ead service · the software on the future ead test system (fts) is only updated shortly before a...

EUROPEAN ORGANISATION FOR THE SAFETY OF AIR NAVIGATION

EUROCONTROL

EAD Service

ITP Systems Access and AIMSL/ESI Migration

Process

EAD/DOC-FRN054

Version : 5.0 Issue Date : 2012-04-04 Status : Released Deliverable No :

Distribution EC : Yes

ITP Systems Access and AIMSL/ESI Migration Process /24

Version: 5.0 Status: Released EAD-DOC-FRN054-5.0b-0_EAD_ITP_Systems_and_AIMSL-ESI_Validation.doc

Document Information

Contact Person: Heinz Schaefer Department: Frequentis

Phone/Fax: +43 (1) 81150-2714/-772714 E-mail: [email protected]

Document produced by:

FREQUENTIS AG Innovationsstraße 1 A-1100 Vienna Austria The initial version of this document has been developed under the initiative of EUROCONTROL.

Company or product names mentioned in this document may be trademarks or registered trademarks of their respective companies.

© No part of the document may be reproduced or transmitted in any form or by any means, electronic or

mechanical, for any purpose, without the written permission of EUROCONTROL.



Distribution Table

Name Company Department No. of copies

Hardcopy/ Softcopy

Mr Papavramides EUROCONTROL 1 SC

Mr Liegeois EUROCONTROL 1 SC

Mr Haesevoets EUROCONTROL 1 SC

Mr Kummer EUROCONTROL 1 SC

Mr Hughes EUROCONTROL 1 SC

Mr Nimz NAV CANADA 1 SC

Mr Kraft Group EAD 1 SC

Mr Vorsmann Group EAD 1 SC

Mr Scherzer Frequentis 1 SC

Ms Amon-Eskandari Frequentis 1 SC



Change History

Version Date Reason for Change Sections Affected

1.0 2004-03-25 Formal Review / Release of Document

1.1 2004-05-24 Deleted Footnote on Sonic MQ

1.2 2004-07-13 Added new ports and details about ECIT connection

1.3 2004-08-10 Changed sequence of SSH and VPN connection

2.0 2005-05-10 Added second connection to EAD Test System

2.1 2005-06-28 How to access the V2 & V3 ESI versions on the test system

2.1 2005-08-12 Released version, exchanged V2 & V3 ports

3.0 2005-10-24 Update for Release 3

3.1 2007-07-19 Change of IP address

3.2 2007-10-02 Changed chapter 3.1

3.3 2008-09-29 Changed UPC IP Address and added N and N+1 ETS

3.4 2008-11-04 Updated for BF Box interface test

3.5 2009-04-01 Included new Service Desk tool

3.6 2009-11-11 Complete rework of document to include all ITP systems

3.7 2010-05-27 Change to easyVPN and new IP addressing 3.3, 4.1

4.0 2010-06-11 Inclusion of document ESI Testing and Validation Process 2.1,

4.1 2011-03-08

Practically all chapters were rearranged to better reflect the inclusion of ESI Testing and Validation Process

A new chapter was added describing the differences between the Test and Production system

Added a Getting Started chapter

All

2.4.1

3.1

4.2 2011-09-26

Change for permanent Future EAD Test System

Split of ESI Checklist in Test and Connection part

Change of contact email

2.1, 2.4.1

2.3.1, 2.4.2

3.2

4.3 2012-04-02 Incorporated feedback from EUROCONTROL Updated for ESI Release 7 Added AIMSL Interface

2, 2.1 3.3.2, 3.3.3

all



Status Name Date Signature

Created/updated: Heinz Schaefer 2012-04-02 Electronic

Reviewed: Aleksandar Bojko 2012-04-02 Electronic

Formally reviewed CM:

Released PM:

Approved EC:

Released:

Approved CCB:



Contents

1 Introduction .......................................................................................................................................... 7

1.1 Purpose and Scope ............................................................................................................................... 7

2 ESI - Migration Process ...................................................................................................................... 8

