7signal Sapphire Deployment Guide Release 3.0 7signal Ltd, Panuntie 6, FI-00620 HELSINKI, FINLAND, +358 40 777 7611, info@7signal.com, www.7signal.
Preface Document scope This document is aimed for people that shall manage and configure 7signal Sapphire quality tests on wlan networks. These administrators may select the target networks and stabilize the expected the radio environment. The test pattern configuration and 7signal Sapphire system administration are explained in this document. This document does not describe how the software is installed and how to handle the monitoring station. This is found in 7signal Sapphire Deployment Guide.
Preface ii Contact us at 7signal by mail: by email: by phone: report defects by email: any other request: Panuntie 6, FI-00620 Helsinki, Finland info@7signal.com +358 40 777 7611 (exchange) defect-report@7signal.com support@7signal.com 7signal Ltd, Panuntie 6, FI-00620 HELSINKI, FINLAND, +358 40 777 7611, info@7signal.com, www.7signal.com 7signal Sapphire Deployment Guide Release 3.
Table of Contents iii 1 7signal wqa solution ............................................................................................................. 1 1.1 Solution Overview ...................................................................................................... 2 1.2 Solution versions ........................................................................................................ 2 1.3 Hardware ....................................................................................
Table of Contents iv 8 Installing 7signal Sapphire software ....................................................................................21 8.1 Carat DBMS (Linux) ...................................................................................................21 8.2 Carat server (Linux) ...................................................................................................24 8.3 Loupe install (Linux) .....................................................................................
Table of Contents v 13.4 AP command group .................................................................................................45 13.5 Conn command group .............................................................................................45 13.6 Run command group ...............................................................................................46 13.7 Txp command group................................................................................................47 13.
1 7signal wqa solution 1 Welcome to 7signal Sapphire, providing you with a new way to continuously and automatically measure the health and quality of a wireless network from the user's perspective. A commonly used term here is wireless quality assurance, or WQA. Companies and their business processes are becoming increasingly dependent on the performance and service quality of their wireless networks.
1 7signal wqa solution 2 The 7signal Sapphire quality monitoring solution consists of a Sapphire Eye monitoring station, a Sonar test server, the feature-rich Sapphire Carat management software, and Sapphire Loupe for viewing and reporting on results. 1.2 Solution versions 7signal Sapphire Suite is the name given to a system that monitors the quality of a wireless broadband network as described in the Solution overview section, above.
1 7signal wqa solution 3 RF board with antenna beam selection capability and low noise amplifiers (noise figure ~1.5 dB) in receiver chain; Battery; Heating element; Other functional elements; Electrical compass; GPS receiver; o GPS receiver may be augmented with an external antenna that is not provided by 7signal; 7signal Ltd, Panuntie 6, FI-00620 HELSINKI, FINLAND, +358 40 777 7611, info@7signal.com, www.7signal.com 7signal Sapphire Deployment Guide Release 3.
2 Requirements 4 2.1 Carat-server requirements Carat server controls Eye units and collects measurement results to the database. Carat server software can be installed to dedicated server or virtual environment. The operating system is CentOS that is community version of Red Hat, the only difference are in graphics and similar items. Carat server has management connection to the Eye units and it can manage concurrently several Eyes in several locations.
3 WLAN authentication and encryption 5 7signal Sapphire solution supports several standard encryption and authentication methods for accessing wlan radio resources. The Supported methods are in the table below: WPA 1/2 PSK EAP - TLS EAP - PEAP EAP - FAST EAP - TTLS EAP - TTLS IEEE 802.
4 7signal Sapphire Connectivity 4.1 Logical connections Sapphire elements and their logical connections are in the picture below: • Eye – a wlan probe with both wlan interface (wlan client and analysis functions) and ethernet interface (management functions). • Sonar – Server software emulating various business services for testing purposes. Deployment method is two-fold as follows: 7signal Solution: the application is running in hosts chosen by the customer.
4 7signal Sapphire Connectivity 7 Conn ID 1 Description Data content Test management and typical test connection Test control message and pseudo-data 2 MOS test, uplink direction MOS test specific data 3 MOS test, downlink direction MOS test specific data 7signal Sapphire Deployment Guide Release 3.0 4.1.
