CLARO Colombia - SO EM Client and OpenVPN Configuration Procedure - Reve

CLARO Colombia - SO EM Client and
OpenVPN Configuration Procedure
INSTRUCTION
Rev E
CLARO Colombia - SO EM Client and OpenVPN Configuration Procedure
Ericsson AB 2015
All rights reserved. The information in this document is the property of
Ericsson. Except as specifically authorized in writing by Ericsson, the
receiver of this document shall keep the information contained herein
confidential and shall protect the same in whole or in part from disclosure
and dissemination to third parties. Disclosure and disseminations to the
receiver's employees shall only be made on a strict need to know basis.
Rev E 2015-06-02 Ericsson AB 2015 2 (37)

Ericsson Confidential
Contents
1 Introduction .......................................................................................... 4
1.1 Revision History ..................................................................................... 4
1.2 Pre-Requisites ....................................................................................... 4
2 Windows Client Configuration ............................................................ 6

2.1 Windows 7 Security Configuration ......................................................... 6
2.2 Internet Explorer Configuration .............................................................. 6
2.3 Configure Mozilla Firefox Browser (Optional) ......................................... 8
2.4 Time Synchronization............................................................................. 9
2.5 DCOM Client Settings .......................................................................... 10
2.6 Download External Software Files ....................................................... 12
2.7 Configure Java ..................................................................................... 14
2.8 SFTP Client Installation........................................................................ 16
2.9 OpenVPN Client Installation and Configuration .................................... 19
2.9.1 Software Installation ........................................................................................... 19
2.9.2 Download Configuration Files ............................................................................ 23
2.9.3 Install Configuration Files ................................................................................... 24
2.9.4 Add SO EM to SCP Trusted Hosts .................................................................... 27
2.10 MINI-LINK Craft and Viewers Installation ............................................. 27
3 Launching SO EM GUI ....................................................................... 29

3.1 Establishing a Secure VPN .................................................................. 29
3.2 Start SO EM GUI and Login Procedure................................................ 30
3.3 Description of SO EM GUI Main Window ............................................. 33
3.3.1 Application Bar ................................................................................................... 34
3.3.2 Side Bar .............................................................................................................. 35
3.3.3 View Area ........................................................................................................... 36
3.3.4 Notification Bar ................................................................................................... 36
4 References ......................................................................................... 37
Rev E 2015-06-02 Ericsson AB 2015 3 (37)

1 Introduction
This document provides to CLARO Colombias ServiceOn Element Manager
(SO EM) operators a procedure to configure a PC to work as SO EM client,
including a secure VPN used to encapsulate all traffic between PC Client and
SO EM server.
1.1 Revision History

Table 1 - Revision History
Revision Date Author Reason

A 20/03/2015 EJOSALM First release.
Embedded files removed.
B 20/03/2015 EJOSALM
Chapter of references added.
External software files in CLARO
C 24/03/2015 EJOSALM
Colombias internal FTP server.
Creation of registry entry of SO EM
D 28/04/2015 EJOSALM
server in pspc trusted servers.
Corrections:
Changed procedure to register pscp
D 28/04/2015 EJOSALM trusted hosts
Add procedure to configure DCOM
Change order of installation
1.2 Pre-Requisites
This procedure applies to PCs with software detailed in the following table
Software Version
Windows Client Windows 7 Service Pack 1 (32bit) with IE9 supported
Windows Client Windows 7 Service Pack 1 (64bit) with IE9 supported
Java runtime 7U25 (32 bit)
Firefox (Optional) Firefox 24.2 Extended Support Release
In some cases, CLARO Colombias firewall is blocking the TCP/UDP ports

required to open a SO EM session from a PC Client and CLARO Colombia
doesnt approve to open in its firewall all ports required (this is the case for
all PC Clients with ip address in ip subnetwork 172.0.0.0/8).
For those cases, Ericsson provides a customization to establish a secure

VPN (by OpenVPN) between PC Client and SO EM. CLARO Colombias
firewall must be configured to allow traffic over ports 22/tcp (SSH/SFTP)
and 1194/tcp (OpenVPN) between PC Client and SO EM server.
Rev E 2015-06-02 Ericsson AB 2015 4 (37)

