Contents
1 Introduction
Ericsson Wi-Fi Calling for multi-device provides a simple and cost efficient way to extend operator coverages to multiple Wi-Fi capable devices of the user. With this new capability, Wi-Fi Calling is offered for devices without a SIM-card device, which is called Non-SIM device, over Wi-Fi network.
1.1 Purpose and Scope
The purpose of this document is to describe Wi-Fi Calling for multi-device (Non-SIM) provisioning supported by Ericsson™ Dynamic Activation (EDA) from a solution perspective.
1.2 Target Group
The target groups for this document are as follows:
- System administrator
- Network administrator
- System integrator
For more information about different target groups, refer to Library Overview, Reference [1].
1.3 Typographic Conventions
Typographic conventions are described in the document Library Overview, Reference [1].
For information about abbreviations and terms used throughout this document, refer to Glossary of Terms and Acronyms, Reference [2].
2 Solution Overview
Wi-Fi Calling for multi-device (Non-SIM) solution provides a new opportunity for operators to facilitate the use of broad-band mobile network resources, without using a SIM card. Dynamic Activation, as an activation node, can provide the provisioning capability for the Non-SIM device user subscription and service activation.
2.1 General Concepts
Non-SIM device users need to be connected to an existing SIM subscription, which in turn needs to be pre-configured in the operator network.
Since the solution is based on IMS (IP Multimedia Subsystem), the Non-SIM device user subscription concerns the new dedicated IMPIs (Private User) in HSS, associated to the existing IMS subscriber in HSS. The Non-SIM device simply reuses the existing IMS subscriber service, for example, Voice, messaging.
HSS data model for Non-SIM device
There are two HSS data models supported in this solution:
- Shared IMS Private Identity (IMPI) data model
One HSS subscriber uses one single shared IMPI for all Non-SIM devices.
- Individual IMPI data model
One HSS subscriber uses individual IMPIs for each of the Non-SIM devices.
Besides Non-SIM IMPIs in HSS, the device profile and access information must be stored in IPWorks (AAA NSD user). Also, the device certificate management is needed for Non-SIM device activation in the network.
2.2 Architecture
Wi-Calling for multi-device (Non-SIM) solution consists of the following Ericsson nodes:
- Service Entitlement (SES)
SES is the node in the Non-SIM device solution system that is exposed for all entitlement, authentication, and provisioning requests from the SIM or associated Non-SIM devices in the Northbound Interface.
SES is the node in this solution system that is used for generating and managing the key parameters for Non-SIM devices. It also interacts with other nodes to accomplish the Non-SIM device user and service profile provisioning and SIP registration process. SES initiates the provisioning request towards Dynamic Activation.
- EDA
EDA is the activation node that is responsible for user and service profile provisioning towards IPWorks (AAA NSD user), HSS (IMPI user profile), and ECAS (Certificate Authority).
- HSS (Monolithic, 5.0 or later)
Home Subscriber Server (HSS) is the master user database for IMS, which contains the fundamental subscription information of the user. In the Non-SIM solution, HSS must contain both the user SIM and Non-SIM device subscription-related information.
Dynamic Activation supports Non-SIM device subscription through the CAI3G interface.
- IPWorks
There are two deployment scenarios for IPWorks:
IPWorks Authentication Authorization Accounting (AAA) server is responsible for authenticating the Non-SIM devices. Dynamic Activation is able to support AAA NSD user subscription through the CAI3G interface.
- ECAS (Monolithic)
The Non-SIM Device Solution uses Extensible Authentication Protocol – Transport Layer Security (EAP-TLS) authentication for mutual authentication between the Non-SIM devices and the operator network, thus enabling a trusted relationship. ECAS functions as a certificate authority server. It can issue and maintain the life cycle of digital certificates. Dynamic Activation supports Non-SIM devices certificate subscription through the CAI3G interface.
The Wi-Fi Calling for multi-device (Non-SIM) provisioning solution is illustrated in the following figure:
In the above figure, layered IPWorks AAA includes CUDB and AAA-FE, monolithic HSS, and ECAS.
