Professional Documents
Culture Documents
ProVision Rel 7.15.0 Install & Admin Guide 2022-DeC
ProVision Rel 7.15.0 Install & Admin Guide 2022-DeC
ProVision Rel 7.15.0 Install & Admin Guide 2022-DeC
Version: 7.16.1
614-330053-001
GA Release
Copyright & Terms of Use
Trademarks
All trademarks are the property of their respective owners.
Graphic Cues
The following items have graphic cues to identify important supporting information.
Caution: A caution item identifies important information pertaining to actions that may cause
damage to equipment, loss of data, or corruption of files.
Warning: A warning item identifies a serious physical danger or major possible problem.
Font Changes
Bold font style is used for the names of on-screen elements such as; fields, buttons, and drop-down
selection lists, keywords, commands and for keys on the keyboard.
Courier font in blue text is used to indicate commands that the user needs to type in, with the
command prompt shown as brown text.
AOS# show radio-carrier Carrier1/1
Any responses or report output from a command is shown as brown text and indented.
radio-carrier Carrier1/1
status oper-status up
Red text highlights an action, which could be, for example:
• following a menu path
• selecting an option
• clicking a button
• clicking an icon
• pressing a keyboard key.
Common Terminology
Click or Select: Point the mouse pointer at the item you want to select, then quickly press, and
release the left mouse button.
Right-Click: Point the mouse pointer at the item you want to select, then quickly press and release
the right mouse button.
Contents
Copyright & Terms of Use ...............................................................................................................iii
Aviat Networks Technical Support .................................................................................................. v
Conventions and Terminology ....................................................................................................... vi
Contents .........................................................................................................................................vii
Chapter 1. Administrator Introduction ....................................................................................... 13
Intended Audience ........................................................................................................................ 13
Additional Resources .................................................................................................................... 14
About ProVision ............................................................................................................................. 14
Chapter 2. System Description ................................................................................................... 15
ProVision Architecture ................................................................................................................... 15
ProVision Deployment Options ..................................................................................................... 16
Single Server/Client deployment .............................................................................................. 16
LAN client deployment.............................................................................................................. 17
WAN client deployment ............................................................................................................ 17
Standby server deployment...................................................................................................... 18
Network Communication Ports and Firewalls ............................................................................... 21
Device support .......................................................................................................................... 21
Communication frequencies with network devices .................................................................. 22
Network communication ports for firewalls .............................................................................. 23
Network Management Concepts................................................................................................... 28
Network management and SNMP............................................................................................ 28
Managers, Agents, and MIBs ................................................................................................... 28
Internet and Enterprise-specific MIBS ..................................................................................... 30
Managing Proprietary Protocol Aviat Devices ......................................................................... 30
SNMP traps and managed devices.......................................................................................... 31
Chapter 3. Installing ProVision ................................................................................................... 33
Installation Process Overview ....................................................................................................... 33
Installation Prerequisites ............................................................................................................... 34
Platform requirements .............................................................................................................. 34
FarScan Virtual Machine requirements .................................................................................... 38
Virtual Machine support ............................................................................................................ 38
Device Counts: Server loading value ....................................................................................... 39
ProVision installation files ......................................................................................................... 41
RMI Interface for installation..................................................................................................... 42
Pre-Installation Tasks .................................................................................................................... 43
Setting up computer equipment, user rights, and IPv6 requirements ..................................... 43
Disabling other SNMP trap services ........................................................................................ 44
Exclude scanning MySQL temporary directory ........................................................................ 44
Disabling the PC power saving setting .................................................................................... 44
ProVision commands................................................................................................................ 44
Installing and Uninstalling ProVision ............................................................................................. 45
Installing ProVision ................................................................................................................... 45
Uninstalling ProVision............................................................................................................... 46
Installing the ProVision Windows Server ................................................................................. 46
Enabling/Disabling SFTP server .............................................................................................. 50
Updating private key ................................................................................................................. 51
Installing the ProVision Client................................................................................................... 52
Aviat Networks March 2023 vii
Contents
DCN Bandwidth and Latency for the Redundancy Controller .................................................... 170
DCN requirements .................................................................................................................. 170
Normal Operation of Redundancy Controller ............................................................................. 171
Logging in to the Redundancy Controller............................................................................... 171
Redundancy Controller status ................................................................................................ 172
Redundancy Controller configuration ..................................................................................... 175
Redundancy Controller security ............................................................................................. 177
Troubleshooting the Redundancy Controller ......................................................................... 179
Using Both the Redundancy Controller and the Standby Server ............................................... 183
Requirements ......................................................................................................................... 183
Chapter 11. Generic Device Management .............................................................................. 185
Managing Generic Devices and Packages ................................................................................. 185
About Generic Device Support (GDS) ................................................................................... 185
About GDS packages ............................................................................................................. 186
Recommendations.................................................................................................................. 186
Limitations ............................................................................................................................... 186
Adding a New Package ............................................................................................................... 187
Re-assigning a Package to a Generic Device ............................................................................ 188
Editing Package Information and Events .................................................................................... 189
Import and export package data (XML files) .......................................................................... 190
Loading a generic device service package ............................................................................ 191
Renaming a package.............................................................................................................. 193
Entering a description for a package...................................................................................... 194
Setting trap mapping to identify package events ................................................................... 195
Managing imported MIBs ....................................................................................................... 205
Importing trap mapping from a MIB file .................................................................................. 207
Importing trap mapping from a CSV file ................................................................................. 208
Setting matching rules for trap mapping ................................................................................ 209
Severity resync functions ....................................................................................................... 214
Configuring generic device resynchronization alarms ........................................................... 214
Creating custom events for packages .................................................................................... 215
Customizing maximum capacity and RF bins ........................................................................ 219
Launching Generic Device Windows Applications from ProVision ............................................ 221
Procedure to add new generic device tool ............................................................................. 221
Craft tool connection commands............................................................................................ 222
Chapter 12. Northbound Interface ........................................................................................... 223
Introduction to the Northbound Interface .................................................................................... 223
NBI and ProVision .................................................................................................................. 224
Accessing files via SFTP/FTP ................................................................................................ 224
NBI Event Management .............................................................................................................. 225
Introduction ............................................................................................................................. 225
Setting up an Event NBI ......................................................................................................... 227
Deploying an Event NBI ......................................................................................................... 227
Testing an Event NBI configuration........................................................................................ 233
Saving, printing, and viewing an Event NBI configuration report .......................................... 235
Editing an Event NBI configuration ........................................................................................ 238
Enabling/Disabling an Event NBI ........................................................................................... 239
Resynchronize an Event NBI ................................................................................................. 239
Remote resynchronize............................................................................................................ 240
Aviat Networks March 2023 xi
Contents
Intended Audience
The information in this guide is designed for the following roles:
Additional Resources
The ProVision User Guide (PN 614-330055-001) describes the features and uses of the network
management system. It provides instructions about using to create and maintain a graphical
representation of your network.
This guide also describes how to start and exit user sessions, how to monitor and manage device
status, performance, and event reporting, how to configure devices, and how to generate supporting
reports and graphs.
About ProVision
ProVision is a network management tool developed by Aviat Networks. It provides management
solutions to the SNMP and proprietary protocol products running on your network.
ProVision builds on our expertise, experience, and user feedback to provide significant advances in
functionality and ease of use. ProVision delivers an advanced, flexible, software solution for
managing the devices running on your network.
The ProVision network management base can be used with many third party products and
proprietary operational support systems. It is easily extensible through a variety of standards-based
and proprietary management protocols.
In this chapter
ProVision Architecture ................................................................................................. 15
ProVision Deployment Options ................................................................................... 16
Network Communication Ports and Firewalls .............................................................. 21
Network Management Concepts ................................................................................. 28
ProVision Architecture
ProVision provides a network management solution based on SNMP (Simple Network Management
Protocol), a widely accepted standard for performing network management functions. It does this by
layering one or more Element Manager applications on the foundation system.
ProVision's underlying network management platform is based on an open system architecture.
This enables users to extend network manageability by adding their own applications to the
platform. The resulting application suite delivers a seamless software solution that unifies network
element management across the platform. Users can easily move from viewing an alarm on the
network, to viewing a status screen for the alarmed object, to viewing a performance summary for
the same object.
Figure 1: ProVision Architecture Overview
The WAN clients are set up by installing a Windows Terminal Server (WTS) or an equivalent remote
client solution such as Citrix Presentation Server.
More than one WAN client can access the WAN client server, however, since only one version of
the ProVision client is used, all ProVision logging from the multiple WAN clients are logged onto a
single file.
This figure is an overview of the server with both LAN clients and WAN clients deployed.
Figure 4: Server with LAN Clients and WAN Clients Deployed
Device support
A basic Element Manager supporting SNMP devices provides simple presence polling to an MIB
object enabling communication with the devices.
Note: Some devices have different polling frequencies for different areas, such as configuration,
link discovery, and plug-in structures.
