Loader

Download the PDF 

Resource Domains

Introduction

The purpose of this document to document the use of Resource Domains within the EMS GUI.  Resource Domains allow segregating OLTs and/or PONs to specific resource domains that can only be managed by users that have rights in those domains.  

Document Number
 

Resource Domains

Resource domains can be enabled within the system via the addition of the license for Resource Domains.  Contact TAC and request the addition of this feature to your license.  This feature allows limiting who can control a given resource to users which are configured to be a part of a given domain.

Resources can be controlled at the PON granularity.  All ONTs on a given PON belong to the resource domain for that PON.

Only the emsadmin user account can create resource domains and assign resources to domains.  

Once they are created and assigned users will only see resources that are assigned to their resource domain.  At that point, the system is managed just as you would normally, but users cannot see resources outside of their allowed domain(s).

Installing Resource Domains

When installing the EMS, you need to select a custom install and select the feature Multiple Tenant Access Control in the install.

 

If the EMS was installed, but the feature was not enabled during the install, it can be added manually.

It is a requirement that the emsadmin user be enabled for this process to work properly as it will be the only user with the DomainAdmin role.

To manually enable this feature after updating the license, cd to this folder
  • C:TellabsPanoramaPONbbmgrserverdataSystemAdminSS
and modify the file "SystemAdminSS.properties" DomainAccessControl property to true. 
After updating the property, restart the EMS server for the property to take effect.

Creating Resource Domains

Go to the User Manager screen by using the User Manager button.  


 


 

Modifications to the domains can only be performed by users with the DomainAdmin Role.  Initially only the emsadmin user has this capability.  Subsequently, other administrator users given DomainAdmin privileges can also perform the same tasks.  It should be noted that if SSO(Single Sign On) is to be enabled, it must be possible for the emsadmin user to login via SSO so that at least one user is available with the DomainAdmin role.   Some installations will disable the emsadmin user in favor of named users. 

When logged in as a user with a DomainAdmin role, the Domain menu item should no longer be greyed out and Domain configuration can be performed.

This capability can be assigned to other users when they are created.   As an example, emsadmin and murrayl_domain both have the DomainAdmin role giving them rights to assign resources to domains.

You can add a New Domain by using the New Button to create a new domain.  Initially, the table will be empty: 

Add all the required Domains to the EMS.

Then select the Domain which you want to assign PONs to in the top left window of the dialog.  Then select the OLT that you want to assign PONs to.  Then use the list of PONs to check or uncheck PONs within that OLT to assign them to the Domain.  

Green PONs are not assigned and are available for use in this Domain.  Red PONs are currently assigned to other domains.  Blue PONs are currently assigned to this domain.

Create Users and Associate Domains

Only users created after Resource Domains have been enabled will work properly with this feature.

Existing users must be deleted and re-added to allow them to be used in a system with Resource Domains enabled.

Create users as you would normally, but then assign them to one or more domains, then use the button to assign Domains that the user belongs to.  A user can be assigned to manage multiple domains, but can only be logged into one Domain at a time.

Use of Domains

Once the Domain Admin(s) have assigned all the PON ports to various Domains, then they can be managed by users who are a part of that Resource Domain.

When each user logs in, they will see an additional prompt defining which Resource Domain they wish to log into.  Their activities will then be limited to resources assigned to that domain.  A user can be a part of multiple domains, but can only log into and manage

a single Resource Domain at a time.


 

After login, the user will work as normal but will see only the OLTs and PONs which they can manage in that domain.

If a user attempts to log into a Resource Domain which they do not have rights to manage, they will get an error on login of Invalid Login and an Error Detail of User is not a member of this domain.


 

The emsadmin user can see all the OLTs and there are four under management: 

In this example, only the OLT assigned to the Texas domain is visible.

PON Ports that are not manageable for this domain will be greyed out in the display: 

Issues

The initial release of Resource domains only isolates and restricts the hardware from being modified if it is not allowed for this domain.  In the initial release, profiles are still shared across the domains and a modification of a profile in one Domain, if it is in use in another Domain can affect that Domain.  Care should be taken to name profiles so that there is no overlap or need to be managed by the emsuser to ensure that users do not inadvertently make changes to another domain by modifying a profile or Template.

The OLT properties are also shared across Domains if an OLT is shared across two domains care should be taken when modifying OLT properties.


 


 

FEEDBACK: Are you happy with this material?
  •   © 2025 Tellabs Access, LLC. All rights reserved - A Better Way to Build and Operate Networks.

On this page

light-box Image