2.1 Test against the Test Systems .............................................................................................................. 8 2.2 Supported ESI APIs ............................................................................................................................... 8 2.3 Completion of Functional Testing .......................................................................................................... 9 2.3.1 ESI Checklist (Test Checklist part) ........................................................................................................ 9 2.3.2 ESI Client Implementation Requirements ............................................................................................. 9 2.4 Connection to the EAD Operational System ....................................................................................... 10 2.4.1 Differences between Test and Production Environment ..................................................................... 10 2.4.2 ESI Checklist (Connection Checklist part) ........................................................................................... 11

3 Testing Process ................................................................................................................................. 12

3.1 Getting Started ..................................................................................................................................... 12 3.2 Test System Admin .............................................................................................................................. 12 3.2.1 Escalation ............................................................................................................................................ 15 3.3 Connect to the ITP Systems ................................................................................................................ 16 3.3.1 easyVPN – Connection ....................................................................................................................... 16 3.3.2 Firewall Settings .................................................................................................................................. 17 3.3.3 Hosts File Settings ............................................................................................................................... 18 3.3.4 Cisco VPN Dialer ................................................................................................................................. 18

4 Acceptance Test for Briefing Facilities ........................................................................................... 20

4.1 Connection Settings for EAD Pro PC .................................................................................................. 21 4.2 Connection Settings for MHS/COMM Center ...................................................................................... 21

5 Abbreviations and Definitions .......................................................................................................... 22

6 References ......................................................................................................................................... 24

Contents of Figures

Figure 3-1: Network setup to Access ITP Systems via VPN ............................................................................ 16 Figure 4-1: Network setup to Access EAD Test System for BF Box acceptance ............................................ 20

Contents of Tables

Table 2-1: Relation of Client API version and EAD Test System version .......................................................... 9 Table 2-2: Items needed to migrate to the Production Environment ................................................................ 10 Table 2-3: Differences between Test and Production Environment ................................................................. 11 Table 3-1: Firewall Rules to Access ITP Systems (Public Service) ................................................................. 17 Table 3-2: Firewall Rules to Access ITP Systems (Private Service) ................................................................ 17



1 Introduction

1.1 Purpose and Scope This document describes the guidelines to access all ITP Systems (e.g. EAD Test System, DOP Training System), allowing clients to access these systems via EAD Pro or AIMSL/ESI. The latter is important for those having developed application software interfacing the EAD system via AIMSL/ESI to verify and assess its development based on pre-defined test cases and procedures. In addition, the procedure to reach the technical acceptance of its software is described.

Access to the ITP Systems is granted to clients who have entered a contractual relationship with EUROCONTROL, i.e. have signed a Data User, Data Provider or SW Developer Agreement.



2 AIMSL/ESI - Migration Process To declare the technical acceptance of a client application, and to allow the client to become operational by accessing the EAD operational site, the client shall connect any newly developed application to the EAD Test System (Current and/or Future) to execute additional tests based on test cases/procedures defined by EUROCONTROL.

Two dedicated EAD Test Systems are available to clients testing their application interfacing to the EAD via the AIMSL/ESI interface.

Current EAD Test System (CTS) is available throughout a whole EAD release phase.

The Software on the Future EAD Test System (FTS) is only updated shortly before a new EAD Release and is otherwise identical to the CTS.

Since they are hosted on a site different to the EAD server site, access to these systems must be managed separately. For security reasons the dedicated EAD network cannot be used to access the test systems.

2.1 Test against the Test Systems The EAD Test Systems are hosted by the ITP in Vienna on behalf of EUROCONTROL. They are dedicated test systems that can be used to test maintenance releases, bug fixes, patches; but they are primarily intended for client testing.

The Test Systems are replicas of the EAD Production system, but the data in the test systems is not maintained in step with the production system – for example, NOTAMs stored by EAD are not routed to the test system, and static data updates committed on the production system are not automatically applied on the test system. The data in the test system is updated in one of three ways:

By clients testing their applications. As part of the testing process, clients will send static data updates, NOTAM, and/or AIP documents to the test system. This can impact other clients – for example, if a client is subscribed to receive world-wide NOTAM on the test system, then when another client uploads a test NOTAM as part of an activity to test the interface to their NOTAM system, the first client will receive this NOTAM.

By test support actions. It is possible, for example, to support a client who wishes to test NOTAM download by creating new NOTAM using an ECIT connected to the test system. Such a test NOTAM will be stored and distributed to all clients subscribed on the test system.