4 7signal Sapphire Connectivity 8 ESSID – test parameter to connect to a particular wireless network. Wlan encryption – The encryption is “Wireless Network” related configuration in Carat. Network keys – pre-shared keys, certificates or similar - are stored in Eye file system by Carat application. To be observerd: the target wireless network may be configured to have MAC address preventions so the MAC address of wlan interface of the Eye unit must be white-listed as a network client.
4 7signal Sapphire Connectivity 9 Configurable in Eye deployment In this case the Eye acts as a server and Carat software is a client. Carat does not make any ssh connections, ssh is optional connection for human operators. 4.1.3 Carat server – Carat GUI connection Conn ID 1 Description Data content RMI service RMI service protocol Listening port(s) tcp/1099 Remarks Discovery service for conn #2. Typically not changed.
4 7signal Sapphire Connectivity 10 7signal Sapphire Deployment Guide Release 3.0 Conn ID 1 Description Data content RMI service. RMI service protocol Listening port(s) tcp/1099 Remarks Discovery service for conn #2. Typically not changed. 2 3 4 Loupe web-app connecting as a client to a Carat server. RMI calls tcp/47777 IBM DB2 database service for Loupe. JDBC traffic. Configurable in Carat GUI installer tcp/7722 JDBC traffic.
4 7signal Sapphire Connectivity 11 Conn ID 1 2 Description Data content Standard http connection. Standard http traffic for creating a https connection. Standard https connection for measurement requests and responses. Secure http. Report and chart requests and responses. Listening port(s) tcp/80 Configurable in Loupe installer. tcp/443 Remarks Redirects to https port of Loupe. Business connection for Loupe. Configurable in Loupe installer.
4 7signal Sapphire Connectivity Eye - Carat Eye server certificate and CA signature are in file called server.pem. The client counterpart is stored in the Carat server in file carat.keystore (while effectively it is a truststore). • Carat – Carat GUI and Carat - Loupe The server certificate resides in file called 7signal.keystore. The client counterpart resides in file named 7signal.truststore. Loupe resides in the same host and most probably in the same file system than Carat itself.
4 7signal Sapphire Connectivity Eye Wlan humans. wlan end-user would do, one operation per minute. as requested in the test parameters, constant traffic at the rate of 100 kBs/s. Responses to client. Typically pseudo-data that varies based on the test parameters. MOS test most probably contain significant amount of data. For example, the FTP download test transfers by default 2 megabytes of data that does not take long.
4 7signal Sapphire Connectivity 14 4.4.3 Carat server – Carat GUI client From To Medium Carat GUI GUI Carat Ethernet Ethernet Traffic motivator Human Responses to client. Volume estimate Very low. 300 kB/minute Major factor User activity, expected low. Spectrum Analysis and MOS test results may contain significant amount of data. Floorplan involves graphics. There is no continuous interaction, all activities are initiated by the user. The amount of traffic depends completely on user-decisions.
5 Installing 7signal Sapphire 15 5.1 Eye setup Every Eye unit is identical when purchased, like other wireless network elements like typical access points. Individual settings must be made to enable operation of numerous Eye units in the same production network. By default Eye units have IP address 192.168.0.1 with netmask 255.255.255.0. Ssh connectivity is provided for configuration purposes.
6 Installing Eye 16 Install Sapphire Eye in the most centralized location of the Wlan area. Eye can be installed on the ceiling, wall or mast.
6 Installing Eye 17 The Site Survey results are valuable for Eye location estimation. The Eye location is good if the Site Survey heat map shows >-80dBm signal level from all the access points. The Site Survey results are valuable for Eye location selection Verify the signal levels also from the far end access points 7signal Ltd, Panuntie 6, FI-00620 HELSINKI, FINLAND, +358 40 777 7611, info@7signal.com, www.7signal.com 7signal Sapphire Deployment Guide Release 3.0 6.
6 Installing Eye 18 7signal Sapphire Deployment Guide Release 3.0 The external antenna is useful in the environment where shafts or thick walls are attenuating radio too much. 7signal Ltd, Panuntie 6, FI-00620 HELSINKI, FINLAND, +358 40 777 7611, info@7signal.com, www.7signal.