Table 1: ProVision Network Device Communication Frequencies
Device type Presence polling Event traps frequency Event polling Trap initiated
frequency frequency polling frequency
Accedian 2 min 2 min
ADR 2 min When an event occurs
Altium MX/ 2+0 2 min When an event occurs
Aurora 5 min When an event occurs
CAU 2 min When an even occurs
Cisco Plug-in: 60 mins
Config: 12 hours
Constellation 2 min When an event occurs
Coriant Plug-in: 60 mins
Config: 12 hours
CTR 8500/ 8300 2 min 5 min Based on receiving
Config: 12 hours syslog message
Links: 6 hours
CTR 8740 2 min When an event occurs 2 min
DART 5 min When an event occurs
DVA 2 min When an event occurs
DVM45 5 min When an event occurs
DVM-XT 5 min When an event occurs
DXR 100 2 min 2 min
DXR 200 2 min* 2 min
DXR 700/ SMA DXR 2 min 2 min
E-Band E-Link 2 min 2 min
E-Link 1000 EXR, LR 2 min When an event occurs
Eclipse Node INU/INUe 2 min 2 min As configured
Eclipse Terminal (IDU) 2 min 2 min As configured
Generic 2 min When an event occurs
Intracom StreetNode 2 min 2 min As configured
Links: 60 minutes
LE3000, LE3200 2 min When an event occurs
MegaStar 2 min When an event occurs
Memotec CX-U 2 min When an event occurs
MicroStar I, II, III 2 min When an event occurs
SAGEM 5 min When an event occurs
SPECTRUM 2 SNMP 2 min When an event occurs
Device type Presence polling Event traps frequency Event polling Trap initiated
frequency frequency polling frequency
SmartCore 2 min When an event occurs
Symmetricom 2 min 2 min
TNet Proxy 5 min*
TRuepoint 2 min When an event occurs
Velox 2 min When an event occurs
WL1000, RW2000 2 min When an event occurs
WSG ASN Controller 2 min When an event occurs
WTM 3100 Config: 12 hours When an event occurs 2 min
WTM 3200 Config: 12 hours When an event occurs 2 min
Links: 60 minutes
WTM 3300 Config: 12 hours When an event occurs 2 min
Links: 60 minutes
Plug-in: 12 hours
WTM 4100 Config: 12 hours When an event occurs 2 min
Links: 60 minutes
WTM 4200 Config: 12 hours When an event occurs 2 min
Links: 60 minutes
WTM 4500 Config: 12 hours When an event occurs 2 min
Links: 60 minutes
WTM 4800 Config: 12 hours When an event occurs 2 min
Links: 60 minutes
WTM 5800 2 min When an event occurs 2 min
Links: 60 minutes
WTM 6000 Config: 12 hours When an event occurs 60 minutes
Plug-in: 12 hours
Integrity: 60 mins
XP4 248x / E3 5 min When an event occurs
* Requires a double failure before transition into loss coms, so has an effective presence poll of 10
minutes.
Note: SFTP is enabled by default but FTP can be enabled instead. See Enabling/Disabling
SFTP Server (on page 50).
Note: If any port 5555 needs to be changed, see section Changing SFTP/FTP Server Port (on
page 75).
Warning: If any ports are changed on a Primary Server, you must also change the ports on the
connected Backup Server to match them.
Warning: Java runtime chooses many of the ports will use, based on availability. For some
processes, and because of variability in port selection, ports should not be blocked or firewalled.
Configurable ports are noted in the following tables.
Warning: The Redundancy Controller requires a set of certificates to support the secure the
MySQL database communications between the active and dormant ProVision servers. A script is
provided to generate a set of self-signed certificates which is in the root of the Redundancy
Controller installation. See section Installing and Uninstalling the ProVision Redundancy
Controller (on page 59) for details.
The ProVision client can be run on a remote PC inside a Citrix session (or Remote Desktop client
session). This allows you to implement a firewall between the remote PC and the ProVision system.
Only one port needs to be opened in the firewall. To do this, the ProVision Client must be installed
on a Citrix server (or Terminal services server) that is connected to the ProVision server without
using a firewall. If you have further requirements, please contact Aviat Networks for support.
To network elements
Table 2: To Network Elements
HTTP TCP 8080 NE Software upload for CTR 8540 and CTR
8300
Software upload and Configuration
restore for CTR 8540 and CTR 8300
and other devices
HTTPS TCP 443 NE Software upload and Configuration
restore for CTR 8540 and CTR 8300
and other devices
To Client
Table 4: To Client
To IT
Table 6: To IT
Manager-Agent model
SNMP treats a network as a collection of cooperative, communicating entities consisting of
management systems and agent systems (or managed devices).
A management system, or manager, is the host system running the network management
application and supporting the Simple Network Management Protocol. A manager can solicit and
interpret data about agent systems and network traffic. It can also trigger status and configuration
changes on a managed device. A manager performs these tasks by making requests to the agent
running on the device.
An agent system is the software interface to a managed device, such as a microwave radio. Like a
manager, an agent may actually be one of many processes running on a workstation. Or it might be
implemented in the non-volatile memory of the device itself. An agent is usually a passive entity. It
responds to manager requests and supplies and changes the values of local variables as needed.
An agent can also send unsolicited messages (called traps) to alert the manager of changes on the
managed device.
Managers and agents communicate, or interact, through SNMP. For devices that use protocols
other than SNMP to communicate on a network, a proxy agent, which speaks both languages, is
used as an intermediary. When proprietary protocol Aviat Networks devices exist on an
SNMP-managed network, the Proxy application, developed by Aviat Networks, provides translation
and other services on behalf of these devices. Proxy Agents monitor and control private protocol
Aviat Networks devices at a peer level with SNMP-protocol devices.
Manager and agent communication
Normally, a manager requests information from an agent. In addition, an agent can send messages
to the manager about the current status of a managed device or about its own status. This table
identifies the SNMP requests used to perform basic SNMP operations.
Table 9: SNMP Request Descriptions
MIB organization
Internet-standard MIBs reflect a hierarchical organization of MIB objects arranged in a tree-like
structure. Each branch in the tree has a unique name and numeric identifier. Intermediate branches
of the tree serve to group related MIB objects together. The leaves of the tree represent the MIB
objects, or actual device data. Branches, or nodes, are similar to directories in a file system in that
they do not contain data in the normal sense. They contain other directories and files. Leaves are
similar to a file in that they contain data that relates to a particular aspect of a device on the
network.
MIB naming conventions
MIB objects are identified, or named, by their place in the overall tree structure. A full object
identifier (OID) consists of the identifier of each branch along the path through the tree hierarchy,
from the top of the tree down to the leaf. The OID is conventionally expressed in dot notation
format, with a period (.) separating each level in the path from the top of the MIB hierarchy down to
the specific MIB object. Each branch and leaf have both a numeric name and an ASCII name, with
the numeric name frequently used for ease of reference. This figure shows two different ways of
naming the same MIB object.
Figure 9: MIB Object Identifier
Private-protocol Aviat Networks devices use the proprietary TNet protocol for network
communication. TNet protocol and SNMP differ significantly in terms of data structure, access
method, and protocol packet content. The Proxy Agent mediates these differences, performing
information preparation and exchange functions on behalf of TNet devices operating in an SNMP.
More about protocol mediation and the Proxy
Using the protocol semantics and polling algorithms, the Proxy Agent converts SNMP requests from
the manager to the proprietary protocols required by TNet devices. The Proxy Agent constructs,
parses, and analyzes each request and resultant response according to the supported protocol
specification, then relays all responses back to the manager using SNMP.
The Proxy Agent polls managed TNet devices for alarm information and creates a set of MIB
objects for each device. The Proxy Agent also interprets the event data sent to it by managed TNet
devices, reformats this data as SNMP traps (notifications), and forwards the traps on to the
manager. The Proxy Agent does not run on the managed TNet device itself, but acts as an
intermediary between the network manager and the device as shown below.
Figure 10: Proxy Agents' Role in Protocol Conversion
Note: This chapter focuses on the requirements and instructions for a new, or “clean”, installation
of ProVision. To upgrade an existing installation, see chapter Upgrading ProVision (on page
65).
Warning: ProVision client communication with ProVision server will not work when using a NAT
connection between client and server. All communication between ProVision client and ProVision
server must be through directly routed connection for communication to work correctly. A WAN
Client server solution, that is on the same network as the ProVision server, can also be used.
In this chapter
Installation Process Overview ..................................................................................... 33
Installation Prerequisites ............................................................................................. 34
Pre-Installation Tasks .................................................................................................. 43
Installing and Uninstalling ProVision ........................................................................... 45
Standby Server Installation and Maintenance ............................................................. 58
Installing and Uninstalling the ProVision Redundancy Controller ................................ 59
Step Action
1 Perform Pre-Installation Tasks.
Determine if the software and other equipment were supplied by Aviat Networks.
• No - verify that the equipment and OS software supplied meets the requirements. Check
the amount of ethernet cards in the PCs where server software will be installed: if they
have more than one ethernet card apiece, see section RMI Interface for installation
(on page 42).
• Yes - Unpack and check the supplied equipment.