To set-up the EAD Test System future for a new EAD release the data in the test system is synchronised with the data in the production system. At that moment, the data in the two systems will be identical; all additional data that was stored in the system during client test activities will be removed.

Two Test Systems are available for testing:

The CTS is reflecting the SW patch level of EAD Production as closely as possible, taking into account that the update of all non-productive systems may take several weeks. Any client intending to go live shall test against this system,

The FTS mimics the SW and patch level of the Acceptance and Validation System (AVS), where typically three months prior to any Release or Extension the SW is installed. The software is installed on the FTS approximately two months prior to any Release or Extension. Once the future release becomes available clients may test their current SW against the FTS to ensure the compatibility with the future version and provide a signed AIMSL/ESI Checklist as proof. Clients may use this system to test future features or behaviour of a specific release or extension; however they may not go live until that Extension/Release has been deployed and their tests are repeated against the CTS.

2.2 Supported AIMSL/ESI APIs Any given EAD Release supports two versions of AIMSL/ESI APIs:

The API of the current EAD Release (API n),

And the one of the previous EAD Release (API n-1).

Clients may therefore use either API N or N-1 to access the EAD Test System Current or N+1 or N to access the EAD Test System Future (when available).

Prior to a new EAD Release, the AIMSL/ESI APIs are made available to testing clients on OneSky Teams, thus allowing them to prepare to upgrade their software to the forthcoming release by testing against the



EAD Test System Future. This is done in parallel to the preparation of the Acceptance and Verification with EUROCONTROL.

EAD System EAD Release

Current Test System (CTS) N-1 N N+1

Future Test System (FTS) N-1 N N+1 N+2

Clients testing with API

N-1 OK special NOK

N Not possible OK special NOK

N+1 Not possible OK

Clients migrating with API

N-1 OK special NOK

N Not possible OK special NOK

N+1 Not possible OK spl.

Table 2-1: Relation of Client API version and EAD Test System version

Generally clients are requested to upgrade to API N of Release N within the first year of its deployment. Once the EAD Release N+1 has been deployed to the Future EAD Test System:

Any client intending to migrate shall ensure that they migrate using API N,

All clients connected to EAD shall retest their existing application using API N against the future EAD Test System to ensure that their system is still compatible with the new EAD Release.

2.3 Completion of Functional Testing The client should continue testing with the test system until all test cases have been executed successfully. Once they have reached this point, they are normally ready for migration to the production system.

To finish off this phase of testing, the successful run-through of all tests should be documented in the test procedure book. The request and response data files generated for each test case should be saved and should be available along with the test procedure book.

To start the process of migration to the production system, the client will be asked to produce the following documents, to the EAD Migration Manager:

AIMSL/ESI Checklist (Test Checklist part only)

AIMSL/ESI Client Implementation Requirements

These will be inspected to determine if the testing performed is suitable for migration to proceed. It may be the case that an EAD representative will request to attend the client’s final testing session, to evaluate the client application in a “live” situation.

At the end of this phase the client application will be declared technically accepted allowing the client to start operation with EAD.

2.3.1 AIMSL/ESI Checklist (Test Checklist part)

Before commencing operations, the client must complete the Test Checklist part of the [R3] ESI Checklist/[R10] AIMSL Checklist. This document is the official notification that the client has completed testing with the test system and is ready to move to the production system. The Test part lists the ESI functions that have been implemented and tested in the client application.

The Test Checklist part of the checklist shall be sent to the EAD Migration Manager, who will inspect it and, if OK, give approval for the client to start operations on the production system. The Connection part of the ESI Checklist shall not be included at this stage.

2.3.2 AIMSL/ESI Client Implementation Requirements

The final step in confirming the client’s readiness to migrate to the production system is to validate their application against the [R1] ESI Client Implementation Requirements/[R8] AIMSL Client Implementation Requirements. The client should create a “requirements compliance matrix” (an Excel spreadsheet is sufficient) that, for each section in the document that is applicable (this depends on the EAD subsystems that the user will migrate to), lists each requirement and



Whether or not the requirement is met (yes/no)

If not, state that either the requirement is not applicable (some of the requirements are mutually exclusive) or explain why it has not been met.

