7signal Sapphire Carat User Guide
Administrativia FCC Warning The radiated output power of the 7signal Sapphire Eye complies with the FCC RF exposure limits. To avoid the possibility of exceeding the FCC radio frequency exposure limits, a distance of at least 20 cm should be kept with the user and the device while operating. NOTE TO THE USER Any uninstructed modification to the 7signal products may result in violation of FCC requirements.
Table of Contents THE 7signal Sapphire WQA SOLUTION ................................................................................................. 7 System overview .......................................................................................................................................................................8 System components ..........................................................................................................................................................
CREATION AND USE OF AN ENCRYPTION KEY.................................................................................. 35 On key types ............................................................................................................................................................................. 35 On different methods and implementations ..................................................................................................... 35 Adding a key......................................
Configuring complex test profiles............................................................................................................................. 56 Running test profiles .......................................................................................................................................................... 57 Passive tests ..............................................................................................................................................
NAGIOS SUPPORT ..................................................................................................................................... 97 Adding Sapphire Host Information To Nagios Server ................................................................................... 97 Adding Nagios Plug-ins To Sapphire Software .................................................................................................. 98 Verifying Nagios Installation ............................................
THE 7signal Sapphire WQA SOLUTION Welcome to 7signal Sapphire, providing you with a new way to continuously and automatically measure the health and quality of a wireless network from the user's perspective. A commonly used term here is wireless quality assurance, or WQA. Companies and their business processes are becoming increasingly dependent on the performance and service quality of their wireless networks.
parameters measured are the same as in wired networks. Sapphire, by contrast, produces a comprehensive picture of the radio connection quality, where delay, number of retransmissions, and packet loss are taken into account, in addition to the commonly measured parameters.
SAPPHIRE EYE Sapphire Eye is a monitoring station for WLAN environments, serving as the measurement station or monitoring station in the WQA solution. Unlike a common access point or client, the Eye monitoring station uses advanced broadband antenna technology, which creates an exceptionally large coverage area. Consequently, one Eye can monitor several access points, or WLAN cells. The recommended number of monitored cells is 6–10.
In the picture above the management interface is on the service provider’s premises (top left corner) the customer’s premises have a wireless network with six access points (center part of the picture, access points in red) there is one monitoring station on the customer’s premises (the colored lobes depict the station’s directional antennas and their range) a problem has occurred in an access point in the red lobe the problem can be seen in the monitoring interface or in a report as a falling performan
SAPPHIRE CARAT With the Sapphire Carat management tool, you can manage the Sapphire Eye monitoring stations, run interactive and real-time measurements, configure and manage automatic measurements, and generate reports of the measurement results. The reports contain tables and charts, and they can therefore be immediately used at the customer company, or by third parties such as technical support staff, managers, or service providers.
SONAR The role of the Sonar test server in 7signal Sapphire is to emulate one of the customer’s production servers. Sapphire Eye contacts Sonar over the radio network to use some of the services available or to request Sonar to contact Eye, if so specified in the service model. Sonar and Eye thus implement the client–server model during active testing. The roles vary, depending on the test.
SAPPHIRE LOUPE Sapphire Loupe is the measurement tracking tool in the WQA solution. Using Loupe, the persons responsible for business and network can view the saved measurement results, which are obtained in real time. Loupe cannot be used to control Sapphire’s functions and measurements themselves; however, the measurement results are available in Loupe in a more precise and detailed form than in Sapphire. Setting access rights for viewing the results is easy with the user management feature.
CARAT MANAGEMENT INTERFACE The management interface home page looks like this: Menus Navigation The menus at the top of the home page function in the same way as in any graphical user interface. The menu bar is used to manage the application, automatic testing and testing profiles, and functions related to the settings of networks being monitored. The menu contents are dynamic based on context, user access rights and the current license.
- remote management of monitoring station software Network clients SLA Definitions Automated report configuration Eye software management Change password Test Profiles Start sequential testing Stop sequential testing Eyes auto test management Tools Start and stop the automatic test profile. Window Refresh the main window of the user interface. Refresh Help Read user documentation and general information about the system installation.
