NPT User Guide On-Ramp Wireless Confidential and Proprietary. Restricted Distribution. This document is not to be used, disclosed, or distributed to anyone without express written consent from On-Ramp Wireless. The recipient of this document shall respect the security of this document and maintain the confidentiality of the information it contains.
On-Ramp Wireless Incorporated 10920 Via Frontera, Suite 200 San Diego, CA 92127 U.S.A. Copyright © 2011 On-Ramp Wireless Incorporated. All Rights Reserved. The information disclosed in this document is proprietary to On-Ramp Wireless Inc., and is not to be used or disclosed to unauthorized persons without the written consent of On-Ramp Wireless. The recipient of this document shall respect the security of this document and maintain the confidentiality of the information it contains.
Contents 1 Introduction ........................................................................................................... 1 2 Node Provisioning Tools ...................................................................................... 2 2.1 System Requirements ................................................................................................................ 2 2.2 Setup and Configuration ................................................................................................
NPT User Guide Contents Figures Figure 1. eNode on an eHost ........................................................................................................... 5 Figure 2. superHost without a Cover Showing 16 eNodes with Antennas ...................................... 6 Figure 3. Node Provisioning Architecture ........................................................................................ 9 Figure 4. eNode with Antenna Inserted onto an eHost ...............................................
Revision History Revision Release Date Change Description A May 17, 2011 Initial release. On-Ramp Wireless Confidential and Proprietary v 010-0060-00 Rev.
1 Introduction This document describes the setup, configuration, and use of a collection of utilities called Node Provisioning Tools (NPT) used for eNode provisioning. NOTE: The intended audience for this document is test engineers, product test engineers, and product test technicians. Complete provisioning of eNodes (sometimes referred to as nodes) involves three distinct utilities: 1. eNode Software Upgrade Utility (sw_upgrade.py) This utility is used for upgrading the eNode firmware. 2.
2 Node Provisioning Tools Node Provisioning Tools (NPT) are utilities that run on a client PC. The eNode Software Upgrade Utility (sw_upgrade.py) and the eNode Flash Configuration Utility (config_node.py) run on the NPT client without the need for any other server connectivity. These utilities simply require access to a serial port for eHost eNode configuration or Ethernet for superHost eNode configuration. The eNode Key Provisioning Utility (provision_node_keys.
NPT User Guide Node Provisioning Tools 2.2 Setup and Configuration Provisioning an eNode involves three basic steps which must be performed, in order, by three standalone utilities as follows: 1. Programming the eNode firmware image using the eNode Software Upgrade Utility (sw_upgrade.py) NOTE 1: For security reasons, when a new firmware image is programmed into the eNode flash by any means other than an OTA software download, any existing keys within the eNode are deleted.
3 eNode Software Upgrade Utility The eNode Software Upgrade Utility is a standalone Python script with the file name ‘sw_upgrade.py’ that can be used to upgrade the eNode firmware image through an eHost or superHost. NOTE: The use of eHost and superHost platforms for programming, configuring, and provisioning eNodes as described in this user guide are for informational and reference purposes only.
NPT User Guide eNode Software Upgrade Utility eHost eNode Antenna Figure 1. eNode on an eHost NOTE: In order to perform a firmware upgrade with the eNode Software Upgrade Utility, the eNode must have an existing firmware revision of 4.4.0 or later. If you have a firmware revision of 4.4.0 or earlier, contact On-Ramp Wireless at support@onrampwireless.com 3.
NPT User Guide eNode Software Upgrade Utility Additional usage syntax for the eNode Software Upgrade Utility can be obtained using the command: sw_upgrade.py --help The following figure shows a superHost and points out the numbering and positions of the eNodes. eNode eNode (node_0) (node_0) Antenna eNode eNode (node_15) (node_15) eNode eNode (node_7) (node_7) eNode eNode (node_8) (node_8) Figure 2.
4 eNode Flash Configuration Utility The eNode Flash Configuration Utility is a standalone Python script with the file name ‘config_node.py’ that programs the flash sector containing the eNode configuration parameters. The eNode Flash Configuration Utility reads the ‘node_config.txt’ text file which contains the desired parameter settings. Each parameter setting within the ‘node_config.
