procedure 274 To change the status of alarm rules

Perform the following procedure to change the status of alarm rules.
Note — The maximum number of active alarm rules cannot exceed 20.
1 In the Alarm Rules view, choose the alarm rules which you want to activate or deactivate.
2 Click the Change Status icon ( ).
Result: The Change Alarm Rule Status window opens.

3 Choose one of the following options from the Status drop-down list:
• Active to activate the selected alarm rules.

• Inactive to deactivate the selected alarm rules.
4 Click Finish.
Result: The status of the alarm rule is changed as per the selection.
When 20 active alarm rules already exist, if you add another rule with Active status, an error
‘Maximum number of active rules reached’ is reported. Click Cancel.
Note — The changed status of the alarm rule comes into effect only for
new alarm events. Existing alarms must be cleared manually, if required.
Procedure 275 To check all alarm rules
Note — The type of an attribute or its values can change between

different NE plug-ins of the same NE family. When a filter is defined in the
alarm rule based on the value of an attribute of the object that reported
the alarm, when the rule is evaluated for the new plug-in, the filter does
not match:
• If the attribute type is different in the new NE plug-in (for example, it

was defined as an integer in the earlier NE plug-in version, but it is
defined as an enum in the new NE plug-in version).
• If the attribute is of type enum but the enum value in the filter does not
exist in the new plug-in.
Therefore, it is recommended to check the consistency of rules after a

new NE plug-in is installed or an existing NE plug-in is updated, or the
5520 AMS is migrated to a new release.

Perform the following procedure to check all alarm rules.
1 In the Alarm Rules view, click the Check All Rules icon ( ).
Result: The Check All Rules window opens. For each rule, the wizard checks:
• If the selected object in the rule exists in all selected NE plug-ins. If it does not exist, it
reports that the selected object does not exist in the NE plug-in.
• If the selected attribute in the rule exists in all selected NE plug-ins. If it does not exist, it
reports that the selected attribute of the object does not exist in the NE plug-in.
• Only for the source attribute in the "Source Criteria", if the type of the attribute in the rule
is the same in all the selected NE plug-ins. If it is not, it reports that the selected attribute
of the object is of a different type in the rule and the NE plug-in.
• Only for the source attribute in the "Source Criteria", if the units of the attribute in the rule
are the same in all the selected NE plug-ins. If they are not, it reports that the selected
attribute of the object is expressed in different units in the rule and the NE plug-in.
• Only for the source attribute in the "Source Criteria", if the selected attribute value in the
rule exists in all the NE plug-ins. If it does not, it reports that the selected attribute of the
object is expressed in a different value in the rule and the NE plug-in.
• If the internal name of the selected object in the rule is the same in all the selected NE
plug-ins. If it is not, it reports that the object has a different internal name in the NE plug-in.
• If the internal name of the selected attribute in the rule is the same in all the selected NE
plug-ins. If it is not, it reports that the attribute of the object has a different internal name
in the NE plug-in.
If no issues are detected in the alarm rules, the following message is displayed: No problem
detected.
2 Click Finish to close the window.
29.3 Performance graphs for alarm rules

The following graphs are supported in the EMS Performance Monitoring view for
alarm rules:
• <alarm rule name>-Evaluation Time: This graph shows the time taken in seconds
to evaluate the filter in the alarm rule and perform the associated action.
• <alarm rule name>-Hits: This graph shows the number of times the rule has been
evaluated. The "Total Hits" counts the hits that match the filter as well as the hits
that do not match it, whereas the "Matching Hits" only counts the hits that match
the filter.

Administrator Guide EMS performance monitoring
30 EMS performance monitoring

30.1 EMS performance monitoring overview
30.2 Graph overview
30.3 Managing EMS performance monitoring
30.1 EMS performance monitoring overview

The EMS Performance Monitoring view displays performance monitoring data for the
5520 AMS in graphs format. Each graph is accompanied by a description of the data
displayed.
Graphs show charts of the monitored parameter over a period of time. Information is
available in the following measurement periods:
• 20 minutes
• 1 hour
• 6 hours
• 24 hours
• 7 days
The different types of metric are:

• Gauge:
• The value varies (increases and decreases) according to the entity being monitored.
• The graphs plot the average value of the entity over the measured interval.
• Example: The free disk space.
• Counters:
• The value always increases. A counter measures occurrences of certain events.
• The graphs represent counter as a rate, in other words, as the number of events per
second, averaged over the measured interval.
• Example: The number of new alarms. The counter is increased by one, each time a
new alarm is generated. The 5520 AMS checks the counter on regular intervals,
subtracts the last value received, and divides it by the number of seconds in the
interval. The number arrived at is the alarms generated per second.
Each metric is collected in every 20 seconds. The 5520 AMS stores 60 samples of
the data separately for each measurement period. This means that the measurement
interval is always 1/60 of the measurement period.

EMS performance monitoring Administrator Guide
Since the metric is sampled every 20 seconds, the first measurement period is 60 x
20 seconds = 1200 seconds or 20 minutes. The next measurement period is
obtained by aggregating three samples into one. This means that the measurement
period is 3 x 20 minutes = 60 minutes or 1 hour, and the measurement interval is 1
hour/ 60 = 1 minute. The same reasoning applies to the higher measurement period.
To aggregate samples, the 5520 AMS takes the average.
30.1.1 Components of the EMS performance monitoring

view
The following figure 2 shows the different components of a graph.
Figure 2 Components of the EMS Performance Monitoring graph
Where:
1 is the Measurement interval per second/Time
2 is the Server
3 is the Description
4 is the TCA
5 is the Counter
6 is the Measurement interval
7 is the Summary of average, total, and maximum of counter interval
8 is the Graph interval
9 is the Graph

Components of the graph include:

• Y axis represents the value of the metric averaged over the measurement interval.
The measurement interval is indicated next to the selected measurement period
between the parenthesis.
• X axis represents the measurement period that always consists of 60 samples,
one sample per measurement interval. The measurement period can be 20
minutes, 1 hour, 6 hours, 24 hours or 7 days.
• Graph legend explains the meaning of the color used in the graph. In addition, the
graph legend displays for each metric a summary of the average, total or
maximum value of the metric over the measurement period. For the gauge charts,
the summary does not display the total.
30.1.1.1 Modifiers in the graph

Modifiers are used to improve readability in the graph thereby interpreting data with
ease. Table 117 describes the different modifiers that are used in an EMS
Performance Monitoring graph.
Table 117 Modifiers used in the EMS Performance Monitoring graph
Modifier Description
G Giga- The final number is obtained by multiplying the displayed

number by 1000000000
M Mega- The final number is obtained by multiplying the displayed

number by 1000000
k Kilo- The final number is obtained by multiplying the displayed

number by 1000
m Milli- The final number is obtained by multiplying the displayed

number by 0.001
u Micro- The final number is obtained by multiplying the displayed

number by 0.000001
30.2 Graph overview

The graph 3 shows the average number of completed NE backups per second within
a measurement period.
The following example shows how to interpret an EMS graph.

Figure 3 Average number of backups submitted
• X-axis: represents time.

• Y-axis: represents the number of NE backups taken per second.
The legend in the graph shows:
• Success: Shows the number of successful backups.
• Failed: Shows the failed backups.
The total is calculated based on the rendered values.
In the graph 2, the legend shows that in total 5.95 K backups or roughly 6000
backups were taken. Since there are almost three identical peaks, it means that
approximately 2000 backups were completed in each peak. See the following, to
determine the total backups shown in the legend is consistent with the data observed
within the graph.
• From the graph, the duration of a peak is about 48 minutes.
• The average rate at which NE backups are taken within the peak is approximately
700 milli = 0.7 backups per second (average per peak on the Y-axis).
The data in the graph is derived from the following calculation:

• The duration of the peak is 48 minutes = 48 x 60 = 2880 seconds
• 0.7 backups/second x 2880 seconds = 2016 backups per peak.
• There are 3 peaks with a total of 6054 backups. This is consistent with the total of
5.95 K.

30.2.0.1 How to interpret fractional values?

Some users claim that it is not possible to have less than 1 backup per second as
you cannot take half a backup. Usually, a backup takes more than a second. For
example, if 2000 backups are taken in a 45 minutes interval. To see the rate at which
you finish the backups:
Convert 45 minutes to seconds, which is 45x60= 2700 seconds.
Backup per second is 2000 backups/ 2700 seconds = 0.74 backups per second.
Note — A rate is expressed as the number of items per

second.
Gauge charts (like the number of sessions) are probably easier to understand.
However, it can be still confusing to interpret fractional values such as having 3.5
users. This is due to the rounding of values when resampled to large intervals.
For example, if there are 10 users at 10h09'20", 10 users at 10h09'40", and 0 users
at 10h10'00", then if you average the data over a minute, you have (10+10+0)/3 =
6.66 users on an average over that minute.
30.3 Managing EMS performance monitoring

There are several metric defined in 5520 AMS, some of which handle system
monitoring, and some of which are related to debugging or AMS troubleshooting.
Caution — The metric related to debugging or troubleshooting

must only be used with the assistance of Nokia support when
certain unexpected problems are detected on the 5520 AMS
system, and for this reason, are not described in detail in this
guide. These metric is not used by a 5520 AMS operator for
day-to-day operations.
You can export graphs as.jpg files.
Procedure 276 To display EMS performance monitoring data and configure TCA
1 Choose Window→Show View→Other→Other→EMS Performance Monitoring.
Result: The EMS Performance Monitoring view opens.
2 From the left panel, choose the performance monitoring counter you need to display data for.
3 If you are using a cluster, choose the IP address of the application server from the Servers
drop-down menu.

In a standalone environment, the loopback address is chosen by default.
4 Select the option for the measurement interval you need.
Result: The performance monitoring graph displays the data.
5 To add a TCA entry, click the TCA tab, and click Add.
Result: The Add TCA Entry window opens.
6 Configure the parameters as described in the Table 118.
Table 118 TCA entry settings
Metric Configure the metric of the selected PM counter in the

EMS PM view.
Type Configure the type of the selected PM counter in the EMS

PM view.
Data Set Configure the unit for the monitoring duration in minutes,
hours, or days. For example, 20m, 1h, 6h, 24h, 7d.
Threshold Value Configure the threshold value of the PM counter.
Raise Alarm When Value is The two configurable values are:

• Under the Threshold
• Above the Threshold
If the configured value is ‘Under the Threshold’, and the

value of a selected PM counter is less than the threshold
value, an alarm will be raised.
If the configured value is ‘Above the Threshold’, and the
value of a selected PM counter exceeds the threshold
value, an alarm will be raised.
Note — If at least one TCA is added to a performance counter, the string

"*" appears next to the domain name, the performance counter name in
the tree view, and next to the TCA tab under the graph of the performance
counter.
7 To delete a TCA entry, select the TCA to be deleted, and click Delete in the TCA window.
8 Click Finish.

Result: The selected TCA is deleted.
Note — You can delete multiple TCAs at a time.
Procedure 277 To export graphs
1 To export graphs, perform one of the following:
• To export only the graph you are currently viewing, click the Export Current Graph icon
( )
• To export all graphs, click the Export All Graphs icon ( ).
Note — The graphs you export will be same for the application server
and measurement chosen for the graph.
Result: The Browse for Folder window opens.
2 From the Browse for Folder window, choose the location you need to export the graphs to.
Click OK.
Result: The graphs are exported in .jpg format to the folder you chose. The title of each file
is the name of the counter set you chose in the EMS Performance Monitoring view.

Procedure 278 To convert applicationStatistics files to CSV format

The ams_app_stats_converter.sh script can be used to convert a specified applicationStatistics
file or all applicationStatistics files in a specified path to .csv file format, for plotting graphs offline,
that is, outside the 5520 AMS GUI. This is important when graphs cannot be plotted using the EMS
performance Monitoring tool due to performance issues within the 5520 AMS server.
1 Log in to the 5520 AMS server as amssys or root.
2 Execute the following command:
$AMS_SCRIPTS_DIR/ams_app_stats_converter.sh [–-outputdir
<output_directory>] [--filename <absolute path and filename of the
application statistics file> ]↵
Where:
-<output_directory> is the output directory specified by the operator where the .csv file needs to be generated.
By default, the output file generated by the script is stored under $AMS_LOCAL DATA_HOME/log. The
generated output file will contain the information from the applicationstatistics file in .csv format. This
parameter is optional.
-<absolute path and filename of the application statistics file> is the absolute path and filename of the
applicationStatistics file. If no path is specified, the script will check for the input file at
$AMS_LOCALDATA_HOME/log. If no input file is specified, then all applicationstatistics files in the
$AMS_LOCAL DATA_HOME/log directory are converted. This parameter is optional.
Note — If the input file is in .gz format, uncompress it before executing

the command.
Result: If the command is successful, the following message is displayed:
“Converted file is <output_directory>/filename”
Where:
• filename is the output file in the .csv format. For example,
<applicationStatistics_YYYY_MM_DD>.csv
• <output_directory> is the output directory where the .csv file is generated.
Note 1 — If the script fails to process an applicationStatistics file, an error

message is logged. For example, “File not found” or “Incorrect format”.
Note 2 — The raw data is recorded in the applicationStatistics file. Some

units, expressed in rate (for example, Traps/s or Events/s) are misleading,
as their counters (raw values) represent the data before the rate conversion
that is done by the 5520 AMS.

Administrator Guide Appendix
Appendix
31 5520 AMS server scripts
32 RADIUS authentication scenarios
33 Installing Web Map Server on Ubuntu

Appendix Administrator Guide

Administrator Guide 5520 AMS server scripts
31 5520 AMS server scripts

31.1 5520 AMS server scripts overview
31.2 ams_server
31.3 ams_activate
31.4 ams_audit_agent_alarm
31.5 ams_backup
31.6 ams_change_ip_subnet_server
31.7 ams_cluster
31.8 ams_copy_datafiles
31.9 ams_configure_ssh_timeouts
31.10 ams_db_defragment
31.11 ams_export
31.12 ams_exttl1gw_integration
31.13 ams_geo_configure
31.14 ams_hub_sub_link_mgr
31.15 ams_import
31.16 ams_install
31.17 ams_install_license
31.18 ams_createfirstuser
31.19 ams_link_mgr
31.20 ams_mediagw_mgr
31.21 ams_ne_cli
31.22 ams_nebackup

5520 AMS server scripts Administrator Guide
31.23 ams_nerestore
31.24 ams_show_ne_balancing
31.25 ams_remove_data
31.26 ams_ne_mgr
31.27 ams_restore
31.28 ams_retrieve_ip_by_nename
31.29 ams_retrieve_pap_ne_from_db
31.30 ams_schedule_backup
31.31 ams_splitter_mgr
31.32 ams_sw_backup
31.33 ams_switch_active_dataserver
31.34 ams_switch_authentication_local
31.35 ams_tracing
31.36 ams_uninstall
31.37 ams_update_limit
31.38 ams_user_mgr
31.39 ams_check_ssl
31.40 convert5526AMSTo5523AWS
31.41 createUsernamePassword
31.42 DEMO_IT_infrastructure_integration
31.43 ams_disable_ssl
31.44 ams_enable_ssl
31.45 getAgentlist
31.46 innotop

31.47 ams_reset_logs
31.48 retrieve_nes
31.49 ams_simplex_to_cluster
31.50 switchover_hook
31.51 ams_log_manager
31.52 ams_apps_stats_converter
31.53 ams_updatefirewall
31.54 getLicenseCounter
31.55 convert_to_shorter_line
31.56 ams_reconfigure_host
31.57 ams_support
31.58 ams_update_database_pwd
31.59 ams_renew_isam_ssh_info
31.60 ams_set_snmp_trap_port
31.1 5520 AMS server scripts overview

You can run scripts on the 5520 AMS server to perform different administrative
functions. This appendix provides an overview of the scripts that are included with a
5520 AMS license. The list of available scripts and their output may be different if you
have additional licensed applications.
Before you proceed, you need to be able to log in to the 5520 AMS server as amssys
or root, depending on the script you need.
Note — You cannot run the following scripts on Red Hat

Enterprise Linux systems:
• ams_exttl1gw_integration
• convert5526AMSTo5523AWS

Note — For AMS server related operations, Nokia

recommends to use only the scripts listed under /bin directory.
31.2 ams_server
The ams_server script is used to start and stop the 5520 AMS software, displays
information about the software that is installed, and displays the status of running
processes.
The following two log files records all messages during the ams_server script
execution:
• ams_ems_service.log records all messages for restart, status, resetgeo and
version logs.
• jboss_service.log records all messages for start and stop logs.
To run the script, log in to the server as amssys and type:
ams_server [option] command servicename ↵

where:
• option is --server = <IP address of a specific server in the cluster or geo-redundant
site>. This option enables you to run the script on a specific server in a cluster or
geo-redundant site from another server in the cluster or remote site by specifying
the IP address of the server.
• command is one of the following:

• start
• stop
• restart
• status
• resetgeo
• version
• servicename is the service name available for the command.
Note 1 — If you do not type the servicename, the default service

name for the command is executed.
Note 2 — In case of connectivity issues with the remote server
in the cluster or remote site, the command cannot reach the
provided IP address.
Note 3 — Within a cluster setup, the 5520 AMS shares the
public keys of all amssys accounts. So you will not be prompted
for the password of the amssys user account when executing
this command on a specific server within the cluster. If the
public keys of the amssys accounts are not exchanged
between geographically-redundant sites, the system will ask
for an amssys password, when the command is executed on a
server in the remote site. If you add the missing keys manually
to the servers in the remote site, you will be not be prompted for
a password when this command is executed on a server in the
remote site.
Note 4 — On most clusters, the remote host can be reached
only by IP address and not by hostname. If inter-cluster links
are not included in the DNS tables or /etc/hosts files of the
cluster nodes, the hostnames cannot be resolved. So IP
addresses need to be used. On servers where inter-cluster
links are included in the DNS tables or /etc/hosts files,
hostnames can be used.

The following subsections describe the commands and their service names for the
script.
Caution — The following commands are service- affecting

because they stop the 5520 AMS server.
• stop all (default)
• stop maintenance
• restart all (default)
31.2.1 start
The start command starts the 5520 AMS server.
Table 119 describes the service names for the start commands and the output of the
command.
Table 119 Start - service names and output
Service name Description Output
all (default) Starts all the Starting EMS services

5520 AMS
processes. The AMS server is starting up, it may
take several minutes before it is fully
operational.
arbiter Starts the arbiter Starting arbiter...
server.
This service name is The arbiter is starting up, it may take
applicable only to a several minutes before it is fully
cluster setup.
operational.
dataserver Starts the data Starting Database...
server.
The database is starting up, it may
operational.
appserver Starts the application Starting jboss...
server.
The jboss is starting up, it may take
several minutes before it is fully
operational.
31.2.2 stop
The stop command stops the 5520 AMS server.

Table 120 describes the service names for the stop command and the output of the
command.
Table 120 Stop - service names and output
all (default) Stops all the Stopping all AMS processes...