The document must be sent to the EAD migration manager, who will inspect it and, if OK, give approval for the client to migrate to the production system. If a requirement is not met and the reason why is not considered suitable this will lead to discussions which may cause access to the EAD to be denied.

2.4 Connection to the EAD Operational System The connection to the EAD Operational System is established via the EAD network or the Internet using easyVPN protocol. One or two Cisco ASA 5505(s) should be used to establish this connection; with lower availability requirements the VPN dialer SW (see chapter 3.3.1) can also be used.

All ITP Systems and the EAD Operational System use different IP addresses, user names and passwords. To gain access to the EAD Operational System the client needs to provide/participate in the following steps:

Items needed Responsible/Found in

Client Installation Plan The client shall participate in the review of their Installation Plans and provide input to contact data and the network infrastructure

IP addresses (in most cases in the hosts file). Values for veadxx shall be extracted from the Firewall chapter of the client’s Installation Plan

Client Security Officer (CSO) Training For clients connecting to EAD for the first time, their CSO shall be trained to use the User Management/EAD Service Desk and confirm that training via a signed CSO checklist.

The queue/account name and password (for the AIMSL/ESI configuration).

Shall be created by the Client Security Officer (CSO), may be created during CSO training or via the EAD Service Desk

The VPN certificates. Shall be created by the Client Security Officer (CSO), may be created during CSO training or via the EAD Service Desk

The AIMSL/ESI certificates. May be requested via the EAD Service Desk, who also has to upload the private certificate to all Production Servers

Update of default.properties (for Release 6 only: also update the .bindings file)

Clients shall ensure that both files are changed to the name and the PW you received from User Management.

Table 2-2: Items needed to migrate to the Production Environment

All IP addresses of the EAD Operational System are listed in the clients’ Installation Plan. The login, password and the certificates will typically be provided by the EAD Safety, Security and Quality Responsible (SSQ) during the CSO Training of the nominated Client Security Officer.

2.4.1 Differences between Test and Production Environment

This document only concerns the ITP Systems (ie. the Test and Training Environments), however experience shows that for clients it’s sometimes difficult to differentiate this from the Production Environment. Therefore this chapter tries to give a short overview about the commonalities and differences of those environments, to provide a better overall understanding.

ITP Environment Production Environment

VPN Protocol easyVPN easyVPN (IPSec via separate contract)

Authentication Pre-shared key X.509 certificates

HW/SW for VPN Typically Cisco VPN dialer. vpnc may also be used.

Typically Cisco ASA 5505 vpnc cannot be used (lack of cert auth support)



Service Desk/Single Contact Point

http://sd-itp.ead-it.com (green)

Issues concerning Production will be closed

http://servicedesk.ead-it.com (blue)

Issues concerning Test/Training will be closed

SDO Contents System is refreshed with every EAD Release and only changed by testing clients

The data is constantly updated by migrated clients and/or GroupEAD

NOTAM No connection to AFTN is available, new NOTAM have to be requested via Service Desk

Worldwide NOTAM are received/ processed by migrated clients and/or GroupEAD

PAMS

All Meta data is copied alongside the system refresh, but no actual documents. Any document that shall be available for testing has to be uploaded first upon request via Service Desk

ECAC wide documents are uploaded by migrated clients and/or GroupEAD

Table 2-3: Differences between Test and Production Environment

2.4.2 AIMSL/ESI Checklist (Connection Checklist part)

The Connection part of the AIMSL/ESI Checklist confirms that the AIMSL/ESI installation has been re-configured to connect to the production system rather than the test system.

Also this part of the checklist must be sent to the EAD Migration Manager, who will inspect it and, if OK, declare the client connected to EAD.

http://sd-itp.ead-it.com/

http://servicedesk.ead-it.com/



3 Testing Process Clients should be aware that they do not have unrestricted access to the test system. This system is used for testing maintenance releases of the EAD, bug fixes, patches and so on. Also, the ITP may wish to limit the number of clients on the system, to ensure that adequate support can be provided. For these reasons, clients must reserve, in advance, specific test slots, during which they will be able to access the test system and support will be provided. Outside of these slots, clients should normally not access the system. The ITP reserves the right, if necessary for any reason, to disable a client’s account outside of their reserved test slots.