7 Physical Install of 7signal Sapphire Eye 19 7.1 Roof Install On top of Eye unit there are three slots for screws. Insert screws (Pan Head Stainless Screw, DIN 7985 M5x12 ) on top of the Eye unit. For securing the screw use screwdriver on the bottom of the screw. The head of the screw is supposed to have few millimeters of space between the inserts on the unit top. There shall be one install plate (pictured right below) that is mounted on roof.
7 Physical Install of 7signal Sapphire Eye There are three elliptical holes in the wall-mount mechanics. Mount the Eye unit by pushing the screws on top of the unit through the wall-mount mechanics. From the top-side of the mechanics use the screws to attach the unit to the mechanics. 7.3 Pole Install In pole install the wall-mount is attached to any pole by using mechanics (A and B, picture below). Screw the part B on hook A in order to attach the wall-mount to the pole.
8 Installing 7signal Sapphire software 21 Install the following software from the 7signal Sapphire Installation CD. 8.1 Carat DBMS (Linux) Prerequisities The operating system installation may or may not have all the necessary information for DBMS installation.
8 Installing 7signal Sapphire software 22 The question above is asked if there is an effective 7signal Carat install on the host. Since release 2.0 this question should not be there on initial install as the DBMS is encouraged to be installed first. The script continues: DBMS directory : /opt/7signal/dbms DB2 installation package location : installer/db2exc_950_LNX_x86.tar.gz Target directory : /opt/ibm/db2 untarring DB2... Creating DB user..
8 Installing 7signal Sapphire software 23 The script continues: Do you want to create databases now [Y/n]? The script allows the databases not to be created. It is not supported to not to create the databases and the use of this option is recommended only for people who already know how to recreate the databases later. The script continues and the database creation takes several minutes: 7SIGNAL creating management database... 7SIGNAL creating measurement database...
8 Installing 7signal Sapphire software The script is now finished. The DB2 is now installed, up and running. One may continue to install next component. 8.2 Carat server (Linux) Copy the installer file from the delivery medium to for example /home directory. NOTE! Do not use /tmp directory. Step 1: Move to the directory where installer was copied and install Carat server by issuing a command: # ./7signal-Carat-x.x-x.x-installer.
8 Installing 7signal Sapphire software 25 The script continues: Encryption certificates from certificate package [Y/n]? Step 4: Install certificate container and its password The above mentioned package is not part of the standard delivery. The GUI certificate container and related password are in separate delivery medium in where the folder naming pinpoints the right location for this information.
8 Installing 7signal Sapphire software 26 The script is now finished. The Carat server is now installed but not up and running. Later the server is automatically started at boot time of the host. One may continue to install next component. 8.3 Loupe install (Linux) Copy 7signal-Loupe-installer from the delivery medium to for example /home directory. NOTE! Do not use /tmp directory. Step 1: Move to the directory where installer was copied and install Loupe server by issuing a command: # .
8 Installing 7signal Sapphire software 27 Step 4: ports for Loupe service As the host is expected to be dedicated for 7signal Sapphire, the default ports for http and https should work fine. However, the ports are freely configurable. The script continues: Extracting Loupe package ... Loupe requires two certificates to run properly. They are delivered separately.
8 Installing 7signal Sapphire software 28 The script continues: Starting 7signal Loupe server: 7signal Loupe server start complete 7signal Sapphire Loupe service service 7signalLoupe start (Shortcut: 7loupe s) service 7signalLoupe stop (Shortcut: 7loupe x) service 7signalLoupe restart (Shortcut: 7loupe r) service 7signalLoupe status (Shortcut: 7loupe status) commands: : Starts Loupe server : Stops Loupe server : Restarts Loupe server : Shows if the server is running or not To learn more about the 7loup
8 Installing 7signal Sapphire software A double-click on the icon launches the following panel: Step 2: Accept the License Agreement The distribution medium contains 7signal Sapphire Customer Terms document in the Documents folder. Step 3: Choose the components 7signal Ltd, Panuntie 6, FI-00620 HELSINKI, FINLAND, +358 40 777 7611, info@7signal.com, www.7signal.com 7signal Sapphire Deployment Guide Release 3.