5520 AMS
processes. Stopping Process Monitor
Stopping JBoss
Stopped JBoss
Stopping Database
Stopped Database

maintenance Stops the 5520 AMS Stopping all AMS processes...
server without
rebalancing the load. Stopping Process Monitor
See Procedure 233
to stop an application
server without Stopped Process Monitor
rebalancing the load.
This service name is Stopping JBoss
applicable only to a
cluster setup. Stopped JBoss
Stopping Database
Stopped Database

arbiter Stops the arbiter Stopping arbiter...
server.
This service name is The arbiter is stopping, it may take
applicable only to a several seconds.
cluster setup.
dataserver Stops the data Stopping Database...

server.
The database is stopping, it may take
several seconds.
appserver Stops application Stopping jboss...
server.
The jboss is stopping, it may take
several seconds.
(1 of 2)


force Stops AMS Stopping Jboss
processes without
checking the FS
sync
(2 of 2)
31.2.3 restart
The restart command stops and starts the 5520 AMS server.
Table 121 describes the service names for the restart command and the output of
the command.
Table 121 Restart - service names and output

all (default) Stops and starts all Stopping all AMS processes...
the 5520 AMS
processes. Stopping Process Monitor
Stopping JBoss
Stopped JBoss
Stopping Database
Stopped Database
Starting EMS services
The AMS server is starting up, it may

operational.
arbiter Stops and starts the Stopping arbiter...
arbiter server.
This service name is The arbiter is stopping, it may take
applicable only to a several seconds.
cluster setup.
Starting arbiter...
The arbiter is starting up, it may take

operational.
(1 of 2)


dataserver Stops and starts the Stopping Database...
data server.
The is stopping, it may take several
seconds.
Starting Database...
The database is starting up, it may

operational.
appserver Stops and starts the Stopping jboss...
application server.
The jboss is stopping, it may take
several seconds.
Starting jboss...
The jboss is starting up, it may take

operational.
(2 of 2)
31.2.4 status
The status command displays the statuses of the processes that are running on the
server. The running processes depend on the role of the server.
Table 122 describes the service names for the status command and the output of the
command.

Table 122 Status - service names and output
all (default) Displays the • For a simplex server, refer to 31.2.4.2.

statuses of all the • For a cluster setup involving an application server and
processes that are a data server, refer to 31.2.4.3.
running on the
server.
arbiter Displays the status Arbiter ... Running, Disabled or

of the arbiter server. WaitingStartup
This service name is
applicable only to a
cluster setup.
dataserver Displays the status • For the master database:

of the data server.
Database (localhost) ... Disabled,
Running (Master), WaitingStartup,
Alarmed, or Stopping
• For the slave database:
Database (localhost) ... Disabled,

Running (Slave), WaitingStartup,
Alarmed or Stopping
FS sync status ... Success, Failed,

Inprogress, or WaitingStartup
appserver Displays the status • For the master application server:
of the application
server. JBoss ... Running, Disabled,
WaitingStartup, Alarmed, or Stopping
AMS server ... Disabled,

WaitingStartup, Starting, or Running
(Master)
• For the slave application server:
JBoss ... Running, Disabled,

AMS server ... Running, WaitingStartup,

Starting, or Disabled

Note — To run the status command repeatedly, type the

following command:
-l number_of_loops -p period_in_seconds
where:
• number_of_loops specifies the number of times the script
loops.
• period_in_seconds specifies the length of the period
between repetitions, in seconds.
For example:
ams_server status all -l 10 -p 60
will loop the script 10 times, with 60 second periods.
Table 123 shows the parameters that appear on the output of the ams_server and
ams_cluster status commands, and the possible statuses. Table 124 lists the
processes that appear on the output of the ams_server and ams_cluster status
commands, and the possible statuses.
Table 123 ams_server and ams_cluster status parameter descriptions
Parameter Applicability to Description

script: ams_server,
ams_cluster, both
Server status Both Indicates the individual overall status of each server. The status
parameter has the following possible values:
• Healthy: the environmental test scripts on the server are reporting
healthy, and all processes or services on the server are running.
• Degraded: at least one environmental test script on the server
reports a non-critical error, or at least one process or service on the
server is reporting a problem.
• Failed: at least one environmental test script on the server reports a
critical error, or at least one process or service on the server is in
Alarmed state.
Environment ams_server The status has three possible values depending on the status of one or
more health scripts running on the 5520 AMS system:
• Healthy: if all health scripts are reporting healthy.
• Degraded: if any of the health scripts is not reporting healthy, and
none of the health scripts is reporting critical.
• Failed: if any of the health scripts is reporting critical. The 5520 AMS
system will automatically stop all processes on the involved server.
Processes ams_server Indicates the processes status based on the status of JBoss, Database
and services. The status has three possible values:
• Healthy: if JBoss, Database and all services are running.
• Degraded: if JBoss or Database or services are not running.
• Failed: if JBoss or Database is in the alarmed state.
(1 of 3)


script: ams_server,
ams_cluster, both
Site ams_cluster The name of the local site (2)

Remote site ams_cluster In a geographically redundant installation, the name of the other site
Type ams_cluster The Type parameter has two possible values:

• Standalone: the server is operating alone
• Cluster: the server is a member of a cluster
Status ams_cluster Cluster status is a combined status of Server status and Site status. (1)
The status parameter has the following possible values:
• Healthy: the cluster is operating as expected. The environmental
test scripts on the server are reporting healthy, and all processes or
services on the server are running.
• Degraded: the 5520 AMS is operating, but problems exist.
At least one server is running as the master database, one JBoss
process is running as the master and one server has the EMS
services running. But there are some deployment failures because
of which some applications, plug-ins, or services are not running
properly in a server or servers in a cluster.
At least one environmental test script on the server reports a
non-critical error, or at least one process or service on the server is
reporting a problem.
• Unavailable: the 5520 AMS is not operating.
• Starting: at least one server in the cluster is starting up.
• Failed: the cluster is unavailable, and reports a critical error, due to
one of the following reasons:
• EMS services is not running on the active site.
• All data servers are reporting failed.
• All application servers on the active site are reporting failed.
At least one environmental test script on the server reports a critical
error, or at least one process or service on the server is in the
Alarmed state.
Members ams_cluster The host names of the servers at the site. The parameters for each
server appear in columns under the host name.
Reachable ams_cluster Indicates whether the server can be pinged at the cluster IP address:
• Yes: the cluster IP address is reachable
• No: the cluster IP address is not reachable
Geo status Both Indicates the geographical redundancy mode, and has the following
possible values:
• Manual: when automatic switchover is not enabled.
• Automatic: when automatic switchover is enabled.
• Not configured: when the geographical redundancy is not
configured.
• —: not applicable
(2 of 3)


script: ams_server,
ams_cluster, both
Geo monitor Both Indicates the status of the amsgeomonitor process. This status is
applicable only when automatic swtichover is enabled. The parameter
has the following possible values:
• Active: when amsgeomonitor is running on the active data server in
the active site.
• Not active: when amsgeomonitor is not running.
• Switchover: when geomonitor switchover is in progress.
• —: not applicable
Server Role Both Indicates the role of the server:

• A: application server
• D: data server
• AD: application and data server
• a: arbiter server
Site Role ams_cluster Indicates the role of the site. The site role parameter has three possible
values:
• Active: the server is an active data server
• Standby: the server is a standby data server
• —: Not applicable. This value appears for application servers.
Uptime ams_cluster Indicates the amount of time since the server was started.
(3 of 3)
Notes
(1) Changes to the cluster status are for notification only. This status may change at different intervals as it receives updates from the cluster.
(2) The site name can include only alphabets, digits, _ and -. No other special characters are allowed.
31.2.4.1 5520 AMS processes and statuses

Table 124 lists the processes that may appear on the list and the possible statuses.

Table 124 5520 AMS processes status parameter descriptions
Process Applicability Description Status

to script:
Running(1)
Disabled(2)
WaitingStartup(3)
Alarmed(4)
Stopping(5)
(applies only to ams_cluster)
-(6)
?(7)
Running (Master)(8)
Running (Master) (Failures)(9)
Running (Failures)(10)
Running (Slave)(11)
Starting(12)
(applies only to ams_server)
Migrating: <Step details>(13)
Success(14)
Failure(15)
Inprogress(16)
Running (online)(17)
Disabled (maintenance)
ams_server,
(applies only to ams_cluster)

ams_cluster,
both
Jboss Both Displays the status of ✓ ✓ ✓ ✓ ✓ ✓ ✓

the Jboss process.
AMS Both Displays the status of ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓

server the AMS server.
Arbiter Both Displays the status of ✓ ✓ ✓ ✓ ✓

the Arbiter.
Database Both Displays the status of ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓
the Data server.
FS sync ams_server Displays the status of ✓ ✓ ✓ ✓

status copying the shared
data file system from
the active server to
the standby server in
the replication
interval.
Process Both Displays the status of ✓ ✓ ✓

Monitor the Process Monitor
process.
EMS Both Displays the status of ✓ ✓

services the ‘ams_smf_mon’
service (applies to
Red Hat Enterprise
Linux systems only).
Notes
(1) Running: The process or service is up and running.
(2) Disabled: The process or service is not enabled or not running.
(3) WaitingStartup: The process or service is enabled but cannot start due to one of the following reasons: a) The environmental health of the
server is having a problem. b) The processes or services on which the process is dependent on, are not in the running state.
(4) Alarmed: The process or service has been restarted too frequently.
(5) Stopping: The process needs to be stopped due to dependency problems or environmental problems.
(6) -: Not applicable.
(7) ?: Unknown. This value appears when the server is unreachable.
(8) Running (Master): For the ‘AMS server’ process, this status means that the AMS server process is up and running and the processes that
only run on one application server are running. For the Data server process, this status means that the server is the active data server.
(9) Running (Master) (Failures): At least one application, plug-in, or service is not running properly in the master application server.
(10) Running (Failures): At least one application, plug-in, or service is not running properly in the application server.

(11) Running (Slave): The standby data server is receiving database updates from the active data server and is ready to start if the active data
server fails.
(12) Starting: The process or service is in the process of starting.
(13) Migrating <step details>: The migration is in progress. <Step details> comprises Step current_step_num of total_steps -
current_step_description where: current_step_num is the current migration step number, total_steps is the total number of migration steps,
and current_step_description is the description of the current migration step. This status is applicable only to the migration from the 5520
AMS, Release 9.2.10 or later to the 5520 AMS, Release 9.2.30 or later. This status is displayed only when the command is run on the
following servers: a simplex server, the master application + active data server in a cluster.
(14) Success: The shared data file system has been successfully copied from the active server to the standby server in the replication interval.
(15) Failure: The shared data file system was not successfully copied from the active server to the standby server in the replication interval.
(16) Inprogress: The shared data file system is being copied from the active server to the standby server in the replication interval.
(17) Running (online): The service is enabled and running.
The list of components shows the 5520 AMS server software and the active software
plug-ins.
31.2.4.2 Output for a simplex server

When the command is run on a simplex server running the Red Hat Enterprise Linux
operating system, the output is:
=====================================================
Setup: Simplex (Standalone)
Site name: Name of site
Server name: Name of server
Server role: Application + Data
=====================================================
Server status: Healthy, Degraded or Failed
Environment ... Healthy, Degraded or Failed
Processes ... Healthy, Degraded or Failed
Checking all AMS processes:
JBoss ... Running, Disabled, WaitingStartup, Alarmed,

or Stopping
AMS server ... Running, Disabled, WaitingStartup, Starting,

Running (Failures) or Migrating: <Step
details>
Database (localhost) ... Running, Disabled, WaitingStartup, Alarmed,

or Stopping
Process Monitor ... Running or Disabled
EMS services ... Running or Disabled

Component Version Application Core Build
-----------------------------------------------------------
ams 9.2.30 - - build number
additional components
Started on date time
Running since d days and hh:mm:ss
31.2.4.3 Output for an application + data server in a cluster

When the command is run on a server that is part of a cluster of combination
application and data servers, the output is:
=====================================================
Note: This server is part of a cluster setup, the output that follows applies
to this machine only.
Setup: Cluster
Server role: Application + Data
Intra cluster communication IP address: IP address
=====================================================
Geo status: Manual, Automatic, Not Configured, or -
Geo monitor: Active, Not active, Switchover, or -

or Stopping
AMS server ... Running (Master), Running, Disabled,

WaitingStartup, Starting, Running
(Failures), Running (Master) (Failures), or
Migrating: <Step details> (applicable only to
the active application + data server)

Database (localhost) ... Running (Master), Running (Slave),

WaitingStartup, Disabled, Alarmed, or
Stopping
FS sync status ... Success, Failed, Inprogress, or

WaitingStartup
EMS services ... Running (online), Disabled, or

-----------------------------------------------------------
where:
• date is in the format Month Day, for example, May 3.
• time is in the format hh:mm:ss yyyy.
Note — The FS sync status only runs on a server that is serving

as a standby data server.
31.2.4.4 Output for an application server in a cluster

When the command is run on a server that is part of a cluster of servers that are
either application or data servers, the output is:
=====================================================
Setup: Cluster
Server role: Application

=====================================================

or Stopping
AMS server ... Running (Master), Running, Disabled,

WaitingStartup, Starting, Running
(Failures), or Running (Master) (Failures)
Arbiter ... Running, Disabled, or WaitingStartup

-----------------------------------------------------------
where:
Note — The Arbiter process does not run on a standby server.
31.2.4.5 Output for a data server in a cluster

When the command is run on a server that is part of a cluster of servers that are
either application or data servers, the output is:
=====================================================

Setup: Cluster
Server role: Data
=====================================================
Geo status: Manual, Automatic, Not Configured, or -
Geo monitor: Active, Not active, Switchover, or -
Database (localhost) ... Running (Master), Running (Slave), Disabled,

FS sync status ... Success, Failed, Inprogress, or

WaitingStartup
EMS services ... Running (online), Disabled, or Disabled

(Maintenance)
where:
Note — The FS sync status only runs on a server that serving

as a standby data server.

31.2.4.6 Output for an arbiter server in a cluster

When the command is run on an arbiter server that is part of a cluster, the output is:
=====================================================
Setup: Cluster
Server role: Arbiter
=====================================================
Arbiter ... Running, Disabled, or WaitingStartup

-----------------------------------------------------------
where:
31.2.5 resetgeo
The resetgeo command overrules the ping-pong protection. For information about
resetgeo, see the 5520 AMS Installation and Migration Guide.

31.2.6 version
The version option displays the versions of the 5520 AMS software and the active
plug-ins.
Table 125 describes the service names for the Version command and the output of
the command.
Table 125 Version - service names and output
save [--label <label>] Creates the Creates the

[<GoldenEMSSwConfig ‘GoldenEMSSwConfig file.’ GoldenEMSSwConfig file.
filename>] (1) (2) The config file contains the
software details about the
following server components:
• core
• vaps
• plugs
• patches
• emergency fixes
You can provide a file name

and an absolute or a relative
path for the
GoldenEMSSwConfig file. If
the file name is not specified,
the output is shown on the
console.
verify Compares the details in the Generates the installed

<GoldenEMSSwConfig GoldenEMSSwConfig file with component details.
filename> the components installed on
the system.
It is mandatory to have a file
name for the
GoldenEMSSwConfig file
when using the ‘ams_server
version verify’ command.
Notes
(1) The label parameter is used for identifying the GoldenEMSSwConfig file. The label must not exceed 25
characters and must only contain alphanumeric characters. This parameter is optional.
(2) GoldenEMSSwConfig file must be in the same directory level with binary file, if you need to use “ams_install.sh
--golden” command.
Note — In the Data server, you can only view the details of the
software components such as core, patches, and emergency
fixes.

31.2.6.1 Example of version command output

An example of the output of the version command is:
5520 AMS v9.7 (rev.382828, built on 07 May 2018)
GoldenEMSSwConfig : MYGoldenEMSSwConfigLabel
Component Version Core Build Aligned
---------------------------------------------------------------
ams 9.6.07 - 382828 +
ansitl1-g6-12.3 1.0 9.6.07 382828 +
ansitl1-gpon-4.10 1.0 9.6.07 382828 -
ansitl1-isam-5.6 1.0 9.6.07 382828 +
ansitl1-isam-5.7 1.0 9.6.07 382828 +
ansitl1-isam-fgn4.4 1.0 9.6.07 382828 -
Note — The configuration file name and the Aligned column is

displayed only if the GoldenEMSSwConfig file is present. The
Aligned column indicates if the component is aligned with the
GoldenEMSSwConfig file or not. If the component is present in
GoldenEMSSwConfig file, then ‘+’ is displayed. If it is a
component that is not expected or added manually, then ‘-’ is
displayed.
31.2.6.2 Example of version save command output (no file

name provided)
An example of the output of the version save command without providing a file name
is as follows:
ams-9.3.10.1-233248
app-ansitl1-trunk-232526
app-apc-trunk-232526
app-dcscript-9.3.10.0_9.3.10-232526
app-idm-9.3.10.0_9.3.10-232526
plugin-core-g6-12.3-1.0_9.3.10-232526
plugin-core-gpon-4.8-1.0_9.3.10-232526
plugin-ansitl1-gpon-4.8-1.0_9.3.10_9.3.10-232526

plugin-apc-gpon-4.8-1.0_9.3.10_9.3.10-232526
plugin-spfe-g6-12.3-1.0_9.3.10_9.3.10-232526
ams-9.3.10.1EF1-232565
An example of the output of the version save command without providing a file name,
and with a label is as follows:
MYGoldenEMSSwConfigLabel
ams-9.6.07-382828
app-ansitl1-1.0_9.6.07-382828
app-anv-151.0_9.6.07-382828
app-apc-1.0_9.6.07-382828
app-dcscript-1.0_9.6.07-382828
31.2.6.3 Example of version verify command output

An example of the output of the version verify command is:
[Ok] ams has correct version activated
[Ok] ams-9.3.101EF1 has correct version activated
[Ok] app-ansitl1 is ignored on dataserver.
[Fail] APP-apc is not activated
[Fail] app-dcscript has version 9.3.10.0_9.3.10-232526 instead of

9.3.10.2_9.3.10-232526
[Ok] app-idm has correct version activated
[Ok] app-lrm has correct version activated
[Ok] app-spfe has correct version activated
[Ok] plugin-core-g6-12.3 has correct version activated
[Ok] plugin-core-gpon-4.8 is ignored on dataserver
[Fail] plugin-ansitl1-g6-12.7 is not activated
[Fail] plugin-apc-avginclplugs-x.y is not activated
[Fail] app-np should not be activated
[Fail] ams-9.3.10.1EF1 should not be activated
6 errors found

31.3 ams_activate
The ams_activate script is used to activate the software which ensures that the
plug-in installation environment is ready and that it will be safe to start the server.
Installing the 5520 AMS puts the software files in the correct location ready for use.
However, until you activate a server, the server is in a passive, standby mode. You
can activate the servers as part of the installation by using the --activate options, or
you can activate the servers as a separate step.
A log file named install.log records all messages during the ams_activate script
execution.
To run the script, log in as root and type:
install_dir/ams/software/release/bin/ams_activate.sh ↵
where:
• install_dir is the software directory you chose during installation. By default, this
is /opt.
• release is the release of the 5520 AMS software. An example is
ams-9.3.0-999000.
The script output is:

Initializing..
Updating settings in home account
Creating the service in SMF
Activation finished
31.4 ams_audit_agent_alarm
The ams_audit_agent_alarm script is used to reset the counters on an agent. No
options are required.
A log file named twiddle.log records the details about resetting the counters on an
agent.
To run the script, log in to the application server as amssys and type:
ams_audit_agent_alarm Internal_alarm_ID ↵
where Internal_alarm_ID is the ID of the internal alarm for which you want to reset
the counter.
The script output is:
Auditing alarm on Agent Internal_alarm_ID

31.5 ams_backup
The ams_backup script is used to create a backup of 5520 AMS data. For more
information about performing a backup, see Section 21.2.
Nokia recommends that this script be run on the standby data server in a cluster
installation.
A log file named ams_backup.log records the details about 5520 AMS backup
activity.
To run the script, log in to a data server or a combination of data and application
servers as amssys and type:
ams_backup.sh options destination URL↵
where options is any of the following:

• -h: displays help information.
• -c: excludes the common directory.
• -f: forces the backup of the active data server in a 5520 AMS cluster.
• -z: compresses the backup into a .gz file.
and destination URL can be a local file or a remote resource, where ftp and sftp
protocols are supported. The supported formats for the destination URL are:
• [file:/]/path/filename (local file)
• ftp://username[:password]@hostname/path/filename (ftp server with username
and password)
• sftp://username[:password]@hostname/path/filename (sftp server with username
and password)
• sftp://hostname/path/filename (sftp server with keybased authentication)
The following is an example of the output:
Tue May 14 13:48:19 2019 **** Starting AMS Backup ****
Archiving emlplatform ibdatadir iblogs mysql ams_backup.conf

activepkg_backup config_backup.xml ams-9.7.03-408954 AMS_SHAREDDATA_HOME
AMS_SHAREDDATA_NEBACKUP_DIR
The size of the archive file is 2.1G /var.opt/ams/users/amssys/test 1123.tar
Details in /var/opt/ams/local/ams-9.7.03-408954/log/ams_backup.log
Tue May 14 13:50:49 2019 **** AMS Backup done ****

31.6 ams_change_ip_subnet_server
When there is a need to reconfigure a cluster with a separate NIC for routing the
cluster traffic or changing the network configurations of the client, cluster, or NE, you
can use the ams_change_ip_subnet_server script. For more information, see the
The ams_change_ip_subnet_server script is used to modify the subnets of a 5520
AMS system.
Before executing the ams_change_ip_subnet_server script, all the 5520 AMS
servers in a cluster must be stopped. Using “ams_cluster stop” command causes NE
rebalancing issues after server startup. Therefore, for the script to function correctly,
each server must be stopped by executing “ams_server stop” command.
Note — The ams_change_ip_subnet_server script is not
applicable for geographically redundant configurations as it
uses ams_geo_configure script to modify a configuration. For
more information, see Section 31.13.
To run the script, log in as amssys or root user and type:

ams_change_ip_subnet_server ↵
Provide the network details for client, cluster, and NE when responding to the
questions in the command line. The IP addresses for NE network can be IPv4 or
IPv6.
Some examples of the question format that is used to gather the network details.
• For a client network:
Enter the network interface(s) for GUI clients communication:
Note: Multiple interfaces can be entered using a comma separated list eth1,
eth2
The GUI client interface(s) is “eth1,eth2”
Is this correct [no (default) | yes ]? yes
• For a cluster network:

Enter the network interface used for cluster communication:
eth2
The cluster interface is “eth2”.
Is this correct [no (default) | yes ]? yes

• For a NE network:
**** Enter the network interface(s) used for NE communication:
Note: Multiple interfaces can be entered using a comma separated list eth1,
eth2
The NE interface(s) is “eth1, eth2”
Is this correct? [no (default) | yes ]? yes
• For a preferred data server:

**** The old value of the preferred data server is xyx
Enter the IP address or DNS name of the preferred data server [

"IP-address” | “DNS name” ]:
• For an alternate data server:

**** The old value of an alternate data server is abc
Do you want to configure an alternate data server [ “IP-address” | "DNS

name” ]:
After the script is executed, restart each server in the cluster using the ams_server
start script. The new application and data servers will be up and operational.
Note — If the networking information of the client NIC is
modified, you must manually enter a new IP address in the
login window.
No log file is generated for this script.

