Messaging
SWIFTNet 7.0
SWIFTNet Online Operations Manager
Quick Overview
SWIFTNet Online Operations Manager Quick Overview 2
Table of Contents
Preface ... 3
1 Introduction ... 4
1.1 Background ... 4
1.2 SWIFTNet Online Operations Manager ... 4
2 Functionality overview ... 5
3 How to get access ... 7
3.1 Available to all customers ... 7
3.2 Specifying the URL ... 7
3.3 Network configuration ... 7
3.4 Network setup checks ... 7
3.5 Browser settings ... 8
3.6 System requirements ... 8
4 Access control ... 9
5 User Guide ... 11
Preface
Purpose of this document
This document provides an overview of the SWIFTNet Online Operations Manager functionality, including information on how to access the service and the required network setup.
Intended audience
This document is intended for security officers , SWIFTNet project managers and customers responsible for operating the SWIFTNet environment.
Related documentation
• SWIFTNet 7.0 Release Overview
• SWIFTNet Messaging Service Description
SWIFTNet Online Operations Manager Quick Overview 4
1
Introduction
1.1
Background
SWIFT provides the ability for customers to manage their SWIFTNet security and routing online. Before SWIFTNet 7.0, customers required an application such as the Alliance WebStation to administer their certificates, roles and routing rules.
1.2
SWIFTNet Online Operations Manager
SWIFTNet 7.0 introduced the SWIFTNet Online Operations Manager. This service allows customers to administer their security and routing through a new SWIFT-managed service available over Browse.
This service offers access to the same functionality as the GUI on the Alliance
WebStation. In addition, this new service will also enable various new security features (See the SWIFTNet 7.0 Release Overview, sections 5.14 through 5.23, or the SWIFTNet Service Description and SWIFTNet Operations Guide)
Note that most of this new functionality is only available by accessing the new Browse service. The existing ”Users” and “Routing” module of Alliance WebStation are no longer available in Alliance WebStation 7.0.
As for any other Browse service, customers require the Alliance WebStation or the Web Platform to access the SWIFTNet Online Operations Manager.
However customers do not need to upgrade their Alliance WebStation (release 6.x) or Web Platform (release 6.x) in order to be able to use this new Browse service
This means that customers can start using this functionality at any time.
(and thus the new functionality).
2
Functionality overview
The SWIFTNet Online Operations Manager provides the same functionality for certificate management, role management and routing management that was available in the WebStation's "Users" and "Routing" modules. In addition, it provides some new functions as well.
Here is a brief overview of the main new functionality (for more information, see the on-line help or the User Guide):
(items indicated with * become available during the course of December 2010)
Certificate Management
• ability to recover SNL certificates online
• addition of certificate expiry date in the node details screen • ability to get the details of multiple nodes at the same time • search capability on node name to easily find an entry in the tree • ability to limit the scope of a Security Officer to a branch in the tree • ability to delete nodes from the tree
• print the naming tree or node details part of the screen • ability to add a free-format description for any user *
• availability of an advanced search based on certificate parameters or on user's roles * Role Management
• ability to get the details of multiple nodes at the same time • search capability on node name to easily find an entry in the tree • ability to limit the scope of a Security Officer to a branch in the tree
• ability to manage a group of nodes at once (group grant, group ungrant, role copy) • quick view of all roles that a user has (and print this screen)
• print the naming tree or node details part of the screen
• availability of an advanced search based on certificate parameters or on user's roles * 4eyes authorisations
• When the second Security Officer receives the 4eyes token from the first Security Officer, the application will present the changes made by the first Security Officer and the second can approve.
Routing management
• ability to select individual routing rules (for reroute or enable/disable operation) • print routing rules
• ability to save selection parameters for later use * Reports
• certificate report: allows to generate an up-to-date list of all certificates of your institution including their details (name, type, status, expiry date).