8 Installing 7signal Sapphire software 30 The client install should not be selected. This is not a true Sapphire client software but various scripts for testing purposes. Step 4: Choose the location for installation 7signal Ltd, Panuntie 6, FI-00620 HELSINKI, FINLAND, +358 40 777 7611, info@7signal.com, www.7signal.com 7signal Sapphire Deployment Guide Release 3.0 This is informative step only: it is mandatory to select both JRE and the Sonar server itself.
8 Installing 7signal Sapphire software 31 Step 5: Sonar Server configuration One should see the connectivity section above if one needs or wants to change the defaults for the communication and networking settings. 7signal Ltd, Panuntie 6, FI-00620 HELSINKI, FINLAND, +358 40 777 7611, info@7signal.com, www.7signal.com 7signal Sapphire Deployment Guide Release 3.
8 Installing 7signal Sapphire software 32 There is no expected user-interaction in this step. During JRE install one should be ready to wait a few moments as the JRE package execution takes some time with no obvious output or other indicator of progress. Step 6: Finish the installation Finish the installation. An icon for launching the Carat GUI client should be available on the chosen start-folder. 8.
8 Installing 7signal Sapphire software Step 1: Move to the directory where installer was copied and install Loupe server by issuing a command: # ./7signal-Carat-Client-x.x-installer.bin You should see output similar to following: Extracting installer, please wait ... Launching installer. Step 2: the destination folder Enter location to which 7signal Sapphire Carat client will be installed [/opt/7signal]: One should enter the path for the desired destination folder.
8 Installing 7signal Sapphire software 34 The script continues: Validating archive.. Archive valid. Extracting files.. Extracting passwords.. Finished. The GUI client may be started from the install directory with the script named run_client.sh but there is no desktop icon because of lack of generic support for desktop icons in linux distributions. 8.
8 Installing 7signal Sapphire software 35 7signal Sapphire Deployment Guide Release 3.0 The distribution medium contains 7signal Sapphire Customer Terms document in the Documents folder. 7signal Ltd, Panuntie 6, FI-00620 HELSINKI, FINLAND, +358 40 777 7611, info@7signal.com, www.7signal.
8 Installing 7signal Sapphire software 36 Step 4: Select your 7signal.truststore file and type your truststore password The PKI encryption infrastructure requires Carat client to provide a certificate. The certificate is stored in a truststore file that is typical for Java SE programs. The truststore file and the password are delivered to all customers with the product package. 7signal Ltd, Panuntie 6, FI-00620 HELSINKI, FINLAND, +358 40 777 7611, info@7signal.com, www.7signal.
8 Installing 7signal Sapphire software There is no expected user-interaction in this step. Step 6: Finish the installation Finish the installation. An icon for launching the Carat GUI client should be available on the desktop. 7signal Ltd, Panuntie 6, FI-00620 HELSINKI, FINLAND, +358 40 777 7611, info@7signal.com, www.7signal.com 7signal Sapphire Deployment Guide Release 3.
9 Upgrading Sapphire 38 Every official software delivery from 7signal contains Release Notes. It is always advisable to read the Release Notes for the latest information on the software. However, upgrade instructions seem to vary per releases in such proportion that it is justified to deliver upgrade instructions separately from the software package. This piece of information is provided by 7signal Services and Operations.
10 Log Settings 39 All 7signal Sapphire elements have logging capability. 10.1 Carat server log The log file - server.log - is located in /opt/7signal/Carat/7signal. The directory contains older log files as well named server.log.* where by default the asterisk (*) is in range of 1..5. Altogether, there is one active log file named server.log and five files for circulating the files. The oldest logs do get overwritten.
10 Log Settings 40 # logread -f Without any arguments the command shows 100 most recent lines of log and returns immediately: # logread The log can be set to a file instead of the ring-buffer with 7config log – command that has a built-in help. NOTE! If one moves away from the circular logging, one must maintain the file system and log size manually. The following command shows the log level and log target information: # 7config log show 10.