2 Set up the ProVision computers.
• Ensure that the installer has Administration rights for the computers
• License Microsoft OS SW
• Edit regional settings
• Change PC power saving setting
• Configure Tracker Box if required
• Locate standby servers if required
• Set up any ProVision Client users with Modify rights on the computer’s ProVision
directory
3 Install ProVision software.
• Install ProVision Server software
• Install Portal software
• Install ProVision Client software
4 Install and configure any standby servers for ProVision.
5 Proceed to the setup of ProVision: licensing, system detail entry, and managing.
Installation Prerequisites
This section covers the prerequisites required for installing ProVision.
Platform requirements ................................................................................................. 34
FarScan Virtual Machine requirements ....................................................................... 38
Virtual Machine support............................................................................................... 38
Device Counts: Server loading value .......................................................................... 39
ProVision installation files............................................................................................ 41
RMI Interface for installation ........................................................................................ 42
Platform requirements
This section covers the installation platform requirements.
Java supported ............................................................................................................ 34
Anti-virus software ....................................................................................................... 34
Operating Systems supported ..................................................................................... 35
Server and LAN Client specifications .......................................................................... 36
WAN Client Server and WAN Client specifications ..................................................... 37
Java supported
The following version of the Java platform is incorporated into ProVision:
Table 10: Java Version Used by ProVision
Anti-virus software
Compatibility testing has been successfully performed with Microsoft Defender Antivirus software.
Aviat does not perform compatibility testing with other anti-virus software such as Symantec,
McAfee, Kaspersky, or AVG, as the risk of finding compatibility issues is low.
Note: Limitation: ProVision Server is not supported when installed in Program Files directory.
Note: When additional features are added to the ProVision product, the RAM requirements may
increase for the node counts specified above.
Note: Executing a ProVision client session on the server reduces the stability of the server. It is
recommended that client sessions are not executed on large server deployments.
WAN Client Server and WAN Client specifications
Where access to client functionality is required over a WAN (Wide Area Network) connection to the
Server, a WAN (or thin) Client solution needs to be deployed. Client session counts refer to the
number of simultaneous client sessions to be executed on a single WAN Client Server machine.
Table 14: Minimum WAN Client Server and WAN Client Hardware Requirements
Note: Citrix Presentation Server can be used to provide a WAN Client Server solution.
Note: The WAN Client Server solution must be operated on a stand-alone machine. It cannot be
operated on the same machine as the ProVision server.
Aviat Networks March 2023 37
Installing ProVision
Note: When additional features are added to the ProVision product, the RAM requirements may
increase for the node counts specified above.
Redundancy and Standby Servers with Virtual Machine installations
Redundant and standby servers for ProVision can be installed on virtual hosts. For these
installations, administrators must ensure that:
• Redundant or standby servers are installed on different virtual machines/hosts than the
primary installation.
• Redundant or standby servers match the minimum virtual machine requirements.
• If both redundant and standby servers are used, these must also be installed on different
virtual machines/hosts.
For more information, see Redundant Server Deployments (on page 157).
Note: The Megastar value is per SPU. Where a MegaStar radio consists of multiple SPUs, this
will produce a higher landing value.
Note: Eclipse help and Eclipse Portal help can be installed by installing Eclipse software from
Eclipse Setup CD or separately installing Eclipse software. This help is also used by Eclipse
Portal launched from ProVision client.
Licensing, database and node support
Licensing requirements
ProVision does not run without a valid product license. It requires either a temporary evaluation
license or a permanent license.
Using a trial evaluation license
A trial evaluation license can be requested from PV-Licensing@aviatnet.com , or by completing
the License_Request_Form.txt in the ProVision release media (see the Documentation directory).
When the evaluation period is complete, to continue to use the software, you have to obtain and
install a permanent license or request another evaluation license.
A ProVision evaluation license is valid for a specified number of days. When the expiry date is
reached, the license key is no longer valid, all ProVision client sessions are stopped. The ProVision
server, however, remains running. The client sessions can be started only when a valid license file
has been copied into the ProVision server directory.
Using a permanent license
A permanent license has no expiry date and is the standard product licensing medium. For
instructions about requesting a permanent license, refer to Licensing ProVision (on page 67).
Database support
ProVision supports the MySQL database, version 5.1.69 and PostgreSQL database, version 9.4.4.
Nodes supported
Where support for a node loading value greater than 6,000 nodes is required, please contact Aviat
Networks for additional information.
Note: The Server IP address supplied must be "static", because the license is based on the IP
address and the IP address is verified each time the server starts up.
Note: This process is not required when the server only has one Ethernet interface.
You must configure the server PC to bind the ProVision Client services onto the network that
interfaces with the internal LAN; Client connections are made from this network. To do this, use the
following procedure.
Standard procedure
Step Action
1 Ensure that you have administration privileges in the PC's operating system.
2 Obtain the required network interface IP address for your Client interface.
3 Log in to the server PC. Stop the server (see ProVision Commands (on page 44)).
4 Open your Server Configuration file located at:
ProVisionServer\tomcat\webapps\ROOT\pv\templates\server_configuration.xml
5 Using a text editor, edit the server_configuration.xml file. If the Client interface is on, for
example, network interface 192.168.1.2 then add this line immediately after the line
<server_configuration>:
<client_interface>192.168.1.2</client_interface>
OR
Alternatively if the client interface address is IPv6, add the value:
<client_interface>a:b:c:d:e:f:g:h</client_interface>
6 Save the file.
7 Restart the server.
Note: This process is not required when the client only has one Ethernet interface.
Step Action
1 Ensure that you have administration privileges in the PC's operating system.
2 Obtain the required network interface IP address for your ProVision Client interface.
Step Action
3 Log into the ProVision server PC.
4 Disable unused network interfaces on the client. If only one network interface remains, no
further action is required.
5 Add the client hostname and IP address to the client hosts file located in the
Windows\System32\drivers\etc directory.
6 If the client is slow after making this change then edit the file startupClient.bat file in the
ProVisionClient directory as follows:
• At the line beginning with start, add: -
Djava.rmi.server.hostname=`client ip address'
• For example, where 1.2.3.4 is the IP address of the client network interface facing
ProVision server:
start jre\bin\javaw.exe -cp %_LIBJARS% -XX:+DisableExplicitGC -D/.java2d.d3d=false
-Djava.rmi.server.hostname=1.2.3.4 -Xms512m -Xmx1024m
pv.client.framework.ApplicationView
7 Save the file.
8 Start the client session.
Pre-Installation Tasks
Before a new installation of ProVision, the following tasks must be done.
It is also useful to review the ProVision commands (on page 44).
This section covers the following topics.
Setting up computer equipment, user rights, and IPv6 requirements .......................... 43
Disabling other SNMP trap services ............................................................................ 44
Exclude scanning MySQL temporary directory ........................................................... 44
Disabling the PC power saving setting ........................................................................ 44
ProVision commands .................................................................................................. 44
Note: ProVision now supports devices with IPV6 only addresses as well.
Aviat Networks March 2023 43
Installing ProVision
Step Action
1 Select Start > Settings > Control Panel > Power Options. The Power Options Properties
window is displayed.
2 Change the System standby to Never.
3 To save your changes, click OK.
ProVision commands
The tables below define the Windows commands accessible via the ProVision server command
window. These commands are useful as you perform the installation, data checks, backups, and
data restoration.
Table 17: Windows Commands
Note: If, after entering a command, a window appears with the message Do you want to allow
the following program to make changes to this computer? click Yes.
Installing ProVision
For a new installation of ProVision, complete the installation steps in the following order:
ProVision Server Computer
• Installing the ProVision Windows Server (on page 46)
• Installing the ProVision Client (on page 52)
ProVision Client Computer(s)
• Installing the ProVision Client (on page 52)
Uninstalling ProVision
To uninstall ProVision, see these instructions:
• Uninstalling ProVision Server software (on page 56)
• Uninstalling ProVision Client software (on page 58)
Note: If there will be network devices managed with IPv6 addresses, ensure that the
Windows machine is configured with both an IPv4 and an IPv6 address.
2 Download the ProVision release files from the release location.
3 Using Windows Explorer locate the installation files.
4 Run installer by right-selecting the file
ProVision-WinServer-x64-Setup-vX.Y.Z-Build-xxx.exe and selecting Run as
Administrator, where X.Y.Z is the ProVision release version and xxx is the release build
number.
Note: For PostgreSQL installations of ProVision, run installer by right-selecting the file
ProVision-WinServer-x64-Postgres-Setup-vX.Y.Z-Build-xxx.exe and selecting Run
as Administrator, where X.Y.Z is the ProVision release version and xxx is the release
build number.
5 First, the installer is verified.
Step Action
7 The License Agreement window displays.
Step Action
9 The window to Generate SSL Private Key, which is required for SFTP server (default), is
displayed.
Select Generate private key and enter the IPv4 address of host network interface (NIC),
then click Next >.
Warning: When ProVision Plus NBI is enabled and Eclipse or CTR 8300 or CTR 8540
devices are deployed, SFTP must be enabled (default) for ProVision Plus 2.13.1 or later
when license for ProVision Plus Frequency Assurance Software (FAS) Product Module
or Health Assurance Software (HAS) Product Module is installed.
