7signal 2010-08-APU2 Sapphire User Manual

Download:
Mirror Download [FCC.gov]
Document ID	1377717
Application ID	lKF+ekyydw5dNm5G6hQiYQ==
Document Description	User manual
Short Term Confidential	No
Permanent Confidential	No
Supercede	No
Document Type	User Manual
Display Format	Adobe Acrobat PDF - pdf
Filesize	381.18kB (4764801 bits)
Date Submitted	2010-11-17 00:00:00
Date Available	2011-05-16 00:00:00
Creation Date	2010-09-10 13:58:33
Producing Software	Microsoft® Office Word 2007
Document Lastmod	2010-09-10 13:58:33
Document Title	User manual
Document Creator	Microsoft® Office Word 2007
Document Author:	Sami Kuusisto

7signal Sapphire
Carat User Guide
2
Administrativia
FCC Warning
The radiated output power of the 7signal Sapphire Eye complies with the FCC RF exposure
limits. To avoid the possibility of exceeding the FCC radio frequency exposure limits, a
distance of at least 20 cm should be kept with the user and the device while operating.
NOTE TO THE USER
Any uninstructed modification to the 7signal products may result in violation of FCC
requirements.
3
Table of Contents
THE 7signal Sapphire WQA SOLUTION ................................................................................................. 7
System overview .......................................................................................................................................................................8
System components ................................................................................................................................................................8
SAPPHIRE EYE .............................................................................................................................................. 9
SAPPHIRE CARAT ...................................................................................................................................... 11
SONAR .......................................................................................................................................................... 12
SAPPHIRE LOUPE ...................................................................................................................................... 13
CARAT MANAGEMENT INTERFACE ....................................................................................................... 14
Menus............................................................................................................................................................................................. 14
ON CONFIGURING OF 7SIGNAL SAPPHIRE CARAT ........................................................................... 17
Automated Tests.................................................................................................................................................................... 17
Access Rights ............................................................................................................................................................................ 18
USER MANAGEMENT ................................................................................................................................. 19
User groups and object permissions ........................................................................................................................ 19
User group hierarchy .......................................................................................................................................................... 19
User access levels.................................................................................................................................................................. 20
User group and user management............................................................................................................................. 20
User groups ................................................................................................................................................................................ 20
Users ............................................................................................................................................................................................... 22
WIRELESS NETWORKS AND TARGET NETWORKS ............................................................................. 25
Addition of networks to be monitored .................................................................................................................. 25
Addition of a network location ................................................................................................................................... 25
Hidden networks .................................................................................................................................................................... 26
Removal of a network ........................................................................................................................................................ 27
SETTING UP A MONITORING STATION ................................................................................................ 30
States of Monitoring Stations ....................................................................................................................................... 30
Adding a monitoring station.......................................................................................................................................... 30
Monitoring station settings ............................................................................................................................................ 31
Activation of monitoring station................................................................................................................................ 32
Floor plan.................................................................................................................................................................................... 32
Updates to a management station's software................................................................................................... 33
4
CREATION AND USE OF AN ENCRYPTION KEY.................................................................................. 35
On key types ............................................................................................................................................................................. 35
On different methods and implementations ..................................................................................................... 35
Adding a key.............................................................................................................................................................................. 36
On certificate-based encryption................................................................................................................................. 37
ADDITION OF TEST END-POINT............................................................................................................. 39
Sonar .............................................................................................................................................................................................. 39
Generic test counterparts............................................................................................................................................... 39
ACCESS POINT INFORMATION ............................................................................................................... 41
LINKS AND LINK GROUPS........................................................................................................................ 42
The formation of a link..................................................................................................................................................... 42
Link removal ............................................................................................................................................................................. 42
Creating a link group.......................................................................................................................................................... 43
Removing a link group ....................................................................................................................................................... 43
Adding a link to a link group......................................................................................................................................... 43
Removing a link from a link group............................................................................................................................ 43
ALARMS........................................................................................................................................................ 44
Creation of an alarm group ........................................................................................................................................... 44
Binding of alarms to access points............................................................................................................................ 45
Alarm messages ...................................................................................................................................................................... 45
Alarm exporting ..................................................................................................................................................................... 46
TRAFFIC CLASSES ..................................................................................................................................... 49
TEST MEASUREMENTS ............................................................................................................................. 50
Test profiles.............................................................................................................................................................................. 50
Contents of a test profile ............................................................................................................................................... 51
Testing multiple wlan networks in one test profile..................................................................................... 53
Operations on Templates ................................................................................................................................................ 53
Operation on Test Element ............................................................................................................................................ 54
Operations on Test Profile Node ................................................................................................................................ 54
Operations on Test Profile ............................................................................................................................................. 54
Operations on essid inside a test profile ............................................................................................................. 55
Operations on test profile element inside a test profile ......................................................................... 55
On test elements ................................................................................................................................................................... 56
Modifying test parameters ............................................................................................................................................. 56
5
Configuring complex test profiles............................................................................................................................. 56
Running test profiles .......................................................................................................................................................... 57
Passive tests .............................................................................................................................................. 59
Initial network scan ............................................................................................................................................................. 59
“Network Scan” test ........................................................................................................................................................... 60
“Client Scan” test ................................................................................................................................................................. 61
Spectrum analyzer................................................................................................................................................................ 65
Active Tests ............................................................................................................................................... 66
“Noise monitor” test .......................................................................................................................................................... 66
“Optimal Antenna Selection” test ............................................................................................................................ 68
Download Tests ....................................................................................................................................................................... 69
Upload tests .............................................................................................................................................................................. 70
“Ping test” ................................................................................................................................................................................. 71
“Traceroute Test” ................................................................................................................................................................ 73
“Access point traffic” test ............................................................................................................................................. 74
“Client Scan”............................................................................................................................................................................ 75
“MOS Test” ................................................................................................................................................................................ 76
“Air Utilization Test”......................................................................................................................................................... 78
“HTTP URL (Intranet) test”............................................................................................................................................ 79
“Internet Availability Test” .......................................................................................................................................... 80
“SIP Register Test”............................................................................................................................................................... 81
REPORTING ................................................................................................................................................. 83
SERVICE LEVEL AGREEMENT ................................................................................................................. 84
Defining a Service Level Agreement into the system .................................................................................. 84
Binding SLA groups to network topology elements ....................................................................................... 87
VIEWER SOFTWARE .................................................................................................................................. 89
EMAIL SERVERS.......................................................................................................................................... 90
DATABASE BACKUP .................................................................................................................................. 91
Backup options ........................................................................................................................................................................ 91
Database logging.................................................................................................................................................................... 91
Purging database logs ........................................................................................................................................................ 91
Backup method options..................................................................................................................................................... 92
Managing backup levels .................................................................................................................................................... 94
Restoring backups ................................................................................................................................................................. 95
6
NAGIOS SUPPORT ..................................................................................................................................... 97
Adding Sapphire Host Information To Nagios Server ................................................................................... 97
Adding Nagios Plug-ins To Sapphire Software .................................................................................................. 98
Verifying Nagios Installation ......................................................................................................................................... 98
Removing Nagios plugins .................................................................................................................................................. 99
CONTACT INFORMATION ..................................................................................................................... 100
7
THE 7signal Sapphire WQA SOLUTION
Welcome to 7signal Sapphire, providing you with a new way to continuously and
automatically measure the health and quality of a wireless network from the user's
perspective. A commonly used term here is wireless quality assurance, or WQA. Companies
and their business processes are becoming increasingly dependent on the performance and
service quality of their wireless networks. Thanks to the Sapphire WQA solution, companies
can integrate the quality management of wireless networks with their existing IT and
communications technology services.
7signal Sapphire uses monitoring stations (Sapphire Eye) to monitor performance and
quality in WLAN cells and to monitor the surrounding radio frequency environment. The
performance of the customer’s network is tested against a test server (Sonar). Interactive
tests, monitoring stations, and parameters for automatic measurement are managed with a
centralized management tool (Sapphire Carat). The measurement results are reported via a
business application (Sapphire Loupe). Both tools can forward results either automatically or
manually to designated persons in the company, or to third parties, such as technical
support or other service provider.
The monitoring station, Sapphire Eye, continuously monitors the selected WLAN channels
via passive listening, which does not have an impact on network performance. It can also
impersonate a client device in the target network and then use the network and the services
provided through it. By comparing measurement results to a previously saved acceptable
environment, the solution can detect interfering transmitters, access points and clients
behaving in undesirable ways, and other applications using unregulated frequency bands
that can potentially affect network functionality. Among these applications might be motion
detectors, microwave ovens, Bluetooth devices, powerful electric motors, radiation devices
used for decontamination, and baby monitors. The solution can also produce proactive
statistics on the predicted user experience of network performance, which enables the
company to increase network capacity before the users notice loss of performance.
In user emulation tests, also known as active tests, Eye connects to the test server (Sonar)
over the wireless network and uses it like an ordinary production service. The use may
include mass file transfers, browser downloads, wireless VoIP calls, or connections to
another production server. Simply put, Sapphire tests the end-user experience by examining
the entire data chain from the client to the production service. Active tests can monitor the
network even when there are no users in the network. This makes it possible to forecast
performance problems and to take corrective actions even before the service level suffers.
Active tests show the availability and quality of services offered over the network, and they
help administrators to see why some applications with their various demands for network
performance do not work as expected in the network or some of its areas. When problems
occur, active tests can also aid in location of the problem area in the network topology,
which often includes WLAN, LAN, and WAN elements.
The key benefits of 7signal Sapphire are user emulation, superb coverage, continuous
monitoring, and visibility of network health. Competing solutions are often based on
monitoring the access point settings. As a result, they do not give any indication of the
service quality experienced by the end user. In such limited solutions, the service quality
8
parameters measured are the same as in wired networks. Sapphire, by contrast, produces a
comprehensive picture of the radio connection quality, where delay, number of
retransmissions, and packet loss are taken into account, in addition to the commonly
measured parameters.
System overview
The 7signal Sapphire Quality Monitoring Solution consists of a Sapphire Eye monitoring
station, a Sonar test server, the feature-rich Sapphire Carat management software, and
Sapphire Loupe for viewing and reporting on results.
System components
The system components are described in chapters 2–6. The remaining chapters describe the
management software. The result viewing and reporting tool (Loupe) is described in its own
user guide.
9
SAPPHIRE EYE
Sapphire Eye is a monitoring station for WLAN environments, serving as the measurement
station or monitoring station in the WQA solution. Unlike a common access point or client,
the Eye monitoring station uses advanced broadband antenna technology, which creates an
exceptionally large coverage area. Consequently, one Eye can monitor several access points,
or WLAN cells. The recommended number of monitored cells is 6–10. Eye is protected
against dust and water (conformant to IP55 or IP65 specifications, depending on the model),
so it can be installed outdoors also in challenging environments.
In Sapphire, the management tool Carat and monitoring station Eye work as a client and
server, with Eye being the server for Carat. The traffic between the client and server is
strongly encrypted and uses 7signal’s proprietary management protocol. This makes it
possible to manage the monitoring stations from geographically distant locations and over
insecure networks.
A monitoring station conducts both passive and active measurements in a WLAN
environment. The passive measurements consist of listening to data traffic that uses the
IEEE 802.11 protocol and of general analysis of the radio frequency spectrum in the
coverage area. Passive measurements have no effect on the functionality or utilization rate
of the target network, or the effect is very small (probe request transmissions). During active
measurements, Sapphire Eye contacts each monitored access point in turn and uses the
network services via the WLAN; i.e., it acts like a user or other client in the network. Using
both active and passive measurements, the 7signal WQA solution can monitor the
experienced network performance along the entire length of the service chain and locate
problems in both WLAN and LAN environments.
10
In the picture above
the management interface is on the service provider’s premises (top left corner)
the customer’s premises have a wireless network with six access points (center part
of the picture, access points in red)
there is one monitoring station on the customer’s premises (the colored lobes depict
the station’s directional antennas and their range)
a problem has occurred in an access point in the red lobe
the problem can be seen in the monitoring interface or in a report as a falling
performance indicator value (lower right corner)
11
SAPPHIRE CARAT
With the Sapphire Carat management tool, you can manage the Sapphire Eye monitoring
stations, run interactive and real-time measurements, configure and manage automatic
measurements, and generate reports of the measurement results. The reports contain
tables and charts, and they can therefore be immediately used at the customer company, or
by third parties such as technical support staff, managers, or service providers.
Sapphire Carat stores the profiles used in the automatic testing of the monitored network,
and the network’s access rights information. Sapphire Carat can be used interactively to test
various areas of the network, or it can be left running in the background for continuous
collection of test results.
Key features:
• Status information on the radio network’s availability and usability
• Availability of a production service
• Overview of data traffic from the client to the production server
• Packet-level load measurement and traffic analysis in a radio network
• Tests at application level
• Properties, signal levels, and noise levels of the radio frequency environment
• Statistical analyses, averages, deviations, and distributions
• Monitoring of data security settings
• Location of interference
• Alarms
12
SONAR
The role of the Sonar test server in 7signal Sapphire is to emulate one of the customer’s
production servers. Sapphire Eye contacts Sonar over the radio network to use some of the
services available or to request Sonar to contact Eye, if so specified in the service model.
Sonar and Eye thus implement the client–server model during active testing. The roles vary,
depending on the test. This symmetry of roles ensures that both directions (uplink and
downlink, or A subscriber in phone calls) can be measured. The Eye system’s test results are
always sent to the management tool Carat, either by Eye itself or by Sonar.