11 Sapphire Process Management 11.1 Carat Carat is a service in Linux systems. However, the Carat process is supposed to be used by 7signal tool called 7carat: # 7carat o o o o start stop restart status 11.2 Loupe Loupe is a service in Linux systems. However, the Loupe process is supposed to be used by 7signal tool called 7loupe: # 7loupe o o o o start stop restart status 11.3 Sonar Sonar is a service in Linux systems.
12 Troubleshoot 42 By this far one should have all the processes started and running 12.1 GUI client cannot connect to Carat server 1. Check that username and password are correct in the GUI 2. Check that Carat server is running a. run 7carat status b. read the Carat server log c. if necessary, issue command 7carat start and go to b) 3. Check that GUI port 47777 (default) is open in the firewall of the GUI host 4. Check that RMI port 1099 (default) is open in the firewall of the GUI host 5.
12 Troubleshoot 4. 5. 6. 7. 8. Check the process at the host with the command a. service 7signalSonar status b. Remotely one can telnet i. Sonar opens the connection and closes it after 1 second of idle time Check Sonar log for error messages Check that Sonar ports are open in the firewall(s) Check that the wlan encryption key has correct definition Check that the key is bound to the managed network Check connectivity options and requirements for Eye and Sonar 12.
13 Command-line tool for Eye 44 13.1 Overview 7config is a command line utility for configuring various things in Eye unit. Commands are divided into thematic command groups so that each group contains one or more commands. A command may also have an argument and a value. Currently supported command groups are the following: ip: IP address management. keys: Key storage management. ap: Access point configuration storage management. conn: Connection management. run: Software run-state management.
13 Command-line tool for Eye 45 'backup' command arguments: create Create backup from existing IP configuration. restore Restore IP configuration from backup.
13 Command-line tool for Eye [VALUE] 'cert' command arguments: set Set management connection encryption certificate file. VALUE = Certificate file name. File must reside in /nand/etc/certificates directory. show Show current encryption certificate file name. 'pwd' command arguments set Set encryption certificate password.
13 Command-line tool for Eye 47 This command group contains commands for showing and setting of TX power related parameters. Currently supported operations are showing of TX power settings, setting default TX power, setting gain of an external antenna and setting cable loss of the external antenna. 7config txp [ARG] [VALUE] 'show' command arguments: default Show default TX power. ext Show configured gain of external antenna. cable Show configured cable loss of external antenna.
13 Command-line tool for Eye Log levels are the following: CRIT - Critical messages ERROR - Error messages WARN - Warning messages. INFO - Informational messages. DEBUG - Debug messages. Log levels are cumulative, i.e. the level CRIT logs only critical messages, WARN logs all levels including CRITICAL, ERROR and WARN messages. DEBUG logs all possible messages. Log command group arguments: 'show' Show log configuration. 'set' command arguments: level Set log level.
14 Command-line tooL for database management 49 7db command is a tool for Carat database. It supports limited data retrieval, general management and database backup administrator for both immediate and automatic backups. It is recommended that database backups should be taken regularly.
14 Command-line tooL for database management Creates instant and automatic database backups. NOTE: the backup policy should be well-planned. Please see the 7signal Sapphire User Guide for further discussion on backup and the options available. Backup commands: show Show automatic backup configuration remove Remove automatic backup configuration set Configure automatic backup o daily o weekly = Mon, Tue, Wed, etc.
14 Command-line tooL for database management 14.4 Show command group Shows the status and configuration of the database Show commands: tabstatus Show the status of the tables. o all o conf Show configuration of the database. Examples Show status of the tables in the MEAS7 and MGMT7 databases # 7db show tabstatus all Show status of the tables in the SECUR7 database # 7db show tabstatus secur7 Show status of the CARAT7.
14 Command-line tooL for database management # 7db reinit all Re-initialize the MEAS7 database # 7db reinit meas7 Re-initialize CARAT7.ap_ftp_qos_test table in the MEAS7 database # 7db reinit meas7 ap_ftp_qos_test 7signal Ltd, Panuntie 6, FI-00620 HELSINKI, FINLAND, +358 40 777 7611, info@7signal.com, www.7signal.com 7signal Sapphire Deployment Guide Release 3.