A service area can have a floor plan. Eye Wireless network Access Point A monitoring station always belongs to a service area. This menu describes the target network, which can be located in one or more service areas. A service area can contain several target networks. This menu is used to configure the encryption method used in the network. In this menu, you can perform tests and set alarm limits for an access point.
ON CONFIGURING OF 7SIGNAL SAPPHIRE CARAT This user manual is mainly intended for ‘random access’ i.e. there is no strict order how to read the manual. However, this section should be read first as its purpose is to ensure proper and scalable operations on the system. The access rights and user management heavily relies a group-based model. The group is the starting point: every user belongs to one of the groups and the group determines the access rights of any given user.
Access Rights The access rights is an accessible pane in the “Manage” menu. When one follows the intended way of user and group definition, the contents and actions in the “Access Rights” pane are redundant. The feature remains activated but the use of it is discouraged and thus not instructed in detail. For sandbox testing and non-warranted try-outs: the left panel contains actual users and groups and related access rights. The right panel contains all objects in 7signal Sapphire.
USER MANAGEMENT User management in 7signal Sapphire is based on user groups. A user's access rights in the system derive from the user group that the user belongs to. A user may only belong to one user group at a time. In addition to normal user management the Sapphire system supports user group specific view virtualization. The system can be configured so that different user groups have access to different objects that have been created into the system.
User access levels The Sapphire system supports three elementary access levels for user groups: Reporter, Configurator and Administrator. Access rights are inherited from lower to higher levels: Reporter users only have their own level’s access rights, Configurator users have reporter level rights plus additional rights granted by their configurator level, and Administrator users have all rights.
Adding a user group A new user group can be added into the system in three different ways: 1. As a new root group under which to start creating a new user group hierarchy. 2. As a subgroup to an already existing user group. 3. As a symbolic (referencing) group for an already existing group.
An example of removing a user group: 1. Log in as an administrator group user 2. Open the user group and user management dialog by clicking "Manage | Users and Groups" from the top menu bar 3. Right-click on a group that satisfies the removal criteria and select "Remove" from the pop-up menu User group status In certain situations it may be desired to inactivate some user group. An inactive user group has no access rights in the system.
Adding a user (new user) A new user can be added by right-clicking on the user group that the user is to be added into and selecting "Add user" from the pop-up menu. Steps to create a new user: From the top menu bar select “Manage | Users and Groups” to open a pane on left Right-click the relevant group to get a submenu Select “Add user” to open a pane on right Enter the relevant user information a. Username: login name for the user b. (optional) Alias: alternative name for the user c.
An example of editing a user’s information: 1. Log in as an administrator group user 2. Open the user group and user management dialog by clicking "Manage | Users and Groups" from the top menu bar 3. Right-click on the desired user and pick "Edit" from the pop-up menu 4. Change the desired parameters 5. Save changes by clicking "Save" Removing a user A user can be removed by right-clicking on him/her and selecting "Remove" from the pop-up menu. An example of removing a user: 1.
WIRELESS NETWORKS AND TARGET NETWORKS Addition of networks to be monitored Sapphire can simultaneously manage networks in several independent organizations. A company or other organization can have many separate locations. The networks are displayed in a hierarchical tree, where the top node is a root organization that binds the various organizations conceptually together. A company can have several networks, for different purposes.
1. From the top menu bar, select “View | Network topology” 2. Right-click the organization 3. Select “Add location” 4. Enter the location’s name 5. Select the location type from the pull-down menu 6. Enter an optional description for the location 7. Click “Save” You can add as many locations as needed to describe the organization’s structure. After you have added a location, you can add a service area. 1. 2. 3. 4. 5.
shall contain also information on hidden networks but the capture is not used as a technique in scans. NOTE: hiding the network SSID is very limited a security measure as limits only beacons sent by an access point but not the payload traffic. Any attacker or typical analysis tool shall find hidden network as soon as there are any payload packets in the network. Even popular operating systems may present hidden network after a certain period of time.