A single Sonar can serve several monitoring stations without being affected by the
monitoring station‘s home network. One Sonar can therefore be used as the test point for
several networks.
The 7signal Sapphire WQA solution supports the concurrent use of several Sonar test
servers, which means that Sonar can be installed on several servers within a company. Using
several Sonars enables the company to detect and locate problems in its network. Sonar can
be located in the same network as the access points, in a server room in the same building,
or anywhere on the Internet – such as in the centralized identification and authorization
center of an international organization.
13
SAPPHIRE LOUPE
Sapphire Loupe is the measurement tracking tool in the WQA solution. Using Loupe, the
persons responsible for business and network can view the saved measurement results,
which are obtained in real time. Loupe cannot be used to control Sapphire’s functions and
measurements themselves; however, the measurement results are available in Loupe in a
more precise and detailed form than in Sapphire. Setting access rights for viewing the results
is easy with the user management feature.
Loupe makes the network’s key performance indicators (KPIs) available at a glance, or in
more detailed form for a given time period. Loupe is browser-based, so authorized persons
can use any of the most common browsers to view the results as long as they have an
Internet connection. The result summaries can be saved as plain text to comma separated
value files (CSV files), or as PDF files, preserving the formatting. The plain-text material can
be used in many ways, including import into a spreadsheet.
Loupe is a separate application with its own user guide.
14
CARAT MANAGEMENT INTERFACE
The management interface home page looks like this:
Menus
Navigation
The menus at the top of the home page function in the same way as in any graphical user
interface. The menu bar is used to manage the application, automatic testing and testing
profiles, and functions related to the settings of networks being monitored.
The menu contents are dynamic based on context, user access rights and the current
license.
Menu
Description
File
Log in / log out, lock the session, and
close the application.
Edit
View
Manage
Enter settings for applications used for
viewing the exported result files. Specify
the server for outgoing mail.
Configure and view Sapphire’s general
settings.
Manage Sapphire’s general settings:
- alarms
- user management
- access keys to radio networks
- test end point settings
- administration of target network
client information
- settings for automatic reporting
Submenus
Lock session
Log in
Log off
Exit
Configure tools
SMTP server
Network topology
Alarm
Alarm configuration
Users and groups
Access Control
Network Keys
Test end points
Alarms
Email
SNMP
15
remote management of
monitoring station software
Network clients
SLA Definitions
Automated report
configuration
Eye software
management
Change password
Test Profiles
Start sequential testing
Stop sequential testing
Eyes auto test
management
Tools
Start and stop the automatic test profile.
Window
Refresh the main window of the user
interface.
Refresh
Help
Read user documentation and general
information about the system
installation.
Release notes
Carat User guide
Loupe User guide
About
Network topology
The Network topology is a hierarchical tree displaying the monitoring stations and the
monitored access points that constitute a network. The user can select from multiple ways
to access the network: either via monitoring stations or via the network’s service areas. Both
methods support network testing, but monitoring stations can only be managed by using
their respective icons.
The network hierarchy is displayed as a tree, with an icon representing each item at each
node. If the item has functionality, you can bring it into view by right-clicking the icon.
Menu
Description
Organization
In the Organization menu, you can add
locations and service areas to the
organization that is being created.
Location
Service area
From the Location menu, you can set
the network’s physical location (e.g.,
country, city, or building). A location is
always attached to a higher-level
location or organization.
A service area is a location where you
can install a monitoring station. A
service area is determined by the
coverage area of the monitoring station,
not by the coverage area of the target
network.
Submenus
Edit
View wireless network
Add location
Add organization
Remove organization
Bind SLA
Edit
Add Location
Add service area
Remove location
Add Link Group
Edit
Add Eye
Bind wireless network
Remove service area
Allowed channels
Floor plan
16
A service area can have a floor plan.
Eye
Wireless network
Access Point
A monitoring station always belongs to a
service area.
This menu describes the target network,
which can be located in one or more
service areas. A service area can contain
several target networks. This menu is
used to configure the encryption
method used in the network.
In this menu, you can perform tests and
set alarm limits for an access point.
Edit
Remove Eye
(De)activate
Network scan
Client scan
Spectrum analysis
Noise Monitor
Manual tests
Bind to test profiles
Unbind from test profiles
Automated test status
Add key
Edit
Unbind wireless network
Allowed channels
Access point info
Active tests
Bind to alarm limit group
Unbind to alarm limit group
Remove access point
17
ON CONFIGURING OF 7SIGNAL SAPPHIRE CARAT
This user manual is mainly intended for ‘random access’ i.e. there is no strict order how to
read the manual. However, this section should be read first as its purpose is to ensure
proper and scalable operations on the system.
The access rights and user management heavily relies a group-based model. The group is the
starting point: every user belongs to one of the groups and the group determines the access
rights of any given user. The technical details and management instructions are in the next
section. This section
Any objects in the system – Eyes, Sonars, topology elements such as Organizations and
Locations – belong to some administrative group. Objects that do not belong to a certain
group are also invisible to the group. This isolation is very low-level in 7signal Sapphire in
order to enable safe and secure operations in large setups with numerous and
heterogeneous organizations.. 7signal Sapphire supports multiple organizations that are
under completely different administration and must remain unaware of each other.
To fully utilize this feature it is strongly advised that a role called Solution Administrator (see
the next section on user and group management) is used only to create other Administrators
(so called local Administrators) that in turn should not do much more than create a set of
configurators, at least one and as many as deemed necessary.
The recommended minimum setup for an operational 7signal Sapphire is
Users and Groups
Solution Administrator Group (default initial user)
o Solution Administrator (default initial user)
NewAdminGroupForOrganizationX (created by Solution Administrator)
o LocalAdministrator1 (created by Solution Administrator)
o NewConfGroup (created by LocalAdministrator1)
 LocalConfigurator1 (created by LocalAdministrator1)
Now, all other configurations related to network topology, test profiles, wlan network keys
etc. should be made by the user LocalConfigurator1 to enable proper operation of the
automated object access rights management system.
Automated Tests
Top-menu selection “Tools | Start automated tests” affects only those objects that are
accessible to the user issuing the command. Stopping works similarly.
Solution Administrator level user starts and stops testing system-wide i.e. all the monitoring
stations. Local Administrator may affect the monitoring stations only inside their own
administrative boundary i.e. only part of the monitoring stations start/stop. However, even
here it is advised to use Configurator level users to manage automated testing locally.
18
Access Rights
The access rights is an accessible pane in the “Manage” menu. When one follows the
intended way of user and group definition, the contents and actions in the “Access Rights”
pane are redundant. The feature remains activated but the use of it is discouraged and thus
not instructed in detail.
For sandbox testing and non-warranted try-outs: the left panel contains actual users and
groups and related access rights. The right panel contains all objects in 7signal Sapphire.
With combinations of right-clicks and drag&drops fine-level adjustment and changes to
access rights are possible.
19
USER MANAGEMENT
User management in 7signal Sapphire is based on user groups. A user's access rights in the
system derive from the user group that the user belongs to. A user may only belong to one
user group at a time.
In addition to normal user management the Sapphire system supports user group specific
view virtualization. The system can be configured so that different user groups have access
to different objects that have been created into the system. For instance, one user group
may have access to all objects and two subgroups of that group may only have access to a
portion of all objects. It is also not necessary for the subgroups to have access to any of the
same objects.
User management is also restricted in the same manner as object management. An
administrator user only has access to the users created by him-/herself in addition to any
users belonging to the same administrator group he/she belongs to.
Users belonging to the Sapphire admin group have access to the entire system.
User groups and object permissions
Almost every object created in the Sapphire system includes an access control list (ACL). An
object's ACL is mainly determined by the user group of the user that creates the object in
question.
Note that objects are also created through automatic testing. For example access points,
wireless clients and alarms created this way. Objects created as a result of automatic testing
inherit their ACL from the Eye that conducted the test.
The Sapphire system also includes the functionality to transfer access rights of objects from
one user group to another.
User group hierarchy
The Sapphire system supports two types of user groups: normal user groups and referencing
user groups.
A normal user group can be created either as a new root group or as a subgroup to an
already existing user group. When new groups are created as subgroups under an existing
user group, the existing group inherits access rights to all objects that its subgroups have
access rights to. This inheritance rule applies to the whole user group hierarchy meaning
that the root user group in a hierarchy gets access rights recursively from all subgroups.
Access rights of referencing user groups are not inherited in this way.
A referencing user group can be created for any group except the Solution Administrator
group. A referencing user group always has the same access rights as the user group it
references. The only difference is that a referencing user group cannot be granted the same
access level as the group it references. A common use for a referencing user group is to have
it reference for example an organization’s configuration group. This way the referencing
group’s users can view the configuration group’s objects, but cannot configure the system.
20
User access levels
The Sapphire system supports three elementary access levels for user groups: Reporter,
Configurator and Administrator. Access rights are inherited from lower to higher levels:
Reporter users only have their own level’s access rights, Configurator users have reporter
level rights plus additional rights granted by their configurator level, and Administrator users
have all rights.
There are four preconfigured levels of access rights:
• Solution Administrator – system-wide super-user that may be the only user in small
set-ups and should be used only for other administrator definitions in large-scale
environments
•
Administrator – full access and management rights
•
Configurator – full access rights, no user management rights
•
Reporter – access rights to alarms and reports
User group and user management
The Sapphire Carat user management dialog can be accessed from the main menu by
selecting "Manage | Users and groups". Only administrator level users can access user group
and user management in the Sapphire system.
When the user management dialog is opened, a tree view showing the users and user
groups currently existing in the system opens to the right of the dialog.
User groups
Related icons
Reporter group
active group
Configurator group
referencing group
inactive group
active group
Administrator group
referencing group
inactive group
active group
referencing group
inactive group
User group parameters
Name - The name of the user group
Description - A description of the group
Service Role - Defines access rights for the group's users in the Sapphire system
Type - The group type (normal/referencing)
Status - The group status (active/inactive)
21
Adding a user group
A new user group can be added into the system in three different ways:
1. As a new root group under which to start creating a new user group hierarchy.
2. As a subgroup to an already existing user group.
3. As a symbolic (referencing) group for an already existing group.
Adding a group can be done by right-clicking on either the "Groups and users" node in case
n:o 1 or an existing user group in cases 2 and 3 and selecting "Add instance group" in case
n:o 1 or "Add symbolic group" in cases 2 and 3 from the pop-up menu.
Steps to create a new group:
1. From the top menu bar select “Manage | Users and Groups” to open a pane on left
2. Right-click the root object named “Users and Groups” or an existing group to get a
submenu
3. Select “Add group” to open a pane on right
4. Enter the relevant group information
a. user name: login name for the user
b. (optional) Description: free-text field for the group description
c. Role: group access right level. The field is dynamic, the super-group dictates
the default level and available range of valid access level.
d. Status: Active or inactive. Only users in an active group may login.
5. Save the group by clicking “Save”
Editing a user group
The user group editing dialog can be accessed by right-clicking the desired user group and
selecting "Edit" from the pop-up menu.
An example of editing a user group:
1. Log in as an administrator group user
2. Open the user group and user management dialog by clicking "Manage | Users and
Groups" from the top menu bar
3. Select the desired user group for editing by right-clicking on it and choosing "Edit"
from the pop-up menu
4. Make the desired changes to the user group’s settings
5. Save the changes by clicking on the "Save" button
Removing a user group
A user group can be removed by selecting the group to be removed by right-clicking on it
and selecting "Remove Group" from the pop-up menu. The following criteria must be
satisfied before a user group can be removed:
1. The group must be empty of users
2. The group must not have any subgroups
3. The group must not own any objects
22
An example of removing a user group:
1. Log in as an administrator group user
2. Open the user group and user management dialog by clicking "Manage | Users and
Groups" from the top menu bar
3. Right-click on a group that satisfies the removal criteria and select "Remove" from
the pop-up menu
User group status
In certain situations it may be desired to inactivate some user group. An inactive user group
has no access rights in the system. A user group can be inactivated by right-clicking on the
desired group and selecting "Inactivate" from the pop-up menu. An inactive group can be reactivated by right-clicking on the group and selecting "Activate" from the pop-up menu.
An example of changing a group’s status:
1. Log in as an administrator group user
2. Open the user group and user management dialog by clicking "Manage | Users and
Groups" from the top menu bar
3. Right-click on the desired group and select "Inactivate" from the pop-up menu
Users
Related icons
Administrator user
active
Configurator user
inactive
active
Reporter user
inactive
active
inactive
Parameters
User name - User name
Alias - An alias for the user name, for example the user’s real name
Email Address - User’s email address
Phone - User’s phone number
Organization - The Organization that the user belongs to. Useful for example when a
service provider wants to give access rights to clients it manages.
Status - User’s status
Password/Confirm password: Password/Confirm password
When creating a new user the user name, status and password fields are required, the rest
of the parameters are optional.
23
Adding a user (new user)
A new user can be added by right-clicking on the user group that the user is to be added into
and selecting "Add user" from the pop-up menu.
Steps to create a new user:
1.
2.
3.
4.