SES initiates CAI3G requests toward Dynamic Activation to accomplish all Non-SIM device provisioning use cases. Dynamic Activation and NEs communication interfaces are as follows:
- Monolithic IPWorks AAA (NSD)
- IPWorks AAA-FE (NSD) and CUDB
LDAP for user subscription towards CUDB, CLI over SSH for session notification towards AAA-FE
- Monolithic HSS
LDAP for private user subscription
- ECAS
HTTPs for certification subscription
2.3 Provisioning Use Cases
Dynamic Activation provides CAI3G interface towards upstream node for the following use cases:
- Non-SIM device on-boarding
- Non-SIM device activation
- Non-SIM device deactivation
- Non-SIM device enable/disable/reset
- Enable/disable/reset the Non-SIM device in the traffic. It does not affect the device subscription data
- Non-SIM device certificate management
- Non-SIM device CSR enrollment, device certificate renewal
- Non-SIM device user password management
- Non-SIM device user password updating
3 Dynamic Activation Provisioning Solution
This section describes the Non-SIM provisioning interfaces and provisioning functions.
For detailed information about interfaces, configuration, and more, refer to Wi-Fi Calling Provisioning over CAI3G, Reference [3].
3.1 Interface
This section includes information about the northbound provisioning interfaces used in the solution.
- VoWifiService
This interface is for SES to implement an integrated operation for all provisioning use cases in terms of individual IMPI data model. It initiates, modifies, or terminates Wi-Fi Calling Voice service by orchestrating IPWorks, HSS, and ECAS subscription procedures.
- NonSIMHSSUser
This interface is for SES to implement individual HSS IMPI Non-SIM device on-boarding use case in terms of shared IMPI data model. It initiates or terminates the device IMPI profile in the HSS through the CAI3G Set operation.
- AAANSDUser
This interface is for SES to implement individual IPWorks AAA NSD user subscription for general device management purpose. It initiates, modifies, or terminates the Non-SIM device subscription data in IPWorks AAA through the CAI3G Create, Set, and Delete operations.
- ECASCertificate
This interface is for SES to implement individual ECAS certificate subscription for general device management purpose. It initiates, modifies, or terminates the Non-SIM device certificate data in ECAS through the CAI3G Create, Set, and Delete operations.
- ISMSubscription
This interface is for monolithic HSS ISM management purpose. It offers the CAI3G Set operation to initiate or terminate the IMPI profile in monolithic HSS.
3.1.1 Northbound Interfaces
Dynamic Activation has two Northbound Interfaces for Non-SIM provisioning:
- NonSIMHSSUser
This interface implements the Non-SIM device on-boarding use case. It initiates the device IMPI profile in the HSS through the CAI3G operation Set.
- VoWifiService
This interface implements all other Non-SIM use cases by the CAI3G Create, Set, and Delete operations.
|
Northbound Interface (MO) |
Operation |
Non-SIM Provisioning Use Case |
|---|---|---|
|
NonSIMHSSUser |
Create |
Non-SIM device on-boarding |
|
Set |
Non-SIM device user password management | |
|
Delete |
Non-SIM device deactivation | |
|
VoWifiService |
Create |
Non-SIM device activation |
|
Set |
Non-SIM device enable/disable/reset | |
|
Non-SIM device certificate management | ||
|
Non-SIM device user password management | ||
|
Delete |
Non-SIM device deactivation |
3.2 Provisioning Functions
This section contains information about Dynamic Activation provisioning functions.
3.2.1 VoWifiService Provisioning
The VoWifService provisioning involves three NEs, IPWorks (AAA NSD user), HSS (IMPI), and ECAS. The provisioning sequence for all three operations, Create, Set, and Delete subscriptions, are shown as follows:
|
Create VoWifi |
|
|
ECAS | |
|
Monolithic IPWorks, AAA Non-SIM (NSD) User | |
|
Set VoWifi |
Monolithic IPWorks, AAA Non-SIM (NSD) User |
|
ECAS | |
|
Monolithic IPWorks, AAA Non-SIM (NSD) User if certificate handling is involved | |
|
Delete VoWifi |
Monolithic IPWorks, AAA Non-SIM (NSD) User |
|
ECAS |
3.2.1.1 Create VoWifiService
Dynamic Activation provides transaction rollback for the CreateVoWifiService operation among the subscriptions of the Network Element (NE). If a failure occurs in the midst of an NE subscription, the provisioning is ended and the transaction rollback is triggered. A cleanup of the previous successful subscription(s) is conducted. As a result, the transaction rollback information and original NE error messages are returned.