To perform this phase, the following steps are necessary:

Connection to the Test Systems via easyVPN using the login and password provided (for details see chapter 3.2 Test System Admin).

Connection of the client application to the AIMSL/ESI interface of the test system using the additional credentials (LDAP string, password and certificates) provided (for details see chapter 3.2 Test System Admin).

Performing the ESI operational tests based on predefined test cases and procedures.

During a test slot, the functional testing process will receive response files from the EAD subsystems on the test system. The pre-defined test procedures and test cases may be reused, but it is likely that the client will create additional test cases to cover situations that had not previously been anticipated.

The dedicated Service Desk tool described in chapter 3.2 Test System Admin shall be used for all needed test activities support. If a client has requirements for support during tests they shall open an issue in this tool requesting the additional support and describing their requirements. The Test System Admin will then do their best to ensure that the necessary resources are made available.

3.1 Getting Started Prior to any testing activity, any AIMSL/ESI client shall acquire a login to EUROCONTROLs OneSky Teams (https://extranet.eurocontrol.int/), and specifically to the “EAD Service/System Information” section therein. Depending on the kind of application that he/she intends to develop, the following documents shall be downloaded from the then current AIMSL/ESI folder:

AIMSL ESI

AIMSL WSDL File

[R8] AIMSL Client Implementation Requirements

[R9] Interface Control Document AIMSL

[R10] AIMSL Checklist

[R4] INO Data User XML Primer

[R5] INO Data Provider XML Primer(plus Example Files)

[R6] PAMS XML Primer(plus Example Files)

[R7] SDO-XML Primer

ESI Client API Software

[R1] ESI Client Implementation Requirements

[R2] ESI Reference Manual and ICD External

[R3] ESI Checklist

[R4] INO Data User XML Primer

[R5] INO Data Provider XML Primer(plus Example Files)

[R6] PAMS XML Primer(plus Example Files)

[R7] SDO-XML Primer

Table 3-1: AIMSL and ESI Documents

Clients without Java environment may want to download the ENA (ESI Network Adapter): this unsupported freeware maps the ESI Java API to a XML-file based interface. Clients doing so however have to be aware that the only interface to EAD remains the EAD System Interface, and the ENA software becomes part of their own SW.

3.2 Test System Admin Right after the Data User/Data Provider/SW Developer Agreement with EUROCONTROL was signed, the following is created

client organisation in the EAD Test System and the ITP Service Desk,

User ID for the VPN access,

user account the ITP Service Desk,

https://extranet.eurocontrol.int/



user account (EAD queue name and JMS password) on the EAD Test System with LDAP String and Private and Public Certificate

The Client Security Offices (CSO) of the client is contacted and supplied with the correct parameters to access the requested ITP System via VPN.

Once the client is ready to test their own applications, the following support may be requested via the ITP Service Desk during office hours on Austrian working days:

Providing time slots for tests activities (usually this consist of 3 consecutive hours on one particular day

1).

Providing adequate technical and operational clarifications, on request by the client. This service has to be agreed between the Test System Admin and the client based on time and material.

For the ITP Environment the ITP Service Desk http://sd-itp.ead-it.com/2 shall be used (green) using the same

user name and password as for you vpn. In case of problems please contact EAD-Testsystem @frequentis.com.

Note: Fridays are reserved for System Administration, such as backup or installation of patches. So slot-reservations for Fridays are always rejected. However if no such activity is planned, or is known to be finished at a certain time, ad-hoc requests can be entered on the day itself.

To create an issue describing your needs please click on [CREATE NEW ISSUE] as shown below:

1 If amongst other applications you develop a NOTAM listener, for which the 3 hour test window would be too

limiting, please inform us so we can set up a separate VPN tunnel and ESI queue. 2 If you experience any problems when trying to connect to the ITP Service Desk, please ensure that you are

using the URL address http://sd-itp.ead-it.com/ and not http://sd-itp.cas.ead-it.com/cas/.


mailto:[email protected]

mailto:[email protected]


http://sd-itp.cas.ead-it.com/cas/



And enter all information necessary for your request:



Click on [CREATE] to finalize your request:

If necessary you can attach a file. Click on [HOME] to return to the following screen:

3.2.1 Escalation

In case Test System Admin could not resolve an issue (in time) or you have other issues that need special attention please contact the Migration Manager, the responsible person for all clients that are in the migration implementation process.