1. From the Network topology, select the organization containing the wireless network you wish to remove 2. Right-click the organization and select “View wireless network” – then the “All Wireless Networks” view is displayed in the right-hand pane 3. Select from the list the network you want to remove 4. Click “Remove” Channel configuration In addition to access points, a wireless network can include a controller, which remotely sets RF parameters for a network.
To set up channel configuration, proceed as follows: 1. From the top menu bar, select “View | Network topology” 2. Right-click the item (access point or network) for which you want to set up a channel configuration and select “Channels” 3. Select the allowed channels 4. Select “Save” 7signal Sapphire Enterprise extends this functionality such that all access points or networks within the service area can have their own allowed and forbidden channels.
SETTING UP A MONITORING STATION Related icons active monitoring station inactive monitoring station States of Monitoring Stations The Eye unit may be in an inactive state. This happens if there is no network connectivity to the monitoring station when a monitoring station is being added to the system. Also, an active monitoring station may be turned inactive. This allows exceeding the number of monitoring stations limited by the license.
6. If you already know the test profile you want to use, you can select it now (for more information on test profiles, see the section on test profiles in this user guide) 7. Enter the the regional setting. The wlan channels and possibly power options are dependent on this setting so one should always choose the right setting. 8. (optional): if the hardware exists, it is possible to use the 8th beam or diversity antenna with the check-box. When selected, one must also provide a. Antenna gain b.
Activation of monitoring station By default, the monitoring station is in active state. This is flagged with the green background color in the Network topology. An inactive monitoring station would have orange background color. It is possible to deactivate the monitoring station. This feature is mainly targeted for temporary installations. An inactive monitoring station exists in the system and its measurements are accessible as usual.
2. Right-click the service area where you want to add a floor plan 3. In the menu that opens, select “Floor plan” 4. Right-click in the right pane and select “Load new floor plan image” 5. Browse to the floor plan file in the Carat server file system and select “Open” To add devices to the floor plan, do the following: 1. Right-click on the floor plan and select “Eye” or “Access point” from the menu 2. Drag the selected icon to the appropriate position in the floor plan a.
To start using a new software version: 1. From the top menu bar, select “Manage | Eye software management” 2. At the bottom right, under “Manage Eye software version in Carat,” select “Import” 3. Browse to the desired monitoring station software version in the Carat server file system and select “Open”; the software is displayed in the “Eye Software Versions Available in Carat” list 4. Click on the software version you want to install 5.
CREATION AND USE OF AN ENCRYPTION KEY Related icons wpa2 encryption wpa eap encryption wpa 1 encryption wep encryption ieee encryption http encryption Before you start monitoring, you must create an encryption key. You can have several keys, for different networks. Check the latest supported key set from the release notes.
Various vendor-specific simplify PKI infrastructure into client and server certificates and username/password accounts. Unfortunately setting up the wlan encryption requires understanding beyond the use of the vendor-specific PKI implementation. In case Carat does not directly support the encryption method used by the other wlan clients (as Eyes emulate wlan clients), typically an alternative option may be used.
1. From the top menu bar, select “View | Network topology” 2. In the Network topology, select the network to which you want to add the encryption key and right-click 3. Select “Edit” 4. Enter a contact person 5. Select a suitable encryption key for the network from the pull-down menu 6. Click “Save” On certificate-based encryption There are input fields for the “CA certificate” and “Client certificate”. It is recommended that both certificates are added.
1. 2. 3. 4. 5. 6. 7. Select “Dynamic WEP with EAP key” to get the dialog above Select WPA key type, either 1 or 2, according the local environment EAP method must be set to “EAP_MSCHAP_V2” Fill in the account user name to the field “Identity” Enter and confirm the account password. Enter Windows infrastructure CA certificate. One may enter the same certificate as “Client Certificate” as well. The Eye is now properly authenticated in Windows PKI environment.