• certificate report: option to list all certificates that will expire soon *
• role report: allows to generate an up-to-date list of all users and the roles they have, across all services. Lists each time the relevant details (such as qualifier
information).
• activity log: allows to generate a report that lists all changes performed with regards to certificate, role or routing management, as well as login and logouts to the SWIFTNet Online Operations Manager.
• all reports allow to save report parameters for later use *
SWIFTNet Online Operations Manager Quick Overview 6
Administration
• e-mail management: define e-mail addresses that can be used when scheduling automated reports *
General
3
How to get access
3.1
Available to all customers
All SWIFT customers can access the SWIFTNet Online Operations Manager, no specific subscription is required. To access the SWIFTNet Online Operations Manager, ensure that:
• you have the ability to access a Browse service (this means either through the Browse module of Alliance WebStation or through the use of Alliance WebPlatform) • you know the URL of the service
• your network allows access to the service.
The above points will allow you to access the Browse service. In addition, you need one or more roles that allow you to access the functionality, that this, the menu options of the application. See the section "Access Control" below for more information.
The current functionality (mainly certificate and role management) is available at no extra charge. The usage of these functions is included in the SWIFTNet PKI charges.
3.2
Specifying the URL
The URL for the Browse service SWIFTNet Online Operations Manager on the production environment is as follows: https://www.o2m.swiftnet.sipn.swift.com . Developers who have access to the Integration TestBed (ITB) need to use the following URL: https://www.o2m-itb.swiftnet.sipn.swift.com .
3.3
Network configuration
Like for any Browse service, customers need to ensure that their network setup (typically firewalls) allows to reach the web server.
• Customers that configure their network infrastructure to allow outgoing TCP
sessions to the subnet range 149.134.0.0 /17 on destination TCP port 443 (HTTPS), do not need any specific setting. Indeed, this range includes, amongst others, the IP addresses of SWIFT-operated Browse services.
• Customers using stringent security policies may require to configure a list of specific IP addresses. In this case, the filtering policy of the Browse customer's firewall must allow the following routes:
Source Destination
Host Port Host Port
Client > 1023/tcp 149.134.126.33 443/tcp Client > 1023/tcp 149.134.127.33 443/tcp
For more information on network configuration, and for details related to the Integration Testbed (ITB) environment, please refer to the Network Configuration Tables Guide.
3.4
Network setup checks
You can check if your network setup is correct as follows: 1) check the DNS (Domain Naming Service)
You can run the nslookup command on your local machine: - click "Start", "Run...", type cmd (a window opens)
- type nslookup command as follows:
nslookup www.o2m.swiftnet.sipn.swift.com
SWIFTNet Online Operations Manager Quick Overview 8
Name: NLCBSL-GUA.swiftnet.sipn.swift.com (or USCBSL-GUA.swiftnet.sipn.swift.com) Address: 149.134.127.33 (or 149.134.126.33)
Aliases: www.o2m.swiftnet.sipn.swift.com
2) check the DNS and the ability to reach the Browse server :
Run the checkip command, the results should be similar to the following output:
checkip www.o2m.swiftnet.sipn.swift.com 443
--- Results of tests will be available in
"C:\Users\SNLOwner\AppData\Local\Temp\2\checkip_1274881604_4976.out"
--- Execution Started : Wed May 26 09:46:44 2010
Hostname : <hostname> - [www.o2m.swiftnet.sipn.swift.com 443 TCP] : FULL_SUCCESS ============================================================================ Host IP : 149.134.127.33 (or 149.134.126.33) Result : FULL_SUCCESS Total Time : 32 ms ============================================================================
3.5
Browser settings
Because the SWIFTNet Online Operations Manager is a Browse service on SWIFTNet, you need to ensure your browser settings are correctly set. Please refer to the Browse Implementation Guide for the details, especially chapters 4 and 5.