Warning: When ProVision Plus NBI is enabled and Eclipse or CTR 8300 or CTR 8540
devices are deployed, FTP must be enabled for ProVision Plus 2.13.0 or earlier when no
Frequency Assurance Software (FAS) Product Module or Health Assurance Software
(HAS) Product Module is installed. See Enabling/Disabling SFTP server (on page 50).
Step Action
10 The server installation and set up is completed.
Click Finish.
11 Once the server installation is completed, the ProVision server starts automatically and runs
in the background.
12 Install ProVision license into ProVision server by copying provision_license.xml into
ProVisionServer directory and restarting ProVision server.
13 To verify that the ProVision server is running:
Select Start > ProVision Server > Command Window.
At the prompt, type:
pv service start
A message is displayed indicating the server is already running.
If the server is not running, the pv service start command starts the server. If a window
appears with the message “Do you want to allow the following program to make changes to
this computer?” click Yes.
Note: Install any relevant server patches after installing the ProVision Server.
Step Action
1 Install ProVision server ProVision-WinServer-x64-Postgres-Setup-vX.Y.Z-Build-xxx.exe
file, where X.Y.Z is theProVision release version and xxx is the release build number, by
following the same procedure defined in Standard Windows Server installation
procedure (on page 46).
Step Action
2 When prompted to install Microsoft Visual C++ 2013 Redistributable (x64), agree to the
license terms and conditions and click Install.
Warning: If upgrading ProVision server when the new version is installed, you will be
prompted to Repair, Uninstall or Close Microsoft Visual C++ 2013 installation.
In this case, click Close so that the ProVision server installation can complete
successfully.
Step Action
1 Stop the ProVision Server using the appropriate command or Windows service.
Step Action
2 On ProVision server, open file server_configuration.xml with a text editor.
This file is located in ProVisionServer\tomcat\webapps\ROOT\pv\templates directory.
Warning: When ProVision Plus NBI is enabled and Eclipse or CTR 8300 or CTR 8540
devices are deployed, SFTP must be enabled (default) for ProVision Plus 2.13.1 or later
when license for ProVision Plus Frequency Assurance Software (FAS) Product Module
or Health Assurance Software (HAS) Product Module is installed.
Warning: When ProVision Plus NBI is enabled and Eclipse or CTR 8300 or CTR 8540
devices are deployed, FTP must be enabled for ProVision Plus 2.13.0 or earlier when
no Frequency Assurance Software (FAS) Product Module or Health Assurance Software
(HAS) Product Module is installed. See Enabling/Disabling SFTP server (on page 50).
4 Save the file.
5 Restart the ProVision Server.
6 The ProVision SFTP server or FTP server is now enabled.
Step Action
1 Open a Windows command prompt run as administrator on C:\ProVisionServer directory.
2 Run the script sftp-server-self-signed-cert-build.bat <IPv4 Address> in the root of the
ProVisionServer directory to generate a private key using IPv4 address provided.
For example: sftp-server-self-signed-cert-build.bat 10.16.1.21
The script will update the required self-signed certificate for the ProVision server.
3 Restart the ProVision server and SFTP server will now be operational with updated private
key.
Note: Eclipse Portal is no longer installed by default with ProVision client software and must be
separately installed.
Prerequisites
• The ProVision server software is installed on the server computer.
• The client and server computers are on the LAN.
Note: Install any relevant client patches after installing the ProVision Client.
Client software installation procedure
Step Action
1 Download the ProVision release files from the release location.
The file name for the ProVision client software is
ProVision-Client-Setup-vX.Y.Z-Build-xxx.exe,
where X.Y.Z is the ProVision release version and xxx is the release build number.
2 Using Windows Explorer, locate the installation files.
3 Run installer by right-selecting the file ProVision-Client-Setup-vX.Y.Z-Build-xxx.exe and
selecting Run as Administrator.
4 Click Open. For this first time installation, the License Agreement window displays.
Step Action
6 Select the installation language.
7 Follow the installation instructions, accept all defaults, and install the client software in the
default location.
Note: Client software can be uninstalled. For more information, refer to Uninstalling ProVision
Client software (on page 58).
Note: Install any relevant client patches after installing the ProVision Client.
Client software installation from the Server
You can install a client from the Server, if required. You need to know the server’s IP address or
Hostname to access the ProVision client software.
Prerequisites
The ProVision server software must be installed before running this installation.
Procedure
Follow these steps to install the ProVision client software from the server computer.
Step Action
1 On the client computer open a web browser window.
2 In the Address text entry box, type:
https://<server IP address or hostname>
3 Click ProVision Client Download to download the ProVision Client Setup package.
4 Follow the installation instructions, accept all defaults, and install the client software in the
default location.
5 When the installation has completed, click Close.
Note: Install any relevant client patches after installing the ProVision Client.
7 User has option to install Eclipse Portal support for Eclipse versions earlier than 08.01.36
which also installs Java 6.
Note: Java 6 is required mainly to support Eclipses that have been configured with
Strong security.
Step Action
Note: Eclipse Portal software will be removed if ProVision client is uninstalled. Eclipse Portal
software will be retained when an upgrade install of ProVision client is done then.
Warning: ProVision software can become badly corrupted if a reboot is requested during uninstall
but a new ProVision installation is completed before Windows is rebooted.
Procedure
Step Action
1 Close all ProVision client sessions.
2 Select Start > Programs > ProVision server > Uninstall ProVision. The Server Uninstall
confirmation window is displayed.
3 Select Uninstall.
4 When the process is complete, click Finish.
This reboot can be completed later, but must be completed before beginning a new
ProVision installation: the reboot completely removes all past installation files.
Step Action
1 Ensure there is no ProVision client session running on this machine.
2 Select Start > Programs > Client > Uninstall ProVision. The ProVision Client Uninstall
window is displayed.
3 Select Uninstall.
4 When the process is complete, click Finish.
Note: The Standby Server can be used in tandem with the Redundancy Controller. See Using
Both the Redundancy Controller and the Standby Server (on page 183).
Server location
The server locations are for each installation to decide based on a risk assessment. Some
customers will choose to locate both ProVision servers on the same site. More often, for improved
security, customers will locate the ProVision servers at different sites.
The main requirements when defining the server location are:
• That the DCN between both ProVision servers and the network elements is sufficient to
support communications.
• That the LAN or WAN network between the ProVision servers and ProVision clients is
sufficient to support communications.
• That there is a connection between the main server and the standby server, to allow backup
files from the main server to be saved on the standby server.
• If you want to use both the Redundancy Controller and the Standby Server, the Standby
Server must be installed on a server that is separate from the two Redundancy Controller
servers.
Data integrity
One ProVision server must be set up and maintained as the main server. All database changes
should only be done on the main server, including adding, renaming, deleting or re-parenting of
network elements.
The main server and the standby server should have database backups performed on a regular
basis. A database restore to the standby ProVision server should also be done, using the main
ProVision server’s database backup files, again on a regular basis. See About Managing and
Backing Up the ProVision Database (on page 137) for further details and instructions.
With these backups and data restores in place, if the main ProVision server fails or communications
access to the main NOC site goes down, then ProVision client users will be able to switch over to
the standby server and continue operation.
User security
ProVision user login details are stored in the ProVision server database. If data integrity is assured
by using regular database backups and restores, the same user login details will apply to both
ProVision servers.
Note: Before installing the Redundancy Controller, back up the ProVision server database.
Note: Users must have local administrator rights to install Redundancy Controller on Windows.
Note: The Redundancy Controller can be used in tandem with the Standby Server. See Using
Both the Redundancy Controller and the Standby Server (on page 183).
Note: ProVision Redundancy Controller is supported on ProVision Servers with IPv4 addresses
only.
Configuring ProVision Server to start as Active when Peer Windows servers reboot at
same time.................................................................................................................... 63
Uninstalling the Redundancy Controller ...................................................................... 63
Uninstalling the Redundancy Controller from Windows Servers ................................. 64
After uninstalling the Redundancy Controller .............................................................. 64
Warning: Both servers must have their clocks synchronized for the Redundancy Controller
mechanism to operate correctly.
Warning: ProVision service commands (such as pv service stop) must not be used when
ProVision Redundancy Controller is installed and controlling ProVision services. If you need to use
ProVision service commands, the Redundancy Controller must be uninstalled and MySQL
replication must be turned off.
Warning: The Redundancy Controller requires a set of certificates to support the secure the
MySQL database communications between the active and dormant ProVision servers. A script is
provided to generate a set of self-signed certificates which is in the root of the Redundancy
Controller installation. See Installation of Redundancy Controller on Active and Dormant
Windows servers (on page 60) for details.
Step Action
4 Select the language. The default is English. Then click OK.
5 to agree to the terms of the License, click I Agree.
6 Review the installation destination directory. Change this if required, then click Next.
7 The Redundancy Controller must link to the ProVision server directory on this Server.
Change the required ProVision directory if incorrect.