Responsible e-mail

Heinz Schaefer [email protected]



3.3 Connect to the ITP Systems The following describes the establishment of a VPN tunnel to the ITP Systems (access to Trainings Systems is only granted based on training arrangements):

Internet

EAD ITP Responsibililty

Client Responsibility

IPSEC

Tunnel

Internet Access

ESI-Server under testTraining ECIT Training ECIT

Current EAD

Test System

85.125.227.132

ITP Private Network (Test)

ITP-WIE: 85.125.227.128/26

EAD Public Network

ITP-WIE UPC: 85.124.45.13 (vpn1.teamead.com)

ITP-WIE TA: 88.117.196.76 (vpn2.teamead.com)

Future EAD

Test System

85.125.227.133

DOP Training

System

85.125.227.195

ITP Training

System

85.125.227.196

Client BF Box

under Test

Access Router

ISP

ADSL/DSL Modem

Client’s FW

TA UPC

ITP Private Network (Training)

ITP-WIE: 85.125.227.190/26

Figure 3-1: Network setup to Access ITP Systems via VPN

3.3.1 easyVPN – Connection

Access to the ITP Test and Training Systems uses an easyVPN or short VPN tunnel. The Test System Admin will provide a username and password (via SMS) for the respective VPN profile.

For accessing the EAD production system we recommend using a Cisco ASA 5505 HW. Details for that connection are provided in chapter 2.4 Connection to the EAD Operational System.

Test systems typically have a lower availability requirement, so the VPN dialer SW is used for the purposes of this document (see chapter 3.3.4 for details to open a VPN to the main router, vpn1.teamead.com (85.124.45.13) or to vpn2.teamead.com (88.117.196.76) as a backup.



Depending on where or if the client system is placed behind a firewall, all IP addresses/ports listed in chapter 3.3.2 have to be opened on the client’s firewall.

The client shall ensure that his local hosts file settings match the system he intends to connect to. Chapter 3.3.3 lists the available options. If in doubt about which is the correct system, please contact Test System Admin.

Once the VPN connection is established, the connection can be verified via:

ping vead03.

For EAD Pro please use the URL http://vead03:8888/eadexplorer/EADExplorer.jnlp to start the EAD Explorer.

The arrangement of a test date and time has to be done as described in chapter 3.2 Test System Admin.

3.3.2 Firewall Settings

To allow the use of easyVPN the following IP addresses and ports have to be opened on the client’s firewall:

Public service

Application Device Name IP Address Dest.- port

Protocol Remote Network

VPN Cisco IPSec

vpn1.teamead.com 85.124.45.13 11001

500, 4500

TCP or

UDP 85.125.227.128/25

vpn2.teamead.com 88.117.196.76

Table 3-2: Firewall Rules to Access ITP Systems (Public Service)

If a Cisco ASA 5505 is used and placed in a DMZ, the following IP addresses and ports have to be opened on the client’s firewall, and the network routing towards this device has to be arranged:

Private Service

Application IP Address Dest.- Port

Protocol EAD Pro

ESI

SQLNET2 Charting, AIP 85.125.227.128/25 1521 TCP X

SONIC-MQ ESI R6, NOTAM Ticker, PIB Box, Briefing Facilities (vead05)

85.125.227.128/25 2506 TCP X X

Oracle Forms INO DP, SDO DP 85.125.227.128/25 7777 TCP X

OC4J EAD Explorer, LRI, ESI synchro-nous, Data User, PAMS, User-management (vead03)

85.125.227.128/25 8888 TCP X X

OC4J 85.125.227.128/25 8989 TCP X

Oracle-AQ ESI R7 (rac1-vip) 85.125.227.128/25 2507 TCP X

Oracle-AQ ESI R7 (rac2-vip) 85.125.227.128/25 2507 TCP X

IFS 85.125.227.128/25 8888 TCP X X

BF Briefing Facilities 85.125.227.128/25 5601 TCP X X

Table 3-3: Firewall Rules to Access ITP Systems (Private Service)

http://vead03:8888/eadexplorer/EADExplorer.jnlp



3.3.3 Hosts File Settings

EAD applications (EAD Pro or ESI) depend on definitions within the local hosts file. Depending on the system you intend to connect to, and the profile provided, the following hosts settings are available. On Windows machines the hosts file typically resides in directory c:\WINDOWS\system32\drivers\etc.