NPT User Guide eNode Flash Configuration Utility super_host_ip is the IP address of the superHost (filename is user-defined) node_idx is the index of the node being programmed on the superHost Additional usage syntax can be obtained using the command: config_node.py -–help On-Ramp Wireless Confidential and Proprietary 8 010-0060-00 Rev.
5 eNode Key Provisioning Utility The eNode Key Provisioning Utility (provision_node_keys.py) is the Node Provisioning Tool that retrieves the gateway key, the code download (CDLD) key, and the node-specific root key from the LKS through an SSL connection. It then programs the keys into the eNode through an eHost or superHost. Multiple NPT clients can be used simultaneously with a single LKS.
NPT User Guide eNode Key Provisioning Utility To setup and configure eNode key provisioning, follow the steps below. 1. In order for the NPT client to connect to the LKS through an SSL connection, an SSL certificate for the NPT client must be created, along with an RSA public/private key pair. A Certificate Authority (CA) must then sign the NPT client certificate.
NPT User Guide eNode Key Provisioning Utility NOTE 2: The J500 serial port on the superHost, by default, uses 115200 baud with character format 8N1, and no flow control. For more details about the eHost and superHost, refer to the following documents: superHost Product Specification eHost Product Specification 5.2 Starting the eNode Key Provisioning Utility on an eHost To start the eNode Key Provisioning Utility on an eHost, type a command similar to the following (all on one line).
NPT User Guide eNode Key Provisioning Utility Note that the batch number argument is initially treated as a string and converted to an integer value. String arguments starting with a ‘0’ (for example, 05082011) are interpreted as an octal value and string arguments starting with ‘0x’ (for example, 0x1238ef) are interpreted as a hexadecimal value. Batch Number Examples The following examples assume that the batch numbers are assigned in order by date from earliest to latest. Correct: 100, 101, 102, etc.
NPT User Guide eNode Key Provisioning Utility 5.3 Starting the eNode Key Provisioning Utility on a superHost To start the eNode Key Provisioning Utility on a superHost, type a command similar to the following (all on one line). Note that some filenames are user-defined. provision_node_keys.py -s -p -i -n -c -a -k -B Example: provision_node_keys.py -s 192.168.1.2 -p 4038 –i 192.168.2.
NPT User Guide eNode Key Provisioning Utility provision_node_keys.py -–help To provision one or more eNodes using either an eHost or superHost, use the following steps. CAUTION: It is important that the eNode not be inserted into or extracted from the eHost or superHost while the power is still on. This can cause physical damage to the eNode, eHost (or superHost), or both. 1. Verify that the eHost (or superHost) is powered off. 2. Insert an eNode into its mating connectors on an eHost or superHost.
NPT User Guide eNode Key Provisioning Utility See the following picture. Figure 5. superHost Showing eNodes Alternating 180 Degrees from Slot to Slot 3. Turn on the power for the eHost (or superHost). 4. Run the eNode Key Provisioning Utility as described above. If an error message such as “TRANSPORT: ack failed” is displayed, power cycle the eHost (or superHost) and try running the eNode Key Provisioning Utility again. 5.
Appendix A Python Installation for a Windowsbased Computer This procedure describes how to set up Python 2.6 on a computer running Windows 7 operating system. NOTE: For computers with the Windows 7 operating system, select ‘Run as administrator’ for installation executables. A.1 Installing Python and Python Scripts To install python and python scripts, complete the following steps: 1. Create a temporary folder (for example, py26) in the local directory. 2.
NPT User Guide On-Ramp Wireless Confidential and Proprietary Python Installation for a Windows-based Computer 17 010-0060-00 Rev.
NPT User Guide Python Installation for a Windows-based Computer NOTE: If there is an existing Python installation on the computer, remove it prior to installing the following files. Use the default installation parameters. 4. Double-click on wxPython2.8win-unicode-2.8.10.1-py26. 5. Click I accept the agreement, and click Next. On-Ramp Wireless Confidential and Proprietary 18 010-0060-00 Rev.