Note: A valid ProVision server installation must exist, otherwise this step will not
proceed.
Then, click Install.
The Redundancy Controller installation runs.
8 The Redundancy Controller installation will complete. At the end, click Finish.
The Redundancy Controller is now running as a Service and is configured to automatically
start whenever the Server is powered up. The service can be restarted or stopped from the
main Start menu item ProVision Redundancy Controller.
9 Repeat the above steps for the other ProVision server machine.
10 The Redundancy Controller is now installed and running on both Servers in a dormant
latched state.
11 Next, create self-signed certificates for peer ProVision servers. See Creation and
installation of Self-Signed Certificate for Peer ProVision servers (on page 61).
Note: OpenSSL is required to generate self-signed certificates for both Active and
Dormant servers (Peer servers) and also to create a secure tunnel between Peer
ProVision MySQL databases.
Step Action
1 Open a Windows command prompt run as administrator on
C:\ProVisionRedundancyController directory.
Important: Script to generate certificates for local and remote ProVision server must
only be run from one of the Peer ProVision servers to ensure correct operation.
3 Enter the IP addresses of the network interfaces facing the peer redundant ProVision
server.
Step Action
4 The script will create the required self-signed certificates for both redundant servers and will
also create two directories in ProVisionRedundancyController directory called
newcerts-<Local IP address> of the local ProVision server and newcerts-<Remote IP
address> of the remote ProVision server.
Note: If the IP address of either local or remote ProVision server is changed then new
self-signed certificates will need to be created and installed for both local and remote
ProVision servers.
5 Copy the contents of newcerts-<Local IP address> directory into the local
ProVisionRedundancyController\jetty directory.
Warning: This step is required to activate the Active server and finalize setting up the
Redundancy Controller.
Step Action
2 Configure the Redundancy Controllers Peer IP address correctly. See the example below
and the topic Redundancy Controller configuration screen (on page 175).
Configuring ProVision Server to start as Active when Peer Windows servers reboot
at same time
Note: This configuration makes one ProVision server start up as Active server in case where
both peer Windows servers reboot at the same time. Usually both ProVision servers will start up
in Dormant state and will show acquiring peer heartbeat status until user switches one ProVision
server to be Active in Redundancy Controller Status screen.
Step Action
1 On ProVision server, open file redundancy_configuration.xml located in
C:\ProVisionRedundancyController\jetty\webapps\rc\WEB-INF\classes directory in a
text editor.
Note: Change must only be applied to only one ProVision server Redundancy
Controller.
3 Save the file redundancy_configuration.xml.
4 Restart the ProVision Redundancy Controller. The ProVision Redundancy Controller service
can be restarted from the main Start menu item ProVision Redundancy Controller.
5 Now in the case where both Windows servers are rebooted simultaneously, such as when
Windows updates are applied, then configured ProVision server will start up as Active
server.
Step Action
1 From the Start > ProVision Redundancy Controller menu, select and run Redundancy
Controller Uninstaller.
2 The Uninstallation wizard displays. Click Uninstall to start.
3 Click Yes on the warning that displays.
4 A message asks you to approve the Manual steps. Click OK.
5 Click Finish to confirm the uninstallation has finished.
6 Repeat the above steps for the other server machine.
You may be prompted to reboot Windows to finish the uninstall.
This reboot can be completed later, but must be completed before beginning a new ProVision
installation: the reboot completely removes all past installation files.
In this chapter
About ProVision Licenses ........................................................................................... 67
Licensing Procedures .................................................................................................. 69
Node licenses
The ProVision solution packs group node licenses into a number of packages, each package
enabling management of a specific number of devices or specific network size.
ProVision solution packs include:
• ProVision software
• All node licenses
In general, each node count enables the system to manage a single device (or single Network
Element) with one IP address. For example a single Eclipse radio. The exceptions are some
trunking radios like WTM 6000 where each path has a node count of 1.
Synergy package
The ProVision Synergy package provides a ProVision installation with media warranty and free
software upgrades for 1 year. It is purchased as an add-on to the main solution pack.
Feature licenses
In addition to the standard ProVision license, users can acquire feature licenses to enable specific
functions in ProVision. They can only be acquired in addition to standard ProVision software/node
licenses.
VLAN Visualize Discovery and visualization of VLANs through the VLAN table
and map views.
The device types in the table below are individually licensed. The licenses for these devices need to
be enabled in the product license file before you can access the associated functionality.
Note: A completed License Request Form (indicating the required features) must be supplied
when requesting a license file. This form is included in the Documentation folder with the product
distribution.
A critical event is generated on the day before the trial license expires. If the system does not find
an updated license file when the trial period has expired, all ProVision user sessions are closed,
and you cannot start a new session. The following message displays:
Figure 12: Evaluation License Expiry Message
Note: If you are using an evaluation license from a previous version of ProVision, the evaluation
license may or may not work with the newly installed version of ProVision. Contact Technical
Support for more information.
Licensing Procedures
This section covers the procedures for licensing ProVision.
This section covers the following topics.
Determining the Server’s IP address ........................................................................... 69
Requesting a permanent license ................................................................................. 70
Activating a ProVision Server license .......................................................................... 71
Procedure
Follow these steps to determine the server’s IP address in a Windows system.
Step Action
1 On the server, select Start > Run. The Run window is displayed.
2 Type cmd in the dialog box and click OK. A command window is displayed.
3 At the prompt, type: ipconfig
4 The computer’s IP details are displayed.
Note: Open the Command Window by right-clicking the Command Prompt item and
selecting Run as Administrator.
2 At the prompt, type: pv service stop
3 Press Enter. A message is displayed indicating the ProVision server has stopped. If a
window appears with the message “Do you want to allow the following program to make
changes to this computer?” click Yes.
4 Using Windows Explorer, copy the new license.xml file to the ProVision server folder.
5 To overwrite the old license file with the permanent license, click Yes.
6 In the ProVision command window, type pv service start
Step Action
7 Press Enter. A message is displayed indicating the ProVision Server has started.
8 To start the ProVision client, select Start > Programs > ProVision Client > ProVision
Client.
9 To verify the new license is running, log in to ProVision and select Help > License Details.
In this chapter
Prerequisites for Setting Up ProVision ........................................................................ 73
Workflow for Setting Up ProVision .............................................................................. 74
Changing SFTP/FTP Server Port ................................................................................ 75
Changing Syslog Server Port ...................................................................................... 76
Configuring for Multiple Network Card Systems .......................................................... 77
Configuring RADIUS authentication fallback to local user accounts ........................... 79
Prerequisite Description
Maps The map files required as backgrounds for the network, on the ProVision
user interface.
ProVision supports the following image formats:
• jpg
• gif (GIF87 and GIF89a)
You can use a search engine to find websites, which provide maps for
countries, regions, and cities that you can download and use in ProVision.
Copy the background maps into the ProVision maps directory:
\ProVisionServer\Maps
Network Topology If upgrading from ProVision 3, you can import the network topology file into
ProVision.
For a new network, you must have a plan of the network regions, sites,
racks, radios, and links to be deployed and managed in ProVision. This is
required to set up the network in the ProVision user interface and if
required service links between devices.
Prerequisite Description
Service Topology (optional) A list of the Services (logical groupings of devices) required and the
devices that are to be included in each Service.
List of the IP addresses of the The radio's IP address is required when deploying the radio.
radios to be deployed in the
network.
List of the users and their security Required to add new ProVision users.
group.
List of radio usernames and If a username and password has been physically set up in the radio, you
passwords. need to know what these are so you can enter the details into ProVision.
Northbound Interface To configure the Northbound Interface, you need the following:
• IP address of "north" computer
• Type of traps required
You also need to know if traps are to be sent and/or information sent to an
ASCII-based file on ProVision the server.
Database purging criteria You need to know how often the events and performance data are to be
deleted from the ProVision database.
Note: For a new ProVision network, the order in which you set up the network is flexible and the following is a
recommendation only:
Update ports ProVision Installation and Administration
Guide, Setting Up ProVision (on page
73)
Add network containers ProVision User Guide, Deploying and
Managing Devices
Import background maps ProVision User Guide, Getting Started
Deploy, link (RF and Logical Optional but implemented by most ProVision User Guide, Deploying and
links), and manage devices users. Managing Devices
Note: SFTP is enabled by default but FTP can be enabled instead. See section
Enabling/Disabling SFTP Server (on page 50).
Warnings
• Aviat Networks recommends that you only change this port value if it is absolutely necessary.
• If any ports are changed on a Primary Server, you must also change the ports on the
connected Backup Server to match them.
• The ProVision SFTP/FTP server port number must be unique: it must be different from the
port numbers used by any other SFTP/FTP server operating on the same sever.
Warnings
• Aviat Networks recommends that you only change this port value if it is necessary.
• If any ports are changed on a Primary/Active Server, you must also change the ports on the
connected Standby/Dormant Server to match them. See About the Redundancy Controller
(on page 169).
• The ProVision Syslog server port number must be unique: it must be different from the port
numbers used by any other Syslog server operating on the same server.