EAD System Hosts File VPN Profile

Test Current 85.125.227.132 vead01 vdbsp1 o_mhs-db o_asm-db echadb

85.125.227.132 vead02 vfrmp1

85.125.227.132 vead03 vocjp1

85.125.227.132 vead05 vsmqp1

85.125.227.132 rac1-vip #for ESP API 7

85.125.227.132 rac2-vip #for ESP API 7 ITP-Test

Test Future 85.125.227.133 vead01 vdbsp1 o_mhs-db o_asm-db echadb

85.125.227.133 vead02 vfrmp1

85.125.227.133 vead03 vocjp1

85.125.227.133 vead05 vsmqp1



DOP Training 85.125.227.195 vead01 vdbsp1 o_mhs-db o_asm-db echadb

85.125.227.195 vead02 vfrmp1

85.125.227.195 vead03 vocjp1

85.125.227.195 vead05 vsmqp1 ITP-Training

ITP Training 85.125.227.196 vead01 vdbsp1 o_mhs-db o_asm-db echadb

85.125.227.196 vead02 vfrmp1

85.125.227.196 vead03 vocjp1

85.125.227.196 vead05 vsmqp1

3.3.4 Cisco VPN Dialer

Please download the applicable Cisco VPN dialer for your platform from www.cisco.com. A VPN dialer can be provided to clients from one of the following countries: Austria, Australia, Belgium, Canada, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Latvia, Lithuania, Luxembourg, Malta, Netherlands, New Zealand, Norway, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden, Switzerland, United Kingdom and United States. All other clients will have to buy a VPN Hardware, on the Test System they may continue and use vpnc instead.

Since the VPN tunnel is established on the machine itself, only the public service ports and IP addresses of Table 3-2 have to be opened on your firewall.

Install the VPN dialer via double click and store the provided profiles in the directory C:\program files\Cisco Systems\VPN Client\Profiles. To start the VPN dialer double-click the icon on the desktop:

In the resulting window double click the intended profile:

http://www.cisco.com/

http://www.unix-ag.uni-kl.de/~massar/vpnc/



And enter your username and password:



4 Acceptance Test for Briefing Facilities The same procedures apply as stated before, with the following exceptions:

Only easyVPN traffic is supported.

Two VPN tunnels are required, one for the Test PC and one for the MHS3.

The overall setting is shown in the drawing below:

Internet

EAD ITP Responsibililty

Client Responsibility

IPSEC

Tunnel

Internet Access

Test ECIT

MHS

Server

MHS Lan

Current EAD

Test System

85.125.227.132

ITP Private Network (Test)

ITP-WIE: 85.125.227.128/26

EAD Public Network

ITP-WIE UPC: 85.124.45.13 (vpn1.teamead.com)

ITP-WIE TA: 88.117.196.76 (vpn2.teamead.com)

Future EAD

Test System

85.125.227.133

DOP Training

System

85.125.227.195

ITP Training

System

85.125.227.196

Client BF Box

under Test

Access Router

ISP

ADSL/DSL Modem

Client’s FW

TA UPC

ITP Private Network (Training)

ITP-WIE: 85.125.227.190/26

Figure 4-1: Network setup to Access EAD Test System for BF Box acceptance

3 If the BF Box shall be the active part of the communication, the client must provide the protocol and access

details to his VPN server.



4.1 Connection Settings for EAD Pro PC The current EAD Installer shall be downloaded from http://files.ead-it.com/EAD_Installers/ and installed on a PC running Windows XP in order to connect an EAD Pro PC. Please store the VPN profile in the directory C:\program files\Cisco Systems\VPN Client\Profiles.