If the transaction rollback fails, data inconsistency occurs. In this occasion, it is necessary to manual clear the error, according to the Dynamic Activation processing log records. When the error has been taken care of, the request needs to be resent through Dynamic Activation.
3.2.1.2 Set VoWifiService
Dynamic Activation provides transaction rollback for revoking certificate and renewing cases in the SetVoWifi operation. If the last sequence step of IPWorks AAA NSD user updating failed, Dynamic Activation triggers the cleanup of the previous successful subscriptions to roll back the certificate from ECAS. At last, the transaction rollback information and original NE error messages are returned.
In other cases, there is no extra transaction handling for the SetVoWifiService operation.
If any error occurs, the provisioning is ended and the error messages are returned. In this occasion, it is necessary to manually clear the error, according to the Dynamic Activation processing log records. When the error has been taken care of, the request needs to be resent through Dynamic Activation.
3.2.1.3 Delete VoWifiService
The DeleteVoWifiService operation does not offer any transaction rollback. Instead it offers the error tolerance Subscription Data Doesn’t Exist. When this error is returned from the NE, Dynamic Activation ignores it and continues the provisioning to the next NEs.
If other errors occur, the provisioning is ended and the error messages are returned. In this occasion, it is necessary to manually clear the error, according to the Dynamic Activation processing log records. When the error has been taken care of, the request needs to be resent through Dynamic Activation.
3.2.2 NonSIMHSSUser Provisioning
The NonSIMHSSUser interface is for Non-SIM shared IMPI subscription. It concerns HSS provisioning.
AO is able to perform Create, Set, and Delete operations over NonSIMHSSUser interface. See Table 1 for Non-SIM provisioning interfaces and use cases.
For the Create and Set operations, if provisioning fails, the error message is returned. In this occasion, it is necessary to manual clear the error, according to the Dynamic Activation processing log records. When the error has been taken care of, the request needs to be resent through Dynamic Activation.
For the Delete operation, the error tolerance No Such Object is supported. Otherwise, if provisioning fails, the error message is returned. In this occasion, it is necessary to manual clear the error, according to the Dynamic Activation processing log records. When the error has been taken care of, the request needs to be resent through Dynamic Activation.
3.2.3 AAANSDUser, ECASCertificate, and ISMSubscription Provisioning
The interfaces AAANSDUser, ECASCertificate, and ISMSubscription are used for individual NE provisioning of IPWorks AAA, ECAS, and HSS. For more information, refer to Wi-Fi Calling Provisioning over CAI3G, Reference [3].
- AAANSDUser
This interface is used for IPWorks AAADNSUser provisioning. The CAI3G Create, Set, Delete, and Get operations are offered to create, change, delete, or retrieve AAANSDUser subscription data towards IPWorks AAA.
The AAANSDUser Delete operation and the user Non-SIM device disable/reset use case in the Set operation can trigger user session termination notification towards AAA.
- ECASCertificate
This interface is used for ECAS provisioning. The CAI3G Create, Set, Delete, and Get operations are offered to create, change, delete, or retrieve ECAS user subscription data towards ECAS.
Users can configure ECAS delete behavior by applying user identity or user certification identity on ECAS activation logic configuration. For details, refer to User Guide for Resource Activation, Reference [5]. If user identity is used for ECAS Delete operation, all certification records of the user are removed.
- ISMSubscription
This interface is used for HSS IMS IMPI data provisioning. CAI3G Create, Set, Delete, and Get operations are offered to create, change, delete, or retrieve IMS IMPI subscription data towards HSS.
4 Monolithic IPWorks Geographic Redundancy Provisioning
Geographic Redundancy is a mandatory requirement in the Non-SIM solution. In the following two scenarios, Dynamic Activation provides different solutions:
- Network Element Group Failover
When IPWorks is applied with the Geographic Redundancy solution, the AAA user subscription data can be synchronized within two IPWorks geographic sites. Dynamic Activation needs to select an available IPWorks site for data provisioning. Once a site is not available, the provisioning traffic must be switched over to the other one.