Step Action
3 Open this file and edit the value of the Syslog server port to the new port number, such as
5140. Specifically, change the line <trap_syslog_port>514</trap_syslog_port> to
<trap_syslog_port>5140</trap_syslog_port> as shown below:
<snmp>
<timeout>10</timeout>
<retry>1< <trap_syslog_port>5140</trap_syslog_port>
<trap_ingress_port>162</trap_ingress_port>/retry>
<!-- The following is used to specify the SNMP IP interface when multiple network
cards are used -->
<!-- <interface>10.16.1.3</interface> -->
</snmp>
4 Save the file.
5 Restart the ProVision Server.
6 The ProVision Syslog server port is now changed to the port that you assigned.
Client interface
When multiple network interface cards are used, the network interface used for Client interface may
need to be defined as using a specific network interface, normally the interface facing the ProVision
clients.
Client Interface Definition Procedure
Step Action
1 Stop the ProVision server using the appropriate command (see ProVision Commands (on
page 44)).
2 Edit the server_configuration.xml file of the ProVision server. This file is located at:
ProVisionServer\tomcat\webapps\ROOT\pv\templates.
Step Action
3 Open this file and add the value:
<client_interface>a.b.c.d</client_interface>
After the lines
<!-- The following is used to specify the client IP interface when multiple network
cards are used -->
<!-- <client_interface>192.168.1.2</client_interface> -->
(Where a.b.c.d is the IP address of the network interface facing the ProVision clients.)
OR
Alternatively if the client interface address is IPv6,
Add the value
<client_interface>a:b:c:d:e:f:g:h</client_interface>
After the lines
<!-- The following is used to specify the client IP interface when multiple network
cards are used -->
<!-- <client_interface>192.168.1.2</client_interface>-->
(Where a:b:c:d:e:f:g:h is the IP address of the network interface facing the ProVision clients.)
4 Save the file.
5 Restart the ProVision server.
Server Client Single NIC card Multiple NIC cards Primary & Standby Servers
Machine Machine on server on server
single NIC card multiple NIC cards
IPv6 only IPv6 only yes (IPv6) yes (IPv6) yes (IPv6) yes (IPv6)
IPv6 only IPv6 & IPv4 yes (IPv6) yes (IPv6) yes (IPv6) yes (IPv6)
IPv6 & IPv4 IPv4 only yes (IPv6) yes (IPv6) yes (IPv6) yes (IPv6)
IPv6 & IPv4 IPv6 & IPv4 no yes (IPv6 or Pv4) no yes (IPv6 or Pv4)
Redundancy Controller
If multiple network interface cards are used when using Redundancy Controller it is possible to
force the Redundancy Controller to use a specific Network Interface.
On Windows
Add a system variable jetty.host and give it the value of IP address of network interface card
required.
Figure 13: Adding new system variable example
Step Action
1 Stop the ProVision server using the appropriate command (see ProVision Commands).
2 Edit the server_configuration.xml file of the ProVision server with a text editor. This file is
located at: ProVisionServer\tomcat\webapps\ROOT\pv\templates
3 Open this file and edit the value:
<fallBackToLocal>false</fallBackToLocal>
Change from false to true
So line will look like
<fallBackToLocal>true</fallBackToLocal>
Note: When set to true, any fault or failure will use local user accounts. When set to
false (default) any authentication failure will still use RADIUS server for authentication.
All other RADIUS connection faults will use local user accounts but only after all
connection attempts are exhausted.
4 Save the file.
5 Restart the ProVision server to apply the configuration.
In this chapter
Introduction ................................................................................................................. 81
Strong Security............................................................................................................ 82
Eclipse Single Sign On and Strong Security ............................................................... 85
ProVision User Security Profiles.................................................................................. 86
User Account and Access Control Procedures ........................................................... 90
Enabling a RADIUS Server ....................................................................................... 117
Updating Eclipse RADIUS Authentication Settings ................................................... 120
Introduction
Access control can be used to:
• Add users
• Change a user's security group
• Change a user details or password
• Delete users
• Lock users from the application
• Add radio security
• Generic Devices and some other devices, can have their SNMP security and associated
passwords changed.
For more details, see Device security accounts (on page 104).
Strong Security
Strong security options are designed to meet market requirements for secure access to network
equipment and secure delivery of customer’s traffic - they are designed to prevent unauthorized
access and interference from hackers. These options are licensed.
This section covers the following topics.
Eclipse strong security ................................................................................................ 82
CTR 8540 and CTR 8300 strong security ................................................................... 82
About Secure Management......................................................................................... 82
About RADIUS client ................................................................................................... 83
About payload encryption ............................................................................................ 84
Update ProVision server self-signed certificate ........................................................... 84
Note: SNMPv3 is not enabled with SW release 5.3. SNMPv2 (non-secure) must be used in the
interim.
• About Secure Management (on page 82) - secures management access, configuration, and
control.
• Setting SNMPv3 security access (on page 112) - secures SNMP access to devices.
• About RADIUS client (on page 83) - (Remote Authentication Dial In User Service) supports
centralized access control to Eclipse radios.
• About payload encryption (on page 84) - encrypts all traffic carried by the radio.
• Secure access & control of the radio so no one can tamper with it locally or remotely. It does
not include a RADIUS capability, therefore user accounts can only be managed locally. A
RADIUS client license must be purchased in order to perform remote user account
authentication & management.
• When secure management is implemented, only secure versions of the protocols are allowed
to access the NMS port; TLS/SSL on portal physical connections, HTTPS for software
downloads.
• User selectable encryption cipher suites apply to the Portal connection. Selection is enabled
only at the crypto manager level. Suites include:
o CFB-AES-128
o CFB-AES-192
o CFB-AES-256
o CBC-3DES
o CBC-DES
• Key negotiation is managed under TLS/SSL.
• SNMPv3 is used to secure NMS communication connections.
• SNMPv3 ensures that communication with ProVision is held secure, and with all other
SNMPv3 compliant management systems. HTTPS is used on software downloads.
Note: SNMPv3 is not enabled with SW release 5.3. SNMPv2 (non-secure) must be used in the
interim.
Warning: If Strong Security is enabled for Eclipse, then the SNMP user that is used by ProVision
must have a Crypto access level in Eclipse SNMP User Accounts for ProVision to operate correctly.
Warning: If Strong Security is enabled for Eclipse, Backup and Restore options are not available
from the File menu. This is a known limitation.
Warning: Before deploying or enabling SNMPv3 on a device, ensure that the date and time of the
device matches the ProVision server date and time. If device time is adjusted after deployment or
device is connected to NTP time server then ProVision can lose communication with the device until
the ProVision server is restarted.
After a secure session between a user and the radio has been established, the user is required to
supply a valid username and password (user authentication) before any further access is granted.
Multiple security levels are provided for user read/write access, ranging from security manager write
access at the top, to read-only at the lowest level.
On the radio, all configuration data, event logs and performance data files are encrypted.
• When a user attempts to login to a RADIUS client, such as an Eclipse radio, the radio sends
the authentication request to the RADIUS server. Communication between the RADIUS client
and the RADIUS server is authenticated and encrypted.
• The RADIUS server function is provided within the ProVision server or from a dedicated
RADIUS server.
• The RADIUS server accounting database maintains a log of all requests, access times and
durations.
• RADIUS client can be used with or without Eclipse secure management.
Note: The default configuration encryption password that is used during configuration backup
when strong security is enabled is ProVision123.
Note: Not all features are supported on the 5.3 software release. Check the Software release
notes or contact the Help Desk for details.
Note: ProVision currently only supports networks with CTR 8540 and CTR 8300 deployed using
IPv4 addresses.
Note: ProVision does not currently support networks with CTR 8540 and CTR 8300 deployed
using IPv6 addresses.
Update procedure
Follow these steps to update self-signed certificate to add ProVision server IP address of network
interface facing CTR network.
Step Action
1 Stop the ProVision server using the appropriate command (see ProVision Commands (on
page 44)).
2 Open a command prompt running as administrator in directory ProVisionServer\tomcat\conf
3 Run command:
generate_keystore.bat <PV server IP address>
Where <PV server IP address> is the IP address of the ProVision server network interface
facing the CTR devices. This is the same network IP address configured in ProVision via
Configuration > Software Loading Preferences.
Use ProVision server IPv4 address if CTRs are deployed in ProVision with IPv4 addresses.
Use ProVision server IPv6 if CTRs are deployed in ProVision with IPv6 addresses.
4 Restart the ProVision server.
Note: SSO credentials are encrypted and only saved during the session; they are deleted when
the user logs out. Also, for Eclipse Portal, SSO is only active for devices with Eclipse 5.3 and
later installed: devices with earlier versions need to be managed as device security accounts.
See Device security accounts (on page 104).
Note: For all items marked with * the Eclipse embedded system has 2 default user accounts,
NOC Operator and NOC Engineer; passwords for these user accounts can be stored in and will
be used for authentication AAA Server enabled devices. Also, all failed logins raise a failure event
in ProVision.
Caution: Only a user with the Administrator profile enabled can make changes to user accounts.