From the top menu bar select “Manage | Users and Groups” to open a pane on left
Right-click the relevant group to get a submenu
Select “Add user” to open a pane on right
Enter the relevant user information
a. Username: login name for the user
b. (optional) Alias: alternative name for the user
c. (optional) Email address: contact information for the user
d. (optional) Organization: user’s organization
e. Status: Active or inactive. Only active users may login.
f. Password and confirmation: login password
5. Save the user by clicking “Save”
Adding a user (copy user)
An existing user maybe copied to several groups. This enables one single account to be used
on numerous organizations while preserving the strict access policy.
Steps to copy a user:
1.
2.
3.
4.
5.
Create one more group
Select a user from a previously existing group and right-click for the menu
Select “Copy user”
Select the icon of the new group and right-click for the menu
Select “Paste user”
The copied account may now access numerous groups. The login of a copied user starts in
the typical manner and after successful login adds a pop-up in order to make selection of the
group used in the login. The possible other groups are invisible after the chosen group (or
context) has been chosen.
Editing user information
A user’s information can be edited by right-clicking on the desired user and choosing "Edit"
from the pop-up menu. User name and password cannot be changed from here.
24
An example of editing a user’s information:
1. Log in as an administrator group user
2. Open the user group and user management dialog by clicking "Manage | Users and
Groups" from the top menu bar
3. Right-click on the desired user and pick "Edit" from the pop-up menu
4. Change the desired parameters
5. Save changes by clicking "Save"
Removing a user
A user can be removed by right-clicking on him/her and selecting "Remove" from the pop-up
menu.
An example of removing a user:
1. Log in as an administrator group user
2. Open the user group and user management dialog by clicking "Manage | Users and
Groups" from the top menu bar
3. Right-click on the desired user and pick "Remove" from the pop-up menu
User’s status
If for some reason it is desired to deny a certain user from accessing the system, that user
can be inactivated by right-clicking on the user and selecting "Inactivate" from the pop-up
menu. An inactivated user may be re-activated by right-clicking on him/her and selecting
"Activate" from the pop-up menu.
An example of changing a user’s status:
1. Log in as an administrator group user
2. Open the user group and user management dialog by clicking "Manage | Users and
Groups" from the top menu bar
3. Right-click on the desired user and select "Passivate" or "Activate" from the pop-up
menu
Changing a user’s password
A user’s password can be changed by right-clicking on the user and selecting "Change
Password" from the pop-up menu. This will open a new dialog into which the user’s new
password can be entered.
An example of changing a user’s password:
1. Log in as an administrator group user
2. Open the user group and user management dialog by clicking "Manage | Users and
Groups" from the top menu bar
3. Right-click on the desired user and select "Change Password" from the pop-up menu
4. Input new password
5. Save new password by clicking the "Save" button
25
WIRELESS NETWORKS AND TARGET NETWORKS
Addition of networks to be monitored
Sapphire can simultaneously manage networks in several independent organizations. A
company or other organization can have many separate locations. The networks are
displayed in a hierarchical tree, where the top node is a root organization that binds the
various organizations conceptually together.
A company can have several networks, for different purposes. Example:
Office network
Warehouse network
Visitor network
To meet this need, Sapphire can monitor several networks at the same time.
1.
2.
3.
4.
From the top menu bar, select “View | Root Organization”
Enter the root organization’s name
Save by clicking “Save”
The Network topology is automatically displayed after saving
Addition of a network location
Location is used to define the network’s location in a precise or descriptive way. A location
might be a city, a part of the city, a building, or a single floor in a building, depending on the
coverage area of the organization’s network. A small organization might have only a single
location, an office. On the other hand, a large organization might have several locations, in
different cities, or a single overall location, such as “Europe,” under which countries and
cities etc. are defined.
26
1. From the top menu bar, select “View | Network topology”
2. Right-click the organization
3. Select “Add location”
4. Enter the location’s name
5. Select the location type from the pull-down menu
6. Enter an optional description for the location
7. Click “Save”
You can add as many locations as needed to describe the organization’s structure.
After you have added a location, you can add a service area.
1.
2.
3.
4.
5.
Right-click a location
Select “Add service area”
Enter a name for the service area
Enter an optional description for the service area
Click “Save”
Hidden networks
7signal Sapphire considers a hidden network to be a property of certain Organization. The
network scans are based on listening and actively requesting beacon information on the
Service Areas. The hidden networks shall not actively transmit beacons nor respond to
requests with partial information only. Due to this the various scans - including the initial
scan - in 7signal Sapphire do not capture hidden networks. Tests related to traffic analysis
27
shall contain also information on hidden networks but the capture is not used as a technique
in scans.
NOTE: hiding the network SSID is very limited a security measure as limits
only beacons sent by an access point but not the payload traffic. Any
attacker or typical analysis tool shall find hidden network as soon as
there are any payload packets in the network. Even popular operating
systems may present hidden network after a certain period of time.
To add a hidden network to 7signal Sapphire follow the steps below.
1. locate the Organization with a hidden network from the Topology tree
2. Right-click menu on the Service Area and select "Wireless networks"
3. Enter the relevant data on the hidden network on the pane that opened on the right
a. Name type (optional): currently only text strings are supported SSIDs
b. Name: the name of the network - not friendly name but SSID
c. Description (optional): description on the hidden network
d. Contact person (optional): the administrator for the hidden network
e. Key: the name of the wlan network access key that has been stored earlier
to the system
4. Select "Save" to store the data to the system
The pane "All Wireless Networks" shows all defined networks. By choosing the network it is
possible to change the current data. Button "Remove" deletes the network and the related
information from the system.
Removal of a network
All networks managed by Sapphire are displayed in the Network topology. Networks can be
deleted on the organization level. To delete a network from the Network topology,
right-click the network and select:
28
1. From the Network topology, select the organization containing the wireless network
you wish to remove
2. Right-click the organization and select “View wireless network” – then the “All
Wireless Networks” view is displayed in the right-hand pane
3. Select from the list the network you want to remove
4. Click “Remove”
Channel configuration
In addition to access points, a wireless network can include a controller, which remotely sets
RF parameters for a network. In such a case, the transmitting power and channels may
change over time, due to operator actions or the controller’s own actions.
Sapphire supports controllers via channel configuration so that each managed wireless
network or access point can have its own set of allowed channel changes. Changes that stay
within the preconfigured channel set do not cause an alarm. A change in a channel outside
the preconfigured channel set causes an alarm if that alarm has been activated.
29
To set up channel configuration, proceed as follows:
1. From the top menu bar, select “View | Network topology”
2. Right-click the item (access point or network) for which you want to set up a channel
configuration and select “Channels”
3. Select the allowed channels
4. Select “Save”
7signal Sapphire Enterprise extends this functionality such that all access points or networks
within the service area can have their own allowed and forbidden channels. This allows
Sapphire to monitor the channel configuration in several networks, and to obtain
information on other networks that use channels in unexpected ways. One obvious area of
application for channel configuration is office hotels, which have several small wireless
networks that can interfere with each other.
Extended channel configuration is a feature in the enterprise edition and requires a license.
Each version of Sapphire supports channel configuration in managed networks. To monitor
external networks, you need the enterprise license or some other license model that
supports channel configuration. Without a suitable license, accessing channel configuration
in the user interface does nothing.
30
SETTING UP A MONITORING STATION
Related icons
active monitoring station
inactive monitoring station
States of Monitoring Stations
The Eye unit may be in an inactive state. This happens if there is no network connectivity to
the monitoring station when a monitoring station is being added to the system. Also, an
active monitoring station may be turned inactive. This allows exceeding the number of
monitoring stations limited by the license. Only active monitoring stations may run the tests
but the topology may contain unlimited number of inactive monitoring stations.
Adding a monitoring station
Monitoring stations can be added in the service areas in the Network topology.
1. In the Network topology, select the service area where you want to set up a
monitoring station (Eye)
2. Right-click the service area and select “Add Eye”
3. Enter a name for the Eye
4. Enter the Eye’s IP address
5. Enter a description for the Eye (optional)
a. for example, its location and mount information
31
6. If you already know the test profile you want to use, you can select it now (for more
information on test profiles, see the section on test profiles in this user guide)
7. Enter the the regional setting. The wlan channels and possibly power options are
dependent on this setting so one should always choose the right setting.
8. (optional): if the hardware exists, it is possible to use the 8th beam or diversity
antenna with the check-box. When selected, one must also provide
a. Antenna gain
b. Cable loss (measured or estimate)
9. Save the monitoring station settings by clicking “Save” or “Save and move to scan”;
the latter option places the added Eye in network scan mode
Monitoring station settings
1. Activate the monitoring station by right-clicking on it in the Network topology
2. Select “Edit”
a. This opens the settings window in the right pane
3. The settings window allows you to view and edit the following information about
the monitoring station:
a. Name
b. Description
c. IPv4 address
d. TCP port for management traffic
e. Test profile
f. Settings for the Eye’s heating resistor
g. Monitoring station’s uptime
h. Monitoring station’s current time
i. External antenna enabled or disabled
i. gain of the external antenna
ii. cable loss
j. Software versions and temperature of the monitoring station (in a table)
k. Information about the access points within the monitoring station’s range
4. You can also check the information you have entered for the access points:
a. Access point ID (AP ID)
b. Access point name (AP name)
c. The role of the access point with relation to this Eye (AP relation to Eye)
5. Click “Save” to save any changes you have made
32
Activation of monitoring station
By default, the monitoring station is in active state. This is flagged with the green
background color in the Network topology. An inactive monitoring station would have
orange background color.
It is possible to deactivate the monitoring station. This feature is mainly targeted for
temporary installations. An inactive monitoring station exists in the system and its
measurements are accessible as usual. Only an active monitoring station may produce
measurements and run manual tests. The state management enables consistent user view
on Network topology and measurements.
The use case is to have temporary measurements in numerous locations and to have the
possibility to return to one location and continue with identical monitoring station setup to
keep the measurements comparable. Naturally an activated monitoring station must have a
scan to become operational again.
Floor plan
The floor plan helps you to manage networks and the physical location of devices. The floor
plan accepts all formats supported by Java 2 SE.
To add a floor plan, proceed as follows:
1. From the top menu bar, select “View | Network topology” to display the
management hierarchy in the right pane
33
2. Right-click the service area where you want to add a floor plan
3. In the menu that opens, select “Floor plan”
4. Right-click in the right pane and select “Load new floor plan image”
5. Browse to the floor plan file in the Carat server file system and select “Open”
To add devices to the floor plan, do the following:
1. Right-click on the floor plan and select “Eye” or “Access point” from the menu
2. Drag the selected icon to the appropriate position in the floor plan
a. Note: Before an Eye can be added to a floor plan, it must be added to the Eye
view
3. Right-click the floor plan area and select “Save”
To view and edit a saved floor plan, select the service area from the Network topology and
right-click “Floor Plan.” Right-clicking a floor plan displays a menu containing editing
functions. Note: To refresh the view, right-click the floor plan and select “Refresh.”
Tests from the floor plan
You can run interactive tests for the monitoring stations also from the floor plan.
1. Right-click a monitoring station in the floor plan and select “Active Tests”
2. Select the test you want to run
3. A test window opens on top of the floor plan
Updates to a management station's software
The software versions of the monitoring stations are managed via Carat. In the “Eye
software management” view, you can manage Eye software via the Carat server’s file
system. Software imported into Carat is visible in a list.
The center portion of the view lists the software versions of an individual monitoring station
when the monitoring station is activated. At the same time, you can also perform operations
that are available in the top part of the pane.
Operations:
• Information displays the software versions in the activated Eye
• Uninstall uninstalls the software version
• Install adds a software version from the Carat server
• Activate activates the software uploaded to the monitoring station
34
To start using a new software version:
1. From the top menu bar, select “Manage | Eye software management”
2. At the bottom right, under “Manage Eye software version in Carat,” select “Import”
3. Browse to the desired monitoring station software version in the Carat server file
system and select “Open”; the software is displayed in the “Eye Software Versions
Available in Carat” list
4. Click on the software version you want to install
5. At the top right, under “Manage Eye,” check the “Install” checkbox
6. Select “Execute”
35
CREATION AND USE OF AN ENCRYPTION KEY
Related icons
wpa2 encryption
wpa eap encryption
wpa 1 encryption
wep encryption
ieee encryption
http encryption
Before you start monitoring, you must create an encryption key. You can have several keys,
for different networks. Check the latest supported key set from the release notes.
On key types
WEP
WPA1 / TSN
WPA2 / RSN
WPA with EAP
Dynamic WEP
with EAP key
Open HTTP
Insecure, should not be used in critical networks
Early security method, outdated, recommended not be used
Truly secure method
a.k.a. WPA-Enterprise. Early EAP enhanced WPA that is
supported but somewhat outdated.
Modern and possibly secure. Actual security level is based
on implementation. Couraged to be used.
Needs tailoring per vendor and per software version
because of versatility of HTTP protocol and implementation.
On different methods and implementations
7signal Sapphire should support all possible encryption methods and this requires generic
approach to encryption issues. A concise presentation of the wlan encryption can be found
from the link http://tldp.org/HOWTO/html_single/8021X-HOWTO/ .
36
Various vendor-specific simplify PKI infrastructure into client and server certificates and
username/password accounts. Unfortunately setting up the wlan encryption requires
understanding beyond the use of the vendor-specific PKI implementation.
In case Carat does not directly support the encryption method used by the other wlan
clients (as Eyes emulate wlan clients), typically an alternative option may be used. If the
authentication server remains the same, most probably the other method would be
successful, too.