Dynamic Activation can monitor the IPWorks connection status through Network Element “heartbeat” function. When an IPWorks AAA NE is configured in Dynamic Activation, the NE status is monitored and displayed on the GUI.
Through the Dynamic Activation NE group Failover, the IPWorks Geographic Redundancy provisioning can be achieved. The following pictures illustrate the NE group Failover for IPWorks geographic provisioning:
- When site 1 (the local site) is available, the provisioning
workflow is as follows:
- When site 1 (the local site) is down, the provisioning
workflow is as follows:
- Note:
- Once site 1 is recovered and available again, the provisioning traffic goes back to initial status as shown in previous picture.
- When site 1 (the local site) is available, the provisioning
workflow is as follows:
- Network Element Group AAACluster Working as Double
Provisioning
When IPWorks is not applied with the Geographic Redundancy solution, the AAA user subscription data is not synchronized between two geographic sites by IPWorks. Instead, Dynamic Activation performs double provisioning across both sites through NE group AAACluster to secure the identical subscription data within two sites.
Dynamic Activation implements the double provisioning logics to handle IPWorks geographic redundancy subscription, especially for different provisioning failure scenarios.
In double provisioning, two IPWorks NEs need to be configured in a group. Dynamic Activation provisions the NEs sequentially, the first NE is always the master one.
The following picture shows the IPWorks double provisioning architecture. One incoming request is split into two sequential operations, first to Site 1 (Master) and then to Site 2.
Figure 3 IPWorks Double Provisioning Architecture
Depending on the different IPWorks failure cases, Dynamic Activation uses different strategies to handle the provisioning logics:
- Site 1 - failure case (Master):
The provisioning is ended without any operations duplicated on Site 2
- Site 2 - failure case:
Once the Master IPWorks provisioning succeeds, the whole provisioning transaction is considered to be successful.
To ensure the data consistency across the two sites, Dynamic Activation provides two ways to handle the failure operation:
- IPWorks Subscription Retry Mechanism
The subscription retry mechanism configuration is offered for IPWorks provisioning logics. It conforms to the IPWorks "temporary" failure case. Once such failure occurs, Dynamic Activation resends the subscription commands according to the Retry configuration (NE response message, retry times, retry interval).
- IPWorks Failure Commands Logging
If the second IPWorks operation fails, it will, eventually, cause data inconsistency between the sites. In such scenario, all IPWorks failure commands are logged on the Dynamic Activation server and an alarm is raised to the Operations Support System (OSS). Therefore, the administrator is able to get the occurrence of the failure.
Figure 4 depicts the IPWorks failure log files procedure.
- IPWorks Subscription Retry Mechanism
- Dynamic Activation receives the request for IPWorks AAA subscription.
- Dynamic Activation succeeds to provision the subscription towards IPWorks Site 1 (Master).
- Dynamic Activation fails to provision the subscription towards IPWorks Site 2.
- Dynamic Activation generates an error log for failure AAA commands and an alarm is raised towards OSS.
- To correct the data inconsistency, because of the IPWorks
site 2 failure, an administrator needs to log on to the Dynamic Activation
server, consolidate the log files, and dump the failure AAA commands
into a file. This file is later used as the data source file for IPWorks
Site 2.
For details, see instructions in Configuration Manual for Resource Activation, Reference [4].
When the error logs have been processed, the alarm is automatically ceased and a notification is sent to OSS.
- The administrator corrects the data inconsistency by loading the failure commands (data source file) into IPWorks site 2.
Reference List
| Ericsson Documents |
|---|
| [1] Library Overview, 18/1553-CSH 109 628 Uen |
| [2] Glossary of Terms and Acronyms, 0033-CSH 109 628 Uen |
| [3] Wi-Fi Calling Provisioning over CAI3G, 14/155 19-CSH 109 628 Uen |
| [4] Configuration Manual for Resource Activation, 2/1543-CSH 109 628 Uen |
| [5] User Guide for Resource Activation, 1/1553-CSH 109 628 Uen |