ADDITION OF TEST END-POINT Sonar Sonar is 7signal specific server that handles typical network requests i.e. it emulates numerous servers in the network. While the network traffic generated is always identical to the emulated service, the service cannot be extremely complex or dynamic in nature. Sonar (icon ) is the server needed for executing elementary tests. There can be several Sonar servers configured. Each test can be configured to use any of the configured Sonars.
Test endpoint definition requires information on networking level but does not require anything application specific. For example, an SQL server is considered only from connectivity point of view while the actual access credentials and test queries are defined per test. Therefore the endpoint definition is a simple procedure and is similar to all supported test endpoints.
ACCESS POINT INFORMATION Related icons unknown access point (unwanted state) known access point (in the coverage area but outside administrative domain) own access point (in administrative domain) managed access point (target to a monitoring station, in administrative domain) The access point information can be displayed by right-clicking the access point in the Network topology and selecting “Access Point Info.
LINKS AND LINK GROUPS In 7signal Sapphire a link denotes an end to end connection between an Eye monitoring station and a Sonar server. Thus a link can be said to consist of a monitoring station, an access point and a Sonar server. In the Network topology links are positioned beneath the managed access points. 7signal Sapphire forms the links automatically when it detects an established end to end connection. Related icons link link group A link group is a grouping of links defined by a user.
Creating a link group Create a link group as follows: 1. Click on "View | Network topology" from the top menu bar 2. Right-click on the desired Location into which the link group is to be added 3. Choose "Add Link Group" from the pop-up menu. A dialog for adding a link group is opened to the right. 4. Name the link group 5. Define the SLA group to be bound to the link group (optional) 6. Click "Save" Removing a link group Remove a link group as follows: 1. 2. 3. 4.
ALARMS Related icons alarm configuration critical alarm informational message alarm configuration group network error warning message The system alarms are initiated by significant changes in the monitored network's status or topology. It is possible to send the alarms to an SNMP system. Please see the instructions later in this document. Alarms are used through alarm groups to which the desired alarms can be assigned.
Managed Access Point Security Settings Changed Offending Channel Change of Managed Domain Offending Channel Change of External Domain Unknown Access Point Detected Acceptable Response Time Exceeded End-to-End Availability Loss Acceptable Retransmission Rate Exceeded IP Resource Availability The alarm is activated when the security settings of a managed access point are changed. This is a critical alarm. The alarm is activated when a managed access point starts to use a restricted channel.
You can acknowledge an alarm by clicking the symbol under “Ack time”. The symbol will be replaced by the current time of the Carat server, and the alarm is acknowledged. The alarms are turned off in the same way. Alarm exporting There are two methods that alarms may be brought to attention of external systems: email forwarding and SNMP. Alarms and email forwarding Alarms are sent as plain-text emails with standard formatting easy to be parsed with typical text-processing tools.
1. From the top menu bar, select “Manage | Alarms | Email” 2. Enter target email address to “New recipient” field 3. Select “Add” to register the email address as a recipient. It shall appear in the box named “Email recipients” a. Incorrectly added or not any more relevant recipients may be removed by activating the recipient in the box and then selecting “Remove” 4. Choose the types of alarm event that shall be forwarded by ticking the check-boxes. a. Types are: raised, acked, offed. 5.
a. Alarms issued b. Acknowledged alarms c. Alarms that have been turned off 8. Select “Update” 9.
TRAFFIC CLASSES The IEEE 802.11e standard defines eight traffic classes. Most mission-critical access points support this standard. Traffic classes are becoming more and more important, especially on account of wireless VoIP. 7signal Sapphire Enterprise supports the 802.11e standard. Active tests can be configured to have a traffic class.
TEST MEASUREMENTS The tests are grouped into passive listening tests and active switched tests in the radio network. There are two ways to run tests in Sapphire Carat: user-initiated tests to locate a fault and automated tests for continuous monitoring and collecting of measurement results. You can run the tests from a hierarchical tree. Test menus are accessible by right-clicking a monitoring station or an access point. You can also run tests from the floor plan.