Note: According to CLARO Colombias internal procedures, the user must

establish a session against CLARO Colombias firewall before establishing
the secure VPN or launching the SO EM GUI.
Ericssons PC Clients connected through RSG will need the customization

to establish a secure VPN, so same ports as previous bullet are required
between SSG and SO EM.
A PC Client with ip address in the same ip network as CLARO Colombias

SO EM server (192.168.0.0/16), it doesnt require to establish secure VPN
(OpenVPN) because there isnt any device blocking traffic in that case.
To execute this installation procedure is required a Windows administrator

user for the PC Client.
Rev E 2015-06-02 Ericsson AB 2015 5 (37)

2 Windows Client Configuration
2.1 Windows 7 Security Configuration

Log on as local administrator and do the following to disable the Windows
Firewall:
1 Click Start > Control Panel.
2 Click System and Security and then Windows Firewall.
3 Click Turn Windows Firewall on or off. If prompted for an administrator

password or confirmation, type the password or provide confirmation.
4 Click Off (not recommended), and then click OK.
Note: Any other firewall shall be disabled as well.
2.2 Internet Explorer Configuration

To connect to the ServiceOn EM or IP Transport NMS server, the browser
trusted sites list must be updated.
Execute the following steps in order to configure the Internet browser and
update the trusted sites list to connect to the ServiceOn EM or IP Transport
NMS server:
1 Launch Internet Explorer Browser.
Rev E 2015-06-02 Ericsson AB 2015 6 (37)

2 Open the Tools menu and click Internet Options.
3 Click on the Security tab.
4 Select Trusted Sites.
5 Click Sites.
6 Enter the http://192.168.173.177 in the field Add this website to the zone
and click Add.
http://192.168.173.177
Rev E 2015-06-02 Ericsson AB 2015 7 (37)

7 Repeat step 6 to add http://soemds01.comcel.com.co and http://soemds01
8 Clear the Require server verification (https:) for all sites in this zone
option and click Close.
2.3 Configure Mozilla Firefox Browser (Optional)

Select Open with Java Web Start Launcher or Save file, and click OK before
logging on.
When using Mozilla Firefox for the first time, when asked about Import Setting
and Data, select Don't import anything and click Next.
Automatic updates of Mozilla Firefox must be disabled. This setting is done in

accordance with standard delivered 3PPs.
Do the following:
1 From Mozilla Firefox Options menu, select Advanced tab.
2 Select Update tab.
3 Check Never check for updates (not recommended: security risk).
4 Click OK.
Rev E 2015-06-02 Ericsson AB 2015 8 (37)

2.4 Time Synchronization

For Thick Client, the time must be synchronized with SO EM servers and
nodes.
Synchronize the time in PC Client as follows:
1 Click Start > Control Panel > Date and Time.
2 Click the Internet Time tab.
3 Click Change settings.
4 Insert the IP address of SO EM server (192.168.173.177) as the NTP

Server and select Synchronize with an Internet time server and click
OK.
5 Click OK.
Rev E 2015-06-02 Ericsson AB 2015 9 (37)

2.5 DCOM Client Settings

To launch the Zoom In on EM-MLE equipment on Windows 7 SP1 PC client,
do the following:
1 Click Start > Run, type DCOMCnfg and click OK.
2 Click Component Services under the Console Root to expand it.
3 Click Computers under Component Services to expand it.
4 Right-click on My Computer in the pane on the right and click

Properties.
5 Click COM Security to open the COM Security tab.