At the end, cleanup any open alarm information that were there on the old servers,
that is, the servers using the old IP address.
To cleanup perform one of the following actions:
• Using the client: From the AMS client, navigate to EMS Administration → EMS
System → Site (server_name) → Application & Data Servers → <old machine IP
address>. Right-click and Delete the old machine.
• Using the command line: Execute 'ams_cluster deletehost <old machine IP
address>' script.
31.7 ams_cluster
The ams_cluster script is used for configuring a set of networked servers to work
co-operatively as a cluster, providing both load balancing and redundancy in case of
the failure of the application or data server.

The ams_cluster script starts and stops the servers in a 5520 AMS cluster, displays
information about the software that is installed, displays the status of running
processes, and performs a switchover for a geographically redundant installation.
A log file named ams_ems_service.log records details about ams_cluster script.
To run the script, log in to the server as amssys and type:
ams_cluster option ↵
where option is one of the following:
• restart • switch [-force] active

• start • switch [-force] standby
• start [-force] active • evacuate_ne cluster_ip_address
• start [-force] standby • unevacuate_ne
• stop cluster_ip_address weight
• status • deletehost cluster_ip_address
• status sw
• status --detailed
To execute the start, restart, stop, and status options on a specific server in the
cluster, see 31.2.
The following subsections describe the options for the script.
Caution — The following options are service affecting because

they stop the 5520 AMS servers.
• stop
• switch [-force] active
• switch [-force] standby
31.7.1 restart
Using this option, all servers that are part of a cluster are restarted in the
maintenance mode. No NE rebalancing is performed during restart.
31.7.2 start
This option starts all the servers in the 5520 AMS cluster.
Table 126 describes the sub-options for the start option.

Table 126 Start - sub-options
Sub-option Description
active Starts the cluster as the active site.
appservers Starts all the application servers in the AMS cluster.

From release 9.6.07 onwards, after the manual migration,
all the servers are started except the standby data server.
For example, consider a cluster setup with
A1+A2+A3+A4+D1+D2 servers. Start the data server (D1).
Execute the ams_cluster start appservers command. This
starts all the application servers (A1+A2+A3+A4). Do not
start the standby data server (D2).
If data is not migrated properly, the standby data server (in
this case, it is D2) is used as a rollback server to revert to
the earlier release. If data is migrated properly, the standby
data server is started.
standby Starts the cluster as the standby site.
Note 1 — If you use the -force option, the script executes

without checking the role of the other site.
Note 2 — If you use the active option and the remote site is also
active, the script will exit and you will receive an error message.
31.7.3 stop
Using this option, all servers in the 5520 AMS cluster are stopped in the maintenance
mode. No NE rebalancing is performed during stop.
31.7.4 status
This option displays the statuses of the cluster and the processes that are running
on each server.

In a geographically redundant installation, the statuses of both sites are displayed.

The local site information is displayed first followed by the remote site information.
The running processes depend on the role of the server.
Note 1 — If the local processmonitor process is not running,
running the ams_cluster status script generates the following
error message: ERROR: Local Process Monitor is not running.
Note 2 — If the remote site is down, its status will not be
displayed.
Note 3 — To run the status option repeatedly, type the following
command:
-l number_of_loops -p period_in_seconds
where:
• number_of_loops specifies the number of times the script
loops.
• period_in_seconds specifies the length of the period
between repetitions, in seconds.
For example:
ams_cluster status -l 10 -p 60
will loop the script 10 times, with 60 second periods.
Table 123 shows the parameters that may appear on the cluster list and the possible
statuses.
31.7.4.1 Output for ams_cluster status command

When this command is run on cluster server, the output is:
====================================================================
Site: Name of site
Type: Cluster
Status: Healthy
====================================================================
Server Name Role Health AMS AS DB PM Service
sys-262-03 A+a H R RM - R R
sys-262-04 A H R R - R R
sys-262-05 A H R R - R R

sys-262-01 D H - - SL R R
sys-262-02 D H - - M R R
31.7.5 status sw
This option displays a list of components showing the 5520 AMS server software and
the active software plug-ins.
If the servers in the cluster are installed with GoldenEMSSwConfig file, then it
displays the configuration file name, for example, MYGoldenEMSSwConfigLabel. If
the configuration file is not present, then it displays WrongEMSSwConfigLabel.
31.7.6 status --detailed

This option displays the detailed status of each of the servers in the AMS cluster.
31.7.6.1 Output for ams_cluster status --detailed command

When this command is run on cluster server, the output is:
===============================================
Site: Name of site
Type: Cluster
Status: Healthy
====================================================================
Server Name : sys-262-03

Cluster IP : 10.1.1.43 Reachable : Yes
Health : Healthy Site Role : -
Role : Application+Arbiter Server Geo Status : -
Application Server: Running (Master) Geo Monitor: -
AMS Server : Running Uptime : 21h 3m 17s
Database Status : -
Process Monitor : Running
Service : Running

Role : Application Server Geo Status : -
Application Server: Running Geo Monitor: -
Database Status : -
Service : Running
Role : Application Server Geo Status : -
Application Server: Running Geo Monitor: -
Database Status : -
Service : Running
31.7.7 switch
This option performs a switchover in a geographically redundant installation. The
script logs in to each data server and executes the ams_geo_configure -switch
command as needed.
Table 127 describes the sub-options for the switch option.

Table 127 Switch - sub-options
Sub-option Description
active Performs a switchover and makes the site you are logged
in to the active site.
standby Performs a switchover and makes the site you are logged
in to the standby site.
Note 1 — If you use the -force option, the script executes

without checking the role of the other site.
Note 2 — If you use the active option and the remote site is also
active, the script will exit and you will receive an error message.
31.7.8 evacuate_ne cluster_ip_address

This option evacuates the NEs managed by a particular application server to the
remaining application servers.
cluster_ip_address is the IP address of the application server from which the NEs are
moved to the remaining application servers.
Note 1 — This option can be executed only on application
servers which are up.
Note 2 — Executing this command sets the relative capacity to
manage the NEs to zero.
Note 3 — NEs will not be created on or moved to an application
server from which the NEs are evacuated until an unevacaute
command is performed on the application server.
31.7.9 unevacuate_ne cluster_ip_address weight

This option sets the weight to the specified application server and invokes the
rebalance action.
cluster_ip_address is the IP address of the application server to which you want to
set the weight and invoke the rebalance action.
weight is the relative capacity to manage the NEs.
Note 1 — Executing this option does not move back the same
NEs that are evacuated.
Note 2 — The default value of the weight parameter is 1.

31.7.10 deletehost cluster_ip_address

This option deletes the specified application server which is down.
cluster_ip_address is the IP address of the application server which you want to
delete.
Note — This command must be executed only on an
application server which is up, to delete an application server
which is down.
31.8 ams_copy_datafiles
The ams_copy_datafiles script is used to copy the persistency data from the earlier
5520 AMS release to the current 5520 AMS release:
• From a backup file (in an out-of-place migration scenario), or
• From the last active release or a previous release (in an in-place migration
scenario).
This script supports migration of data from Release 9.2.10 Patch 03 or later to
Release 9.2.30 or later. For 5520 AMS releases earlier than 9.2.10 Patch 03, this
script is not supported for migration. The script can be executed in the interactive or
non-interactive mode. For more information on the usage of the script in the
interactive mode, see the 5520 AMS Installation and Migration Guide.
A log file named ams_copy_datafiles.log records the details about the datafiles.
31.8.1 Copying data files in an in-place migration scenario

In an in-place migration scenario, persistency data is copied either from the last
active release or a previous release that exists on the server.
Log in to the 5520 AMS active data server as amssys or root, and type one of the
commands:
• To copy the data from the last active release, type:
ams_copy_datafiles --force ↵
By default, data is copied from the last active release, if the --from-release option
is not specified.
• To copy the data from a previous release which is not the last active release, type:
ams_copy_datafiles --force --from-release <previous-release> ↵
Data is copied from the specified previous release on the server.

• To overwrite existing persistency data with data from the last active release, type:
ams_copy_datafiles --force --overwrite ↵
Existing data is overwritten with the data files of the last active release.
• To overwrite existing persistency data with data from a previous release on the
server, type:
ams_copy_datafiles --force --overwrite --from-release <previous-release>
↵
Existing data is overwritten with the data files of the specified previous release.
Warning — The --overwrite option deletes the complete

persistency of the current active release. This option must be
used with extreme caution, in exceptional circumstances (for
example, if the previous copy was aborted because the disk
was full).
31.8.2 Copying data files in an out-of-place migration

scenario
In an out-of-place migration scenario, persistency data is copied from the specified
backup file.
Log in to the 5520 AMS active data server as amssys or root, and type one of the
commands:
• To copy the data from a backup file, type:
ams_copy_datafiles --force --from-backup <absolute path of backup file>
Persistency data is copied from the specified backup file.

• To overwrite existing persistency data, type:

ams_copy_datafiles --force --overwrite --from-backup <absolute path of
backup file>
Existing data is overwritten with the data files of the specified backup file.
Warning — The --overwrite option deletes the complete

persistency of the current active release. This option must be
used with extreme caution, in exceptional circumstances (for
example, if the previous copy was aborted because the disk
was full).
The following options are applicable only in the non-interactive mode:

--force enables the non-interactive mode.
--overwrite is optional, and must be used with caution. It is used in combination with
the --force option. This option overwrites the data files of the current active release
that exist in the server.
--from-release <previous-release> is used to copy data files from the specified
previous release on the server. If this option is not specified, then the data files are
copied by default from the last active release on the server.
The option displays an error if no previous release exists in the server. This option is
not applicable for copying data files to the new server in an out-of-place migration
scenario.
--from-backup <absolute path of backup file> is used to copy data files from a backup
file generated using the ams_backup.sh script in an out-of-place migration scenario.
31.8.3 Sample output of the script using the --from-backup

option
The following is an example of the output of the script while executing the script with
the --from-backup option:
Removing old data................................OK
Extracting data from backup file /backup.tar
Extracting AMS_SHAREDDATA_HOME to
/var/opt/ams/shared/ams-trunk-195815...........OK
Extracting AMS_SHAREDDATA_NEBACKUP_DIR to
/var/opt/ams/shared/common.......................OK
Extracting emlplatform to
/var/opt/ams/database/ams-trunk-195815/emlplatform....OK
Extracting ibdatadir to
/var/opt/ams/database/ams-trunk-195815/ibdatadir......OK
Extracting iblogs to /var/opt/ams/database/ams-trunk-195815/iblogs.......OK

Upgrading database...
Upgrade database successful.
31.8.4 Sample output of the script using the --from-release

option
The following is an example of the output of the script while executing the script with
the --from-release option:
Removing old data................................OK
Copying data from ams release /ams-9.2.20.0-195701
Copying MYSQL_DATA data from /var/opt/ams/database/ams-9.2.20.0-195701 to

/var/opt/ams/database/ams-trunk-195815................OK
Copying AMS_SHAREDDATA_HOME data from

/var/opt/ams/shared/ams-9.2.20.0-195701 to
/var/opt/ams/shared/ams-trunk-195815..........OK
Upgrading database.........................................OK
Upgrade Database successful.
31.9 ams_configure_ssh_timeouts
The ams_configure_ssh_timeouts script is used to enable/disable/check SSH
session timeouts. The 5520 AMS server opens multiple parallel SSH connections
with NEs during a backup operation.
A log file named ams_configure_ssh_timeouts.log is created.
Before running the script, stop the 5520 AMS server. To run the script, log in as root
or amssys and type:
ams_configure_ssh_timeouts.sh command timeout ↵

where:
• command is one of the following:
• enable—Enables SSH session timeout. This command also sets the SSH session
timeout to the value of timeout. Timeout option is mandatory for the enable command
only.
This command sets the parameter AMS_SSH_SERVER_TIMEOUT in ams.conf file.
The AMS_SSH_CLIENT_TIMEOUT is set as 30 seconds less than
AMS_SSH_SERVER_TIMEOUT.
• disable—disables the SSH session timeout.
This command sets the parameters AMS_SSH_SERVER_TIMEOUT and
AMS_SSH_CLIENT_TIMEOUT to 0.
• check—displays the current SSH timeout settings.
This command verifies if the timeout is enabled and all the parameters are set
correctly.
• timeout is maximum allowed time for a session to be idle. This option is mandatory
for the enable command only and ranges from 1-15 minutes.
The following is an example of the output of the script:

./ams_configure_ssh_timeouts.sh enable 2
SSH timeout was already set 10
Are you sure to set the timeout value to 2 ? [y (default)|n]: yes
SSH timeout is enabled. You must reconnect the SSH sessions for changes to
take effect.
31.10 ams_db_defragment
The ams_db_defragment script is used to free up disk space by defragmenting the
active data server. You can use the analyse option periodically to check for
fragmentation. For instance, you can execute the analyse option every week or once
in a month to understand the fragmentation on the disk. Then, use the execute option
to rearrange the data on the active data server and create disk space. Also, you can
use the execute option when the historical alarms table size exceeds the threshold
level and a TCA alarm is generated.
Note — The ams_db_defragment script is applicable for

simplex, cluster, and geographical redundant setups.

Ensure the following conditions are met before executing the script:
• 5520 AMS must not be running when execute option is used; whereas you can
execute the analyse option with 5520 AMS running.
• The execute option must be executed on an active data server only in a
maintenance window. After defragmentation 5520 AMS initiates a full sync cycle
from the active data server to all standby data servers. If the defragmentation is
executed on a standby data server, the defragmented data files are overwritten
when the 5520 AMS starts up again.

$AMS_SCRIPTS_DIR/ams_db_defragment.sh [all (default) | -t <table_name>]
option ↵

• analyse: Analyses and prints for each table the following data:
• number of rows
• data free size
• data length
• index length
• table size
• % fragmentation and potential disk space that can be recovered
• execute: Performs defragmentation of fragmented tables and prints:
• the database size before and after defragmentation
• disk space recovered after fragmentation
Note — After the execution of the script the active data server
must be brought up before the standby servers.
A log file named ams_db_defragment.log records the details about database

defragmentation.
The result displays the database size before and after defragmentation along with
the freed up disk size. After completion of the script execution on the active data
server, the script performs a full sync and recovers the disk space on the standby
servers.
Note — After defragmentation, the percentage of

fragmentation will be reduced to below 20%.
The following is an example of output for analyse command:

Note: The "Potential total space that can be recovered" is an estimate and
the actual disk space freed can vary from the estimated value that is
displayed in this output.

Table Name1: "TABLENAME"
Table_Rows: -----
Data_Free (Bytes):------
Data_Length (Bytes) :-----
Index_Length (Bytes):- -----
Table_Size (MB): --------
% Fragmentation: ----
Table Name 2: "TABLENAME"
Table_Rows: ----
Data_Free (Bytes):----
Data_Length (Bytes) :----
Index_Length (Bytes):----
Table_Size (MB): ----
% Fragmentation: ----
.............
Potential Total Space that can be recovered (MB): ----
The following is an example of output for execute command:

DB size before de-fragmentation (MB) :-
DB size after de-fragmentation (MB):
Disk Space Recovered (MB):
Let us consider a scenario to understand the output of database defragmenation. A

site with simplex and cluster setups uses two different database sizes - 32GB and
1.5GB - for data servers. Perform defragmentation to save disk space. The output
with performance details is shown in Table 128.
Table 128 Output of defragmenation with performance details
Type of Setup Database Size Time took for Overall Down Average
Defragmentation time(that is server Fragmentation %
stop,execute,
server start)
Simplex 32 GB 56 minutes 58 minutes 43.96
Cluster 32 GB 47 minutes 52 minutes 50.89
Simplex 1.5 GB 1 minute 3 minutes 59.81
(1 of 2)

Type of Setup Database Size Time took for Overall Down Average
Defragmentation time(that is server Fragmentation %
stop,execute,
server start)
Cluster 1.5 GB 1 minute 5 minutes 59.81
(2 of 2)
31.10.1 Database defragmentation for simplex, cluster, and

geographical redundant clusters
You can perform defragmentation on a simplex, cluster, or geographical redundant
clusters.
Procedure 279 Database defragmentation for a simplex setup
1 Stop the server using ams_server stop command.
2 Run the ams_db_defragment script with execute option.
3 Start the server using ams_server start command.
Procedure 280 Database defragmentation for clusters
1 Stop the entire cluster using ams_cluster stop command.
2 Run the ams_db_defragment script with execute option on previous active data server.
3 Start the previous active data server using ams_server start command.
4 Start the other servers enforcing full sync with the active data server.

Procedure 281 Database defragmentation for geographical redundant clusters

Before performing defragmentation on geographical redundant cluster,
• ensure the geographical redundancy setting is enabled.