Templates are a collection of pre-configured test profiles aimed at various business purposes. They are not to be used as runnable test profiles but as a source, reference and model for the user creating the runnable test profiles. Elements are individual tests that may be inserted to test profiles. Test profile is a collection of test elements that may be executed. The user is supposed to copy either templates or elements to a test profile. There may be numerous profiles for different purposes.
Note: A passive profile has an extremely small effect on the monitored network. The only effect is that Sapphire sends probe requests to access points. Warehouse The “Warehouse” template serves the needs of logistics services where the amount of data transferred is not large but the data traffic is continuous. Network availability and uptime are vital. The network clients are mostly known or even preconfigured. This profile can be used in all environments that have similar circumstances.
Testing multiple wlan networks in one test profile One monitoring station may test multiple access points that provide multiple wlan networks. In the context of test profiles wlan networks are referred as ESSIDs (essid later in the text). Testing on multiple essid’s is achieved by either copying and editing individual test element in a profile or copying a complete template to pasted to an existing profile.
Operation on Test Element Copy element The pre-requisite here is to have existing test profiles that shall be the target for pasting this test element. This is one form of cut&paste operation. Select “Manage | Test Profiles” to open the management tree on the left Choose one of the test elements and right-click Select “Copy element” (no visible results) Paste the element by choosing “Paste testprofile element” available on the rightclick a.
Automated Tests for Eyes No current functionality. Paste test profile element Paste previously copied test profile element as the last element in the profile. Save Make the changes in the sub-objects persistent. Insert Essid Paste previously copied essid into this profile as the last element. Insert New Essid Create a new empty essid into this profile as the last element. Operations on essid inside a test profile Edit Open a pane with “Common Values” and “Name” field ready for editing.
Insert Element After Paste the element on clipboard as element as a successor to this one. On test elements Each test has default parameters, which can be used as is or modified as needed. To obtain the best results and find the best measurement methods for a target network, plan and configure the tests to suit the network. A test profile must be configured for each monitoring station separately. The same profile can be used in several monitoring stations.
the MOS test parameters. Such extreme-values and range tests produce detailed information on the network behavior. Use case: Multiple SSID testing There are two ways to achieve testing on multiple networks on one single monitoring station. The first is based on element copying (the previous paragraph) and the other is using copies of essid objects. Using copies of elements may be burdensome at the configuration time but gives control over the test order.
The Eyes of the user context are enlisted in the box on the right. The Eye name, the test profile name and the state of the test profile run are indicated. By selecting one of the Eyes brings additional information such as the run time and test profile content on the left.
Passive tests Initial network scan When the Eye has been installed or needs to be reset, you must run a network scan. There are various preconfigured scanning durations. When an Eye has been installed for the first time, it is recommended that you run the longest scan, titled “Initial scan.” The purpose of the initial scan is to scan the monitoring station’s radio frequency environment very thoroughly and to detect the access points suitable for monitoring.
“Network Scan” test The network scan test can also be used as a separate test outside initial deployment. The deployment is described in the previous section of this guide. To scan the network, do the following: 1. 2. 3. 4. 5. 6. 7. 8.
• • “Manage”: The management status: the status of a monitoring station can be changed “Sel Ant”: Selected antenna – you can change the antenna used by the Eye to monitor the access point o We recommend that you compare the signal levels received very thoroughly o We recommend that you perform the antenna selection test if anything is even slightly unclear Options for processing the results: • “Save” saves the information in the table to the Carat system.
MAC hidden 8. Select “Save”; the clients detected remain in the table 9.
MAC hidden 10. Select “Save” to save the friendly names and descriptions The data can be viewed and edited. 1. 2. 3. 4. 5.