Note: There are four permission configurations to edit.
6 Click Edit Limits... under Access Permissions.
To add the ANONYMOUS LOGON and Everyone groups in the Group or user
names list, do the following:
7 Click Add.
8 In the Select Users or Groups dialog box, click Advanced.
9 In the second Select Users or Groups dialog box, click Find Now.
10 In the list, at the bottom of the dialog box, select ANONYMOUS LOGON.
11 Click OK to close both the Select Users or Groups dialog boxes.
12 Verify that Local Access and Remote Access are selected in the Allow
column.
Rev E 2015-06-02 Ericsson AB 2015 10 (37)

13 Repeat the previous steps from Step 1 to Step 6 but select Everyone
instead of ANONYMOUS LOGON.
14 Click OK in the Access Permission window.
15 Click on Edit Limits... under Launch and Activation Permissions.
To add the ANONYMOUS LOGON and Everyone groups in the Group or user
names list, do the following:
16 Click Add.
17 In the Select Users or Groups dialog box, click Advanced.
18 In the second Select Users or Groups dialog box, click Find Now.
19 In the list, at the bottom of the dialog box, select Everyone.
20 Click OK to close both the Select Users or Groups dialog boxes.
21 Verify that Local Launch, Remote Launch, Local Activation and Remote
Activation are selected in the Allow column.
The remote options for the Everyone user group must be selected in the
dialog box.
22 Repeat the previous steps from Step 1 to Step 6 , but select ANONYMOUS
LOGON instead of Everyone.
23 For each user (or group) make sure that both the Local Access and
Remote Access options are selected.
24 Launch and Activation permissions per user.
Rev E 2015-06-02 Ericsson AB 2015 11 (37)

2.6 Download External Software Files

All external software files required for configuring a PC to be a SO EM client
have been uploaded into an internal CLARO Colombias FTP server, so any
CALROs user can download it, thus:
1 Open a file explorer window in the PC client and type ftp://172.22.13.78 in

the address bar
2 Type the username gora_client_sw and password client2015 to access

the server
Rev E 2015-06-02 Ericsson AB 2015 12 (37)

3 Right click in the remote folder and select Copy in the pop-up menu
4 Right click in the local destination folder and select Paste in the pop-up
menu
5 Double click in the folder soem_client_ext_sw_files
Rev E 2015-06-02 Ericsson AB 2015 13 (37)

Note: jre-7u25-windows-x64.exe, openvpn-install-2.3.6-I601-x86_64.exe,

MINI-LINK_Craft.bat and MV36.reg are required for windows 64 bits only.
2.7 Configure Java

Install the Java Runtime Environment (JRE) version 1.7.0_25 32 bits by
double clicking on the file jre-7u25-windows-i586.exe (see 2.6).
Note: In case of Windows 64 bits install also JRE version 1.7.0_25 64 bits by
double clicking on the file jre-7u25-windows-x64.exe (see 2.6).
After installing Java, the Java update must be disabled.
Disable the Java update as follows:
1 Click Start > Control Panel > Programs > Java.
2 Click the Update tab.
3 Clear the Check for Updates Automatically option.
Rev E 2015-06-02 Ericsson AB 2015 14 (37)

4 Click the Advanced tab and Select Disable verification option in Mixed
code (sandboxed vs. trusted) security verification
5 Click the General tab, then click on Settings button
6 Click Delete Files ...
Rev E 2015-06-02 Ericsson AB 2015 15 (37)

7 On Delete Files and Applications menu select Installed Applications

and Applets and click OK.
8 Click OK on Temporary Files Settings menu.
9 Click Apply and OK on Java Control Panel.
2.8 SFTP Client Installation

Perform the following installation procedure:
1 Download installer of FileZilla client FileZilla_3.10.2_win32-setup.exe

from CLAROs repository (see 2.6)
Note: Windows Vista, 7, 8 and 8.1 are supported, each both 32 and 64 bit.
2 Click on Run button on Security Warning window
Rev E 2015-06-02 Ericsson AB 2015 16 (37)

3 Click Yes button on User Account Control window
4 Click on I Agree button on License Agreement (Filezilla client is freeware)
5 Click on Next button to enable the application for any user
Rev E 2015-06-02 Ericsson AB 2015 17 (37)

6 Click on Next button for selecting the path to install de application
7 Click on Install button
Rev E 2015-06-02 Ericsson AB 2015 18 (37)