TIP 1: Microsoft environments tend to use combination of 802.1X
and username/password. This falls into category:
Key type: Dynamic WEP with EAP key
Method: EAP-PEAP
Inner authentication: MSCHAPV2
TIP 2: In Cisco PKI infrastructure the a setting similar to the one
above would be:
Key type: Dynamic WEP with EAP key
Method: EAP-PEAP
Inner authentication: GTC
Adding a key
Add a key by following the instructions below:
1. From the top menu bar, select “Manage | Keys” – the available key types and
existing keys are displayed in a hierarchical structure in the left pane
2. Right-click the key type you want to create and select “Create key”
3. Enter a name for the key
4. Enter the data required by the key type
a. There are significant differences in the data required for different key types
b. When “Show input” is checked, the user interface displays the passwords in
plain-text.
5. Save the key by clicking “Save”
After a key has been created, it can be attached to a wireless network.
37
1. From the top menu bar, select “View | Network topology”
2. In the Network topology, select the network to which you want to add the
encryption key and right-click
3. Select “Edit”
4. Enter a contact person
5. Select a suitable encryption key for the network from the pull-down menu
6. Click “Save”
On certificate-based encryption
There are input fields for the “CA certificate” and “Client certificate”. It is recommended that
both certificates are added. If one certificate file contains all the information, it should be
used in both of the input fields. However, it is not mandatory to use certificate files if the
certificate or encryption system if the implementation is based on username/password.
The certificate container is expected to be accessible by the Carat GUI client in the local or
shared file system of the host machine. Accepted formats:
CA certificate – PEM, DER, PKCS12 (aka PFX)
Private key – PKCS12 (aka PFX)
As a corollary, a single PKCS12 formatted file that contains the CA certificate as well as the
private key, can be used in both of the cases.
If conversions are required to achieve these formats, please consult Your Certificate
Authority. In Linux and Unix environments OpenSSL is commonplace tool and can handle the
conversions required.
TIP: Microsoft environments have certificate files with file
extension CER. The file content format typically is DER. To turn
DER files into PEM, please use the following command:
openssl x509 –informat DER –in .cer –outformat
PEM –out .pem
Windows environments have extension “PFX” to mark a typical certificate container file
type. This format is exactly PKCS12 format that typically has “p12” extension in Linux/Unix
world. 7signal Sapphire does not care about the extension but the internal format of the file.
Microsoft PKI Infrastructure
One commonplace certificate-based environment is implemented by Microsoft. Typically
any appliance shall have their own account (“machine-account”). It would very challenging
to make the linux-based Eye to serve Windows infrastructure with the proper certificate. An
applicable option is to create one user-account to be used by all Eye units.
When a user-account is in place, the authentication may be defined as follows:
38
1.
2.
3.
4.
5.
6.
7.
Select “Dynamic WEP with EAP key” to get the dialog above
Select WPA key type, either 1 or 2, according the local environment
EAP method must be set to “EAP_MSCHAP_V2”
Fill in the account user name to the field “Identity”
Enter and confirm the account password.
Enter Windows infrastructure CA certificate.
One may enter the same certificate as “Client Certificate” as well.
The Eye is now properly authenticated in Windows PKI environment.
39
ADDITION OF TEST END-POINT
Sonar
Sonar is 7signal specific server that handles typical network requests i.e. it emulates
numerous servers in the network. While the network traffic generated is always identical to
the emulated service, the service cannot be extremely complex or dynamic in nature.
Sonar (icon
) is the server needed for executing elementary tests. There can be several
Sonar servers configured. Each test can be configured to use any of the configured Sonars.
Configuring Sonar servers makes it easy to define the parameters for the automatic
measurements.
1. From the top menu bar, select “Manage | Sonar view”
2. Select “Add Sonar”
3. Enter a name for the Sonar instance (Note: The name should be descriptive,
especially when one is using several Sonars)
4. Enter a description for the Sonar (optional)
5. Enter the IP address or DNS name and TCP port (Note: At this stage, Carat does not
verify that the Sonar actually exists, so ensure that the Sonar exists before you begin
testing)
6. Click “Save”
Generic test counterparts
It is possible to run tests towards actual network servers.
40
Test endpoint definition requires information on networking level but does not require
anything application specific. For example, an SQL server is considered only from
connectivity point of view while the actual access credentials and test queries are defined
per test. Therefore the endpoint definition is a simple procedure and is similar to all
supported test endpoints.
41
ACCESS POINT INFORMATION
Related icons
unknown access point (unwanted state)
known access point (in the coverage area but outside administrative domain)
own access point (in administrative domain)
managed access point (target to a monitoring station, in administrative domain)
The access point information can be displayed by right-clicking the access point in the
Network topology and selecting “Access Point Info.” The information includes the following:
•
•
•
•
•
•
•
•
•
•
Access point name
The managing Eye (i.e., the Eye that performs the tests)
Network name
Access point type
The antenna used by the Eye to monitor the access point
Channel
MAC address
Alarm limit
Encryption
bits/s values for the supported codecs
42
LINKS AND LINK GROUPS
In 7signal Sapphire a link denotes an end to end connection between an Eye monitoring
station and a Sonar server. Thus a link can be said to consist of a monitoring station, an
access point and a Sonar server. In the Network topology links are positioned beneath the
managed access points. 7signal Sapphire forms the links automatically when it detects an
established end to end connection.
Related icons
link
link group
A link group is a grouping of links defined by a user. A user can create a link in a Location in
the Network topology. The main purpose of a link group is to give users the ability to easily
bind one SLA group to multiple links with similar expected level of service.
Links and link groups enable the versatile binding of SLA groups formed from service level
agreements to end to end connections. For example an SLA group bound to an organization
is applied to all topology elements within that organization. However, this can be overridden
by binding different SLA groups to specific links or link groups, in which case their
compliance with the service level agreement is determined by measuring against the KPIs
defined in their own SLA group, instead of the SLA group bound to the organization.
The formation of a link
7signal Sapphire Carat forms a link automatically once a test profile with a Sonar definition is
bound to a monitoring station.
For example when a test profile containing active tests to two Sonars ("Sonar1" and
"Sonar2") is bound to a monitoring station ("Eye1") with two managed access points ("AP1"
and "AP2") 7signal Sapphire carat forms the following links:
1.
2.
3.
4.
Eye1 - AP1 - Sonar1
Eye1 - AP1 - Sonar2
Eye1 - AP2 - Sonar1
Eye1 - AP2 - Sonar2
Link removal
7signal Sapphire Carat automatically removes a link if one of its components (the monitoring
station, access point or Sonar) is removed. Because links are formed automatically it may be
in certain rare situations necessary for the user to remove links one deems unnecessary.
Remove a link as follows:
1.
2.
3.
4.
Click on "View | Network topology" from the top menu bar
Right-click on the link to be removed from the tree hierarchy
Choose "Remove link" from the pop-up menu
Confirm link removal
43
Creating a link group
Create a link group as follows:
1. Click on "View | Network topology" from the top menu bar
2. Right-click on the desired Location into which the link group is to be added
3. Choose "Add Link Group" from the pop-up menu. A dialog for adding a link group is
opened to the right.
4. Name the link group
5. Define the SLA group to be bound to the link group (optional)
6. Click "Save"
Removing a link group
Remove a link group as follows:
1.
2.
3.
4.
Click on "View | Network topology" from the top menu bar
Right-click on the link group to be removed from the tree hierarchy
Choose "Remove" from the pop-up menu
Confirm link group removal
Adding a link to a link group
Add a link to a link group as follows:
1. Click on "View | Network topology" from the top menu bar
2. Drag the link to the desired link group
Removing a link from a link group
Remove a link from a link group as follows:
1.
2.
3.
4.
Click on "View | Network topology" from the top menu bar
Right-click on the link (under a link group) to be removed from the tree hierarchy
Choose "Remove link" from the pop-up menu
Confirm link removal
44
ALARMS
Related icons
alarm configuration
critical alarm
informational message
alarm configuration group
network error
warning message
The system alarms are initiated by significant changes in the monitored network's status or
topology. It is possible to send the alarms to an SNMP system. Please see the instructions
later in this document.
Alarms are used through alarm groups to which the desired alarms can be assigned. There is
a preconfigured alarm group, Global Alarms, which can be bound to a network by binding it
to one of its access points. The alarms will then be issued by any access point in the network.
The Global Alarms group includes the following alarms:
•
•
•
Managed Access Point Down
Offending Channel Changes of Managed Domain
Offending Channel Changes of External Domain
Creation of an alarm group
You can extend the Global Alarms group or create new alarm groups. It is recommended
that you create new groups. To create a group, proceed as follows:
1. From the top menu bar, select “Manage | Alarm configuration”
2. Select “Alarm Limit Group” and right-click it
3. Select “Add alarm limit group”
4. Enter a name for the alarm group
5. Select the alarms by dragging them from “metadata” to the alarm group pane
6. When you have added all the alarms you want, select “Save”
Modification of alarms in a group
The table below lists the alarms. Some of them have parameters that can be modified. To
modify the parameters of an alarm, proceed as follows:
1. Select the alarm to be modified in the alarm group
2. Right-click and select “Edit”
3. Modify the parameter value
4. Select “Update”
Menu
Managed Access Point Not
Responding
Potential Channel Interference
Description
The alarm is activated when a managed
access point does not respond. This is a
critical alarm.
The alarm is activated when a new access
point with a strong signal is detected on a
managed channel. This is a warning alarm.
Modifiable?
No
Yes
45
Managed Access Point Security
Settings Changed
Offending Channel Change of
Managed Domain
Offending Channel Change of
External Domain
Unknown Access Point
Detected
Acceptable Response Time
Exceeded
End-to-End Availability Loss
Acceptable Retransmission
Rate Exceeded
IP Resource Availability
The alarm is activated when the security
settings of a managed access point are
changed. This is a critical alarm.
The alarm is activated when a managed
access point starts to use a restricted
channel. This is a warning alarm.
The alarm is activated when an external
access point starts to use a restricted
channel. This is a warning alarm.
The alarm is activated when an unknown
access point is detected. This is a warning
alarm.
The alarm is activated when the average
round-trip time in a ping test exceeds the
set limit. This is a warning alarm.
The alarm is activated when ping tests fail.
This is a critical alarm.
The alarm is activated when the
retransmission rate exceeds the set limit.
This is a critical alarm.
The alarm is activated on DHCP timeout.
This is a critical alarm.
No
No
No
Yes
Yes
Yes
Yes
Yes
Binding of alarms to access points
Alarms can be configured on a per-access-point basis by binding an alarm group to an access
point. Only an existing group can be bound to an access point.
1. In the Network topology, right-click the access point to which you want to bind the
alarms
2. Select “Bind to alarm limit group”
3. From the pull-down menu, select the alarm group you want to use for this access
point
Alarm messages
To view the alarms issued, select “View | Alarms” from the top menu bar. You can indicate
whether you want to see all alarms or only alarms that are currently active. You can also
select how the alarms are listed.
46
You can acknowledge an alarm by clicking the symbol under “Ack time”. The symbol will be
replaced by the current time of the Carat server, and the alarm is acknowledged. The alarms
are turned off in the same way.
Alarm exporting
There are two methods that alarms may be brought to attention of external systems: email
forwarding and SNMP.
Alarms and email forwarding
Alarms are sent as plain-text emails with standard formatting easy to be parsed with typical
text-processing tools.
NOTE: Email may be used only for relaying the alarms to the
other messaging system that convert emails to f ex SMS and
messenger formats. 7signal products do not directly provide such
integration.
Email forwarding requires an SMTP server to be defined. There may be numerous recipients
that shall receive the alarms
47
1. From the top menu bar, select “Manage | Alarms | Email”
2. Enter target email address to “New recipient” field
3. Select “Add” to register the email address as a recipient. It shall appear in the box
named “Email recipients”
a. Incorrectly added or not any more relevant recipients may be removed by
activating the recipient in the box and then selecting “Remove”
4. Choose the types of alarm event that shall be forwarded by ticking the check-boxes.
a. Types are: raised, acked, offed.
5. Choose the set of alarms to be forwarded by ticking the check-boxes on the alarm
table.
6. Select “Save” the make the selection permanent and stored.
7. Select “Close” to close the pane.
Alarms and SNMP
Some alarms in Sapphire Carat can be forwarded as SNMP notifications to a receiving server.
1.
2.
3.
4.
5.
From the top menu bar, select “Manage | Alarms | SNMP”
Enter the IP address or DNS name of the receiving server
Enter the UDP port to use
Select the SNMP version (v2c/v3) to be used for the message format
If you select v3, you must also:
a. Enter a security name
b. Select the security level (authentication / no authentication)
c. If you select authentication, configure its settings:
i. Select an encryption method (MD5/SHA)
ii. Enter a password
iii. Re-enter the password
6. Select the alarms you want to forward
7. Select the events you want to forward:
48
a. Alarms issued
b. Acknowledged alarms
c. Alarms that have been turned off
8. Select “Update”
9. Right-click “SNMP clients” in the Network topology and select “Save”
49
TRAFFIC CLASSES
The IEEE 802.11e standard defines eight traffic classes. Most mission-critical access points
support this standard. Traffic classes are becoming more and more important, especially on
account of wireless VoIP.