Note: The first user available immediately after installation is the default administrator; all other
users need to be created. When the default administrator first logs in, only Administration
functions are enabled for them; further functions need to be added using the following procedure.
Procedure
Follow these steps to create a user account.
Step Action
1 Select Administration > ProVision User Accounts. The ProVision User Accounts window
displays, with the status of each user account.
Step Action
notifications about events.
3 Select the Security Profiles tab.
4 Select checkboxes to enable ProVision functions for this user. Options are defined below.
5 Select OK. Then click on the Regional Access tab.
6 Select checkboxes to enable this user to access specific regions and devices within the
network. Then, click OK.
Note: If no values are set, the user has access to ALL regions and devices in the
network.
Step Action
7 Click Change Password. The Change Password window is displayed.
Note: Password must not contain username or more than two consecutive letters of
username in order or username in reverse order.
9 Re-type the password in the Confirm New Password field. Click OK.
10 To close the ProVision User Accounts window, click Close.
Note: The original 'admin' user can be deleted, but there must always be at least one user with
Administration functions enabled.
Table 24: Security Profile Values
Step Action
1 Select Administration > ProVision User Accounts. The ProVision User Accounts window
displays.
Step Action
5 To close the User Properties window, click OK.
6 To exit the User Accounts window, click Close.
In the Change Password dialog box, type the new password, then reconfirm
by typing it again.
To save the new password and exit the dialog box, click OK.
Security Profiles Select the Security Profiles tab and make the required changes.
Password must not contain username or more than two consecutive letters of username in order or
username in reverse order
Step Action
1 Select Administration ProVision User Accounts. The ProVision User Accounts window
displays, with the status of each user account.
2 Highlight the user you want to delete.
3 Click Delete. The user is deleted from the system and from the User Accounts window.
Step Action
1 Select Administration > ProVision User Accounts. The ProVision User Accounts window
is displayed.
2 Enter the username or part of username you want to search for in Filter.
Step Action
1 Select Administration > ProVision User Accounts. The ProVision User Accounts window
is displayed.
2 Click Export Users and enter exported user accounts filename. You can browse to another
file location if required.
3 Click Save and user account information is exported to a .CSV file.
Step Action
1 Before you make changes to the security policy, stop the ProVision Server using the
appropriate command (see ProVision Commands (on page 44)).
2 The security_policy.xml file is at the file location:
ProVision\Server\tomcat\webapps\ROOT\pv\templates
Step Action
3 Navigate to it using the Command line or Windows Explorer. Open the file using an XML
editor or NotePad.
4 Make the changes for the login policies, as described in the table below.
5 Save and close the file. The login policies will be applied for all users of this installation.
6 Restart the ProVision Server.
Step Action
1 In the Administration main menu, select User Security Policy.
Step Action
2 The User Security Policy screen displays. See list below for field definitions and usage.
Field Description
Min Minimum allowed length of the Username or Password (values 1 - 40).
Max Maximum allowed length of the Username or Password (values 1 -
40).
Invalid Characters that are not allowed to be used in the Username or
Password.
Required Characters (at least one) that must be used in the Username or
Password.
Caps Select the checkbox if a capital must be used in the Username or
Password
Number Select the checkbox if a number must be used in the Username or
Password.
Warn Password Expiry: # The number of days prior to password expiry when user starts getting
days before the warning.
Lock account after: # login The number of invalid login attempts after which the account is locked.
failures
Post login message Enter a message that will appear every time a user logs in. This field
accepts most HTML tag. For example, <font color="red">.
Step Action
1 In the Administrator menu, select Session Manager.
2 The Session Manager screen displays. It includes:
• User - User names
• IP Address - IP address where user is logged in
• Login Time - Time when user logged in
• Latency - speed of access, the speed is accurate to the nearest millisecond
5 You have two termination options. Click the one that you require:
• Terminate and Lock User - Terminates the user's client session and also locks them
out of ProVision until the administrator restores access.
• Terminate - Terminates the user's client session.
6 The user is terminated using the option you have selected.
Step Action
7 If a user is being logged out by the administrator, this message appears in their ProVision
Client screen:
8 If a user is being logged out by the administrator due to a regional access change, this
message appears in their ProVision Client screen:
Note: Eclipse Portal Access write locking only locks Portal for Eclipse devices that have Eclipse
software version 5.1 or higher.
Procedure
Follow these steps to manage Eclipse Portal locking.
Step Action
1 Log into as an administrator.
2 Select Administration > Eclipse Portal Locking. The Eclipse Portal Locking screen
displays.
3 To enable the Portal Lock feature, select the checkbox. This locks Eclipse Portal for all
Eclipse devices that have software 5.1 or higher. Then, click Re-apply.
4 To disable the Portal Lock feature, clear the checkbox.
Step Action
5 To unlock Eclipse Portal for specific Eclipse devices, go to the device in the Tree Viewer.
Right-click on the device. In the right-click menu, go to the Sleep option. You can select a
checkbox to Allow Eclipse Portal Write Access. This enables the write access for this
Eclipse device only.
6 To check on the Eclipse Portal locking status for an individual device, mouse over it and
read the mouse-over tooltip. This tooltip includes the name of the user who locked Portal.
To check on the Eclipse Portal locking status for all devices, go to the Fault menu and
select Device Maintenance. This screen shows the Eclipse Portal Locking status for all
devices in sleep mode.
Note: If the server is shut down and restarted, if the restart takes place within 1 hour (60 minutes)
the Portal Locking feature stays on and enabled. If the restart takes more than 60 minutes, the
Portal Locking feature stays on, but all radios go to Unlocked status.
Note: Engineers may try to reboot Eclipse devices to unlock them for and Portal. To prevent this,
set up a related Configuration Profile, Eclipse Portal Lockout Reboot. Set a long reboot lockout
time, to ensure that maintains access control of Eclipse devices following a reboot. To enable
this, go to Configuration > Configuration Profiles, and in the Configuration Profile screen,
select Eclipse Portal Lockout Reboot Time.
Step Action
1 Right-click the Manager icon .
2 Select Security Log from the pop-up menu displayed. The Security Log window is
displayed.
Step Action
1 Obtain the required user names and passwords for the Select Administration > Device
Security Accounts. The Device Security Accounts screen displays.
2 Right-click the required device and select Edit Account Information.
Step Action
3 The Edit Account Information screen displays.
4 Reset the Read Community and Write Community levels to private or public.
5 Click OK. The SNMP community strings are reset.
6 To remove the SNMP community string settings, right-click the device and select Remove
SNMP Community.
7 Click OK to close the Device Security Accounts window.
Note: Eclipse radios can be set so that Portal Engineer users and NOC Operator users have
separate access -- even within the same radio. See the specific instructions, Updating
passwords for multiple radio accounts (on page 109).
Procedure
Follow these steps to set Eclipse security accounts.
Step Action
1 Obtain the required user names and passwords for the Eclipse radios. For default Eclipse
passwords, see Configuring User Name and Password in the Portal documentation.
2 Select Administration > Device Security Accounts. The Device Security Accounts screen
displays.
Step Action
3 Right-click the required radio and select Edit Account Information.
5 To set the access for users with Engineer level security access, enter and retype the
password in the Engineer Account section.
Note: When the Portal launch with Provision user credentials checkbox is selected
then Eclipse Portal will use ProVision user login credentials to auto login to Eclipse.
6 To set the access for users with NOC Operator security access, enter and retype the
password in the Operator Account section.
7 Click OK.
8 A Login icon appears in the Eclipse Login column.
Place the cursor over the icon to view how the security accounts are configured.
9 To remove login information only, right-click the device and select Remove Eclipse Login.
The login data is deleted, and the Login icon is removed.
10 Click OK to close the Device Security Accounts window.
Note: The user name and password entered in ProVision for an individual radio overrides any
other user name and password set at a higher level in ProVision, for example, a region.
Setting up multiple Eclipse radio accounts
The Eclipse Radio Accounts Configuration Profile is the fastest way to add new users into the
radios' security accounts. Using a previously saved configuration profile, the administration user can
add the new user and sync all Eclipse radios in the network (or part of the network) with this
account.
With the addition of the Eclipse Radio Accounts Configuration profile, the user can define a single
set of credentials (up to a maximum of 40) that can be written into a group of network elements or
the entire network. This enables the system administrator to update user credentials consistently
across the network in a single action, ensuring that the credentials are the same for all Eclipse
radios in the network.
Note: This feature only applies to local security accounts that are stored on the Eclipse radio
itself.
Prerequisites
• The ProVision user performing this operation must have Administration privileges.
• The ProVision Eclipse Login admin credentials must be defined for each Eclipse device in the
network (see Device security accounts (on page 104)). This can be set on a Container if the
credentials are to be used for all Eclipse within the container.
• An admin user must exist in the Eclipse radio. The admin user is a default user account that
always exists in the Eclipse radio.
• Ensure that firewall settings are correct between ProVision and Eclipse.