• active and standby sites of geographical redundant clusters are up and running.
1 Shutdown both active and standby site clusters.
2 Execute the ams_db_defragment script on the active cluster.
3 Start the previous active data server in the active site cluster.
4 Start the other data servers in the active site cluster to enforce full sync with active data
server of the active site.
5 Start the standby site cluster to enforce full sync with the active site cluster.
31.11 ams_export
The ams_export script is used to create an export file of selected data that can be
imported by a 5520 AMS server.
A log file named importexport.log or importexportcli.log records details about export
activity.
ams_export.sh ↵
The exported data file is created on the active data server. It is located in
$AMS_EXTERNAL_SHAREDDATA_HOME/export/ams, and has the filename
export.tar.
The script overwrites any existing export.tar file on the active data server.
Note — To copy the exported data file to another location,

perform the following steps:
Log in to the earlier 5520 AMS release server as root.
Copy the file containing the exported data created by the script
and place it outside of the hierarchies containing the software,
shared and local data.

IMPORT_EXPORT_SCHEDULER Export Completed: SUCCESS
IMPORT_EXPORT_CHANGECOUNTERS Export Completed: SUCCESS
IMPORT_EXPORT_BOOKMARKS Export Completed: SUCCESS
IMPORT_EXPORT_OSS_AMS Export Completed: SUCCESS
IMPORT_EXPORT_ENVALARMTEMPLATES Export Completed: SUCCESS
IMPORT_EXPORT_HISTORICAL_ALARMS Export Completed: SUCCESS
IMPORT_EXPORT_FILTERS Export Completed: SUCCESS
IMPORT_EXPORT_OPERATOR_DEFAULTS Export Completed: SUCCESS
IMPORT_EXPORT_TL1GW Export Completed: SUCCESS
IMPORT_EXPORT_ALARM_SETTINGS Export Completed: SUCCESS
IMPORT_EXPORT_APC Export Completed: SUCCESS
IMPORT_EXPORT_COMMENTS Export Completed: SUCCESS
IMPORT_EXPORT_CLUSTER Export Completed: SUCCESS
IMPORT_EXPORT_NE_DETECTION_SETTINGS Export Completed: SUCCESS
IMPORT_EXPORT_SMA Export Completed: SUCCESS
IMPORT_EXPORT_CPEVENDORIDMAPPING Export Completed: SUCCESS
IMPORT_EXPORT_SECURITY Export Completed: SUCCESS
IMPORT_EXPORT_LINKIPADDRESS Export Completed: SUCCESS
IMPORT_EXPORT_TEMPLATE Export Completed: SUCCESS
IMPORT_EXPORT_SWMGMT Export Completed: SUCCESS
IMPORT_EXPORT_ACTION_SETTINGS Export Completed: SUCCESS
IMPORT_EXPORT_CUSTOMIZABLEHELP Export Completed: SUCCESS
IMPORT_EXPORT_GUI_SETTINGS Export Completed: SUCCESS
IMPORT_EXPORT_PM Export Completed: SUCCESS
IMPORT_EXPORT_INVENTORY Export Completed: SUCCESS
IMPORT_EXPORT_BIDM Export Completed: SUCCESS
IMPORT_EXPORT_LINKMGMT Export Completed: SUCCESS
IMPORT_EXPORT_SIP Export Completed: SUCCESS
IMPORT_EXPORT_NE Export Completed: SUCCESS
IMPORT_EXPORT_USERAUTHINFO Export Completed: SUCCESS

IMPORT_EXPORT_LICENSING Export Completed: SUCCESS
IMPORT_EXPORT_SIP_PROFILES Export Completed: SUCCESS
IMPORT_EXPORT_TFTP_SERVER Export Completed: SUCCESS
IMPORT_EXPORT_NE_SETTINGS Export Completed: SUCCESS
IMPORT_EXPORT_BACKREST Export Completed: SUCCESS
IMPORT_EXPORT_ALARM_DISPATCHER Export Completed: SUCCESS
Export Operation Completed
31.12 ams_exttl1gw_integration
The ams_exttl1gw_integration script is used to integrate an External TL1 Gateway
with a 5520 AMS cluster. See Section 16.2.
ams_exttl1gw_integration.sh option ↵

• Configure
• Unconfigure
• Start-active
• Start-standby
• Stop
The start-active and start-standby options are only used in a geographically

redundant installation.
Note — In a geographic redundant setup, you must configure

the ams_geo_configure script to run in manual fail over mode,
and then execute the ams_exttl1gw_integration script.
The following subsections describe the options for the script.
31.12.1 configure
The configure option saves the virtual IP addresses and network interfaces to be
used for OSS communication.

Detecting setup.
-> Found cluster
In which directory is the 5520TL1GW installed [ /opt/nokia (default) ]?
Do you want to use a single virtual IP address for OSS communication [ yes
(default) | no ] ?
Provide the virtual IP address to be used for OSS communication:
172.22.176.6
Provide one of the network interfaces to use for OSS communication:
bge3
Writing configuration
Ready
31.12.2 unconfigure
The configure option removes a configured integration.
Detecting setup.
-> Found cluster
If they are running, the 5520 AMS and the 5520 TL1GW will be stopped before
unconfiguring.
Are you sure you want to unconfigure [ yes | no (default) ] ?
->Stopping 5520AMS
Stopping JBoss

Stopped Jboss
Stopping Database
Stopped Database
->Unconfiguring virtual IP address
Ready
31.12.3 start-active
The start-active option starts both the 5520 AMS and the External TL1 Gateway in
active mode. This option should only be used in a geographically redundant
installation. In a single site installation, you can use the ams_server start script.
Detecting setup.
-> Found cluster
->Starting 5520TL1GW
o Enabling 5520TL1GW
->Starting 5520AMS in active mode
o starting 5520AMS
Starting AMS service
The AMS server is starting up, it may take several minutes before it is ful
ly operational.
Ready
31.12.4 start-standby
The start-standby option starts both the 5520 AMS and the External TL1 Gateway in
standby mode. This option should only be used in a geographically redundant
installation. In a single site installation, you can use the ams_server stop script.
Detecting setup.
-> Found cluster

->Starting 5520AMS in standby mode
o starting 5520AMS
Starting AMS service
The AMS server is starting up, it may take several minutes before it is ful
ly operational.
Ready
31.12.5 stop
The stop option stops both the 5520 AMS and the External TL1 Gateway.
Detecting setup.
-> Found cluster
->Stopping 5520AMS
Stopping JBoss
Stopped Jboss
Stopping Database
Stopped Database
Ready

31.13 ams_geo_configure
The ams_geo_configure script is used to configure, modify and disable geographic
redundancy. You can perform a manual switchover using ams_geo_configure or
ams_cluster. For more information, see the 5520 AMS Installation and Migration
Guide.
Note — The ams_geo_configure script modifies the firewall

settings automatically.
A log file named ams_geosetup.log is created.
31.14 ams_hub_sub_link_mgr
The ams_hub_sub_link_mgr script is used when the 5520 AMS has a link
management license. See Chapter 5 for more information about licenses.
The ams_hub_sub_link_mgr script creates a cluster of hub-subtended
7302 ISAM/7330 ISAM FTTN/ 7356 ISAM FTTB/7360 ISAM FX NEs from the
5520 AMS application server. See Section 19.4 for more information.
A log file named ams_hub_sub_link_mgr.log is created.
31.15 ams_import
The ams_import script is used to import the data from an export file of selected data
on the 5520 AMS server.
A log file named importexport.log or importexportcli.log records the details about
import activity.
If the file you need to import data from was created from the client, change the file
name to export.tar. Perform the following steps:
To change to the export directory, type:
cd $AMS_EXTERNAL_SHAREDDATA_HOME/export/ams ↵
Before you proceed, the export file export.tar should be in the shared data directory.
To change the name of the file you need to use, type:
mv exportdate-time.tar.gz export.tar.gz ↵
where
date is the date the file was created in the format ddmmyyyy
time is the time the export was performed in the format hh-mm-ss

ams_import.sh -filename <path or filename> -overwrite ↵
Where:
• -filename option is provided when the user needs to specify an export file that is
not the default export file (export.tar.gz).
Note — If -filename is not entered, default export file available
at the location,
/var/opt/ams/shared/common/export/ams/export.tar.gz will be
used during import.
• <path of the file> is the full directory path and filename to be imported. If only the
name of the export file is specified with the -filename option, the script will look for
the export file in the default path, /var/opt/ams/shared/common/export/ams/.
• -overwrite option enables the overwrite mode to overwrite duplicate records.
Note — The -overwrite option is only available for User
Management records.
For example,
ams_import.sh -filename
/var/opt/ams/shared/common/export/export01Aug2012-18-24-53.tar.gz
-overwrite ↵
To overwrite the User Management application records to the

$EXPORT_SHAREDDATA_HOME/ams/ directory, execute the following command:
ams_import.sh -filename usermgmt.tar -overwrite ↵
Result: All duplicate records for the user management applications are overwritten.
Importing /var/opt/ams/shared/common/export/ams/export.tar.gz ...
IMPORT_EXPORT_SCHEDULER Import Completed: SUCCESS
IMPORT_EXPORT_SECURITY Import Completed: null
IMPORT_EXPORT_CLUSTER Import Completed: FAILED
IMPORT_EXPORT_TL1GW Import Completed: SUCCESS
IMPORT_EXPORT_ENVALARMTEMPLATES Import Completed: SUCCESS
IMPORT_EXPORT_NE Import Completed: FAILED
IMPORT_EXPORT_NE_DETECTION_SETTINGS Import Completed: SUCCESS
IMPORT_EXPORT_LINKIPADDRESS Import Completed: SUCCESS
IMPORT_EXPORT_FILTERS Import Completed: SUCCESS

IMPORT_EXPORT_ALARM_SETTINGS Import Completed: SUCCESS
IMPORT_EXPORT_ANSITL1 Import Completed: SUCCESS
IMPORT_EXPORT_SMA Import Completed: SUCCESS
IMPORT_EXPORT_SWMGMT Import Completed: SUCCESS
IMPORT_EXPORT_APC Import Completed: SUCCESS
IMPORT_EXPORT_LINKMGMT Import Completed: SUCCESS
IMPORT_EXPORT_GUI_SETTINGS Import Completed: SUCCESS
IMPORT_EXPORT_CHANGECOUNTERS Import Completed: FAILED
IMPORT_EXPORT_CUSTOMIZABLEHELP Import Completed: SUCCESS
IMPORT_EXPORT_HISTORICAL_ALARMS Import Completed: SUCCESS
IMPORT_EXPORT_TFTP_SERVER Import Completed: SUCCESS
IMPORT_EXPORT_COMMENTS Import Completed: SUCCESS
IMPORT_EXPORT_OPERATOR_DEFAULTS Import Completed: SUCCESS
IMPORT_EXPORT_USERAUTHINFO Import Completed: SUCCESS
IMPORT_EXPORT_BACKREST Import Completed: SUCCESS
IMPORT_EXPORT_PM Import Completed: SUCCESS
IMPORT_EXPORT_TEMPLATE Import Completed: FAILED
IMPORT_EXPORT_INVENTORY Import Completed: SUCCESS
IMPORT_EXPORT_BOOKMARKS Import Completed: SUCCESS
IMPORT_EXPORT_BIDM Import Completed: SUCCESS
IMPORT_EXPORT_CPEVENDORIDMAPPING Import Completed: SUCCESS
IMPORT_EXPORT_LICENSING Import Completed: SUCCESS
Import Operation Completed
31.16 ams_install
The ams_install script is used to install, activate, deactivate and uninstall plug-ins for
5520 AMS and the 5529 Enhanced Applications. For more information, see the

When you execute the ams_install script with --golden option, you can install the
required components, deactivate the components that are no longer required, and
activate the required components. As a result, the components mentioned in the
GoldenEMSSwConfig file are activated. Before executing this script, ensure that the
5520 AMS is not running.
When you execute the ams_install script with --cluster option, you can install,
deactivate, and activate the components. By executing the script with [ --golden
<GoldenEMSSwConfig file> ] [--cluster] option on a local host, the install, deactivate,
and activate actions are executed on all servers in the 5520 AMS cluster. Before the
actual execution starts, the following prompt is displayed indicating the list of hosts
that will be altered, and a confirmation message appears.
ams_install will alter the software configuration on following hosts:
111-111-11-00, 111-111-11-01, 111-111-11-11
Are you sure you want continue[ no (default) | yes ]?
This option is not applicable for geo-redundant cluster. Before executing the script
with --golden option, ensure that all the servers are shown in the output of the
ams_cluster status command, for which you have to start the cluster after installing
the 5520 AMS and ensure all the application and database servers has formed the
cluster properly.
A log file named install.log records details about installation, deactivation, and
uninstallation of 5520 AMS and the 5529 Enhanced Applications.
31.17 ams_install_license
The ams_install_license.sh script is used to install licenses for 5520 AMS, the
5529 Enhanced Applications, and NE-specific plug-ins. For more information, see
Procedure 11.
A log file named license.log records details about installing licenses for 5520 AMS.
31.18 ams_createfirstuser
Applies to —
• The ams_createfirstuser script is applicable from Release

9.7 or later.
• The script is not applicable for the migrated setup, because
during migration the default Administrator account is already
created in the earlier AMS release.

The ams_createfirstuser script is used to create an initial AMS Administrator account

with only AMS permissions after the 5520 AMS is installed and sets the global
address filter used by the GUI to connect to the server. The initial AMS administrator
account is required to download the 5520 AMS GUI client for the first time.
Before creating an administrator account, the script checks for the following
conditions:
• 5520 AMS must be up and running.
• No other user accounts must be configured in the AMS.
• Address filter must be valid CIDR notation, that is, “<IPv4 address>/<number>”
where the number is the range from 0 to 32.
If the above conditions are met, an initial AMS administrator account is created with
default password as 'admin' and the access to the 5520 AMS server is given to the
users for the specified IP addresses. Else, the script will exit and you will receive an
error message. In that case, contact your Nokia technical support for assistance.
The initial admin user account and password are required to download the 5520 AMS
GUI client for the first time. After you download and login to the AMS client, you must
change the initial administrator password for the client.
A log file named security.log records the details about first user creation.
To run the script, log in as root or amssys and type:
ams_createfirstuser.sh [-h|--help] <username> <global address filter> ↵
where:
-h: displays help information.
<username> is the name of the operator account to be created.
<global address filter> is the allowed addresses from which the GUI can connect to
the server in CIDR notation. The value 0.0.0.0/0 allows all connections.
ams_createfirstuser.sh user 0.0.0.0/0
Creating user...
User is created successfully
31.19 ams_link_mgr
The ams_link_mgr script is used when the 5520 AMS has a link management
license. See Chapter 5 for more information about licenses.
The ams_link_mgr script creates links from the 5520 AMS application server. See

The ams_link_mgr script also helps in the deletion of links such as, Splitter, G6-
GPON, Hub-SUBTENDED, ISAM- MDU.
A log file named license.log records details about link management license.
31.20 ams_mediagw_mgr
The ams_mediagw_mgr script creates the 7367 ISAM SX Media Gateway from the
5520 AMS Application server. See Section 19.3 for more information.
A log file named ams_mediagw_mgr.log records the error messages.
31.21 ams_ne_cli
The ams_ne_cli script is used to pass a series of CLI commands to one or more NEs.
A log file named cutthrough.log records details about CLI commands passed on to
NEs.
To run the script, log in as amssys and type:
ams_ne_cli NEList inputCommandFile outputCommandfile timeout ↵
where:
• NEList is the IP address of the NE, in decimal format, or a file containing a list of
IP addresses. IPV4 and IPv6 IP addresses are supported.
• inputCommandFile is the name of the file where commands will be stored.
• outputCommandfile is the name of the file where responses will be stored.
• timeout is an optional value, entered in seconds. The default is 10.
To connect to an NE or multiple NEs using SSH or telnet type:
ams_ne_cli -protocol ↵
Where the argument -protocol is optional can be any of the following options:
• telnet : Using telnet protocol to connect to the NEs
• ssh : Using ssh protocol to connect to the NEs
• telnetfirst : The first instance uses telnet protocol to connect to the NEs. In case
the connection fails, the system tries to setup an SSH connection.
• sshfirst : The first instance uses ssh to connect to the NEs. In case the connection
fails, the system connects using telnet. This is the default option.

31.21.1 Format of the input command file

The input command file must be in the following format:
login:login name
password:password to log in
prompt:prompt from which CLI commands are executed after giving login name
and password.>
Add the CLI commands in the following format:
!CLI Commands
CLI commands
Comments in the input file should start with an exclamation point (!).
Note — The line “!CLI Commands” must be present. This line

indicates the start of CLI commands.
31.21.2 Example of an input command file

The following is an example of an input command file:
login:isadmin
password:ANS#150
prompt:#
!CLI Commands
!Command is to show trap manager entries
show trap manager
!Command to logout the session
logout
31.21.3 Example output

The following is an example of the output of the script. The output is saved to the file
specified as the output command file.
Trying 172.22.176.77...
Connected to 172.22.176.77.

Escape character is '^]'.
login: isadmin
password:
Welcome to ISAM
last login : 14/09/10 18:41:38
leg:isadmin># show trap manager
===================================================================
manager table
===================================================================
address |last-reset-time |buffer-status
---------------------+-------------------+-------------------------
127.0.0.1:162 1970-01-01:00:00:00 no-traps-lost
172.22.176.63:9001 1970-01-01:00:00:00 no-traps-lost
-------------------------------------------------------------------
manager count : 2
===================================================================
leg:isadmin># logoutConnection to 172.22.176.77 closed by foreign host.
31.22 ams_nebackup
The ams_nebackup script is used to perform a backup of the NE database and NE
data.
You can perform a backup of NE data or of the NE backup database only.
A log file named ams_nebackup.log records the details about NE backup activity.
ams_nebackup.sh options backupfile ↵
where:
• options can be any of the following, if needed:
• -h prints help information
• -c copies only the NE backup database
• backupfile is the path to the backup file that is generated by the script, for
example, /var/tmp/ams_backup_monday.tar.


Tue Sep 14 14:48:16 2010 **** Starting AMS NE Backup process ****
DB locked.
DB unlocked.
Log files are /var/opt/ams/local/ams-9.1.0-101265/log/ams_nebackup.trace
AMS NE Backup is successful. Check log files for detailed status.
31.23 ams_nerestore
The ams_nerestore script is used to perform a restore of the NE database and NE
data. You can perform a restore of NE data or of the NE backup database only.
A log file named ams_nerestore.log records the details about NE restore activity.
ams_nerestore.sh options backupfile ↵
where:
• options can be any of the following, if needed:
• -h prints help information
• -b restores only the NE backup database
• backupfile is the path to the backup file to restore the data from, for example,
/var/tmp/ams_backup_monday.tar.