MAC hidden Addition of a new client 1. From the top menu bar, select “Manage | Network clients” 2. In the hierarchical tree in the left pane, right-click the topmost element, titled “Network clients” 3. Select “Add network client” 4. Enter a friendly name for the client 5. Enter a user’s name, if known 6. Enter a description (optional) 7. Enter the client’s MAC address 8. Click “Save” To add several clients at once, select “Import network clients” in step 3.
Spectrum analyzer The monitoring station supports frequency-sweep-based radio spectrum analysis. The frequency status is displayed as a colored map. 1. 2. 3. 4. In the Network topology, select the Eye that will run the test Right-click and select “Spectrum Analysis” Select a suitable sweep method from the pull-down menu Select the presentation mode from the pull-down menu a. Off-line: one-time draw b. On-line: regularly updated image 5. Select the test duration from the pull-down menu 6.
Active Tests Active test means that the monitoring station assumes the role of a network client i.e. it is active by attaching itself to the wlan network to run some operation. Active tests may be run continuously from the test profiles. This is automated and continuous right after the test parameters has been set for each profile and profiles are bound to the monitoring stations (See chapter Test Profiles). Below it is instructed how to run tests interactively from the user interface.
“Optimal Antenna Selection” test The antenna test is used to verify the suitability of the selected antenna. Because of reflections, the network scan can show similar results for different antennas. However, during transmission of data to an access point, the differences between antennas become significant. This test is worth running if more than one antenna shows similar results. 1. 2. 3. 4. 5. 6. 7. 8. 9.
Download Tests This test gives an indication of an access point’s FTP or UDP downlink capacity. 1. 2. 3. 4. 5. 6. 7.
Upload tests This test gives an indication of an access point’s FTP or uplink uplink capacity. 1. 2. 3. 4. In the Network topology, select the Eye that will run the test Right-click and select ”Manual tests” From the submenu select either “FTP Upload Test” or “UDP Upload Test” Configure the test target in the target area: a. Select the Sonar against which you want to run the test, or type another IP address b. Select an access point from the pull-down menu c.
g. Select the traffic classes to use (licensed products only) 6. Select “Execute” The results are displayed in a table as seen below. Note: You can change the report type even after the test is executed “Ping test” A ping test tests the accessibility of a device, the number of packets sent and received, and latency time. 1. In the Network topology, select the Eye that will run the test 2. Right-click and select ”Manual tests | Ping test” 3. Define the test target in the target area: a.
5. Select the traffic classes to use (licensed products only) – note that it is not recommended to use traffic classes in a ping test 6. Select “Execute” The results are displayed in a report as seen below.
“Traceroute Test” This test helps one perform network troubleshooting and identify routing problems or firewalls that may be blocking access to a host. 1. In the Network topology, select the Eye that will run the test 2. Right-click and select ”Manual tests | Traceroute Test” 3. Define the test target in the target area: a. Select the Sonar against which you want to run the test, or type another IP address b. Select an access point from the pull-down menu c.
“Access point traffic” test This test listens to radio traffic in the Sapphire Eye’s coverage area and gathers many kinds of information. 1. In the Network topology, select the Eye that will run the test 2. Right-click and select ”Manual tests | Access Point Traffic Test” Note: This test is among the active tests since it requires you to select a target access point 3. Select the target access points from the table 4. Select the listening time (in milliseconds) 5.
“Client Scan” This test listens to radio traffic in the Sapphire Eye’s coverage area and gathers information on wlan clients that are active i.e. exchange traffic with access points in the proximity. The result contains all the clients that were active during the test. Please note that both channels and antennas work in an exclusive manner, only one antenna and only one channel are active at the time. In other words: it is impossible to capture all the traffic during the test execution.
“MOS Test” This test creates a VoIP call between Sapphire Eye and Sonar. Both uplink and downlink call quality are measured, simultaneously and independently. 1. In the Network topology, select the Eye that will run the test 2. Right-click and select ”Manual tests | Http test” 3. Define the test target in the target area: a. Select the Sonar against which you want to run the test b. Select an access point from the pull-down menu c. Select the Eye’s IP address (DHCP or static) i.