8 Unselect Start FileZilla Now and click on Finish button
2.9 OpenVPN Client Installation and Configuration
2.9.1 Software Installation
Perform the following installation procedure:
1 Download installer of OpenVPN client from CLAROs repository (see 2.6)

according to your operating system, thus:
Installer (32-bit), Windows Vista and later openvpn-install-2.3.6-I601-i686.exe
Installer (64-bit), Windows Vista and later openvpn-install-2.3.6-I601-x86_64.exe
Rev E 2015-06-02 Ericsson AB 2015 19 (37)

2 Double click the downloaded file OpenVPN and click Yes button to start
installation
3 Click on Next button
Rev E 2015-06-02 Ericsson AB 2015 20 (37)

4 Click on I Agree button on License Agreement (OpenVPN Client is

freeware)
6 Click on Install button
Rev E 2015-06-02 Ericsson AB 2015 21 (37)

8 Unselect Start OpenVPN GUI and Show Readme and click on Finish
button
Rev E 2015-06-02 Ericsson AB 2015 22 (37)

2.9.2 Download Configuration Files

Connect to SO EM server by SFTP client to download a zip file containing
keys, certificates and configuration of OpenVPN, thus:
1 Start FileZilla Client
2 Type sftp://192.168.173.177 in Host, your user name in Username, your

password in Password and click on Quickconnect button
3 Select Always trust in this host, add this key to the cache and click on OK
button
Rev E 2015-06-02 Ericsson AB 2015 23 (37)

4 Double click on <your_user_name>.zip file to download it to your PC
5 Check that transfer was successful on Successful transfers tab
2.9.3 Install Configuration Files
Unzip your file containing keys, certificates and configuration of OpenVPN into
the directory C:\Program Files\OpenVPN\config, thus:
1 Open the zip file downloaded in 2.9.2 and click on Extract To button
Rev E 2015-06-02 Ericsson AB 2015 24 (37)

2 Select a temporary directory to extract the files and click on OK button
3 Open the temporary directory, select all files, right click and select Copy
4 Open C:\Program Files\OpenVPN\config, right on blank space and select

Paste
Rev E 2015-06-02 Ericsson AB 2015 25 (37)

5 Click on Continue button in Destination Folder Access Denied window and

Yes in User Account Control window to authorize to paste the files
6 Check that all files were copied
7 Delete temporary folder
Rev E 2015-06-02 Ericsson AB 2015 26 (37)

2.9.4 Add SO EM to SCP Trusted Hosts
Perform the following procedure:
1 Open CMD and execute the following command:
C:\Program Files\OpenVPN\config\pscp.exe q l TEST pw ericsson

192.168.173.177:dummy .
2 Type y and Enter
3 Close CMD
2.10 MINI-LINK Craft and Viewers Installation

This part of the procedure is required to install the applications to manage the
radios and SO EM viewers for users, performance and inventory data; in order
to install such applications and viewers:
1 Connect by OpenVPN as described in 3.1 Establishing a Secure VPN
2 From the Windows PC client, start Internet Explorer and enter in the
address bar http://192.168.173.177:30305
Rev E 2015-06-02 Ericsson AB 2015 27 (37)

3 On the Internet Explorer window select the EM Installation link to open

the software installation page.
4 Install the following types of software in the listed order:

ServiceOn EM Client
MINI-LINK Craft
5 (For Windows 64 bits only) Execute the following steps in order to map
location of some registries:
i. Download the file MV36.reg (see 2.6)
ii. Right click on the MV36.reg file and choose Run as Administrator
iii. Download the file MINI-LINK_Craft.bat (see 2.6)
iv. Replace the file C:\Ericsson\MINI-LINK_Craft\ MINI-LINK_Craft.bat
with the one downloaded
Rev E 2015-06-02 Ericsson AB 2015 28 (37)

3 Launching SO EM GUI
3.1 Establishing a Secure VPN

To establish a secure VPN between your windows PC and SO EM:
1 Click on Start icon in the task bar, select All Programs > OpenVPN,
right click on OpenVPN GUI and select Run as Administrator
2 Click on Show hidden icons in the task bar, click on OpenVPN GUI
icon and select Connect in the pop-up menu
Rev E 2015-06-02 Ericsson AB 2015 29 (37)