Tue Sep 14 14:52:51 2010 **** Starting AMS NE Restore process ****
Log files are /var/opt/ams/local/ams-9.1.0-101265/log/ams_nerestore.trace
AMS NE Restore is successful. Check log files for detailed status.
31.24 ams_show_ne_balancing
The ams_show_ne_balancing script is used to execute a query in the database and
display the NE name, NE Type/Release, and IP address of an application server that
is registered with the NE for communication.
To know the options the ams_show_ne_balancing.sh script supports, log in as
amssys and type:
ams_show_ne_balancing.sh --help ↵


ams_show_ne_balancing.sh option ↵

• -a application_server_IP_address displays the NEs corresponding to a given
application server IP.
where:
application_server_IP_address is the IP address of the application server.
• -n NE_name displays the NEs corresponding to a given NE name. The NE type

and release information are also available.
where:
NE_name is the name of the NE.
• -i NE_IP_address displays the NEs corresponding to a given NE IP address. The

NE type and release information are also available. The NE_IP_address can be
IPv4 or IPv6.
where:
NE_IP_address is the IP address of the NE.
• --netype <netype> displays the NEs corresponding to a given NE type.

where:
<netype> is the type of the NE.
The supported NE product and NE type information is mentioned in the Table 129

Table 129 Supported NE product and NE type
NE Product NE Type
7302 ISAM iSAM
7302 ISAM IHUB iSAM-I
7330 ISAM FTTN FTTN
7330 ISAM FTTN FTTN-I

IHUB
7342 ISAM FTTU EPON
7342 ISAM FTTU GPON
7353 ISAM CX FTTBCX
7353 ISAM FTTB FTTBMDU
7354 ISAM FTTB RU FTTB
7356 ISAM FTTB FDREM
7360 ISAM FX FX-I

7362 ISAM DF/SF DF
7363 ISAM MX MX
7367 ISAM DX/SX SX48V

G6 G6
• --netypereleasecount, displays the NE type and release count for each application
server.
The following options are supported only when the Enable NE Balancing Based On
Custom Group check box is selected in the Administration Tree (EMS
Administration→EMS System→Site). For more details on the setting, refer to Table
70.
• --netypereleasecountbycgc displays the NE type and release count for each
application server corresponding to a custom group criterium.
• --nebycg <customgroupname> displays the NEs corresponding to a given custom

group.
where:
customgroupname is the name of the custom group.
• --netypereleasecountbycg <customgroupname> displays the NE type and

release count for each application server corresponding to a given custom group.
where:
customgroupname is the name of the custom group.
• --necountbycg displays the NE type and release count for each application server

The following are examples of the output for some of the supported options for
ams_show_ne_balancing.sh script with custom group name
“timeZoneNotManaged”.
--necountbycg
+-------------------------------------------+
| 10.1.1.239 |
+-------------------------------------------+
|NE Type/Release |timeZoneNotManaged |TOTAL |
+----------------+------------------+-------+
|FTTN.5.3 |1 |1 |
|MX.5.3 |586 |586 |
|FTTN.5.1 |157 |157 |
|MX.5.1 |14 |14 |
|FTTN-I.5.1 |6 |6 |
|iSAM-I.5.1 |891 |891 |
|iSAM.5.3 |8 |8 |
|GENT.5.1.60 |6 |6 |
|iSAM-I.5.3 |1964 |1964 |
|iSAM.5.1 |1340 |1340 |
+----------------+------------------+-------+
|TOTAL |4973 |4973 |
+----------------+------------------+-------+
+-------------------------------------------+
| 10.1.1.238 |
+-------------------------------------------+
+----------------+-------------------+------+
|FTTN.5.3 |2 |2 |
|MX.5.3 |587 |587 |
|FTTN.5.1 |158 |158 |

|MX.5.1 |15 |15 |
|FTTN-I.5.1 |6 |6 |
|iSAM-I.5.1 |892 |892 |
|iSAM.5.3 |8 |8 |
|GENT.5.1.60 |7 |7 |
|iSAM-I.5.3 |1965 |1965 |
|iSAM.5.1 |1341 |1341 |
+---------------+-------------------+-------+
|TOTAL |4981 |4981 |
+---------------+-------------------+-------+
+-------------------------------------------+
| Unsupervised |
+-------------------------------------------+
+----------------+-------------------+------+
|FTTN.5.3 |0 |0 |
|MX.5.3 |2 |2 |
|FTTN.5.1 |28 |28 |
|MX.5.1 |0 |0 |
|FTTN-I.5.1 |31 |31 |
|iSAM-I.5.1 |224 |224 |
|iSAM.5.3 |0 |0 |
|GENT.5.1.60 |0 |0 |
|iSAM-I.5.3 |0 |0 |
|iSAM.5.1 |279 |279 |
+----------------+-------------------+------+
|TOTAL |564 |564 |
+----------------+-------------------+------+
--netypereleasecountbycg
+----------------+----------+----------+------------+------+

|NE Type/Release |10.1.1.239 |10.1.1.238 |Unsupervised |TOTAL |
+----------------+-----------+-----------+-------------+------+
|FTTN.5.3 |1 |2 |0 |3 |
|MX.5.3 |586 |587 |2 |1175 |
|FTTN.5.1 |157 |158 |28 |343 |
|MX.5.1 |14 |15 |0 |29 |
|FTTN-I.5.1 |6 |6 |31 |43 |
|iSAM-I.5.1 |891 |892 |224 |2007 |
|iSAM.5.3 |8 |8 |0 |16 |
|GENT.5.1.60 |6 |7 |0 |13 |
|iSAM-I.5.3 |1964 |1965 |0 |3929 |
|iSAM.5.1 |1340 |1341 |279 |2960 |
+----------------+-----------+-----------+-------------+------+
|TOTAL |4973 |4981 |564 |10518 |
+----------------+-----------+-----------+-------------+------+
--nebycg
+----------------+----------------+-------------------+
| NE Name |NE Type/Release |Application Server |
+----------------+----------------+-------------------+
|BLEI-AAD-DSLA-2 |FTTN-I.5.1 |-- |
|RT-AHY-DSLA-1 |FTTN-I.5.1 |-- |
|INES-31-1-1-151 |iSAM-I.5.3 |10.1.1.238 |
|INES-31-1-2-129 |iSAM-I.5.3 |10.1.1.238 |
|INES-31-1-3-188 |iSAM-I.5.3 |10.1.1.238 |
|INES-31-1-4-233 |iSAM-I.5.3 |10.1.1.238 |
|INES-31-1-7-250 |iSAM-I.5.3 |10.1.1.238 |
|INES-31-1-15-86 |iSAM-I.5.3 |10.1.1.238 |
--netypereleasecountbycgc
+----------------+-----------+-----------+-------------+------+
|NE Type/Release |10.1.1.239 |10.1.1.238 |Unsupervised |TOTAL |

+----------------+-----------+-----------+-------------+------+
|FTTN.5.3 |1 |2 |0 |3 |
|MX.5.3 |586 |587 |2 |1175 |
|FTTN.5.1 |157 |158 |28 |343 |
|MX.5.1 |14 |15 |0 |29 |
|FTTN-I.5.1 |6 |6 |31 |43 |
|iSAM-I.5.1 |891 |892 |224 |2007 |
|iSAM.5.3 |8 |8 |0 |16 |
|GENT.5.1.60 |6 |7 |0 |13 |
|iSAM-I.5.3 |1964 |1965 |0 |3929 |
|iSAM.5.1 |1340 |1341 |279 |2960 |
+----------------+-----------+-----------+-------------+------+
|TOTAL |4973 |4981 |564 |10518 |
+----------------+-----------+-----------+-------------+------+
--netypereleasecount
+----------------+-----------+-----------+-----------+-------------+-------
------+------+
|NE
Type/Release |10.1.1.218 |10.1.1.217 |10.1.1.239 |10.1.1.238 |Unsuper
vised |TOTAL |
+----------------+-----------+-----------+-----------+-------------+-------
------+------+
|GPON.4.10 |1 |0 |0 |0 |0
|1 |
|FTTN.5.3 |1 |1 |0 |1 |2
|5 |
|FX-I.5.3 |1 |0 |0 |0 |0
|1 |
|MX.5.3 |440 |440 |146 |147 |2

|175 |
|FTTN.5.1 |118 |118 |39 |40 |28

|343 |
|MX.5.1 |11 |11 |3 |4 |0

|29 |

|FTTN-I.5.1 |4 |5 |1 |2 |3
|43 |
|iSAM-I.5.1 |1 |1 |0 |1 |2
|5 |
|GENT.5.1.60 |668 |669 |223 |223 |224

|2007 |
|iSAM-I.5.3 |5 |5 |1 |2 |0
|3 |
|iSAM.5.1 |1474 |1474 |492 |491 |0

|3931 |
|iSAM.5.1 |1005 |1006 |335 |335 |279

|2960 |
+----------------+-----------+-----------+-----------+-----------+---------
+----------+
|TOTAL |3734 |3735 |1242 |1247 |566

|10524 |
+----------------+-----------+-----------+-----------+-----------+---------
+----------+
31.25 ams_remove_data
The ams_remove_data script is used to recover data from a corrupted database. The
script completely reinitializes the database.
A log file named ams_remove_data.log is created.
Before running the script, stop the 5520 AMS server. To run the script, log in as
amssys and type:
ams_remove_data.sh ↵

Are you sure you want to remove AMS DB and Shared Data (y/n) ? y
AMS DB, Shared Data and Local Data has been purged
After running this script, start the 5520 AMS server. The server starts similar to
first-time server startup, and configures the DB.

31.26 ams_ne_mgr
The ams_ne_mgr script is used to read the contents of an input file to create NEs in
the 5520 AMS. The script also helps in modifying the NE attributes which are
supported by the 5520 AMS NBI.
Note — The modification of IP Address and other attributes in

the same request is not supported.
For information about this script, see Section 17.3

A log file named ams_ne_mgr.log is created.
31.27 ams_restore
The ams_restore script is used to restore backed-up 5520 AMS data. For more
information about performing a restore, see Section 21.3.
A log file named ams_restore.log records the details about 5520 AMS restore
activity.
Note — If the backup file is in .gz format, you need to
uncompress the file before executing the ams_restore script.
To run the script, log in to a data server or a combination of data and application
servers as amssys and type:
ams_restore.sh options backup_filename ↵
where:
• backup_filename is the backup file from which you need to restore the data.
• options is any of the following:
• -h: displays help information
• -n: excludes licenses
Tue Sep 14 15:16:33 2010 **** Starting AMS Restore ****
Examining ams_bu.20100914...
Restoring MYSQL_INNODB_LOGS
Restoring MYSQL_DB_DIR
Restoring MYSQL_DB_DIR_APC

Restoring MYSQL_INNODB_DATA
Restoring AMS_SHAREDDATA_HOME
Restoring AMS_SHAREDDATA_NEBACKUP_DIR
Details in /var/opt/ams/local/ams-trunk-101265/log/ams_restore.log
Tue Sep 14 15:18:23 2010 **** AMS Restore done ****
31.28 ams_retrieve_ip_by_nename
The ams_retrieve-ip_by_nename script is used to retrieve the IP address of an NE
from the NE name. The IP addresses can be IPv4 or IPv6. For more information, see
Section 13.2.
ams_retrieve_ip_by_nename.sh NEname ↵
where:
NEname is the name of the NE.
ipAddress = 172.22.176.77
31.29 ams_retrieve_pap_ne_from_db
The ams_retrieve_pap_ne_from_db is used to retrieve the list of NEs and their PAPs
from the database.
ams_retrieve_pap_ne_from_db.sh -o output ↵
where output is the path and name of the file where the output of the script will be
saved. For example, /tmp/output_ne_pap. The amssys user must have write
permission for the output folder.
The following is an example of the output file:
FullFriendlyName NE PAP
Access Network/7342 4.8 7342_4.8_36 defaultPAP

31.30 ams_schedule_backup
The ams_schedule_backup script is used to schedule backups of the 5520 AMS
database server and can be used to FTP or SFTP the backup to a remote server.
The script creates a cron job and a configuration file for backing up the 5520 AMS.
For more information, see Scheduling backups.
A log file named run_ams_backup.xxxx.log records the details about 5520 AMS
schedule backup activity.
Note 1 — The 5520 AMS depends on SSH key infrastructure to
configure SFTP as transfer method.
Note 2 — In a server where scheduled backup is configured, if
you change the time zone in the operating system, you must
restart the crontab service so that the scheduled backup can
run exactly with the time that is set in the server. Else, backup
will fail. The following commands are used to restart crontab
service:
• In Red Hat Enterprise Linux 6.7 x86_64 and higher system,
use the below command:
service crond restart
• In Red Hat Enterprise Linux 7.1 x86_64 and higher system,
use the below command:
systemctl restart crond

ams_schedule_backup options
For more information on the options supported by ams_schedule_backup script, see

Table 87.
AMS Backup Scheduler Menu
================================================
1)Configure AMS Backup options
2)Show AMS Backup options
3)Configure (S)FTP parameters
4)Show (S)FTP parameters
5)Update files
6)Exit
Enter your choice: 1

Enter the backup directory: /builds
Do you want to remove all backup files in /builds? Default = NO [ yes|no ] no
Do you want to remove the existing schedules? Default = YES [ yes|no ] no
Do you want to setup a new schedule? Default = YES [ yes|no ] yes
Enter the time to perform the backups.
Put a space between times if entering more than 1. Default = 21:00: 13:00
Enter the number of files to keep. Default = 3: 5
Do you wish to gzip the backup file? Default=YES[yes|no]
Do you wish to set any additional backup options? Default=NO[yes|no]
BACKUP SETTINGS
================================================
Backup directory:/builds
Remove all ams backup files in backup dir: NO
Remove existing schedules: NO
Setup new schedule: YES
Run Time: 13:00
Number of files to keep: 5
GZip the output file: YES
Backup Options:
Is this correct? [yes|no] yes
================================================
5)Update files
6)Exit
Do you wish to use SFTP or FTP. Default = SFTP [sftp|ftp]

SFTP SERVER #1
Enter the hostname/IP address of the SFTP server: hostname/IP_address of the

server
Enter SFTP username: root
Enter SFTP remote directory. Default=/backup/AMSBackup:/builds
Do you wish to e-mail SFTP status updates Default = NO [ yes|no ]
Is this correct?[yes|no]yes
Do you wish to configure any more SFTP servers?[yes|no]no
In order to use sftp as transfer method the correct SSH key infrastructure
should be configured otherwise transfer will not be possible
================================================
5)Update files
6)Exit
(S)FTP SETTINGS
================================================
Enable FTP: NO
Enable SFTP: YES
SFTP SERVER #1
ADDRESS: IP_address of the SFTP server
USERNAME: root
DIRECTORY: /builds
E-MAIL: e-mail address
Press ENTER to continue...
================================================

5)Update files
6)Exit
Creating run_ams_backup.xxxx.cfg configuration file.
Updating amssys crontab
Finished updating files
31.31 ams_splitter_mgr
The ams_splitter_mgr script is used to create and manage splitter objects under a
PON port in 7360 ISAM FX or 7342 ISAM FTTU.
The script is available in the <AMS_LOCAL_DIR>/bin/ directory. To run the script,
log in as amssys and type:
ams_splitter_mgr \[option] \ [inputfile]
where:
Option Description
-h | -help Show usage

-pfile \[file] Use different properties file. Default = ams_mgr.conf
-efile \[file] Get 5520 AMS username/password from file.
-logdir \[dir] Directory used to store the log file

-mdNm \[mdNm] Managed domain name. Default= AMS.
-username \[user] The 5520 user name to use to access the 5520 AMS. This user
must have the function 'AMS NBI-Edit" in its role
-u \[user] Same as username option

-password \[pass] The 5520 AMS user password
-p \[pass] Same as password option
-keystore \[key] Full path to the keystore file. Default = get value from the
properties file
-keypass \[pass] Password for the keystore file. Default = get value from the
properties file

Option Description
-nbihost \[url] The URL of the NBI client the 5520 AMS needs to connect to
-c To create a splitter
-d To delete a splitter
See Section 17.4 for more information.

If the input file is not specified by the user, then the script reads the following input
file: <AMS_LOCALDATA_HOME>/oss/conf/ams_splitter_mgr.csv
A log file named ams_splitter_mgr.log records the details of the splitter management.
31.32 ams_sw_backup
The ams_sw_backup script is used to perform a backup of the 5520 AMS software.
A log file named ams_sw_backup.log records the details about backup of the
5520 AMS software.
ams_sw_backup.sh backup-file ↵
where backup-file is the path to the file that will be created by the script. The suffix
‘_<hostname>.bin’ will be appended to the filename.
==== Starting AMS Software Backup ====
Copy configuration files
Copy .activepkg file
Copy repository directory
Copy /var/opt/ams/local/ams-9.7-385523/.ams-9.7-385523-redhat-x86_64.bin
Making archive file...
Details in /var/opt/ams/local/ams-9.7-385523/traces/log/ams_sw_backup.log
Use /builds/backuptest_host-10-1-1-56.bin to restore the AMS Software
==== AMS Software Backup done ====
Note — operating_system is redhat for the Red Hat Enterprise

Linux operating system.
architecture is x86_64 for Red Hat Enterprise Linux.

31.33 ams_switch_active_dataserver
The ams_switch_active_dataserver script is used to change the active data server in
a cluster to the standby data server. For more information, see Forcing a data server
switchover
A log file named processmonitor.log or processmonitor.trace records details about
the switchover from active data server to standby data server.
To run the script, log in to the active data server as amssys and type:
ams_switch_active_dataserver option ↵

• -h: displays help information.
• -f: forces the data server switchover without the confirmation message.
Do you continue switch database[ no (default) | yes ]? yes
Database (localhost) ... Running (Master)
Triggering data server switchover.
31.34 ams_switch_authentication_local
The ams_switch_authentication_local script is used to change the 5520 AMS user
authentication from RADIUS or LDAP to the database. You can run this script to
allow you to log in when there is a problem with RADIUS or LDAP authentication. For
more information, see RADIUS authentication.
ams_switch_authentication_local ↵

Are you sure you want to switch to the local database authentication [no
(default) | yes]? y
Authentication changed to LOCAL DATABASE successfully

31.35 ams_tracing
The ams_tracing script is used to perform the following actions:
• Configure the EMS tracing level on unknown NEs and non-NE objects.
• Configure the EMS tracing level for an NE.
• Reset the tracing level to the default on all NEs.
• Set any log level in standalone-full-ha.xml for log category.

See Section 27.10 for more information. The ams_tracing script is in the following
location:
$AMS_SOFTWARE_HOME/lib/platform/bin/
31.36 ams_uninstall
The ams_uninstall script is used to uninstall the 5520 AMS. For more information,
see the procedure to uninstall the 5520 AMS server in the 5520 AMS Installation and
Migration Guide.
A log file named install.log records details about uninstalling the 5520 AMS.
31.37 ams_update_limit
During multiple client installation on a Red Hat Enterprise Linux operating system as
an amssys, an error can result due to insufficient memory. To prevent this, the
ams_update_limit.conf.sh script is run manually and as a non-root user. The script
adds the following to the /etc/security/limit.conf file:
amssys soft nproc 650000
amssys hard nproc 650000
amssys soft nofile 650000
amssys hard nofile 650000
31.38 ams_user_mgr
The ams_user_mgr script is used to read the contents of an input file to manage
users in the 5520 AMS. For information about this script, see Section 9.4.
A log file named ams_user_mgr.log records details about reading the contents of an
input file to manage users in the 5520 AMS.

31.39 ams_check_ssl
The ams_check_ssl script is used to check the status of the JBoss process and SSL.
ams_check_ssl.sh ↵

Checking if JBoss is running
The application is running.
SSL is disabled.
31.40 convert5526AMSTo5523AWS
The convert5526AMSTo5523AWS script is used during migration from 5526 AMS to
5520 AMS. For more information, see the 5520 AMS Installation and Migration
Guide.
31.41 createUsernamePassword
The createUsernamePassword script is used to encrypt the password for a
5520 AMS user and saves the encrypted password to a file. The file can be read by
the ams_user_mgr, ams_ne_mgr, ams_link_mgr, and ams_hub_sub_link_mgr
scripts. If you run the createUsernamePassword script, you do not need to include a
username and password in the input file for the scripts. For more information, see
Procedure 33.
You must be able to log in to the 5520 AMS application server as amssys or as a user
in the amssys group. For information on adding a new user account to the amssys
group, see Section 9.3.
To run the script, log in as amssys or as a user in the amssys group and type:
createUsernamePassword ↵

Enter Username: nbiuser
Enter Password:

SUCCESS
31.42 DEMO_IT_infrastructure_integration
The DEMO_IT_infrastructure_integration script is used to configure the IP address
of the data servers and SSH key of the active and standby site of a geographically
redundant installation.
The script monitors the health state of the active site and performs a switchover to
the standby site if the active site is down. For more information, see the chapter
about installing the 5520 AMS at multiple sites in the 5520 AMS Installation and
Migration Guide.
A log file named control_switch_site.log records the details about configuring the IP
address of the data servers.
31.43 ams_disable_ssl
The ams_disable_ssl script is used to disable secure communication over SSL or
TLS, which is the default protocol. For more information, see Section 7.6.
Caution — This is a service-affecting script because it requires


To run the script, log in as amssys, stop the server, and type:
ams_disable_ssl.sh ↵

SSL has been disabled. Please restart the server for the change to take
effect.