5. Configure sender information: a. Enter a port for the MOS test (Local port) b. Enter the test duration in seconds (Send time) c. Enter the packet interval in milliseconds (Stream interval) d. Enter the packet size in bytes (Packet size) e. Enter the sampling window size in seconds (Sampling interval) 6. Configure the receiver information: a. Enter a port for the MOS test (Receiver port) b. Enter the receiving window size in seconds (Window size) c.
• • Levels: Signal and noise levels during the test, averaged over the duration of the test. SNR: Signal/noise ratio during the test, averaged over the duration of the test. For more information on interpretation of the test results, see the description of mean opinion score, MOS, at http://en.wikipedia.org/wiki/Mean_Opinion_Score. Test result 5 4 3 2 1 Excellent Good Fair Poor Bad In practice, the supported codec’s can reach MOS scores that are slightly above 4.
Antenna/channel row is presented in a pie-chart form that show frame type distribution on the left and codec distribution on the right. “HTTP URL (Intranet) test” Http test (Sonar) and Http URL test (Intranet) serve different purposes. While the former is close to ftp test with detailed download measurements, the latter merely checks the availability and success of the page download. Typically intranet pages contain dynamic elements.
a. If static, enter the (1) local IP address, (2) local netmask, and (3) gateway 3. Choose URL from the box a. To add a URL i. Write a well-formed and proper address to the input box ii. Select “Add URL” b. To remove a URL i. Activate the URL to be removed with a right-click ii. Select “Remove URL” 4. Select Execute. The result marks whether the download was successful (protocol errors or not), the download time and the downloaded byte count.
To run the Internet availability test: 1. Select an access point from the pull-down menu 2. Select IP address a. Use DHCP of the wlan network by checking the box i. DHCP result shall affect other test parameters as the actual servers shall be dictated by the result and the reliability is expected. b. Use of static IP address configuration i. enter the (1) local IP address, (2) local netmask, and (3) gateway ii. Enter primary DNS server iii. Enter secondary DNS server (optional) iv.
2. Select an access point from the Network topology 3. Select the Eye’s IP address (DHCP or static) a. If static, enter the (1) local IP address, (2) local netmask, and (3) gateway 4. Enter the SIP protocol specific parameters a. Name is mandatory b. If alone, the test is run as un-authorized 5. Select the wlan traffic category 6. Select “Execute” The test result is two-fold: test setup information and SIP specific.
REPORTING Detailed explanation of reporting options requires a description of key performance indicators and knowledge of the Loupe application. As a result, report configuration and subscription are described in the Loupe user guide.
SERVICE LEVEL AGREEMENT Service Level Agreement (SLA) groups a number of KPIs and their expected target values. In a nutshell, typically a KPI has a scalar value while SLA is combination of numerous KPI values and statistical rules that result in a higher-level view on the quality of the network. The ultimate goal is to bind together a contractual agreement and actual measurements, the expression of the desired or required level of the service and the proven real-life phenomena.
In the 7signal Sapphire system the boundary values can be set separately for each KPI contained in the SLA group. Each KPI defines a certain type of boundary value and percentage values for how many measurement samples may fall outside the defined boundary values without causing the service level agreement to be considered unfulfilled. The type of the KPI determines whether measurement samples with values over or under the boundary value are desired.
When the desired set of KPIs has been added to the SLA group the KPI boundary values can be set to match the service levels outlined in the actual Service Level Agreement contract. Creating an SLA group from a template Create the SLA group as follows: 1. Click on "Manage | SLA definitions" from the top menu bar 2. Right-click on "SLA templates" from the tree hierarchy 3. Right-click on the desired SLA template 4. Choose "Duplicate" from the pop-up menu.
3. Choose "Add SLA group" from pop-up menu. An SLA group editing dialog opens to the right. 4. Name the SLA group 5. Choose "KPI definitions" from the tree hierarchy. Available KPIs are opened into the tree. 6. Right-click on the desired KPI 7. Choose "Copy" from the pop-up menu 8. Click "Paste KPI" from the SLA group editing dialog 9. Choose the KPI in the SLA group editing dialog ("KPI definitions").