3 It is launched automatically a cmd window then an OpenVPN Connect

window showing progress of connection
4 OpenVPN GUI icon in the task bar becomes green and a message
indicating your assigned ip address is shown
3.2 Start SO EM GUI and Login Procedure

To start SO EM GUI:
1 Open the standard Internet browser and in the address bar type the url
address http://192.168.173.177:30305. The SO EM screen is displayed.
Rev E 2015-06-02 Ericsson AB 2015 30 (37)

2 Click ServiceOn EM to go to the logon page. Click Login to log on to the

SO EM GUI. The SO EM Login screen is displayed. If requested by Java
application, confirm the signature of the application from the trusted
source.
3 Enter the username and password, and select the server. Click Login.
The password can be changed, if needed, from the logon window. To

change the password, click Change password, type the old password,
type the new password twice, and then click the change password button.
Rev E 2015-06-02 Ericsson AB 2015 31 (37)

At the first logon the user is forced to change the password if it was
created with Force Password Change enabled.
While starting up, SO EM checks the number of users currently trying to

open the GUI. Any new user trying to log on when all licensed or five in
the same PC are already logged on is blocked; the following message
appears:
Rev E 2015-06-02 Ericsson AB 2015 32 (37)

4 The SO EM GUI is displayed (see 3.3 for description of the SO EM GUI)
3.3 Description of SO EM GUI Main Window

The main window consists of the following parts:
Application Bar
Rev E 2015-06-02 Ericsson AB 2015 33 (37)

Side Bar
View Area (Perspective Area)
Notification Bar
3.3.1 Application Bar
The Application Bar on the top of main view contains the following:
Ericsson logo
Application name: SO EM
Menus:
o File: Exits from the GUI.
o Help: runs the help for SO EM, for plug-ins. It shows About
information of the SO EM.
The current user with the Ericsson user icon:
Rev E 2015-06-02 Ericsson AB 2015 34 (37)

A read-only message box Inbox is available. Each user can receive

incoming messages about the system or processes, for example, the
ending of a scheduled job or a shutdown or restart operation of the
Core application. Messages refer to one of the following:
o Date/Time Jobs
o Backup Jobs
o Configuration Jobs
o Remove User (to nmcman)
o EM Core Shutdown/Restart
o EMPM Start/Stop
o NE Family Shutdown/Restart
o Disk Full
o Hard Restart
The Message Box is divided into three columns: From (sender

description), Date (incoming date), and Subject (content description).
Read messages are displayed in black text. To delete messages click
the white space on the left side of the message line; a bin icon is
displayed. Click to delete. Both read and unread messages can be
deleted.
The number of messages the box can contain is limited only by the SO
EM hard disk capacity.
Minimize, restore/maximize, and close buttons
3.3.2 Side Bar
The Side Bar on the left of the main view contains the complete views list.
The view area is populated according to the click on each item in the side bar.
The side bar includes the following:
Network
Discovery
Fault
Performance
Rev E 2015-06-02 Ericsson AB 2015 35 (37)

Software Upgrade
Inventory
Configuration: with the sub-menus:
o CLI Scripts
o NE Backup/Restore
License
System
Security
When the user moves from one view to another, the view changes done by
the user are maintained.
3.3.3 View Area
The View Area displays the view selected in the side bar.
Note: The language of some job information depends on the client settings.
3.3.4 Notification Bar
The Notification Bar displays information (events) and commands in real

time. It is split into the following two areas:
Information: it displays the events in terms of event type, event

resources, event time and event details.
MyCommands: it displays the user commands in terms of command
type, command resources, command date and command details.
Rev E 2015-06-02 Ericsson AB 2015 36 (37)