7signal Sapphire Enterprise supports the 802.11e standard. Active tests can be configured to
have a traffic class. All Sapphire versions support assignment of traffic classes, but if the
Sapphire license does not include traffic classes, Sapphire will treat the traffic as ordinary
traffic (Non-QoS, best-effort). Traffic classes are taken into account in only those networks
whose access points support this feature. A request for a traffic class does not guarantee
that it is granted. When viewing measurement reports, you might see that several traffic
classes have been used. The class granted will never exceed that requested.
The following table describes the traffic classes for the parameters of active tests:
The standard defines eight traffic classes, which are grouped into four named classes
(background, best-effort, video, and voice). In practice, most telecommunications devices
support four named classes. This is seen in Sapphire as well, where Eye supports four
classes, and the user interface shows eight. Only supported classes are selectable in the user
interface.
Note: The ping test is an active test, but, on account of its nature, assigning a traffic class to
it is not sensible.
Note: Best-effort (0) refers to unclassified traffic that does not conform to the IEEE 802.11e
standard.
50
TEST MEASUREMENTS
The tests are grouped into passive listening tests and active switched tests in the radio
network. There are two ways to run tests in Sapphire Carat: user-initiated tests to locate a
fault and automated tests for continuous monitoring and collecting of measurement results.
You can run the tests from a hierarchical tree. Test menus are accessible by right-clicking a
monitoring station or an access point. You can also run tests from the floor plan.
Test profiles
Related icons
test profile element
test profile
test profile template
A test profile is a series of tests that can be run continuously either on a per-access-point
basis or in monitor mode, thus listening all 802.11 traffic. Sapphire contains preconfigured
profiles intended for typical business environments.
To set up test profiles, select “Manage | Test Profiles” to display the Test Profiles view. The
existing templates, test elements and actual profiles are displayed on the left in the
management tree in descending order, respectively.
51
Templates are a collection of pre-configured test profiles aimed at various business
purposes. They are not to be used as runnable test profiles but as a source,
reference and model for the user creating the runnable test profiles.
Elements are individual tests that may be inserted to test profiles.
Test profile is a collection of test elements that may be executed. The user is
supposed to copy either templates or elements to a test profile. There may be
numerous profiles for different purposes. A test profile is always bound to a
monitoring station.
Contents of a test profile
The purpose of the network dictates which tests should be used to get the best picture of its
functionality. As a result, there are several preconfigured test profiles, where the order and
frequency of tests is different and so are test parameters, such as the number of megabytes
downloaded and uploaded. The test profile names reflect the business environment in
which they are thought to be most useful.
Below is a sample profile that could be used for a monitoring station.
Test
RTT ping
Download
Scan managed
Download
Access point traffic
Noise monitor
Scan
Http
MOS
Test parameters
32 B x 10
2 MB x 2
350 ms/channel
2 MB x 2
60 s
350 ms/channel
350 ms/channel
500 kB
VoIP parameters
When the profile is running, each test is run in its turn, followed by the next test. After the
last test is run, the test profile starts from the beginning. The table shows the most
important test parameters, but the tests also have other configurable parameters.
Below are descriptions of the preconfigured profiles - Templates - in Sapphire. You can copy
a template and save it under a different name. You can then freely modify the parameters in
the original profile and the copy. By copying test profiles, you can easily create a customized
profile for each monitoring station.
Passive
“Passive” template contains four passive tests and no switched tests. In passive tests, the
monitoring station does not attach to an access point; it just listens to radio traffic for the
specified time. When using a passive profile, you do not need to configure encryption
settings or authentication for the radio network.
52
Note: A passive profile has an extremely small effect on the monitored network. The only
effect is that Sapphire sends probe requests to access points.
Warehouse
The “Warehouse” template serves the needs of logistics services where the amount of data
transferred is not large but the data traffic is continuous. Network availability and uptime
are vital. The network clients are mostly known or even preconfigured. This profile can be
used in all environments that have similar circumstances.
Office
The “Office” template is intended for office use wherein the clients are mostly laptops
running office applications. An office WLAN must have superb usability and a robust data
transfer capacity. This profile can be used in all environments with similar circumstances.
Lightweight
The “Lightweight” profile is intended for environments that do not have several concurrent
users and that have a narrowband link to a central server (<512 kbit/s). This profile
emphasizes WLAN availability. Another emphasis is on a fast testing cycle, where each test
takes only a short time.
VoIP
The “VoIP” template is intended for environments where the wireless clients are mostly
VoIP devices. A wireless VoIP network must have extremely high-quality radio connections.
The MOS test indicates packet losses and jitter in the network, among other things.
Hospital
“Hospital” resembles the “Office” template. However, the “Hospital” template produces
more results that describe the status of the wireless clients. The profile is a general-purpose
one that emphasizes wireless clients.
Spectrum and Noise
This template is limited in test elements: there are no active test at all. It is targeted for
environments that have severe interference conditions. This can be considered as a troubleshooting template that is activated if the normal course of testing does not provide enough
information on the source of the interference.
Surveillance
The “Surveillance” is a limited template with one test only that specializes in surveillance.
The point is to capture traffic in any channel in any direction. The rationale is environments
where there should be no radio traffic at all or only for white-listed devices.
TripleSSID
Mainly example how to configure test profiles that access numerous wlan networks in a
single profile. This is the case one Eye unit is supposed to monitor multiple wlans
concurrently. The next chapter has more details on this.
53
Testing multiple wlan networks in one test profile
One monitoring station may test multiple access points that provide multiple wlan networks.
In the context of test profiles wlan networks are referred as ESSIDs (essid later in the text).
Testing on multiple essid’s is achieved by either copying and editing individual test element
in a profile or copying a complete template to pasted to an existing profile.
Whenever it is possible to define an essid to a test element there may be exactly one essid
per element or no essid at all. The latter means that the test in question shall be executed
against all access points managed by the monitoring station. The former limits the access
points to ones that have the essid and are managed by the monitoring station.
Operations on Templates
Templates are for copying and editing. There are two different supported methods for that,
“Duplicate” to make a fresh copy of the sample profile and “Copy as essid” that adds the
template profile to an existing test profile.
Duplicate
1.
2.
3.
4.
5.
Select “Manage | Test Profiles” to open the management tree on the left.
Choose the appropriate template and right-click for the submenu.
Select “Duplicate” to open the Test Profile pane.
Give a name to the new Test Profile.
Bound Tests window is for informative purposes here only. Editing if desired is
available later.
6. In “Common Values” one may enter test parameters that apply to every test in the
profile.
7. Saving options
a. Select “Cancel Changes” to undo changes.
b. Select “Keep Changes to save the intermediate work.
c. Select “Save All Changes” to finalize the work on this pane.
Copy as essid
The pre-requisite here is to have existing test profiles that shall be the target for pasting all
elements in the template. This is one form of cut&paste operation.
1.
2.
3.
4.
Select “Manage | Test Profiles” to open the management tree on the left
Choose the appropriate template and right-click for the submenu
Select “Copy as essid” (no visible results)
Right-click on Test Profile icon and select “Insert essid” to open essid pane on the
right
5. Insert an existing essid name
6. Optionally, insert other common parameters in the table “Common Values”
7. Select “Save All Changes” to insert the test elements in the template to the test
profile as individual essid. All tests under the essid contain the same parameters,
such as Sonar etc.
54
Operation on Test Element
Copy element
The pre-requisite here is to have existing test profiles that shall be the target for pasting this
test element. This is one form of cut&paste operation.
1.
2.
3.
4.
Select “Manage | Test Profiles” to open the management tree on the left
Choose one of the test elements and right-click
Select “Copy element” (no visible results)
Paste the element by choosing “Paste testprofile element” available on the rightclick
a. If the target is a Test Profile icon, the element shall be the last one in that
profile
b. If the target is an essid inside a test profile, the element shall be the last one
for that essid.
5. Repeat step 2-4 until the test profile is according the expectations.
Operations on Test Profile Node
Save All Changes
Any change in the sub-tree shall be made persistent.
Add empty Test Profile
A new test profile object to the tree shall be inserted. The only input required is the name of
the profile.
Operations on Test Profile
Edit
Open a pane with “Common Values” and “Name” field ready for editing. “Bound Tests”
remains read-only, the elements are managed in the tree.
Duplicate
Create identical test profile with a new name. It is possible to change top-level parameters
on the same pane. This option enables easy creation of test profiles with similar test
elements to another link.
Copy as essid
Copies the contents of a test profile to be pasted to another profile as essid object.
Remove
Removes the object.
Bound Eyes
Shows the monitoring stations that are using this profile.
Automated Tests
No current functionality.
55
Automated Tests for Eyes
No current functionality.
Paste test profile element
Paste previously copied test profile element as the last element in the profile.
Save
Make the changes in the sub-objects persistent.
Insert Essid
Paste previously copied essid into this profile as the last element.
Insert New Essid
Create a new empty essid into this profile as the last element.
Operations on essid inside a test profile
Edit
Open a pane with “Common Values” and “Name” field ready for editing.
Copy
Enable pasting of the object.
Paste test profile element
Paste previously copied test profile element as the last element in the profile.
Remove
Deletes the object.
Operations on test profile element inside a test profile
Edit
Edit the parameters of the test.
Save
Make active changes persistent.
Copy Element
Enables pasting of the object.
Remove Element
Deletes the object.
Insert Element Before
Paste the element on clipboard as element as a predecessor to this one.
56
Insert Element After
Paste the element on clipboard as element as a successor to this one.
On test elements
Each test has default parameters, which can be used as is or modified as needed. To obtain
the best results and find the best measurement methods for a target network, plan and
configure the tests to suit the network.
A test profile must be configured for each monitoring station separately. The same profile
can be used in several monitoring stations.
Modifying test parameters
If you wish to modify individual tests, see the instructions below. However, the tests will
work perfectly well even without modification. For each test, do the following:
1. Select the test from the profile and right-click the test
2. Select “Edit”
3. If desired, set the test duration (in seconds)
a. The test duration does not affect the running of the test; however, if the
test type is temporarily removed from the test set, the time specified is
spent in sleep mode, depending on the configuration
4. Select a test
5. Select a test type (parameter is visible)
6. For some tests, such as RTT ping, you may also do the following:
a. Select the interval, or the pause between pings
b. Select Sonar
c. Select an access point
d. Select an IP address
e. Select the number of bytes to be downloaded/uploaded
f. Select the number of repetitions
g. Select the client’s IP address policy:
i. DHCP in use (1)
ii. Static address (0) – enter address data
7. Select “Keep changes”
8. Select “Save all changes”
Configuring complex test profiles
Free editing makes it possible to create profiles for any imaginable purpose. One might want
to create fine-grain testing for a particular wlan network or it might want to test multiple
wlan networks in one profile.
Use case: fine-tuning existing profile
Use “Copy Element” and “Insert Element After” or “Insert Element Before” to multiply one
single test. Change parameters in each duplicate to achieve the desired effect. This could be
changing the ping packet size, changing the amount of data to be transferred or changing
57
the MOS test parameters. Such extreme-values and range tests produce detailed
information on the network behavior.
Use case: Multiple SSID testing
There are two ways to achieve testing on multiple networks on one single monitoring
station. The first is based on element copying (the previous paragraph) and the other is
using copies of essid objects.
Using copies of elements may be burdensome at the configuration time but gives control
over the test order. By copying one single element (test type) to be sequentially tested on
different wlans produces the following sample profile:
1.
2.
3.
4.
5.
6.
7.
8.
FTP on Wlan1
FTP on Wlan2
FTP on Wlan3
Spectrum
MOS on Wlan1
MOS on Wlan2
MOS on Wlan3
Scan
The other approach is the create a simple test sequence as essid and then duplicate the
essid object and make the duplicates to point to different wlans. The resulting sample test
profile would be similar to the following:
1.
2.
3.
4.
5.
6.
7.
8.
FTP on Wlan1
MOS on Wlan1
Spectrum
FTP on Wlan2
MOS on Wlan2
Scan
FTP on Wlan3
MOS on Wlan3
Please observe that in the latter approach the measurements on a single wlan network shall
be sparser temporally. While individual tests shall happen on roughly the same time interval,
the distribution of the samples per network differs a great deal on these two approaches.
When planning the test cycles, one should bear in mind:
The more tests there are in the sequence, the bigger the difference in sample
distribution.
The more networks, the less samples for individual networks
Running test profiles
Select “Tools | Eye auto tests management” to see current status of Eye units.
58
The Eyes of the user context are enlisted in the box on the right. The Eye name, the test
profile name and the state of the test profile run are indicated.
By selecting one of the Eyes brings additional information such as the run time and test
profile content on the left.
Buttons
Play – runs the chosen test profile on the active Eye
Pause – temporarily stop or resume running the test profile on the active Eye
Stop – Stop running the profile on the active Eye
59
Passive tests
Initial network scan
When the Eye has been installed or needs to be reset, you must run a network scan. There
are various preconfigured scanning durations. When an Eye has been installed for the first
time, it is recommended that you run the longest scan, titled “Initial scan.” The purpose of
the initial scan is to scan the monitoring station’s radio frequency environment very
thoroughly and to detect the access points suitable for monitoring.
Network scan type
Description
Initial
Slow
Regular
Fast
First deployment
Thorough
Normal
Quick
Estimated duration (all antennas and
channels)
15–20 min
7–9 min
3–4 min
less than 1 min
The scan results are presented in a table. An initial scan should be run whenever substantial
physical changes have been made in the environment being monitored (for example, new or
removed walls), or if the Eye’s location has been changed.