2. 3. 4. 5. Right-click on the link that you want to bind an SLA group to from the tree hierarchy Select "Edit" from the pop-up menu. A link editing dialog opens to the right Choose the desired SLA group from the drop-down menu Click "Save" Binding an SLA group to a link group Bind an SLA group to a link group as follows: 1. Click on "View | Network topology" from the top menu bar 2. Right-click on the link group that you want to bind an SLA group to from the tree hierarchy 3.
VIEWER SOFTWARE Test result information and other results can be transferred outside Carat in spreadsheet format and as raw or delimited text and pdfs. You can select the applications you want to use to process these files in Carat. 1. 2. 3. 4. 5.
EMAIL SERVERS When one configures an email server (icon ), one can send reports and alarms to email addresses. This setting is only for the SMTP server, the email account information is given in each of the features using the SMTP server. NOTE: there should be only one SMTP per user group. Solution Administrator has visibility to all SMTP servers but local Administrators and Configurators may add only one SMTP server. 1. 2. 3. 4. 5. 6.
DATABASE BACKUP It is possible to backup databases in 7signal Sapphire. Given a proper backup, the system state may be recovered completely in case of system crash. There are two remarkably different alternatives and an option not to backup the database. The default in 7signal Sapphire is no backup. While this option is known to be non-optimal for any production environment, it is chosen as default to force every organization to define their own backup policy.
provides one single and unique point-in-time to be restored later. Once the offline backup exists, the log files in the infinite archive directory become obsolete and may be removed. The other option comes with no warranty whatsoever. The option is to keep 7signal Sapphire running and to delete log files in the infinite archive directory.
- no precise and secure backup (system state) to return to by default backup process is completely manual backup process requires downtime Method strengths: - least planning - least resource consuming First degree of backup: offline backup Most importantly this method gives fully recoverable snapshots at the desired intervals.
requirement increases continuously. NOTE: use of backup systems require planning and administration i.e continuous effort from the administrator. This area is outside of 7signal scope, 7signal encourages clear planning on the issue. During installation there shall be various destination folders inquired by the install script. The folders are for logs, for bakcup files etc. As complex as online backup may sound, the setting of the online backup is easy.
a. measurement database b. management database c. security database 2. database logs 3. database backups Naturally the backups must be stored separately from the logs and the databases, otherwise the value of the backups reduces significantly. The databases and the related logs are expected to be accessible easily from the hosting server but it is encouraged to use separate physical file systems for these two.
NOTE: while issuing restore command when using online backup, it might be necessary for the system to retrieve files from the infinite archive directory when the restore command is issued. The access time is affected by the physical device. If the system cannot access the files, restore shall not happen. The most recent offline backup is the alternative point of recovery.
NAGIOS SUPPORT 7signal Sapphire supports Nagios, a commonplace open license tool for IT infrastructure monitoring. In this case Sapphire is the object of monitoring, not the monitor itself. Therefore we assume the general concepts and usage of Nagios to be well-known to the user. If this is not the case, one may start exploring the topic from the Nagios web pages (http://www.nagios.org).
service nagios restart Adding Nagios Plug-ins To Sapphire Software The prerequisite is that client-side tools of Nagios have been installed on the host running 7signal Sapphire software. The protocol being used is NRPE. There is no SSH support concurrently.
Removing Nagios plugins The installation directory contains uninstall_nagios.sh that removes Sapphire related plugin files. The NRPE daemon stays untouched and its configuration is cleaned only for Sapphire plugins thus NRPE and other Nagios operations remain untouched.
CONTACT INFORMATION Contact us at 7signal by mail: Panuntie 6 FI-00620 Helsinki, Finland by email: info@7signal.com by phone: +358 40 777 7611 (exchange) For handling of software defects, send email to: defect-report@7signal.com In case of other requests, send email to: support@7signal.