4 References
[1] Basic Software List
21/006 51-AOM 901 116 Uen E
[2] Thick Client Installation and Configuration Guide
22/1531-AOM 901 116 Uen D
[3] Microwave Plug-Ins Client Installation Guide
22/1531-CBA 901 021 Uen C
[4] Thick Client Installation and Configuration Guide
22/1531-AOM 901 116 Uen D
[5] ServiceOn Element Manager 14B User Guide
21/1553-1/AOM 901 116 Uen A3
[6] OpenVPN
https://openvpn.net/
[7] FileZilla Client
https://filezilla-project.org/index.php
Rev E 2015-06-02 Ericsson AB 2015 37 (37)


CLARO Colombia - SO EM Client and OpenVPN Configuration Procedure - Reve

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CLARO Colombia - SO EM Client and OpenVPN Configuration Procedure - Reve

Uploaded by

Copyright:

Available Formats

CLARO Colombia - SO EM Client and

OpenVPN Configuration Procedure

Rev E 2015-06-02 Ericsson AB 2015 2 (37)

2 Windows Client Configuration ............................................................ 6

3 Launching SO EM GUI ....................................................................... 29

Rev E 2015-06-02 Ericsson AB 2015 3 (37)

1.1 Revision History

Revision Date Author Reason

In some cases, CLARO Colombias firewall is blocking the TCP/UDP ports

For those cases, Ericsson provides a customization to establish a secure

Rev E 2015-06-02 Ericsson AB 2015 4 (37)

Note: According to CLARO Colombias internal procedures, the user must

Ericssons PC Clients connected through RSG will need the customization

A PC Client with ip address in the same ip network as CLARO Colombias

To execute this installation procedure is required a Windows administrator

Rev E 2015-06-02 Ericsson AB 2015 5 (37)

2 Windows Client Configuration

2.1 Windows 7 Security Configuration

1 Click Start > Control Panel.

2 Click System and Security and then Windows Firewall.

3 Click Turn Windows Firewall on or off. If prompted for an administrator

4 Click Off (not recommended), and then click OK.

Note: Any other firewall shall be disabled as well.

2.2 Internet Explorer Configuration

1 Launch Internet Explorer Browser.

Rev E 2015-06-02 Ericsson AB 2015 6 (37)

2 Open the Tools menu and click Internet Options.

3 Click on the Security tab.

4 Select Trusted Sites.

Rev E 2015-06-02 Ericsson AB 2015 7 (37)

7 Repeat step 6 to add http://soemds01.comcel.com.co and http://soemds01

2.3 Configure Mozilla Firefox Browser (Optional)

Automatic updates of Mozilla Firefox must be disabled. This setting is done in

1 From Mozilla Firefox Options menu, select Advanced tab.

2 Select Update tab.

3 Check Never check for updates (not recommended: security risk).

Rev E 2015-06-02 Ericsson AB 2015 8 (37)

2.4 Time Synchronization

Synchronize the time in PC Client as follows:

1 Click Start > Control Panel > Date and Time.

2 Click the Internet Time tab.

3 Click Change settings.

4 Insert the IP address of SO EM server (192.168.173.177) as the NTP

Rev E 2015-06-02 Ericsson AB 2015 9 (37)

2.5 DCOM Client Settings

1 Click Start > Run, type DCOMCnfg and click OK.

2 Click Component Services under the Console Root to expand it.

3 Click Computers under Component Services to expand it.

4 Right-click on My Computer in the pane on the right and click

5 Click COM Security to open the COM Security tab.

6 Click Edit Limits... under Access Permissions.

8 In the Select Users or Groups dialog box, click Advanced.

11 Click OK to close both the Select Users or Groups dialog boxes.

Rev E 2015-06-02 Ericsson AB 2015 10 (37)

14 Click OK in the Access Permission window.

15 Click on Edit Limits... under Launch and Activation Permissions.

17 In the Select Users or Groups dialog box, click Advanced.

19 In the list, at the bottom of the dialog box, select Everyone.

20 Click OK to close both the Select Users or Groups dialog boxes.

24 Launch and Activation permissions per user.

Rev E 2015-06-02 Ericsson AB 2015 11 (37)

2.6 Download External Software Files

1 Open a file explorer window in the PC client and type ftp://172.22.13.78 in