The table contains the following information about the WLAN access points detected:
• Network name (ESSID)
• Encryption methods supported by the access point
• MAC address of the access point
• Channel
• Management status (if not known, denoted as “Unknown”)
• Antenna that hears the access point best
• Access point signal strength
• Noise level
The access points in the service area must have a management status. Setting a
management status means that the access point’s existence is acknowledged.
Unacknowledged access points prompt issuing of an alarm if such an alarm has been
configured. The management statuses are as follows:
•
•
•
•
“Managed”: Monitored by this monitoring station
o The recommendation for signal strength is >65 dBm
“Own”: Own access point managed by another monitoring station
“Known”: An access point that is an accepted part of the radio frequency
environment (for example, a neighboring network)
o If possible, ensure the access point operates properly and can be accepted
“Unknown”: An access point without a monitoring status
o In practice, this status should exist only during network scans in new service
areas; it should not exist in normal use
The changes are saved in Sapphire Carat’s database and the installed monitoring station.
The test is described in more detail below, under the “Network Scan” description.
60
“Network Scan” test
The network scan test can also be used as a separate test outside initial deployment. The
deployment is described in the previous section of this guide.
To scan the network, do the following:
1.
2.
3.
4.
5.
6.
7.
8.
In the Network topology, select the Eye you want to use for scanning the network
Right-click and select “Network Scan”; a test window is displayed in the right pane
Select the test duration from the pull-down menu
If you want to view information about each antenna, select “Show RX level”
a. If this checkbox is selected, the results window has a separate line for each
antenna, which might make the window’s content more difficult to read
b. The system selects the best antenna automatically in any case
c. The system offers an active test for verification of the antenna selection
Select the scan directions – i.e., antenna lobes
Select the channels to scan
Select “Scan”
The results are displayed in a table
MAC
hidden
NOTE: After the network scan, you can verify the suitability of the selected antenna by
running the antenna selection test.
The information in the table can be edited. Remember to save the changes.
61
•
•
“Manage”: The management status: the status of a monitoring station can be
changed
“Sel Ant”: Selected antenna – you can change the antenna used by the Eye to
monitor the access point
o We recommend that you compare the signal levels received very thoroughly
o We recommend that you perform the antenna selection test if anything is
even slightly unclear
Options for processing the results:
• “Save” saves the information in the table to the Carat system.
• “Columns” select the visible columns; the table might be easier to read if you hide
unnecessary columns
• “Export” exports a text file to the Carat file system – you can enter the location in
the dialog that appears after you click “Export” – which is a handy feature for
comparison of results obtained at different times
“Client Scan” test
You can scan for preconfigured clients by their MAC address.
1.
2.
3.
4.
5.
6.
7.
In the Network topology, select the Eye you want to use for scanning the network
Right-click and select “Active Tests | Client Scan”
Enter the scan duration under “Scan interval”
Select the scan directions – i.e., antenna lobes
Select the channels to scan
Select “Scan”
The results are displayed in a table:
a. The MAC address of the scanned devices that transmitted during the test
b. The noise level and signal strength, by antenna
62
MAC
hidden
8. Select “Save”; the clients detected remain in the table
9. You can enter a friendly name and description for each user; this name will be
displayed in future results instead of the MAC address
63
MAC
hidden
10. Select “Save” to save the friendly names and descriptions
The data can be viewed and edited.
1.
2.
3.
4.
5.
From the top menu bar, select “Manage | Network clients”
To change the information, select the MAC address or name
Right-click and select “Edit”
Edit the information
Select “Save”
MAC
hidden
64
MAC
hidden
Addition of a new client
1. From the top menu bar, select “Manage | Network clients”
2. In the hierarchical tree in the left pane, right-click the topmost element, titled
“Network clients”
3. Select “Add network client”
4. Enter a friendly name for the client
5. Enter a user’s name, if known
6. Enter a description (optional)
7. Enter the client’s MAC address
8. Click “Save”
To add several clients at once, select “Import network clients” in step 3. This option imports
a text file from the Carat server’s file system. The file format is as follows:
field
explanation
example
MAC
MAC address,
required
complete
description
omitted
partial
Name
User
Description
Client name,
Client user if
Client description
(optional)
known (optional) (optional)
A:B:C:D,pda,Pda User,personal digital assistant
A:B:C:D,officeLaptop,J.D.,
A:B:C:D,barCodeReader, ,
The “Export network clients” function creates a corresponding file in the Carat server’s file
system.
65
Spectrum analyzer
The monitoring station supports frequency-sweep-based radio spectrum analysis. The
frequency status is displayed as a colored map.
1.
2.
3.
4.
In the Network topology, select the Eye that will run the test
Right-click and select “Spectrum Analysis”
Select a suitable sweep method from the pull-down menu
Select the presentation mode from the pull-down menu
a. Off-line: one-time draw
b. On-line: regularly updated image
5. Select the test duration from the pull-down menu
6. Select the antennas to be used in the test by selecting their respective checkboxes
7. Select “Scan”
66
Active Tests
Active test means that the monitoring station assumes the role of a network client i.e. it is
active by attaching itself to the wlan network to run some operation.
Active tests may be run continuously from the test profiles. This is automated and
continuous right after the test parameters has been set for each profile and profiles are
bound to the monitoring stations (See chapter Test Profiles).
Below it is instructed how to run tests interactively from the user interface. This approach is
suitable to both deployment phase and detailed and interactive troubleshooting cases.
The test are activated from the Network topology by right-click on icon of either the
monitoring station or an access point. The test selection is available on the menu.
“Noise monitor” test
You can measure the noise levels surrounding the monitoring station. This test is available
based on backward compatibility and for entry-level systems, more accurate results are
available with spectrum analysis.
1.
2.
3.
4.
5.
6.
7.
In the Network topology, select the Eye that will run the test
Right-click and select “Noise Monitor”
Select the scan directions – i.e., antenna lobes
Select the channels to scan
Select “Execute”
The results are displayed in a table as seen below
To view the results in a graphical view, click “Show graph”
67
68
“Optimal Antenna Selection” test
The antenna test is used to verify the suitability of the selected antenna. Because of
reflections, the network scan can show similar results for different antennas. However,
during transmission of data to an access point, the differences between antennas become
significant. This test is worth running if more than one antenna shows similar results.
1.
2.
3.
4.
5.
6.
7.
8.
9.
In the Network topology, select the Eye that will run the test
Right-click and select “Active Tests | Optimal Antenna Selection”
Select the Sonar against which you want to run the test, or type another IP address
Select an access point
Select the Eye’s IP address (DHCP or static)
a. If static, enter the (1) local IP address, (2) local netmask, and (3) gateway
Set up the test options:
a. Select the amount of data transferred at one time
b. Select the antennas to be used in the test
Select “Execute”
The results are displayed in a table as seen below
If an antenna gives better results than the currently used antenna, select the better
antenna for monitoring
69
Download Tests
This test gives an indication of an access point’s FTP or UDP downlink capacity.
1.
2.
3.
4.
5.
6.
7.
In the Network topology, select the Eye that will run the test
Right-click and select ”Manual tests”
From the submenu select either “FTP Download Test” or “UDP Download Test”
Specify whether you want to run the test against a Sonar or another target
Select the Sonar against which you want to run the test, or type another IP address
Select an access point
Select the Eye’s IP address (DHCP or static)
a. If static, enter the (1) local IP address, (2) local netmask, and (3) gateway
8. Set up the test options
a. Select the amount of data transferred at one time
b. (UDP only): Packet size to be used (small = 256, medium = 1024, large =
32768 bytes)
c. (UDP only): Sender (Sonar) port. Default 0 means that MOS test ports shall
be used. User-given port overrides this setting. Please observe possible
firewall settings.
d. (UDP only): Receiver (Eye) port. Default 0 means that MOS test ports shall
be used. User-given port overrides this setting. Please observe possible
firewall settings.
e. Select the display format for the results
f. Select how many times the test is to be run
9. Select “Execute”
10. The results are displayed in a table as shown below
Note: You can change the table type even after the test is executed
70
Upload tests
This test gives an indication of an access point’s FTP or uplink uplink capacity.
1.
2.
3.
4.
In the Network topology, select the Eye that will run the test
Right-click and select ”Manual tests”
From the submenu select either “FTP Upload Test” or “UDP Upload Test”
Configure the test target in the target area:
a. Select the Sonar against which you want to run the test, or type another IP
address
b. Select an access point from the pull-down menu
c. Select the Eye’s IP address (DHCP or static)
i. If static, enter the (1) local IP address, (2) local netmask, and (3)
gateway
5. Set up the test options:
a. Select the amount of data from the pull-down menu
b. (UDP only): Packet size to be used (small = 256, medium = 1024, large =
32768 bytes)
c. (UDP only): Sender (Eye) port. Default 0 means that MOS test ports shall be
used. User-given port overrides this setting. Please observe possible firewall
settings.
d. (UDP only): Receiver (Sonar) port. Default 0 means that MOS test ports shall
be used. User-given port overrides this setting. Please observe possible
firewall settings.
e. Specify how many times the test is to be run
f. Select the display format for the results from the pull-down menus
71
g. Select the traffic classes to use (licensed products only)
6. Select “Execute”
The results are displayed in a table as seen below.
Note: You can change the report type even after the test is executed
“Ping test”
A ping test tests the accessibility of a device, the number of packets sent and received, and
latency time.
1. In the Network topology, select the Eye that will run the test
2. Right-click and select ”Manual tests | Ping test”
3. Define the test target in the target area:
a. Select the Sonar against which you want to run the test, or type another IP
address
b. Select an access point from the pull-down menu
c. Select the Eye’s IP address (DHCP or static)
i. If static, enter the (1) local IP address, (2) local netmask, and (3)
gateway
4. Set up the test options:
a. Select the size for the ping packet
b. Select the waiting time between tests (in milliseconds)
c. Select the waiting time (in seconds) before termination of a test that does
not progress
d. Specify how many times the test is to be run
e. Select the display format for the results from the pull-down menus
72
5. Select the traffic classes to use (licensed products only) – note that it is not
recommended to use traffic classes in a ping test
6. Select “Execute”
The results are displayed in a report as seen below.
Note: You can change the report type even after the test is executed
73
“Traceroute Test”
This test helps one perform network troubleshooting and identify routing problems or
firewalls that may be blocking access to a host.
1. In the Network topology, select the Eye that will run the test
2. Right-click and select ”Manual tests | Traceroute Test”
3. Define the test target in the target area:
a. Select the Sonar against which you want to run the test, or type another IP
address
b. Select an access point from the pull-down menu
c. Select the Eye’s IP address (DHCP or static)
i. If static, enter the (1) local IP address, (2) local netmask, and (3)
gateway
4. Set up the test options:
a. Minimum TTL: minimum number of devices/hops to try
b. Maximum TTL: maximum number of devices/hops to try
c. Queries per hop: how many times a device/hop is tried
d. Timeout: how long to wait before giving up on a device/hop
5. Select the traffic classes to use (licensed products only)
6. Select “Execute”
The results are displayed in a report as seen below.
Note: You can change the report type even after the test is executed
74
“Access point traffic” test
This test listens to radio traffic in the Sapphire Eye’s coverage area and gathers many kinds
of information.
1. In the Network topology, select the Eye that will run the test
2. Right-click and select ”Manual tests | Access Point Traffic Test”
Note: This test is among the active tests since it requires you to select a target access
point
3. Select the target access points from the table
4. Select the listening time (in milliseconds)
5. Select “Execute”
The results are displayed in a table as seen below – the tree view in the table shows the
access point as the root node, and the heard clients under it; for more information, move
the mouse cursor over the individual items in the tree or, to display even more details and a
graphical view, click an item in the tree.
75
“Client Scan”
This test listens to radio traffic in the Sapphire Eye’s coverage area and gathers information
on wlan clients that are active i.e. exchange traffic with access points in the proximity.
The result contains all the clients that were active during the test. Please note that both
channels and antennas work in an exclusive manner, only one antenna and only one channel
are active at the time. In other words: it is impossible to capture all the traffic during the test
execution.
Depending on the test purpose, it might be worthwhile to define the interesting MAC
addresses beforehand, possibly giving a friendly-name, too. If such definition exists, the
friendly-name is shown in the result tables instead of text-formatted MAC addresses.
To run the test:
1. In the Network topology, select the Eye that will run the test
2. Right-click and select ”Manual tests | Client Traffic Test”
3. Select the antennas to be used in the test
4. Select the channels to be used in the test
5. Select the listening time from the drop-down menu, the division is similar to the
network scan
6. Select “Execute”
The results are displayed in two tables as seen below. The tables are active and the column
names support sort-orders.
The table “Client Scan Results” shows individual clients and their antenna sectors. By
activating a row on this table, more detailed information on the client is displayed on the
table named “Client Results” below.
76
“MOS Test”
This test creates a VoIP call between Sapphire Eye and Sonar. Both uplink and downlink call
quality are measured, simultaneously and independently.