NPT User Guide Python Installation for a Windows-based Computer 6. Select the Destination Location in which to install the Python script, or Browse to the location where the Python script will be installed, and click Next. 7. Select the components to install, and click Next. On-Ramp Wireless Confidential and Proprietary 19 010-0060-00 Rev.
NPT User Guide Python Installation for a Windows-based Computer 8. Click Finish. A Python window displays indicating that the packages are being integrated. 9. Double-click on the pywin32-212.win32-py2.6 Windows-based installer package. 10. To install the files to the local Python 26 folder on the hard drive, follow the installation prompts. On-Ramp Wireless Confidential and Proprietary 20 010-0060-00 Rev.
NPT User Guide Python Installation for a Windows-based Computer 11. Double-click on the pyserial-2.5.win32.exe Windows-based installer package. On-Ramp Wireless Confidential and Proprietary 21 010-0060-00 Rev.
NPT User Guide Python Installation for a Windows-based Computer 12. To install the files to the local Python 26 folder on the hard drive, follow the installation prompts. 13. Double-click on the numpy-1.4.1-win32-superpack-python2.6 Windows-based installer package. On-Ramp Wireless Confidential and Proprietary 22 010-0060-00 Rev.
NPT User Guide Python Installation for a Windows-based Computer 14. To install the files to the local Python 26 folder on the hard drive, follow the installation prompts. On-Ramp Wireless Confidential and Proprietary 23 010-0060-00 Rev.
NPT User Guide Python Installation for a Windows-based Computer 15. Double-click on the matplotlib-0.98.5.3.win32-py2.6 Windows-based installer package. 16. To install the files to the local Python 26 folder on the hard drive, follow the installation prompts. On-Ramp Wireless Confidential and Proprietary 24 010-0060-00 Rev.
NPT User Guide Python Installation for a Windows-based Computer 17. Click Finish. 18. Double-click on the PyVISA-1.3.win32.exe Windows-based installer package. Follow all of the default installation instructions until complete. A.2 Identifying the Serial Port When used with an eHost, the utilities connect from the NPT client to the eHost through a serial cable. Complete the following steps to identify the serial port that will be used with these utilities: 1.
NPT User Guide Python Installation for a Windows-based Computer 4. Click OK. 5. In the Device Manager window, expand Ports. The USB to Serial Adapter is located in USB Serial Port (COM1). 6. Use the COM port identified above with the utilities. The COM port is typically specified with a –d option. For example, config_node.py -c node_config.txt -d COM1 On-Ramp Wireless Confidential and Proprietary 26 010-0060-00 Rev.
Appendix B Creating RSA Keys These instructions describe the steps necessary to create an RSA public/private key pair. RSA key pairs must be generated for secure communication between entities such as a Local Key Server or a Node Provisioning Tool client. These instructions are for Linux-based computers or Windows-based computers with a Cygwin environment. Note that RSA key generation does not need to be performed on the computer that will be using the keys.
Appendix C Creating SSL Certificates This appendix describes the steps necessary to create signed SSL Authentication Certificates. It is necessary to create a signed certificate for the Local Key Server (LKS) as well as for each client running the eNode Key Provisioning Utility. Note that certificate generation and signing does not need to be performed on the machine that will be using the signed certificate.
NPT User Guide Creating SSL Certificates NOTE: Be sure to use a different Common Name for the CA certificate than that used by any of the other certificates it signs. Common Name = Unlike the NPT certificate, the Common Name for the CA certificate does not need to be an actual IP address or fully qualified domain name of a particular computer. An arbitrary common name can be used for the CA certificate, such as ‘cert_authority’.
NPT User Guide Creating SSL Certificates Common Name = It is also important that this Common Name be different from that of the Certificate Authority. It is not necessary to enter anything for the last two prompts (that is, challenge password and optional company name).
Appendix D Abbreviations and Terms Abbreviation/Term Definition AP Access Point CA Certificate Authority CDLD Code Download CSR Certificate Signing Request DHCP Dynamic Host Configuration Protocol DOS Disk Operating System DNS Domain Name System eNode End point device. An eNode is commonly referred to as Node. KMS Key Manager Server LKS Local Key Server Node The generic term used interchangeably with eNode. NPT OTA Node Provisioning Tools.