3.6
System requirements
Make sure your system satisfies the minimum system requirements for the interface software you are using (Alliance WebStation or Alliance WebPlatform). Also, the desktop where your run the browser that accesses the SWIFTNet Online Operations Manager should at least be "Intel Core Duo CPU" based (or equivalent) and have sufficient memory to ensure good performance, preferably 3GB or more. If you run on the same system other applications at the same time, then ensure that the total amount of memory is sufficient to also run these other applications.
4
Access control
Customers need (RBAC) roles to be able to access specific functionality provided through the SWIFTNet Online Operations Manager.
If a customer has no roles to access the service, an error message will be displayed. If a customer has one or more roles, then the corresponding menu options will become available. Menu options for which the customer does not have the necessary role, will be greyed out.
The following is a summary of the menu options and the roles needed (for full details, see the User Guide):
Menu option Role(s) needed
Certificate Management - User SWIFT.LRA//CertificateAdministration
or SWIFT.LRA//CertificateAdministration4eyes or SWIFT.LRA//LiteCertificateAdministration or SWIFT.LRA//Viewer
Certificate Management - SNL SWIFT.LRA//SnlCertificateAdmin
or
SWIFT.LRA//SnlCertificateAdmin4eyes or
SWIFT.LRA//Viewer
Certificate Management - Web SWIFT.LRA//CertificateAdministration
or
SWIFT.LRA//CertificateAdministration4eyes or
SWIFT.LRA//Viewer
Role Management SWIFT.RBAC//Normal User
or SWIFT.RBAC//Viewer or SWIFT.RBAC//Delegator or SWIFT.RBAC//Delegator4eyes or SWIFT.RBAC//DelegatorPilot
4eyes Authorisation SWIFT.LRA//CertificateAdministration
or SWIFT.LRA//CertificateAdministration4eyes or SWIFT.LRA//SnlCertificateAdmin or SWIFT.LRA//SnlCertificateAdmin4eyes or SWIFT.RBAC//Delegator or SWIFT.RBAC//Delegator4eyes
Routing Rules Management SWIFT.RUG//SiteManager
or SWIFT.RUG//PilotSiteManager or SWIFT.RUG//LiveSiteManager or SWIFT.RUG//Viewer
Certificate report SWIFT.LRA//CertificateAdministration
or SWIFT.LRA//CertificateAdministration4eyes or SWIFT.LRA//SnlCertificateAdmin or SWIFT.LRA//SnlCertificateAdmin4eyes or SWIFT.LRA//LiteCertificateAdministration or SWIFT.LRA//Viewer
SWIFTNet Online Operations Manager Quick Overview 10 SWIFT.RBAC//Delegator or SWIFT.RBAC//Delegator4eyes or SWIFT.RBAC//DelegatorPilot
Activity log SWIFT.RBAC//Auditor
or
SWIFT.LRA//Auditor
or
5
User Guide
SWIFT provides both an on-line help as well as a User Guide for the SWIFTNet Online Operations Manager.
The on-line help can be accessed through a link at the top right corner of the screen. The SWIFTNet Online Operations Manager User Guide is part of the User Handbook that customers can access through swift.com
SWIFTNet Online Operations Manager Quick Overview 12
Legal Notices
CopyrightSWIFT © 2010. All rights reserved.
You may copy this publication within your organisation. Any such copy must include these legal notices.
Confidentiality
This publication contains SWIFT or third-party confidential information. Do not disclose this publication outside your organisation without the prior written consent of SWIFT.
Disclaimer
The information in this publication may change from time to time. You must always refer to the latest available version on www.swift.com.
Translations
The English version of SWIFT documentation is the only official and binding version.
Trademarks
SWIFT is the trade name of S.W.I.F.T. SCRL. The following are registered trademarks of SWIFT: SWIFT, the SWIFT logo, Sibos, SWIFTNet, SWIFTReady, and Accord. Other product, service, or company names in this publication are trade names, trademarks, or registered trademarks of their respective owners.