1. In the Network topology, select the Eye that will run the test
2. Right-click and select ”Manual tests | Http test”
3. Define the test target in the target area:
a. Select the Sonar against which you want to run the test
b. Select an access point from the pull-down menu
c. Select the Eye’s IP address (DHCP or static)
i. If static, enter the (1) local IP address, (2) local netmask, and (3)
gateway
4. Configure the test data (see separate instructions)
5. Select “Execute”
MOS test parameters
1. Select the initial display format for the results (Table/Graph)
2. Select the direction of the test (Downlink/Uplink)
3. Select the codec to be used in the test (VoIP Codec):
a. G.711 PCM Linear 16 = 64 kbit/s
b. G.729 GSM data = 8 kbit/s
4. Select an optional error correction method (Stream FEC)
77
5. Configure sender information:
a. Enter a port for the MOS test (Local port)
b. Enter the test duration in seconds (Send time)
c. Enter the packet interval in milliseconds (Stream interval)
d. Enter the packet size in bytes (Packet size)
e. Enter the sampling window size in seconds (Sampling interval)
6. Configure the receiver information:
a. Enter a port for the MOS test (Receiver port)
b. Enter the receiving window size in seconds (Window size)
c. Enter the sampling interval in seconds (Sampling Interval)
d. Enter the size of the dejittering buffer (Dejittering Buffer)
e. Enter the connection timeout in milliseconds (Timeout)
7. Enter the traffic class (licensed feature only)
8. Select “Execute”
9. The results are displayed in a new window in the selected format
Sample result set:
Elements of the results image:
• MOS result: The distribution of MOS values related to test duration. The color
coding indicates quality.
• Loss Rate: Packet loss as a function of test duration.
• Average Jitter: Variation in delay as a function of test duration.
• Codec: The distribution of codecs used during the test. If only one result is visible,
the codec was not changed during the test.
78
•
•
Levels: Signal and noise levels during the test, averaged over the duration of the
test.
SNR: Signal/noise ratio during the test, averaged over the duration of the test.
For more information on interpretation of the test results, see the description of
mean opinion score, MOS, at http://en.wikipedia.org/wiki/Mean_Opinion_Score.
Test result
Excellent
Good
Fair
Poor
Bad
In practice, the supported codec’s can reach MOS scores that are slightly above 4.
“Air Utilization Test”
To capture spectrum heavy-users and misconfigurations – such as extensive use of legacy
codecs - in the wlan network, air utilization test should be run. This test is not part of the
test profiles as it is lengthy troubleshoot test. Special attention to the test parameters is
required as the maximum runtime is easily very high. One should check the “aggregate time”
box for an estimate.
To run the test:
1. Select antennas, at least one must be selected.
2. Select the desired channels with the check-boxes.
3. Select the time – in minutes – to listen to each selected channel on each selected
antenna.
The result is a table that has each antenna/channel combination as one row. One will get
simple table result by activating each row with the mouse. There shall be more detailed
result if “Show graph” is selected for the activated row:
79
Antenna/channel row is presented in a pie-chart form that show frame type distribution on
the left and codec distribution on the right.
“HTTP URL (Intranet) test”
Http test (Sonar) and Http URL test (Intranet) serve different purposes. While the former is
close to ftp test with detailed download measurements, the latter merely checks the
availability and success of the page download.
Typically intranet pages contain dynamic elements. Http download against Sonar brings
fixed size downloads thus providing tools for analysis.
To run the Intranet test:
1. Select an access point from the pull-down menu
2. Select the Eye’s IP address (DHCP or static)
80
a. If static, enter the (1) local IP address, (2) local netmask, and (3) gateway
3. Choose URL from the box
a. To add a URL
i. Write a well-formed and proper address to the input box
ii. Select “Add URL”
b. To remove a URL
i. Activate the URL to be removed with a right-click
ii. Select “Remove URL”
4. Select Execute.
The result marks whether the download was successful (protocol errors or not), the
download time and the downloaded byte count.
“Internet Availability Test”
This is an infrastructure test that reflects how well a wlan client (Eye) is able to utilize the
Internet. The test includes the following steps:
- radio link setup
- wlan authentication
- DHCP service
- Gateway pinging
- DNS server checks
- DNS name resolves
If the Eye passes all the phases of the test, it is justified to assume that the internet use is in
general fully functional.
81
To run the Internet availability test:
1. Select an access point from the pull-down menu
2. Select IP address
a. Use DHCP of the wlan network by checking the box
i. DHCP result shall affect other test parameters as the actual servers
shall be dictated by the result and the reliability is expected.
b. Use of static IP address configuration
i. enter the (1) local IP address, (2) local netmask, and (3) gateway
ii. Enter primary DNS server
iii. Enter secondary DNS server (optional)
iv. Enter tertiary DNS server (optional)
v. Enter 1st network name to be resolved
vi. Enter 2nd network name to be resolved (optional)
vii. Enter 3rd network name to be resolved (optional)
3. Select “Execute”
The result-set is three-fold:
1. General results: IP address obtained, attach time, dhcp retrieval time and
gateway address.
2. Status of DNS servers
3. Results of the name resolving.
“SIP Register Test”
It is possible to run SIP REGISTER test in both unauthorized and authorized mode.
To run the SIP test:
1. Select the SIP server to register to
a. From the pull-down menu
i. SIP end-point has to be defined as a test end-point to be selectable
b. Arbitrary IP address
i. Enter IP address and the port
82
2. Select an access point from the Network topology
3. Select the Eye’s IP address (DHCP or static)
a. If static, enter the (1) local IP address, (2) local netmask, and (3) gateway
4. Enter the SIP protocol specific parameters
a. Name is mandatory
b. If alone, the test is run as un-authorized
5. Select the wlan traffic category
6. Select “Execute”
The test result is two-fold: test setup information and SIP specific.
Test setup information contais:
- attach time
- dhcp retrieval time
- Eye IP address used in wlan interface
- The gateway
SIP results contain:
- used IEEE802.11e traffic category
- SIP server response for REGISTER: SIP protocol code
- Register time, milliseconds
- Authentication information (optional)
- SIP server response for UNREGISTER: SIP protocol code
- Unregister time, milliseconds
83
REPORTING
Detailed explanation of reporting options requires a description of key performance
indicators and knowledge of the Loupe application. As a result, report configuration and
subscription are described in the Loupe user guide.
84
SERVICE LEVEL AGREEMENT
Service Level Agreement (SLA) groups a number of KPIs and their expected target values. In
a nutshell, typically a KPI has a scalar value while SLA is combination of numerous KPI values
and statistical rules that result in a higher-level view on the quality of the network.
The ultimate goal is to bind together a contractual agreement and actual measurements, the
expression of the desired or required level of the service and the proven real-life
phenomena. As such, the SLA is a communication medium between the service provider and
the customer.
The SLA outcome is percentage value and based on user-defined thresholds it is divided into
values green, yellow and red according the three-basket principle. This means that the enduser experience on the wlan network might remain adequate but the resulting SLA value is
clearly in the red basket.
Related icons
SLA template
SLA KPI definition
SLA group
KPI definition
Defining a Service Level Agreement into the system
A network service provider can make Service Level Agreements (SLA) with their customers,
defining the level of service provided to the customer. 7signal Sapphire enables users to
monitor the fulfillment of the various performance level guarantees defined in the SLA.
NOTE: The user may freely choose the performance indicators to
be monitored in the service level agreement, in effect forming
out of them an SLA group.
Defining SLA Key Performance Indicators (KPI)
In 7signal Sapphire an SLA group is formed out of a set of Key Performance Indicators
corresponding to the SLA. The SLA group is bound to a topology element in the monitored
network. Network topology elements that an SLA group can be bound to are Organization,
Link and Link Group.
An SLA group consists of several KPIs which define the boundary values used in monitoring
the fulfillment of the service level agreement.
SLA definitions are inherited throughout the network topology as follows:
If an organization has an SLA group bound to it, the performance indicators defined
in the group are inherited by all links and link groups in the organization.
If a link group has an SLA group bound to it, only the performance indicators
defined in the group's own SLA group are applied regardless of whether the
organization above it has an SLA group bound to it or not.
If a link has an SLA group bound to it, only the performance indicators defined in
the link's own SLA group are applied regardless of whether the link group or
organization above it have SLA groups bound to them or not.
85
In the 7signal Sapphire system the boundary values can be set separately for each KPI
contained in the SLA group. Each KPI defines a certain type of boundary value and
percentage values for how many measurement samples may fall outside the defined
boundary values without causing the service level agreement to be considered unfulfilled.
The type of the KPI determines whether measurement samples with values over or under
the boundary value are desired.
Three color coding is used for service levels in the KPIs: green, yellow and red. The
percentage boundaries are defined for green and yellow levels of service.
To attain the green level of service the percentage of measurement samples that fulfill the
boundary value criteria set in the KPI (that is, are over or under the set boundary value,
depending on the type of KPI) must be at least as high as the percentage boundary value set
for the green level in the KPI. If there are too many measurement samples that do not fulfill
the boundary value criteria, the service level falls to yellow. The yellow level functions
likewise: if it is not attained, the service level falls to red.
Example: Upload throughput KPI
The table below explains how an SLA value is calculated based on target KPI, it’s
measurement and statistical analysis.
Boundary value
above 5,5 Mbit/s
Green level
99,0%
Yellow level
95,0%
Red level
below 95,0%
This is a relatively low value. One should bear in
mind that this target is for numerous access
points and the calculation interval might be
rather long.
On the other hand, an alarm might be bound to
this KPI with a higher alarming threshold for
access points with extreme performance
expectations.
At least 99,0% of measured samples must attain
an upload throughput of at least 5,5Mbit/s in
order to attain the green level for the KPI in
question.
If the percentage of measured samples that
satisfy the boundary value criteria falls between
95,0% and 98,99% the yellow level is attained.
If the percentage falls below 95,0% the service
level can be considered unfulfilled.
Creating an SLA group
An SLA group can be created in one of two ways:
1. By modifying an SLA template
2. By creating an empty SLA group and adding to it the desired Key Performance
Indicators
86
When the desired set of KPIs has been added to the SLA group the KPI boundary values can
be set to match the service levels outlined in the actual Service Level Agreement contract.
Creating an SLA group from a template
Create the SLA group as follows:
1. Click on "Manage | SLA definitions" from the top menu bar
2. Right-click on "SLA templates" from the tree hierarchy
3. Right-click on the desired SLA template
4. Choose "Duplicate" from the pop-up menu. An SLA group editing dialog opens to the
right (pictured above)
5. Name the SLA group
6. Remove unnecessary KPIs from the "KPI definitions" list by using the "Remove KPI"
button
7. If it's desired to change the boundary values of KPIs, choose the desired KPI from the
"KPI definitions" list. The KPI's name, description and boundary values according to
service level agreement are updated into the editing dialog.
8. Edit the boundary values to your liking.
9. Repeat from step 7. until every boundary value is as desired.
10. Click "Save"
Creating an SLA group from scratch
The dialog pane is identical to the case of duplicated template. Naturally the contents of the
pane are empty, but the look and the process is identical.
Create the SLA group as follows:
1. Click on "Manage | SLA definitions" from the top menu bar
2. Right-click on "SLA groups" from the tree hierarchy
87
3. Choose "Add SLA group" from pop-up menu. An SLA group editing dialog opens to the
right.
4. Name the SLA group
5. Choose "KPI definitions" from the tree hierarchy. Available KPIs are opened into the
tree.
6. Right-click on the desired KPI
7. Choose "Copy" from the pop-up menu
8. Click "Paste KPI" from the SLA group editing dialog
9. Choose the KPI in the SLA group editing dialog ("KPI definitions"). The KPI's name,
description and boundary values according to service level agreement are updated
into the editing dialog.
10. If necessary, edit the boundary values.
11. Repeat from step 6. onwards until all desired KPIs have been added to the SLA group.
12. Click "Save"
Binding SLA groups to network topology elements
Topology elements that an SLA group can be bound to are Organization, Link Group and
Link.
Binding an SLA group to an organization
Bind an SLA group to an organization as follows:
1. Click on "View | Network topology" from the top menu bar
2. Right-click on the organization that you want to bind an SLA group to from the tree
hierarchy
3. Select "Set SLA group" from the pop-up menu
4. Choose the desired SLA group from the menu that opens
or alternatively
1. Click on "View | Network topology" from the top menu bar
2. Right-click on the organization that you want to bind an SLA group to from the tree
hierarchy
3. Select "Edit" from the pop-up menu. An organization editing dialog opens to the right
4. Choose the desired SLA group from the drop-down menu
5. Click "Save"
Binding an SLA group to a Link
Bind an SLA group to a link as follows:
1.
2.
3.
4.
Click on "View | Network topology" from the top menu bar
Right-click on the link that you want to bind an SLA group to from the tree hierarchy
Choose "Set SLA group" from the pop-up menu
Choose the desired SLA group from the menu that opens
or alternatively
1. Click on "View | Network topology" from the top menu bar
88
2.
3.
4.
5.
Right-click on the link that you want to bind an SLA group to from the tree hierarchy
Select "Edit" from the pop-up menu. A link editing dialog opens to the right
Choose the desired SLA group from the drop-down menu
Click "Save"
Binding an SLA group to a link group
Bind an SLA group to a link group as follows:
1. Click on "View | Network topology" from the top menu bar
2. Right-click on the link group that you want to bind an SLA group to from the tree
hierarchy
3. Choose "Set SLA group" from the pop-up menu
4. Choose the desired SLA group from the menu that opens
or alternatively
1. Click on "View | Network topology" from the top menu bar
2. Right-click on the link group that you want to bind an SLA group to from the tree
hierarchy
3. Select "Edit" from the pop-up menu. A link group editing dialog opens to the right
4. Choose the desired SLA group from the drop-down menu
5. Click "Save"
89
VIEWER SOFTWARE
Test result information and other results can be transferred outside Carat in spreadsheet
format and as raw or delimited text and pdfs. You can select the applications you want to
use to process these files in Carat.