After the installation, the hosts file in the directory c:\WINDOWS\system32\drivers\etc needs to be changed to only contain:

#EAD Test System Current

85.125.227.132 vead01 vdbsp1 o_mhs-db o_asm-db echadb

85.125.227.132 vead02 vfrmp1

85.125.227.132 vead03 vocjp1

85.125.227.132 vead05 vsmqp1

Establish the VPN Tunnel via profile ITP-Test and open the EAD Explorer using the URL http://vead03:8888/eadexplorer/EADExplorer.jnlp. For clients accepting the BF Box interface towards their own MHS, two EAD Pro accounts to the EAD Test System Current are provided:

One with BF_SUPERVISOR as INO DU role.

One with BF_OPERATOR as INO DU role.

That enables the client to submit Flight plans and send and receive Freetext AFTN messages.

4.2 Connection Settings for MHS/COMM Center The connection to the MHS is very similar to the above, but is of course more delicate as the client has to ensure that any message received from the BF Box is not distributed to the AFTN community by mistake. Furthermore a client needs the ability to respond to received messages.

Note: BF Box and EAD Test System only support TCP/IP traffic; to connect via AFTN is not possible.

As there will be several BF boxes connected to the EAD Test System, the client is given the following details:

IP Address of his BF Box connected to the EAD Test System.

The port used for the communication between the BF Box and the MHS will be 5601.

Necessary Tests:

Outgoing Messages: Send flight plans from the Briefing Facility application (of INO DU) to your MHS. Please verify on the MHS side that messages are being received and ensure that they are never relayed to the real AFTN world.

Incoming Messages: Send freetext AFTN messages from the MHS and verify that they are correctly received within the Briefing Facility application (of INO DU).

http://files.ead-it.com/EAD_Installers/

http://vead03:8888/eadexplorer/EADExplorer.jnlp



5 Abbreviations and Definitions

AFTN Aeronautical Fixed Telecommunication Network

AIMSL Aeronautical Information Management Service Layer

AIP Aeronautical Information Publication

AIS Aeronautical Information Services

API Application Programming Interface

AVS Acceptance and Validation System

BF Briefing Facilities

COMM Communication

CSO Client Security Officer

CTS Current EAD Test System

DMZ DeMilitarized Zone

DOP EAD Data Operations Service Provider (Group EAD)

DP Data Provider

DU Data User

EAD European AIS Database

ECAC European Civil Aviation Conference

ECIT EAD Client Interface Terminal

ENA EAD Network Adapter

ESI EAD System Interface

ETS EAD Test System

FTS Future EAD Test System

HW HardWare

ICD Interface Control Document

ID Identity

IFS Internet File System

INO International NOTAM Operations

IP Internet Protocol

IPSec Internet Protocol Security

ISP Internet Service Provider

IT Information Technology

ITP EAD IT Service Provider (Frequentis AG)

LAN Local Area Network

LDAP Lightweight Directory Access Protocol

LRI Legal Recording Information

MHS Message Handling System

NOK Not OK

NOTAM NOtice To AirMen



OC4J Oracle Containers for J2EE

PAMS Published AIP Management System

PC Personal Computer

PIB Pre-flight Information Bulletin

PW Password

SDO Static Data Operation

SMS Short Message Service

SSQ EAD Safety, Security and Quality Responsible

SW SoftWare

TCP Transport Control Protocol

UDP User Datagram Protocol

URL Uniform Resource Locator

VPN Virtual Private Network

XML Extensible Markup Language



6 References

Reference, Title Author, Identifier Date

[R1] ESI Client Implementation Requirements

H. Schaefer, EAD/DOC-FRN2NP Latest version

[R2] ESI Reference Manual and ICD External

J. Kofler , EAD-DOC-FRD874 Latest version

[R3] ESI Checklist H. Schaefer, EAD-DOC-FRKBRD Latest version

[R4] INO Data User XML Primer R. Berger, EAD/DOC-FRK6T5 Latest version

[R5] INO Data Provider XML Primer S. Nyarady, EAD/DOC-FRKAPK Latest version

[R6] PAMS XML Primer M. Uher, EAD/DOC-ISK7TE Latest version

[R7] SDO-XML Primer M. Odenstein, EAD/DOC-FRK965 Latest version

[R8] AIMSL Client Implementation Requirements

D. Hughes, EAD/DOC-ECRCRF Latest version

[R9] Interface Control Document AIMSL J. Kofler , EAD/DOC-FRR6O2- Latest version

[R10] AIMSL Checklist J. Kofler , EAD/HWI-FRR9WE Latest version