31.44 ams_enable_ssl
The ams_enable_ssl script is used to enable secure communication over SSL or
TLS, which is the default protocol. You can use SSL or TLS with a default or
customized keystore. For more information, see section 7.3.
Caution — This is a service-affecting script because it requires


To run the script, log in as amssys, stop the server and type:
ams_enable_ssl.sh path-to-keystore-file/keystore password ↵
where:
• path-to-keystore-file is the path to the keystore file on the server
• keystore password is the customized keystore password
You do not need to specify a keystore file or password if you need to use the default
keystore.
Creating default backups...
Keeping current configuration
Enable SSL...
Cleanup...
Process complete!
Please restart the server for the change to take effect.
31.45 getAgentlist
The getAgentlist script is used to generate a list of the agents that are supervised by
the 5520 AMS. The agent IP addresses can be IPv4 or IPv6. For more information,
see Section 13.4.


• To enter a password now, type:
• To enter a password later, type:

getAgentlist.sh -u username -p ↵
Enter host password for user ‘username’: ↵
where username and password are the username and password of a 5520 AMS user
with the NE List - NBI function. The 5520 AMS user can be an Internal Database or
RADIUS or LDAP user.
Note 1 — If the password contains special characters, escape
the special meaning of the characters by preceding each
special character with the backslash character (\). For example,
if the password is !@#ams$%ûser&*, enter
\!\@\#ams\$\%\ûser\&\*.
Note 2 — If you are using a cron job to generate an agent list,
execute the getAgentlist script located in the home account of
amssys. For example, /var/opt/ams/users/amssys/bin/. This
directory depends on the values provided during the 5520 AMS
installation.
The output of the script is stored in the file $TEMP_DUMPFILE. The location of the
file is /tmp/netlist-dump_result
7342-GPON 7342-GPON IACM IACM GPON.4.10 10.1.1.55 V3 161 null null nt With
Authentication and With Privacy gpon123 SHA ******** DES ********
timeZoneNotManaged
7342-GPON 7342-GPON SHUB SHUB GPON-SHUB.4.10 10.1.1.55 V3 161 null null shub
With Authentication and With Privacy gpon123 SHA ******** DES ********
timeZoneNotManaged
7342-GPON 7342-GPON IACM IACM GPON.4.10 10.1.1.32 V2 161 public public null
null null null null null null timeZoneNotManaged
7342-GPON 7342-GPON SHUB SHUB GPON-SHUB.4.10 10.1.1.32 V2 161 NETMAN NETMAN

null null null null null null null timeZoneNotManaged
7360-ISAM 7360-ISAM IACM IACM iSAM.6.0 10.1.1.19 V2 161 public public null
7360-ISAM 7360-ISAM IHUB IHUB IHUB.6.0 10.1.1.19 V2 161 ihub ihub null null
null null null null null timeZoneNotManaged
7342-GPON 7342-GPON IACM IACM GPON.4.10 10.1.1.117 V2 161 public public null

7342-GPON 7342-GPON SHUB SHUB GPON-SHUB.4.10 10.1.1.117 V2 161 NETMAN NETMAN

null null null null null null null timeZoneNotManaged
7367-ISAM 7367-ISAM IACM IACM iSAM.6.0 10.1.1.243 V2 161 public public null
G6 G6 G6 G6 G6.12.3 10.1.1.98 V2 161 public private null null null null null
null null timeZoneNotManaged
31.46 innotop
The innotop script is used as third-party text-based database and InnoDB monitoring
tool.
innotop ↵

[RO] Query List (? for help) localhost, 03:02:17, 7.01 QPS, 26/2/0
con/run/cac t
When Load QPS Slow QCacheHit KCacheHit BpsIn BpsOut
Now 0.04 7.01 0 0.00% 100.00% 742.38 2.45k
Total 0.00 11.61 0 0.00% 66.67% 1.61k 5.45k
Cmd ID State User Host DB Time Query
Query 1915 Sending data root localhost emlplatform 00:00 SELECT CO
31.47 ams_reset_logs
The ams_reset_logs script is used to clear the contents of 5520 AMS log files. For
more information, see Section 27.9.
ams_reset_logs.sh ↵

Done! Logs are reset now.

31.48 retrieve_nes
The retrieve_nes script is used to generate a list of the NEs that are supervised by
the 5520 AMS. NEs with IPv4 or IPv6 IP addresses are retrieved. For more
information, see Section 13.4.
• To enter a password now, type:
retrieve_nes.sh -f dumpFilename -u username -p [password] [-s filter 1 [-s
filter 2 ]..] ↵
• To enter a password later, type:

retrieve_nes.sh -f dumpFilename -u username -p ↵
Enter host password for user ‘username’: ↵
where:
• dumpFilename is the path to the file to which to send the output.
• username and password are the username and password of a 5520 AMS user
with the NE List - NBI function. The 5520 AMS user can be an Internal Database
or RADIUS or LDAP user.
• filter1 and filter2 are the NE models to be filtered. Filters are optional.
To retrieve all NEs of a specified type and release, enter -s NE
type.release.number, for example, iSAM.3.4. To retrieve all NEs of a specified
type, enter -s NE type, for example, iSAM.
Note 1 — If the password contains special characters, escape

the special meaning of the characters by preceding each
special character with the backslash character (\). For example,
if the password is !@#ams$%ûser&*, enter
\!\@\#ams\$\%\ûser\&\*.
Note 2 — If you are using a cron job to generate an NE list,
execute the retrieve_nes script located in the home account of
amssys. For example, /var/opt/ams/users/amssys/bin/. This
directory depends on the values provided during the 5520 AMS
installation.
The following is an example of the output file:

7330-ISAM,10.1.1.23,161,public,public
7330-ISAM,10.1.1.23,161,ihub,ihub

7360-ISAM,10.1.1.50,161,ihub,ihub
7342-GPON,10.1.1.117,161,public,public
7342-GPON-SHUB,10.1.1.117,161,NETMAN,NETMAN
G6,10.1.1.168,161,public,private
31.49 ams_simplex_to_cluster
The ams_simplex_to_cluster script is used to convert a simplex server to a
single-server cluster. For more information, see the cluster installation chapter in the
31.50 switchover_hook
The 5520 AMS runs the switchover_hook script before performing an automated
switchover of a data server. Unmodified, this script returns a value of True. You can
alter this script so that the script performs actions or checks for conditions before
permitting the switchover. If the script returns a value of True, the switchover occurs
normally. If the script returns any other value, the switchover does not occur.
The switchover_hook script is in the following location:
$AMS_SOFTWARE_HOME/lib/dataserver/bin/
31.51 ams_log_manager
The ams_log_manager script is used to modify the log level, log type, collect log or
debug files and reset the log or debug files, and enable or disable syslog mode, and
change syslog facility on all the 5520 AMS servers.
A log file named ams_log_manager.log and ams_log_manager.trace records all the
details during the ams_log_manager script execution.


ams_log_manager.sh --resetlogs --collect
--category=[log|debug|os|all(default)] --target=[list of ClusterIP,site
name,all (default)] --destination=<file> --help --setlevel=<category,level>
↵
where:
--resetlogs: clears log/debug files
--collect: collect log/debug files
--category: specifies which set of log and debug files to collect, multiple
are allowed
--target: selects on which servers to execute the selected action, comma
separated list of cluster IP addresses
--destination: location where to store the result file (mandatory parameter
along with --collect)
--setlevel: set loglevel

Main menu
1) Modify Log Level
2) Modify Log Type (Fixed Size/Fixed Duration)
3) Collect Log/Debug files
4) Reset Log/Debug files
5) Enable Syslog Mode / Disable Syslog Mode
6) Change Syslog Facility
q) Quit
Note — The Disable Syslog Mode and Change Syslog Facility

option is displayed only when the syslog mode is enabled.
Option 1: Modify Log Level

Checking precondition...
Enter the target [comma separated list of cluster IP addresses | sitename|

all (default) ]: all
Enter the logger category: org.hibernate.SQL
1) ALL
2) DEBUG
3) ERROR

4) INFO
5) TRACE
6) WARN
q) Quit
Select the logger level: 4
Progress:
[Site <sitename> - server <ip_address>] is modifying log level ...
[Site <sitename> - server <ip_address>] level=INFO
[Site <sitename> - server <ip_address>] done
Option 2: Modify Log Type (Fixed Size/Fixed Duration)

The fixed duration enables management of log files using a daily method as opposed
to a size method. It will compress the logs and delete the logs older than X days,
where you can configure the value of X which can be any number from 1 to 365 days.
The default value is 7 days.
File: Current settings:
1) == All (Fixed Size) ==
2) == All (Fixed Duration) ==
3) ALARM_FILE [Fixed Size, 10000 KB]
4) APC_ADVANCED_DEBUG_LOG_FILE [Fixed Size, 10000 KB]
5) APC_INV_FILE [Fixed Size, 5000 KB]
6) APCAUDITLOG_FILE [Fixed Size, 10000 KB]
7) APCLOG_FILE [Fixed Size, 10000 KB]
8) APCSERVICESMIGRATION_FILE [Fixed Size, 5000 KB]
9) AUDITLOG_FILE [Fixed Size, 5000 KB]
10) BACKUP_CHECK_SERVER_FILE [Fixed Size, 5000 KB]
11) BACKUP_CHECK_SERVER_STATUS_FILE [Fixed Size, 5000 KB]
12) BACKUP_FILE [Fixed Size, 5000 KB]
13) BFMULOG_FILE [Fixed Size, 20000 KB]
14) CASSANDRA_FILE [Fixed Size, 20000 KB]
15) CLITRACING_FILE [Fixed Size, 5000 KB]
16) CLUSTER_FILE [Fixed Size, 5000 KB]

17) CUTTHROUGH_FILE [Fixed Size, 5000 KB]
18) FILE [Fixed Size, 20000 KB]
19) HDM_FILE [Fixed Size, 5000 KB]
20) HIBERNATE_FILE [Fixed Size, 5000 KB]
21) IMPORTEXPORT_FILE [Fixed Size, 5000 KB]
22) INVENTORY_FILE [Fixed Size, 20000 KB]
23) JBOSS_SERVICE_FILE [Fixed Size, 10000 KB]
24) LICENSE_FILE [Fixed Size, 5000 KB]
25) LRM_FILE [Fixed Size, 5000 KB]
26) LRM_LOG_FILE [Fixed Size, 5000 KB]
27) MIGRATION_FILE [Fixed Size, 5000 KB]
28) MOBJECT_FILE [Fixed Size, 10000 KB]
29) NAF_FILE [Fixed Size, 5000 KB]
30) NBI_FILE [Fixed Size, 10000 KB]
31) NETCONFTRACING_FILE [Fixed Size, 10000 KB]
32) NPPERF_FILE [Fixed Size, 5000 KB]
33) PDC_FILE [Fixed Size, 20000 KB]
34) PERFORMANCE_FILE [Fixed Size, 5000 KB]
35) REMOTING_FILE [Fixed Size, 5000 KB]
36) REPORT_FILE [Fixed Size, 5000 KB]
37) SECURITY_FILE [Fixed Size, 10000 KB]
38) SIP_FILE [Fixed Size, 5000 KB]
39) SMA_FILE [Fixed Size, 5000 KB]
40) SNMPTRACING_FILE [Fixed Size, 10000 KB]
41) SPRING_FILE [Fixed Size, 5000 KB]
42) SQL_FILE [Fixed Size, 5000 KB]
43) STARTUPTRACE_FILE [Fixed Size, 7000 KB]
44) SWMGMT_FILE [Fixed Size, 10000 KB]
45) TEMPLATEPERF_FILE [Fixed Size, 5000 KB]
46) THREADMONITOR_FILE [Fixed Size, 5000 KB]

47) TL1LOG_FILE [Fixed Size, 10000 KB]
48) TRANSACTION_FILE [Fixed Size, 5000 KB]
49) TRAPS_FILE [Fixed Size, 5000 KB]
50) WILDFLY_STDOUT_FILE [Fixed Size, 20000 KB]
q) Quit
Choice: 2
Enter a new value for the max duration in days [ 7 (default)]: 12
Are you sure you want to change all log files to Fixed Duration [ no (default)
| yes ] ? y
Result
Your changes have been recorded successfully. Please restart the

server/cluster to make them effective
Note — You need to restart the server for the log configuration
changes to take effect across all the servers.
Option 3: Collect Log/Debug files

The ams_log_manager script helps you to collect the traces and logs on all or
selected servers such as standalone setup, cluster setup, geographic redundancy
setup and the output is compressed into a single file. The compressed output file can
be transferred to an external server. You can set and reset the traces and logs on all
or selected servers.
When the option to collect log or debug files is selected, the following information
must be provided:
• Category is the type of logs or traces that needs to be collected. The supported
options are log($AMS_LOG_DIR), debug($AMS_DEBUG_DIR), os or all
• Target can be a comma separated list of IP address of servers, hostnames, 5520
AMS site names or all
IP address - The IP address must be valid cluster IP address.
5520 AMS site name - The site name must be the name of local or remote site.
All - The servers in the system including the servers on a remote site.

• Destination URL is the location to store the final output file. The supported
protocol type is FTP, SFTP, HTTP, and a file. You need to use the username and
password set for file server to transfer the output file. For example:
ftp://test:test@<ip_address>, http://user1:123456@<ip_address>/upload/, or
sftp://amssftp:amssftp@<ip_address>/var/opt/ams/users/amssftp/
Note — You can login to the SFTP servers without entering a
password when the two servers are in sync. In order to upload
the collected logs without the password, you need to sync both
DSA and RSA keys in case of Red Hat Enterprise Linux version
6.7 and lower in the RHEL6 stream and Red Hat Enterprise
Linux version 7.2 and lower in the RHEL7 stream, and sync
only the RSA key for other versions of Red Hat Enterprise Linux
For more details on configuring the DSA and RSA keys, see the
Red Hat Enterprise Linux documentation.
Enter the category [ comma separated list of log, debug, os, all (default)
]: all
Enter the target [ comma separated list of cluster IP addresses | sitename |

all (default)]: all
Enter the destination url: ftp://test:<sitename>@<ip_address>
Progress:
[ Site <sitename> - server <ip_address> ] is collecting logs ...
[ Site <sitename> - server <ip_address> ] is collecting logs ...
[ Site <sitename> - server <ip_address> ] done
[ Site <sitename> - server <ip_address> ] done
Packaging the collected logs into a single .tar file ...
Package - SUCCESS
Uploading the collected logs through ftp://test:<sitename>@<ip_address> ...
Upload - SUCCESS
Retain the collected trace file

"ams_solution_<sitename>_2016_09_21_12_43_50.tar" [ no (default) | yes ] ?
yes
Retained
Note — You can retain the temporary collected trace file. The
trace file is available in $AMS_LOCALDATA_HOME/traces
directory.

Option 4: Reset Log/Debug files

Enter the category [ comma separated list of log, debug, all (default) ]: all

all (default)]: all
Progress:
[Site <sitename> - server <ip_address>] is resetting logs ...
Option 5: Enable Syslog Mode / Disable Syslog Mode

The ams_log_manager script helps you to enable, disable, or change facility mode
for all procmon and scripting logs to syslog server on all the servers such as
standalone setup, cluster setup, and geographic redundancy setup.The logs
information is stored in amssys.log file. Whenever the syslog mode is enabled, the
message ‘AMS changed log style to SYSLOG’ and when the syslog mode is
disabled, the message ‘AMS changed log style to files’ is added to amssys.log file.
Enable Syslog Mode output
Checking precondition
Progress:
[Site <sitename> - server <ip_address>] is enabling syslog...
Your change has been recorded successfully. Please restart the server/cluster
to make them effective
Disable Syslog Mode output

Checking precondition
Progress:
[Site <sitename> - server <ip_address>] is disabling syslog...
Option 6: Change Syslog Facility

This option helps you to setup a log file for syslog so that 5520 AMS messages are
routed to the correct log file. By default, the syslog messages are saved in
amssys.log file. You can view this log file as amssys user for debugging purpose.
Enter the syslog facility location [ $AMS_LOG_DIR/amssys.log (default) ]:

/<path_of_directory>/<log_file_name>


all (default) ]:
Progress:
[Site <sitename> - server <ip_address>] is modifying syslog facility...
Your change has been recorded successfully. Please restart the server/cluster
to make them effective
31.52 ams_apps_stats_converter
The ams_app_stats_converter.sh script can be used to convert a specified
applicationStatistics file or all applicationStatistics files in a specified path to .csv file
format, for plotting graphs offline, that is, outside the 5520 AMS GUI. This is
important when graphs cannot be plotted using the EMS Performance Monitoring
tool due to performance issues within the AMS server itself. For more information see
Section 30.1.
To run the script, log in to the amssys or root and type:
$AMS_SCRIPTS_DIR/ams_app_stats_converter.sh [–-outputdir
<output_directory>] [--filename <absolute path and filename of the
application statistics file> ]↵
Where:
• <output_directory> is the output directory specified by the operator where the .csv
file needs to be generated.
• <absolute path and filename of the application statistics file> is the absolute path
and filename of the applicationStatistics file.
31.53 ams_updatefirewall
Note — The ams_updatefirewall script is supported only on

Red Hat Enterprise Linux systems.
The ams_updatefirewall script is used to add, show, or remove port(s) used by 5520
AMS and 5529 Enhanced Applications.
A log file named update_firewall.log is generated when the script is executed and is
stored at $AMS_DEBUG_DIR.


ams_updatefirewall option ↵

• --debug: enables debug mode.
• --nodebug: disables debug mode.
• --remove: removes all ports which are used by 5520 AMS.
• --silent: runs in silent mode.
• --show: displays all the ports used by 5520 AMS.
• --enableneprotocols: adds or removes (t)ftp port or modifies SNMP trap port.
• --connectionlog: enables new connection endpoint logging
• --noconnectionlog: disables new connection endpoint logging
The following information is applicable for --enableneprotocols option:

• By default, the TFTP protocol is set to false. To enable, check whether the TFTP
protocol is selected in the AMS client, and then execute the ams_updatefirewall
--enableneprotocols script, or just restart the 5520 AMS server.
• To enable FTP protocol, check whether the vsftpd service is running, and then
execute ams_updatefirewall --enableneprotocols script, or just restart the 5520
AMS server.
• The script ams_updatefirewall --enableneprotocols updates only the service of
TFTP. You must add the service of FTP manually by executing the command
modprobe -a nf_conntrack_ftp, when the alarm is raised in the
$AMS_LOG_DIR/test_extension.log and $AMS_LOG_DIR/processmonitor.log
files. The alarm is cleared after the service of FTP is enabled.

[root@sys-198-04 bin]# ./ams_updatefirewall
Following ports are to be opened at the firewall to allow correct AMS behavior
Interface | Description | Protocol | Port number
----------+------------------------------------+----------+---------
eth1 | Internal TL1GW OSS Connection Port | tcp | 4713
eth2 | Internal TL1GW OSS Connection Port | tcp | 4713
eth1 | Internal TL1GW NE Connection Port | udp | 13001
eth2 | Internal TL1GW NE Connection Port | udp | 13001
----------+------------------------------------+----------+---------
Do you want to add these ports to the firewall [ no (default) | yes ]? yes
Adding these ports to the firewall... See detail on update_firewall.log!