1.
2.
3.
4.
5.
From the top menu bar, select “Edit | Configure viewers”
The installed applications are displayed on the right
To change the applications, click “Browse”
Locate the application in the Carat server file system and select “Open”
Click “Save”
90
EMAIL SERVERS
When one configures an email server (icon
), one can send reports and alarms to email
addresses. This setting is only for the SMTP server, the email account information is given in
each of the features using the SMTP server.
NOTE: there should be only one SMTP per user group.
Solution Administrator has visibility to all SMTP servers
but local Administrators and Configurators may add
only one SMTP server.
1.
2.
3.
4.
5.
6.
From the top menu bar, select “Edit | Mail server configuration”
Enter the SMTP server’s address
Enter the recipient’s e-mail address
Enter the SMTP port to use
Enter a username and password, if required by the SMTP server
Click “Save”
91
DATABASE BACKUP
It is possible to backup databases in 7signal Sapphire. Given a proper backup, the system
state may be recovered completely in case of system crash. There are two remarkably
different alternatives and an option not to backup the database. The default in 7signal
Sapphire is no backup. While this option is known to be non-optimal for any production
environment, it is chosen as default to force every organization to define their own backup
policy.
Backup options
Automated backup with server downtime
Backup with downtime is a circadian backup based on Unix cron that pauses the
measurements by stopping the Carat server and closing the underlying database
connections. In quiescent mode a full backup of the database is made and stored to the
desired location in the Carat server file system. The user is responsible for managing the
backup files, moving and purging and so on. This type of logging is later referred as offline
backup.
Automated backup without server downtime
Online backup is a circadian backup based on Unix cron that keeps 7signal Sapphire in
production while creating the backups. While this obviously is the most tempting option, it
comes with a price of heavier administration.
To understand the difference between the methods – thus making one able to decide on
appropriate backup policy – we must understand database logging methods first.
Database logging
In short, the logs of a database system are the most precious. It is justified to say that the
logs are the database as they are written first and the tables are updated after that.
IBM DB2 provides alternative logging methods that affect the backup options. So called
'circular logging' method keeps the size of the logs very predictable. The other option used
in 7signal Sapphire is so called 'infinite archive logging'. This is very flexible a logging method
provided that there is a special file system available. Practically the file system must not fill
up ever.
The default logging method in 7signal Sapphire is 'circular logging'.
Purging database logs
Circular logging
There is no need for purging in case of circular logging. The default logging method in 7signal
Sapphire is 'circular logging'.
Infinite archice logging
There is one secure way of purging the log files in the infinite archive directory. Offline
backup has to be done and this comes with price of the 7signal Sapphire halt. Offline backup
92
provides one single and unique point-in-time to be restored later. Once the offline backup
exists, the log files in the infinite archive directory become obsolete and may be removed.
The other option comes with no warranty whatsoever. The option is to keep 7signal
Sapphire running and to delete log files in the infinite archive directory. To understand what
files are likely to be unused, the active log files has to be followed to see the time to fill up a
single log file and then deduce what infinite archive files might be available for deleting . If
one chooses this option, setting the safety margins reasonably high is advisable.
NOTE: In case there is both a system crash and a log file has
been deleted too early, the recovery shall never be able to
finish. In this case, the only consistent system stage is
available at offline backup time.
NOTE: The automated reporting lessens the impact of possible
data loss if used in detail and frequently. However, possibility
to measurement drill-in analysis is lost as well as any change
in the network topology and other management information.
The infinite archival logging is provided in order to support online backups (see below) but it
should also be seen as a method to make system run longer automatically without user
interruption. However, the system has to be maintained and administered. It is outside of
the scope of this document to fit 7signal Sapphire to IT processes of all organizations but
offline backups with planned system halts are highly recommended.
Backup method options
Default state
Essentially the 7signal Sapphire system default state is not a backup system at all but it is
based on the underlying database management system's robustness, fault tolerance and
basic level recovery options. In case of a permanent disk failure the data is lost. By installing
the databases on RAID disks lessens the risk further.
On default state the 7signal Sapphire relies on the database management system (IBM DB2)
logging. The assumptions are that the management information (Eye, access point and
target network) changes are not continuous but rather sporadic. The measurements are
continuous but losing few of the most recent samples is a risk that can be tolerated. Typical
starting point for analysis is one week of measurements and in case of sudden system down
one would lose the data until the system is fixed. And in case of system down it is expected
that all the efforts shall be there to bring 7signal Sapphire and other systems online again.
There shall be no special snapshots where to start operations again. It is possible to resume
a state before the interrupt, possibly the system is operational with no special effort at all.
Offline backups are possible but require user actions both to shutdown 7signal Sapphire and
do the actual backup.
Method handicaps:
93
no precise and secure backup (system state) to return to by default
backup process is completely manual
backup process requires downtime
Method strengths:
- least planning
- least resource consuming
First degree of backup: offline backup
Most importantly this method gives fully recoverable snapshots at the desired intervals. The
disk space requirement is an issue but not extremely serious as the frequency is totally usermanaged and the file size growth is easy to check (with the tools provided by the operating
system, not by 7signal). The downside is the downtime as the 7signal Sapphire must be
halted for the time of the backup, hence it is called offline backup. Typically this would be
rather minutes than tens of minutes. Naturally all the measurements are stopped for that
time.
Offline backup 1st degree is available in every install and run scenario of 7signal Sapphire.
One can start offline backup with a tool or have it run by the system in a circadian manner.
Method handicaps:
- backup process requires downtime
Method strengths:
- simple to recover
- recovered system state is thoroughly consistent
TIP: offline backup is suitable for environments that
require automated backup but do not have special
backup policy hardware nor other extensive resources.
2nd degree of backup: online backup
The requirement for the online backup is that infinite archive logging is enabled.
When online backup is operational, the most significant benefit is the ability to run circadian
backups online i.e. 7signal Sapphire remains operational and continues testing while
creating the backup. As opposed to offline backup, the system is online all the time
producing measurements.
The first and the most important assumption is that there is a storage device available that
in practice is a so-called endless device. 7signal cannot and shall not guarantee any checks
on the device but it is assumed to be available all the time and have the capacity for massive
data transfers. The user is responsible for the storage capacity.
NOTE: backups are not done incrementally in any case.
This means that over time the needed to dump the
database increases but more importantly the disk space
94
requirement increases continuously.
NOTE: use of backup systems require planning and
administration i.e continuous effort from the
administrator. This area is outside of 7signal scope,
7signal encourages clear planning on the issue.
During installation there shall be various destination folders inquired by the install script.
The folders are for logs, for bakcup files etc. As complex as online backup may sound, the
setting of the online backup is easy. To maintain and keep it available and functional
requires IT support that is beyond the scope of 7signal guidance.
Behind the scenes the technology relies completely on IBM DB2 backup system and 7signal
provides interface that covers and automates IBM interface to support 7signal databases.
TIP: there are environments that require separate
hardware for backups. If possible, 7signal Sapphire
should be integrated (on file system level) to these.
TIP: with frequent and detailed automated reports the
loss of measurement data becomes less drastic as the
needed information may be found in the reports.
Changing log settings
Install time gives the option to set all the backup related settings including log setup.
To change the settings while the system is installed and in production later, please use the
tool 7db and the logsetup sub-command. Complete guide to 7db tool is in the appendix of
Deployment Guide.
Managing backup levels
By default the system is in default state, no automated backups at all. Any change to that
state would require more resources and administration that should be planned separately.
In case one has changed the default settings – either by giving such install parameters or
issuing the needed commands after the installation - the following operations return the
initial state:
1) stop circadian backups
2) set logging to circular mode
This implies that the default state means circular logging without circadian backups.
File system settings for the database
There are three elements that require – optimally separate – disk space:
1. databases
95
a. measurement database
b. management database
c. security database
2. database logs
3. database backups
Naturally the backups must be stored separately from the logs and the databases, otherwise
the value of the backups reduces significantly. The databases and the related logs are
expected to be accessible easily from the hosting server but it is encouraged to use separate
physical file systems for these two.
NOTE: log files and databases residing in the same
physical disk mean duplicate disk operation efforts on the
same device. It is good design to separate logs and actual
databases to different physical storage devices.
Changing backup settings
Install time gives the option to set all the backup related settings.
To change the settings while the system is installed and in production later, please use the
tool 7db and the backup sub-command. Complete guide to 7db tool is in the appendix of
Deployment Guide.
Below there are example commands to give the reader an overview:
7db
7db
7db
7db
7db
7db
7db
backup
backup
backup
backup
backup
backup
backup
remove
set weekly Wed 00:30 /mnt/backups /mnt/backups
set daily 03:00 /mnt/backups
set directory /mnt/newbackups
set weekly Sun 01:30
set type online
now /mnt/backups online
Restoring backups
Backups are located in the user-defined directory. Backup files contain timestamp in the
name, also the operating system timestamp exists.
NOTE: the user must be aware which backup file should
be used. Therefore it is essential to understand the
backup system and the related files.
Based on this information one must choose which backup to restore.
Restore command is
# 7db backup restore 
96
NOTE: while issuing restore command when using online
backup, it might be necessary for the system to retrieve
files from the infinite archive directory when the restore
command is issued. The access time is affected by the
physical device. If the system cannot access the files,
restore shall not happen. The most recent offline backup
is the alternative point of recovery.
97
NAGIOS SUPPORT
7signal Sapphire supports Nagios, a commonplace open license tool for IT infrastructure
monitoring.
In this case Sapphire is the object of monitoring, not the monitor itself. Therefore we
assume the general concepts and usage of Nagios to be well-known to the user. If this is not
the case, one may start exploring the topic from the Nagios web pages
(http://www.nagios.org). Also, a recent Nagios release package is included in the delivery
media of the 7signal Solution in Sonar disk and the folder named "Non-7signal Software"
Adding Sapphire Host Information To Nagios Server
The prerequisite is that Nagios is installed and running on the host machine. In order to
monitor a remote Carat server do the following steps (as a root user):
1. Modify commands.cfg file (default location: /etc/nagios/object/commands.cfg)
Add:
define command {
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
2. Create configuration file for remote machine running the Carat server to Nagios
objects directory (default location: /etc/nagios/objects)
File extension is cfg, otherwise the naming is free. You may use or modify the
following:
carat-host-xyz.cfg
7signal_wqa_carat_1.cfg etc.
Content of the file:
define host {
use linux-server
host_name 
alias 
address 
define service {
use local-service
host_name 
service_description 7signal Sapphire Carat
check_command check_nrpe!check_carat_server
3. Add host configuration file (the previous step) to nagios.cfg file (default location:
/etc/nagios/nagios.cfg):
cfg_file=/etc/nagios/objects/carat-host-xyz.cfg
4. Restart Nagios server
98
service nagios restart
Adding Nagios Plug-ins To Sapphire Software
The prerequisite is that client-side tools of Nagios have been installed on the host running
7signal Sapphire software. The protocol being used is NRPE. There is no SSH support
concurrently.
Install NRPE daemon
Use online install with yum:
# yum install nrpe
Install toolset ‘Nagios plugins’
Use online install with yum:
# yum install nagios-plugins-nrpe
NOTE: the following installers shall open port tcp/5666
for Nagios traffic in the firewall settings.
Install Sapphire plugin
There folders named Nagios_support on both Carat and Sonar delivery disks. They contain
the following files
7signal-Nagios-plugin--for-Carat-installer.bin
7signal-Nagios-plugin--for-Loupe-installer.bin
7signal-Nagios-plugin--for-Sonar-installer.bin
The files are executable and totally self-contained. By running each of the file makes the
respective Sapphire Nagios plugin available. The process includes configuration file creation,
updates and firewall settings.
Silent install mode (option -s) uses 7signal defaults for all parameters. If this option is not
used, all parameters are inquired interactively with the default setting visible.
By default, the plugin installations end up in /opt/7signal/nagios folder. However, the
installation makes the plugins available and after this the process and operations are
completely transparent to the Carat user.
Verifying Nagios Installation
Complete and operational install is achieved if Nagios GUI shows
check_carat_server
check_sonar_server
check_loupe_server
as options for monitoring for the hosts running 7signal Sapphire software.
99
Removing Nagios plugins
The installation directory contains uninstall_nagios.sh that removes Sapphire related
plugin files. The NRPE daemon stays untouched and its configuration is cleaned only for
Sapphire plugins thus NRPE and other Nagios operations remain untouched.
100
CONTACT INFORMATION
Contact us at 7signal
by mail: Panuntie 6 FI-00620 Helsinki, Finland
by email: info@7signal.com
by phone: +358 40 777 7611 (exchange)
For handling of software defects, send email to: defect-report@7signal.com
In case of other requests, send email to:
support@7signal.com

---

Source Exif Data:

File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.5
Linearized                      : No
Page Count                      : 100
Language                        : fi-FI
Tagged PDF                      : Yes
Author                          : Sami Kuusisto
Creator                         : Microsoft® Office Word 2007
Create Date                     : 2010:09:10 13:58:33
Modify Date                     : 2010:09:10 13:58:33
Producer                        : Microsoft® Office Word 2007

EXIF Metadata provided by EXIF.tools