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
31.53.1 Connection logging

A firewall is a network security system that monitors and controls the incoming and
outgoing network traffic based on predetermined security rules and establishes a
barrier between a trusted, secured internal network and outside network.
In 5520 AMS, firewall is used for traffic management among the servers. When
accessing the ports and protocol information in 5520 AMS servers, the source and
destination endpoints should be logged accordingly so that you can find out legal and
illegal connections to 5520 AMS servers.
You can enable or disable the source or destination end point logging for each new
incoming connection. By default, the connection logging is enabled in 5520 AMS.
After stopping the 5520 AMS server, the connection logging is stopped.
By using the connection logging, the syslog rotation is enabled and ensure that there
is sufficient disk space available in /var/log file. For more information, see 5520 AMS
Solution Planning Guide.
31.54 getLicenseCounter
The script getLicenseCounter script is used to provide the data from the license
database and you can retrieve AMS setup details such as IP of database server, and
database password.
A log file named LicenseCounter.log lists the data from license database and it is
stored at $AMS_DEBUG_DIR.
To run the script, log in as amssys, and type:
getLicenseCounter.shoption ↵

• -a: specifies the application server IP address
• -n: specifies the NE name
• -i: specifies the NE IP address
[amssys@sys-173-01 bin]$ ./getLicenseCounter.sh
Details in
/var/opt/ams/local/ams-9.5.00-291864/traces/log/LicenseCounter.log
[amssys@sys-173-01 log]$ cat LicenseCounter.log
+----------------------------------------------+

License Counter Daily Report
Date Time: Thu Oct 15 11:29:22 CEST 2015
+--------------------------------------+-------+
| Counter Name | Value |
+--------------------------------------+-------+
| 2.5gbps.enabled.lt | 1 |
| G.vector friendly mode | 0 |
| G.vector mode | 0 |
| Legacy VDSL2 mode with ZTV active | 0 |
| Legacy VDSL2 mode without ZTV active | 0 |
| green.dsl.l2mode | 0 |
| igmp | 10 |
| impulse.noise.sensor | 0 |
| ip.forwarding | 0 |
| nt.load.sharing | 3 |
| sra.vdsl2 | 0 |
| upbo.policing | 0 |
| vectoring.crosstalk | 0 |
| vectoring.legacy.fext.cancellation | 0 |
+--------------------------------------+-------+
31.55 convert_to_shorter_line
The script convert_to_shorter_line is used to convert the log files to new files with
shorter line length.
convert_to_shorter_line.ploption ↵

• -f: specifies the name of the log file to be converted
• -l: specifies the maximum length of the line. The default value is 80

For example, the usage of the script is given below:

convert_to_shorter_line.pl -f file.log -| 80

[amssys@redhat-95-79-min ~]$ convert_to_shorter_line.pl -f
/var/opt/ams/local/ams-9.5.00-293295/traces/log/processmonitor.log
Done. New log file: /var/opt/ams/local/ams-9.5.00-293295/traces
31.56 ams_reconfigure_host
The script ams_reconfigure_host is used to reconfigure the host server. You can
change some settings in 5520 AMS to VMware before running AMS properly. This
process is known as reconfigure IP.
The script checks that if the it is executed on a VMware.
ams_reconfigure_host.sh ↵

Do want to update host configuration [ no | yes (default) ]? y
Enter the host name that uniquely identifies the server (no space allowed):
redhat-95-145
The host name is "redhat-95-145"
Is this correct [ no (default) | yes ]? y
Enter IP address for interface "eth2": <IP_address_for_interface>
Enter the gateway: <Gateway_address>
Enter IP address for interface "eth3":<IP_address_for_interface>
Enter the gateway:<Gateway_address>
31.57 ams_support
The ams_support script is used to run commands of a specific domain on all or
specific servers in the cluster.
A log file named ams_support.log stored in $AMS_LOG_DIR and ams_support.trace
stored in $AMS_DEBUG_DIR records all the details during this script execution.

The jstack and jdump output is stored in $AMS_DEBUG_DIR with latest timestamp
information. For example:
/var/opt/ams/local/ams-9.6.00-331216/traces/log/ams_support.log
Note — The system may not respond temporarily while
collecting jstack and jmap on a heavily loaded system. You
need to restart the server for the changes to take effect.
To run the script, log in as amssys, and type:

ams_support.sh [-h|--help] [--domain=<domain> --command=<domaincommand>
--target=<target> [--destination=<destination file>]] ↵
where:
-h: prints help information
--domain: mandatory parameter which can have the following parameter
• app: this domain allows you to execute actions on the application server
• security: allows to execute commands which belong to security domain
--command: a command to execute a specific task
• jstack: collect jstack information on application servers
• jmap: collect jmap information on application servers
• resetadminpwd: reset password for admin user in case of no active admin
sessions
• killadminsessions: kill current sessions of admin user in case of number of active
sessions is greater than maxConcurrentSessions
--target: selects on which servers to execute the selected action, multiple
choices are allowed
• cluster ips: runs the command on specific machine only
• sitename: run the command on specific site only
• all: run the command on both sites
--destination: location where to store the result file
Note — The --resetadminpwd and --killadminsessions

commands are not applicable for Release 9.7 AMS installation.
But these commands work fine for the Release 9.7 migrated
setups.

ams_support.sh --domain=app --command=jmap
WARNING
Dumping a jstack/jmap on a heavily loaded system can cause the system to

become temporarily not responding

Progress:
[Site <sitename> - server <ip_address> ] is running jmap command...
[Site <sitename> - server <ip_address> ] done
The following is an example of the output to kill the admin sessions:

ams_support.sh --domain=security --command=killadminsessions
Checking admin sessions...
Done
Stopping session "5c4o2k3s-q6wcyy-itvami47-1-itwhlj4n-9"...
Success
Stopping session "5c4o2k3s-q6wcyy-itvami47-1-itwhxhfq-a"...
Success
The following is an example of the output to reset the admin user password:
ams_support.sh --domain=security --command=resetadminpwd
Checking admin sessions...
Done
Recovering the password for admin user...
Success
31.58 ams_update_database_pwd
The ams_update_database_pwd script is used to change the database password in
simplex, cluster and geo-redundant systems.
A log file named ams_ems_service.log records all the details during the script
execution.
The script prompts to modify the database password for root, admin user, and
replication user (users among the servers in a cluster) accounts.
Ensure the following criteria is met while changing the password:
• new password must not be the same as the current password
• new password must not exceed more than 32 characters and must not contain
spaces
To run the script, log in as amssys or root user and type:

ams_update_database_pwd.sh ↵


OK
Enter the current database password for root user (no space allowed):
Enter the new database password for root user (no space allowed):
Confirm the password for database root user:
Enter the current database password for amsadminusr user (no space allowed):
Enter the new database password for amsadminusr user (no space allowed):
Confirm the password for database amsadminusr user:
Enter the current database password for amsreplusr user (no space allowed):
Enter the new database password for amsreplusr user (no space allowed):
Confirm the password for database amsreplusr user:
***WARNING***
Next step will stop the running AMS system and thus the AMS and all its
related services will not be available.
Is it OK to stop the AMS and update new database password now [ yes | no
(default) ]? yes
Executing command ams_cluster stop...
host-<ip_address>:
Stopping database
Stopped database
Stopping JBoss
Stopped JBoss
Processing on <server_ip_address>
=======================
ams_update_database_pwd.sh 100% 10KB 10.4KB/s 00:00
Starting database..[ OK ]

Updating password for root user...
Updating password for amsadminusr user...
Updating password for amsreplusr user...
Shutting down database..[ OK ]
Updating ams.conf file...
Updating standalone-full-ha.xml file...
Executing command ams_cluster start...
host-<ip_address>:
FTP Service is not running!
Starting the AMS services
The server is starting up, it may take several minutes before it is fully
operational.
Note 1 — Do not execute ams_cluster restart script after

changing the database password using the
ams_update_database_pwd script. The cluster restarts
automatically when the ams_update_database_pwd script is
executed.
Note 2 — If the database password is changed in a cluster, the
VM template used for cloning the application server must be
regenerated to ensure the VM template password is in with the
database password. For information on configuring VM
templates, refer to Chapter 26.
31.59 ams_renew_isam_ssh_info
After migration to ISAM R5.7, the ISAM NEs generates a new SSH key pair and
hence denies any SSH connection when the same host connects with old public key.
The 5520 AMS always accepts the public key by the ISAM NE and it is successful
for the first time but the connection fails when the key pair of the NE is changed. To
avoid connectivity problems, it is recommended to generate the new SSH key on the
ISAM NE, then execute the ams_renew_isam_ssh_info script and perform the ISAM
NE migration to R5.7.
The 5520 AMS will loose SSH connectivity with the NE if the
ams_renew_isam_ssh_info script is not executed before migrating the ISAM NE to
R5.7.
You need to regenerate the SSH keys on the NE using the CLI or through the 5520
AMS GUI before executing the ams_renew_isam_ssh_info script and the PBMT
package, so that the 5520 AMS will have full connectivity during the migration
process.

The ams_renew_isam_ssh_info script is used to remove the SSH host signature

information for each of the ISAM NE and replaces it with a new key so that the NE
can be successfully upgraded to ISAM R5.7. The script updates SSH public keys
from the SSH cache for a given set of IP addresses.
A log file named ams_ems_service.log records all the details during the script
execution.
Note — The ams_renew_isam_ssh_info.sh script is not

supported on cluster system. You need to execute the script on
each application server which is part of cluster system.

ams_renew_isam_ssh_info.sh [-h|--help] [--input=<inputfilename>] [<NE ip,NE
ip,NE ip>]
where:
-h: prints help information
--input: Read the content of filename which should contain one NE IPv4 address
per line
NE ip: IPv4 address of an NE for which the SSH cache should be renewed.
Multiple addresses can be provided
Note — The format of the input filename must be one IP

address per line and it should be only IPv4 addresses.
The following is an example of the output when you provide NE IP address.

<NE IP> Cleaned
<NE IP> Rediscovered
<NE IP> Error
Cleaned output message indicates that the SSH cache is removed from the 5520
AMS server.
Rediscovered output message indicates that a new key is generated for the IP
address which is provided in the input.
Error output message indicates that it encountered a problem while removing the
SSH cache. The script continues to execute with the following error codes displayed
in the output.
• 0: All success
• 1: Input file not found
• 2: Parse failure of the input file
• 3: Renewal for at least one NE failed
• 4: Wrong user

31.60 ams_set_snmp_trap_port
The ams_set_snmp_trap_port script is used to set the UDP port number used by the
5520 AMS for listening to the SNMP traps coming from the NE. You must execute
the script on an application server and it is supported on cluster system.
You need to execute the ams_set_snmp_trap_port script to change the default
SNMP trap port number which is 9001 to custom trap port number.
A log file named update_firewall.log stored in $AMS_DEBUG_DIR or
update_firewall.trace stored in $AMS_DEBUG_DIR records all the details during this
script execution.
Before you proceed, the 5520 AMS and the database must be up and running.
ams_set_snmp_trap_port.sh [-h|--help] [--default|<portnumber>] [--show]
where:
-h: displays help information
--default: Sets the portnumber to be used to AMS default which is 9001
--show: Show the current configured value.
<portnumber> Value between 0 and 32000
Restart the 5520 AMS server after modifying the port number so that the new port
number is applied on all the application servers. If the 5520 AMS is not restarted, the
new port number is applied only on one application server where the script is
executed.
The ams_set_snmp_trap_port script updates the SNMP port number in the database
and the firewall port on the server where you executed the script. After restarting the
5520 AMS in a cluster setup, the ams_updatefirewall script is executed on all the
application servers and the script reads the new SNMP port number from the master
database.
Note 1 — The ams_set_snmp_trap_port.sh script does not
check for any possible port conflicts.
Note 2 — The 5520 AMS does not allow you to enable SNMP
port number 0 or 32000 port in the server. You can enable only
the SNMP port number between 0 and 32000 which is 1 to
31999.
The following is an example of the output.

For -show option:
ams_set_snmp_trap_port.sh -show
Currently trap port is set to: 9001
For new trap port:

ams_set_snmp_trap_port.sh 9019
Update database successfully
Update firewall setting successfully
AMS system needs to restart to take the new value into account.
Perform restart now [ y|N (default)] ?
Note — After changing the SNMP trap port number from

default value to a new trap port number, you can view the
updated port being used in 5520 AMS by executing the
ams_updatefirewall script. For more information on the script,
see section 31.53.
For -default option, the port value is set to the default port value which is 9001
ams_set_snmp_trap_port.sh --default
Update database successfully
Update firewall setting successfully
AMS system needs to restart to take the new value into account.
Perform restart now [ y|N (default)] ?
The following table describes the error messages that are displayed in the output
when you execute the ams_set_snmp_trap_port script.
Table 130 Error messages for ams_set_snmp_trap_port script
AMS is not running When you run the script while AMS is not up and
running.
Invalid port number provided When you enter the trap port number as a string
type or if the trap port number is not in the range 0
to 32000.
Failed to update firewall When you run the script while database is not up
settings. Please correct and running.
manually
Firewall is not updated as the When the firewall is not enabled.

required service is not running


Administrator Guide RADIUS authentication scenarios
32 RADIUS authentication scenarios

32.1 RADIUS authentication overview
32.1 RADIUS authentication overview

The 5520 AMS authenticates the user name and password with the primary RADIUS
server. If AMS fails to connect to the primary RADIUS server after the configured
timeout, AMS automatically connects to the secondary RADIUS server and
authenticates the same user name and password on the secondary RADIUS server.
Note 1 — When you login to the 5520 AMS client using the
two-factor authentication with append method for RADIUS
server authentication, you need to append the passcode in the
password field. The one-time passcode is applicable in the
following scenarios:
• During the first login
• After Global Inactivity Logout Timeout
• After Global Inactivity Lock Screen Timeout
For more information, see section “User settings”.
Note 2 — The passcode varies for different RADIUS servers.
You need to re-enter the passcode to authenticate with
secondary RADIUS server when AMS fails to connect to the
primary RADIUS server.
The secondary server will be contacted only after the maximum number of retries is
reached for the primary RADIUS server. See Table 131 for information on RADIUS
authentication scenarios.

RADIUS authentication scenarios Administrator Guide
Table 131 RADIUS authentication scenarios
RADIUS authentication scenario Authentication result Alarms
The client sends a request message Authentication is successful No alarm is raised.

to the primary RADIUS server. with the primary RADIUS
The RADIUS server returns an server.
Access-Accept response message.
The client sends a request message Authentication is successful A minor alarm

to the primary RADIUS server. If the with the secondary RADIUS ‘Primary RADIUS
primary server does not respond, the server after the configured Server not
client retries based on the value number of retries to the responding‘ is raised
configured for parameter “Number of primary server. when the primary
Retries”. RADIUS server does
If there is no response then AMS not respond.
sends the request message to the
secondary RADIUS server.
The secondary RADIUS server
returns an Access-Accept response
message.
The client sends request message to Authentication is not A major alarm ‘The
the primary RADIUS server. If the successful due to both the RADIUS Server not
primary server does not respond, the RADIUS servers are not responding’ is raised.
client retries based on the value reachable.
configured for parameter “Number of
Retries”.
If there is no response then AMS
sends the request message to the
secondary RADIUS server.
If there is no response from the
secondary server also then the
access to AMS is denied.
The client sends a request message Authentication is not A major alarm ‘The
to the primary RADIUS server with successful due to incorrect RADIUS Server not
incorrect password. password. responding’ is raised.
The RADIUS server returns an
Access-Reject response message.
Note — The alarms will be cleared at the next successful login

to 5520 AMS.

Administrator Guide Installing Web Map Server on Ubuntu
33 Installing Web Map Server on

Ubuntu
33.1 Installing Web Map Server on Ubuntu
33.1 Installing Web Map Server on Ubuntu

This section provides the procedure to install the Web Map Server on Ubuntu. Note
that the procedure provided in this section is only an example of Web Map server
installation.
Note — Nokia does not provide any support to install the Web
Map server.
Procedure 282 To install the Web Map Server on Ubuntu

Before you proceed, ensure that Ubuntu 10.04 is installed.
1 Login to the system with your username.
This username will be used later to configure the PostGIS database.
2 Obtain the system tool by typing:
sudo apt-get install subversion autoconf screen ↵
3 Organize the file system. Go to the home folder and create src, bin, and planet by typing:
cd ~ ↵
mkdir src bin planet ↵
4 Download the map data and copy to the planet directory. Perform one of the following steps:
• Go to http://downloads.cloudmade.com/, to download a map data of a country.

• Go to http://wiki.openstreetmap.org/wiki/Download#Download_the_data, to download
with a specified boundary.

Installing Web Map Server on Ubuntu Administrator Guide
5 Prepare the PostGIS database by executing the following commands:
sudo apt-get install postgresql-8.4-postgis postgresql-contrib-8.4 ↵
sudo apt-get install postgresql-server-dev-8.4 ↵
sudo apt-get install build-essential libxml2-dev libtool ↵
sudo apt-get install libgeos-dev libpq-dev libbz2-dev proj ↵
6 Install osm2pgsql from the repository by executing the following commands:
cd ~/bin ↵
svn export
http://svn.openstreetmap.org/applications/utils/export/osm2pgsql/ ↵
cd osm2pgsql ↵
./autogen.sh ↵
./configure ↵
make ↵
7 Configure the PostGIS database. Perform the following steps:
Edit: sudo gedit /etc/postgresql/8.4/main/postgresql.conf ↵
The output of the command will be:
shared_buffers = 128MB # 16384 for 8.1 and earlier
checkpoint_segments = 20
maintenance_work_mem = 256MB # 256000 for 8.1 and earlier

autovacuum = off
• To edit kernel parameter shmmax to increase maximum size of shared memory, type the
following commands:
sudo sysctl -w kernel.shmmax=268435456 ↵
sudo sysctl -p /etc/sysctl.conf ↵
sudo gedit /etc/sysctl.conf ↵
Add line: kernel.shmmax=268435456 ↵
• To restart postgres to enable the changes, type the following command:
sudo /etc/init.d/postgresql-8.4 restart ↵
• To create a databse called “gis”, type the following commands:
sudo -u postgres -i ↵
screateuser username # answer yes for superuser ↵
createdb -E UTF8 -O username gis ↵
createlang plpgsql gis ↵
exit ↵
Note — Substitute your username with "username" in the above

command. This should be the username that will render maps with
mapnik.
• To set up PostGIS on the postresql database, type the following command:
psql -f /usr/share/postgresql/8.4/contrib/postgis.sql -d gis ↵
...
CREATE FUNCTION
COMMIT
• Substitute your username with "username" in two places in the following line:
echo "ALTER TABLE geometry_columns OWNER TO username; ALTER TABLE

spatial_ref_sys OWNER TO username;" | psql -d gis ↵
The username should be the username that will render maps with maplink. The output of
the command will be:
ALTER TABLE

ALTER TABLE
• Set the Spatial Reference Identifier (SRID) on the new database by typing the following
command:
psql -f ~/bin/osm2pgsql/900913.sql -d gis ↵
INSERT 0 1
8 Load planet into the database with osm2pgsql and import, by typing the following commands:
cd ~/bin/osm2pgsql ↵
./osm2pgsql -S default.style --slim -d gis -C 2048 --number-processes=1

--cache-strategy=dense ~/planet/.osm.bz2 ↵
where -C is RAM cache size in MB.
Stopped table: planet_osm_ways in ..s
Osm2pgsql took 250s overall

9 Install Mapnik library from package. Perform the following:
• Go to http://prdownload.berlios.de/mapnik/mapnik-0.7.1.tar.bz2, to download mapnik.

• Extract it to ~/src/mapnik.
• Install dependency. Go to http://us.archive.ubuntu.com/ubuntu/pool/main/b/boost1.42/,
to download all the libboost1.42.
sudo apt-get install libltdl3-dev libpng12-dev libtiff4-dev

libicu-dev ↵
sudo apt-get install python-cairo-dev libcairo2-dev

libcairomm-1.0-dev libfreetype6-dev ↵
sudo apt-get install libgeotiff-dev libtiff4 libtiff4-dev

libtiffxx0c2 ↵
sudo apt-get install libsigc++-dev libsigc++0c2 libsigx-2.0-2

libsigx-2.0-dev ↵
sudo apt-get install libgdal1-dev python-gdal ↵
sudo apt-get install imagemagick ttf-dejavu ↵
sudo dpkg -i
/home/tcthien/share/mapnik_dependency/libboost1.42-dev_1.42.0-3ubunt
u1_i386.deb ↵
sudo dpkg -i
/home/tcthien/share/mapnik_dependency/libboost-system1.42.0_1.42.0-3
ubuntu1_i386.deb ↵
sudo dpkg -i
/home/tcthien/share/mapnik_dependency/libboost-filesystem1.42.0_1.42
.0-3ubuntu1_i386.deb ↵
sudo dpkg -i
/home/tcthien/share/mapnik_dependency/libboost-filesystem1.42.0_1.42
.0-3ubuntu1_i386.deb ↵
sudo dpkg -i
/home/tcthien/share/mapnik_dependency/libboost-regex1.42.0_1.42.0-3u
buntu1_i386.deb ↵
sudo dpkg -i
/home/tcthien/share/mapnik_dependency/libboost-regex1.42-dev_1.42.0-
3ubuntu1_i386.deb ↵
sudo dpkg -i
/home/tcthien/share/mapnik_dependency/libboost-iostreams1.42.0_1.42.
0-3ubuntu1_i386.deb ↵
sudo dpkg -i
/home/tcthien/share/mapnik_dependency/libboost-iostreams1.42-dev_1.4
2.0-3ubuntu1_i386.deb ↵
sudo dpkg -i
/home/tcthien/share/mapnik_dependency/libboost-thread1.42.0_1.42.0-3

sudo dpkg -i
/home/tcthien/share/mapnik_dependency/libboost-date-time1.42.0_1.42.
0-3ubuntu1_i386.deb ↵
sudo dpkg -i
/home/tcthien/share/mapnik_dependency/libboost-serialization1.42.0_1
.42.0-3ubuntu1_i386.deb ↵
sudo dpkg -i
/home/tcthien/share/mapnik_dependency/libboost-serialization1.42-dev
_1.42.0-3ubuntu1_i386.deb ↵
sudo dpkg -i
/home/tcthien/share/mapnik_dependency/libboost-date-time1.42-dev_1.4
2.0-3ubuntu1_i386.deb ↵
ssudo dpkg -i
/home/tcthien/share/mapnik_dependency/libboost-thread1.42-dev_1.42.0
-3ubuntu1_i386.deb ↵
sudo dpkg -i
/home/tcthien/share/mapnik_dependency/libboost-program-options1.42.0
_1.42.0-3ubuntu1_i386.deb ↵
sudo dpkg -i
/home/tcthien/share/mapnik_dependency/libboost-program-options1.42-d
ev_1.42.0-3ubuntu1_i386.deb ↵
sudo dpkg -i
/home/tcthien/share/mapnik_dependency/libboost-python1.42.0_1.42.0-3
sudo apt-get install gccxml python-dev python2.6-dev ↵
sudo dpkg -i
/home/tcthien/share/mapnik_dependency/libboost-python1.42-dev_1.42.0
-3ubuntu1_i386.deb ↵
• Build mapnik by typing the following commands:
python scons/scons.py configure INPUT_PLUGINS=all OPTIMIZATION=3

SYSTEM_FONTS=/usr/share/fonts/truetype ↵
python scons/scons.py ↵
sudo python scons/scons.py install ↵
sudo ldconfig ↵
• Troubleshoot the following errors:

• If there is an error during invoking, type the following command:
python scons/scons.py -> ↵
• If any libraries are missing, type the following command:
libboost-python1.42-dev... ↵
• Confirm that the Mapnik library is installed. The output of the command will be:

python
>>> import mapnik
>>>
10 Install Mapnik tools. To check out the source of mapnik rendering, type the following
command:
cd ~/bin ↵
svn co http://svn.openstreetmap.org/applications/rendering/mapnik
mapnik_rendering ↵
11 Install prepared world boundary data.
Mapnik uses prepared files to generate coastlines and ocean for small scale maps. This is
faster than reading the entire database to render zoom levels from zero to nine.
cd ~/bin/mapnik ↵
mkdir world_boundaries ↵
wget http://tile.openstreetmap.org/world_boundaries-spherical.tgz ↵
tar xvzf world_boundaries-spherical.tgz ↵
wget http://tile.openstreetmap.org/processed_p.tar.bz2 ↵
tar xvjf processed_p.tar.bz2 -C world_boundaries ↵
wget http://tile.openstreetmap.org/shoreline_300.tar.bz2 ↵
tar xjf shoreline_300.tar.bz2 -C world_boundaries ↵
wget
http://www.naturalearthdata.com/http//www.naturalearthdata.com/download
/10m/cultural/10m-populated-places.zip ↵
unzip 10m-populated-places.zip -d world_boundaries ↵
wget
http://www.naturalearthdata.com/http//www.naturalearthdata.com/download
/110m/cultural/110m-admin-0-boundary-lines.zip ↵
unzip 110m-admin-0-boundary-lines.zip -d world_boundaries ↵

12 Render the map to test the result by typing the following command:
cd ~/bin/mapnik_rendering ↵
./generate_xml.py --dbname gis --user username --accept-none ↵
./generate_image.py ↵
Note — Remember to replace "username" with your username.
Result: The database is loaded, the tools are installed, and England image is generated.
13 Install Apache server and generate map tile image by performing the following steps:
i Install Apache Server by typing the following command:
sudo aptitude install apache2 apache2-threaded-dev

apache2-mpm-prefork apache2-utils ↵
ii Add two environment variable by typing the following command:
export MAPNIK_MAP_FILE=~/bin/mapnik_rendering/osm.xml ↵
export MAPNIK_TILE_DIR=/var/www/osm ↵
iii Go to ~/bin/mapnik_rendering.
iv Modify generate_tiles.py (after bbox = (-180.0,-90.0, 180.0,90.0)) by typing the

following command:
- minZoom = 1 ↵
maxZoom = 16 ↵
box = (100.88905, 8.123944, 109.81295, 22.744028) #Example for Viet

Nam's boundary ↵
render_tiles(bbox, mapfile, tile_dir, minZoom, maxZoom) ↵
Result: All the map tiles image are generated in /var/www/osm/<zoom level>/<x location>/<y
location>.png, once the generation is complete.
14 Log in to the 5520 AMS GUI and set the Web Map Server setting to the following URL:

url: http://<domain>/osm/${z}/${x}/${y}.png
Note — Reference:
http://wiki.openstreetmap.org/wiki/HowTo_mod_tile


Administrator Guide Index
Index
Numerics ams_ne_cli, 576
ams_ne_mgr, 587
5520 AMS ams_nerestore, 579
configure to upload SIP configuration file to ams_remove_data, 586
external FTP server, 367 ams_reset_logs, 600
ams_restore, 587
A ams_retrieve_ip_by_nename, 588
ams_retrieve_pap_ne_from_db, 588
activate SSL changes
ams_schedule_backup, 589
reinstall solaris client, 87
ams_server, 527
add
ams_show_ne_balancing, 579
CA certificate for LDAP, 346
ams_simplex_to_cluster, 602
CPE vendor ID and country code, 439
ams_switch_active_dataserver, 594
customized web link, 424
ams_switch_authentication_local, 594
license key from GUI, 72
ams_tracing, 595
license key from server, 73
ams_uninstall, 595
links using ams_link_mgr_script, 260
ams_user_mgr, 595
user account, 134
convert5526AMSTo5523AWS, 596
alarm
createUsernamePassword, 596
view logs, 499
DEMO_IT_infrastructure_integration, 597
alarms
getAgentlist, 598
configure EMS local alarms, 302
innotop, 600
filter, 301
retrieve_nes, 601
license, 71
switchover_hook, 602
ams server scripts
ams_hub_sub_link_mgr_script
ams_activate, 547
create cluster, 273
ams_audit_agent_alarm, 547
create input file, 272
ams_backup, 548
ams_link_mgr script
ams_check_ssl, 596
add links, 260
ams_cluster, 550
ams_copy_datafiles, 557
ams_ne_mgr_script
ams_disable_ssl, 597
add NEs, 229
ams_enable_ssl, 598
ams_export, 565
ams_user_mgr_script
ams_exttl1gw_integration, 567
ams_geo_configure, 571
manage users, 143
ams_hub_sub_link_mgr, 571
annonymous FTP user
ams_import, 571
create, 364
ams_install, 573
application server
ams_install_license, 574
stop, 446
ams_link_mgr, 575
architecture
ams_nebackup, 578
syslog, 493

Index Administrator Guide
assign users FTP server for SIP, 363

user role, 153 inactivity lock screen timeout, 167
inactivity logout timeout, 166
B inventory basic settings, 357
license alarm threshold, 335
back up license collection start time, 335
AMS database, 379 link management settings, 252
AMS software, 395 maximum concurrent user sessions, 171
database in geo-redundant cluster, 380 NAT, 185
NE backup database, 381 NE alarm processing settings, 310
backup files NE backup settings, 319
align database with stored backups, 244 NE detection settings, 284
verify, 237 NE plug-in settings, 330
between server and client NEs using ams_ne_cli_script, 234
disable SSL, 90 PAPs, 157
password dictionary, 151
C
PM settings, 317
change proxy settings in Solaris clients, 360
PAP with an NE, 159 SIP file transfer protocols, 361
user password, 149 site settings, 336
close SNMP connections, 284
user session, 165 SNMP retries, 286
cluster management SNMP traps, 285
overview, 444 SNTP, 189
complex schedule SNTP settings, 355
create, 413 splitter management settings, 320
concatenate subscriber search attributes, 194
split backup file, 407 subscriber search settings, 322
configure superuser role, 154
5520 AMS to upload SIP configuration file to supervision settings, 322
external FTP server, 367 suppression of toggling alarms, 314
5530 NA-F settings, 370, , 371, , 373 syslog rotation settings, 497
action manager settings, 321 template settings, 334
alarm storage, 304 TFTP server settings, 296, , 298
AMS settings for NBI, 368 time zone settings, 329
application server settings, 351 user activity log settings, 459
automatic supervision on new NEs, 179 configure global timeout value
cut through settings, 318 delete dormant account, 169
dormant account deletion timeout, 170 lock a dormant account, 168
dormant account lock timeout, 170 configure timeout value
EMS detailed tracing, 327 global inactivity lock screen, 168
EMS local alarms, 302 global inactivity logout, 167
EMS tracing settings, 326 confirm
field seperator, 405 SSL enabled, 87
file transfer protocol settings, 294 copy

input files for server scripts, 136 customized web link, 428
NE plug-in settings, 333 external TL1 gateway server, 209
create operator defaults, 432
anonymous FTP user, 364 schedule, 417
cluster using ams_hub_sub_link_mgr_script, disable
273 LDAP, 346
complex schedule, 413 RADIUS authentication, 344
environmental alarm templates, 315 SSL, 89
external SNTP server, 190 SSL between server and client, 90
external TL1 gateway server, 208 duplicate
hub-subtended clusters, 271 customized web link, 429
input file for ams_hub_sub_link_mgr_script, operator default template, 431
272
input file for ams_link_mgr script, 254 E
links from application server, 254
operator default template, 430 enable
PAP, 157 LDAP, 345
PAP group, 160 RADIUS authentication, 342
simple schedule, 412 SSL, 84
SNMP profile, 290 enable SSL communication
SNMPv3 user, 289 between 5520 AMS server and GUI clients,
85
syslog server, 494
syslog server message, 496 customized keystore, 85
user accounts, 131 export
user roles, 152 External TL1GW, 209
create user account selectively using AMS GUI, 398
internal DB authentication, 131 export data
remote authorization, 131 using AMS GUI, 397
customize external TL1 Gateway
environmental alarm definitions, 316 release and license information, 221
customized keystore statistics, 221
generate, 83 external TL1 gateway
list, 84 add TNM user profile, 218
customized web link change user password, 214
add, 424 clear command templates, 216
delete, 428 configure, 212
duplicate, 429 configure using ETL1 script, 204
modify, 427 connection, 211
list TNM user profiles, 219
D load command templates, 215
login, 213
data server switchover remove TNM user profiles, 219
conditions, 449 send TL1 commands, 216
force, 450 start batch execution, 217
delete start new user session, 212
CPE vendor ID and country code, 440 stop batch execution, 217

terminate TNM sessions, 220 add from server, 73

unconfigure using ETL1 script, 205 update, 75
external TL1 gateway server view, 74, , 76
associate all NEs, 210 link management
associate one NE, 210 configure, 252
create, 208 list
delete, 209 customized keystore, 84
disassociate NEs, 211 list of schedules
External TL1GW view, 414
export, 209 lock
user, 145
G log files
rotate, 497
generate
agent list, 184 M
agent list using a cron job, 184
customized keystore, 84 manage
lists, 180 alarm logs, 222
NE list, 182 subscriber search attributes, 196
syslog server, 494
H user accounts, 137
messages
https syslog, 492
overview, 98 modify
hub-subtended clusters customized web link, 427
create, 271 GUI settings, 281
operator default template, 432
I
options for ams_schedule_backup script, 384
inactivity logout timeout scheduled task, 415
configure, 166 time zone, 191
install
Web Map Server on Ubuntu, 624 N
NE
L
agent list, 183
LDAP backup, 237
add a CA certificate, 346 balancing, 185
disable, 346 check backup consistency, 246
enable, 345 list, 181
license restore, 239
cluster, 70 retrieve information, 178
operator, 70, , 71 NE backup files
overview, 68 copy, 244
subscriber, 70 delete, 245
license key view and filter, 243
add from GUI, 72 NEs

unevacuate using GUI, 448 AMS software, 396

NE backup database, 389
O restore database
new cluster, 391
operator default template new geo-redundant cluster, 392
create, 430 new geo-redundant simplex, 393
duplicate, 431 new standalone server, 390
modify, 432 on same standalone server, 386
view, 430 same cluster, 386
overview same geo-redundant cluster, 387
cluster management, 444 same geo-redundant simplex, 388
communication and information, 178 retrieve
https, 98 NE information, 179
PAPs, 156 rotate
RADIUS authentication, 622 log files, 497
schedule, 410 run
SNTP, 188 password encrryption script, 142
SSL, 82
subscriber search attributes, 194 S
syslog, 492
time zone, 191 schedule
user accounts, 104 backups of database, 384
user session, 164 complex, 411
delete, 417
P NE database backup, 417, , 418, , 419
overview, 410
PAPs simple, 411
configure, 157 view, 410
create, 158 security log
overview, 156 view, 498
perform security log files
file transfer test, 294 view, 498
forced inventory data collection, 406 settings
user, 123
R
simple schedule
RADIUS authentication create, 412
disable, 344 SIP
enable, 342 configure FTP server, 363
overview, 622 SNMP
reinstall solaris client configure traps, 285
activate SSL changes, 87 SNTP
replace configure, 189
default https certificate, 98 create external server, 190
reset overview, 188
tracing level to default on NEs, 327 split
restore backup file, 407

SSL unlock
disable, 89 user, 146
enable, 84 unschedule
overview, 82 task, 416
stop update
application server, 446 license key, 75
subscriber search attributes time zone information in NE, 192
configure, 194 use
create, 197 application server, 445
delete, 200, , 201 data server, 449
edit, 198 user
manage, 196 lock, 145
move an attribute, 199 unlock, 146
overview, 194 user account
switch add, 134
from customized to default keystore, 89 parameters, 126
from default to customized keystore, 88 user accounts
syslog changes, 105
architecture, 493 manage, 137
overview, 492 overview, 104
syslog rotation settings user role
configure, 497 create, 152
syslog server user session
create, 494 close, 165
manage, 494 overview, 164
syslog server message
create, 496 V
syslog system parameters
view, 494 view
alarm logs, 499
T backup or restore status, 241
data server settings, 354
task license key, 74, , 76
unschedule, 416 list of schedules, 414
time zone operator default template, 430
change information for NE, 192 security log, 498
configure, 329 security log files, 498
modify, 191 syslog system parameters, 494
overview, 191 user functions, 152
To configure a TL1/CLI protocol selection user session information, 164
strategy for a reachability test, 296 user statistics, 148
version and plug-in details, 353
U
unevacuate
NEs using GUI, 448

Customer document and product support
Customer documentation
Customer Documentation Welcome Page
Technical Support
Product Support Portal
Documentation feedback
Customer Documentation Feedback
© 2020 Nokia.
3JL-01001-BWAB-PCZZA

3JL01001BWABPCZZA - V1 - 5520 AMS Release 9.7.03 Administrator Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

3JL01001BWABPCZZA - V1 - 5520 AMS Release 9.7.03 Administrator Guide

Uploaded by

Copyright:

Available Formats

Administrator Guide

5520 Access Management System,

Nokia — Proprietary and confidential

Nokia is a registered trademark of Nokia Corporation. Other products and company

5.2 Adding license keys...................................................................................71

9.8 Viewing user statistics .............................................................................148

14.3 Time zone overview.................................................................................191

20.3 Managing SNMP settings ........................................................................283

20.34.2 LDAP authentication................................................................................344

22.2 Creating a simple schedule .....................................................................412

27.4 Filtering user activity logs ........................................................................465

31.2.4.4 Output for an application server in a cluster ............................................540

31.21 ams_ne_cli ..............................................................................................576

16 Managing External TL1 Gateways.............................................202

Table 73 User account parameters for LDAP/RADIUS server ...............................348

Table 110 Syslog server parameters........................................................................495

Procedure 32 To create an input file for the ams_user_mgr script ................................139

Procedure 73 To change time zone information for an NE ............................................192

18 Backing up and restoring NE software.....................................236

Procedure 151 To create environmental alarm templates ...............................................315

Procedure 235 To unevacuate the NEs using the GUI ....................................................448

30 EMS performance monitoring ...................................................514

1.2 Conventions used in this guide

Table 1 Documentation conventions

Convention Description Examples

Key name Identifies a keyboard key Delete

Italics Identifies a variable hostname

Key+Key Type the appropriate consecutive keystroke sequence. CTRL+G

Key-Key Type the appropriate simultaneous keystroke sequence. CTRL-G

↵ Press the Return or Enter key. Press ↵

— An em dash in a table cell indicates that there is no —

* An asterisk is a wildcard character that means “any Path_analysis.*file

1.2.1 Important information

Warning — Warning indicates that the described task or

Caution — Caution indicates that the described task or

Note — Note provides information that is, or may be, of special

Applies to — The Applies to note indicates that the described

1.2.2 Navigation steps

Procedure 1 Example of NE navigation convention

1 Navigate to the NE and choose object.

2 Right-click object and choose menu item.

1.2.3 Procedures with options or substeps

Procedure 2 Example of options in a procedure

• This is one option.

2 You must perform this step.

Procedure 3 Example of substeps in a procedure

i This is the first substep.

ii This is the second substep.

iii This is the third substep.

2 You must perform this step.

1.3 Multiple PDF file search

Procedure 4 To search multiple PDF files for a term

1 Open the Adobe Reader.

2 Choose Edit→ Search from the Adobe Reader main menu.

Result: The Search panel opens.

3 Enter the term to search for.

4 Select All PDF Documents.

5 Choose the folder in which to search using the drop-down menu.

6 Select the following search criteria, if required:

• Whole words only

Note — After you click on hyperlink, right-click and choose Previous

1.4 Contact information

4 Logging in to the 5520 AMS