Note: If RADIUS is enabled in ProVision then the ProVision user credentials (of the currently
logged in user) are used to log into the Eclipse NOT the Device Security Account credentials. In
this scenario the ProVision user must all have RADIUS credentials defined to access the radio
(Eclipse-Radio-User_Permission=Administration) as well as the correct ProVision credentials
(ProVision-Security-Profile=Administration + Configuration). See Enabling a RADIUS Server (on
page 117) for more details.
Procedure
Follow these steps to set up multiple Eclipse radio accounts.
Step Action
1 Ensure that the correct ProVision and Eclipse user privileges are configured.
2 Select the radios that are to be updated with the new user account. To update the entire
network select the ProVision Physical Root from the Physical View. Right-click and select
Configuration > Profiles, then go to the Profile drop-down menu and select the Eclipse
Radio Accounts profile. If a previous Eclipse Radio Account profile has been saved, it
displays and can be selected:
Step Action
3 Add the new user to the profile. Values are:
• User Name - Between 4 and 32 characters
• Password - Between 8 and 32 characters, including at least one letter and one number.
• Confirmation - Retype the Password. Enter this information for each user.
• Permissions - Check the boxes for the user's permission levels for Eclipse radios: Read
Only, Engineer, Admin, Crypto. At least one Permission must be selected for a user.
4 Save the configuration profile.
5 Click Execute to write the changes into each of the selected devices. A dialog will appear
verifying the radios that this profile will be written to. If necessary radios can be removed
from this list. Click Execute again to complete the operation.
6 Optional: to write the changes to other radios or the entire network of Eclipse radios, select
a container or the radios to write this configuration to from the Physical network view. Then
right-click and select Configuration > Profiles. From the Configuration Profile dialog select
the previously saved profile and click Execute.
Note: Any changes to the user account definitions must be made to the previously saved Eclipse
Radio Accounts Profile. The Eclipse Radio Accounts Profile can then be re-applied to the
radios.
Warning: If there are problems applying the Profile to the radios, check the following:
Have user credentials been entered correctly for this device? See the Edit Account Information
screen described in the Standard Procedure earlier in this section.
What security mode is enabled in the radio (None, Basic, Strong, FIPS)?
Is RADIUS authentication being used? See Eclipse Single Sign On and Strong Security (on
page 85).
Updating passwords for multiple radio accounts
The security policy of many organizations requires periodic changes to user passwords. The
administrator can update the passwords of an entire Eclipse network if user permissions are
managed via the Eclipse Radio Accounts in the Configuration Profile.
Step Action
1 Ensure that the correct ProVision and Eclipse user privileges are configured.
2 Select the radios that are to be updated with the new user account. To update the entire
network select the ProVision Physical Root from the Physical View. Right-click and select
Configuration > Profiles, then go to the Profile drop-down menu and select the Eclipse
Radio Accounts profile. If a previous Eclipse Radio Account profile has been saved, it
displays and can be selected:
Step Action
3 Add the new user to the profile Values are:
• User Name - Between 4 and 32 characters
• Password - Between 8 and 32 characters, including at least one letter and one number.
• Confirmation - Retype the Password. Enter this information for each user.
• Permissions - Check the boxes for the user's permission levels for Eclipse radios: Read
Only, Engineer, Admin, Crypto. At least one Permission must be selected for a user.
4 Update the passwords and users as required. The password must be between 8 and 32
characters, including at least one letter and one number. To delete a user, delete text from
the User Name field, or overwrite the text with a new user name.
5 When you are done making changes, click Save. Then, to write the changes to the radios,
click Execute.
6 A dialog will appear, verifying the radios that this profile will be written to; if necessary radios
can be removed from this list. Click Execute again to complete the operation.
7 Optional: to write the changes to other radios or the entire network of Eclipse radios, select
a container or the radios to write this configuration to from the Physical network view. Then
right-click and select Configuration > Profiles. From the Configuration Profile dialog, select
the previously saved profile and click Execute.
Step Action
1 Log into Portal at the Administrator level. Set the Operator password, using the instructions
in the Portal documentation for the topic Configuring User Name and Password.
2 Log into ProVision. Select Administration > Device Security Accounts. The Device
Security Accounts screen displays.
3 Right-click the required radio and select Edit Account Information. The Edit Account
Information screen displays.
4 To set the access for users with NOC Operator security access, enter and retype the
Eclipse Operator user name and password in the Operator Account section.
5 Click OK.
6 The security setting is saved in ProVision. When any NOC Operator opens Portal from
ProVision, Portal will open with read-only access.
Disabling auto-login for Eclipse Portal for user with Engineer security
Step Action
1 Stop the ProVision server using the appropriate command (see ProVision Commands (on
page 44)).
2 Edit the server_configuration.xml file of the ProVision server. This file is located at:
ProVisionServer\tomcat\webapps\ROOT\pv\templates
3 Open this file and uncomment line
<!--<eclipse_portal_engineer_auto_login_disabled>false</eclipse_portal_engineer
_auto_login_disabled>-->
and change state to true, line should now look like
<eclipse_portal_engineer_auto_login_disabled>true</eclipse_portal_engineer_auto
_login_disabled>
4 Save the file.
5 Restart the ProVisionserver.
Note: When "Portal Launch with ProVision user credentials" is selected then Eclipse Portal will
use ProVision user login credentials to auto login to Eclipse.
Disabling auto-login for Eclipse Portal for user with Operator security
Change operator password in Device Security Accounts to an invalid password to prevent
auto-login for users with View only access.
Setting device security account values
Follow these steps to set or edit device security access for CTR 8540, WTM 4000, XP4, SAGEM,
and DART radios:
Step Action
1 Obtain the required user names and passwords for the devices.
2 Select Administration > Device Security Accounts. The Device Security Accounts
screen displays.
3 Right-click the required radio and select Edit Account Information.
Step Action
4 The Edit Account Information screen displays:
8 To remove login information only, right-click the device and select Remove Device Login.
The login data is deleted, and the Login icon is removed.
9 Click OK to close the Device Security Accounts window.
Note: The user name and password entered in ProVision for an individual radio overrides any
other user name and password set at a higher level in ProVision, for example, a region.
Setting SNMPv3 security access
For CTR8540 and CTR 8300 and Eclipse devices, for TRuepoint 4040 v2 and 5000 devices with
SNMPv3 controllers, and for Generic Devices, you can implement strong security. This includes
authentication and privacy algorithms. This can be done when the device is deployed, or from the
Device Security Accounts screen.
For a TRuepoint radio, the authentication and privacy information set up in ProVision must match
those stored in the radio.
After this is done, when a ProVision user selects a diagnostics or configuration viewer,
automatically sends the username and password to the device. Then, the device verifies the data is
valid, and allows ProVision access to its diagnostic functions. Without a valid password, the radio
ignores write data commands.
Prerequisites
Warning: Before deploying or enabling SNMPv3 on a device, ensure that the date and time of
the device matches the ProVision server date and time. If device time is adjusted after deployment
or device is connected to NTP time server then ProVision can lose communication with the device
until the ProVision server is restarted.
For Eclipse devices that have strong or FIPS security
FIPS security requires Eclipse software version 8.0.0 or later.
To allow ProVision to change the SNMPv3 security settings, configure an active SNMPv3 user
account for the devices. An Eclipse SNMPv3 user account can be set up from the Portal craft tool or
set up from ProVision via the Configuration Profile Settings.
To do this from ProVision, select the Eclipse device and go to Configuration > Configuration
Profiles. Then, select Eclipse SNMPv3 User Account Configuration. Set the SNMPv3 user
values, including access level and authentication password. Access level must be set to Crypto for
ProVision to operate correctly. See ProVision User Guide, Configuration profile reference, for
more details.
For CTR devices that support strong security
CTR software version 3.6.0 or later is required.
Note: CTR user account used by ProVision for CTR Device Login must have root (privilege level
15) access. ProVision needs this account to operate correctly and automatically log into the CTR
to perform operations such as event collection, configuration backup and software download.
Caution: CTR 8540 and CTR 8300 currently limits the number of concurrent http/https and SSH
sessions to 4. ProVision always uses one session for event collection, software loading and
configuration restore. If CTR Portal sessions are opened as well as SSH sessions then maximum
session count can be exceeded and these functions will no longer work. Redundant ProVision
server configurations will also increase the CTR session count.
Note: All CTR CLI secure management commands must be run by a crypto user.
Note: CTR Strong Security requires that a Secure Management license must be installed.
Step Action
1 Enable Strong security on CTR using CTR Portal.
Using CTR Portal, change Security Mode from Basic to Strong via System Configuration
> Admin > Strong Security.
This changes CTR SNMP access to use SNMPv3 only and CTR Portal access to use https
only.
Step Action
3 Create SNMP user.
snmp-server user snmpuser auth sha auth12345 priv AES_CFB128 priv12345
snmp-server group snmpuserg user snmpuser security-model v3
snmp-server view snmpuserv 1 included
snmp-server access snmpuserg v3 priv read snmpuserv write snmpuserv
Change Authentication password from auth12345 and Privacy password from priv12345 as
required.
Note: This disables password aging for all CTR http/https users which is required for
event collection, software loading, CTR Portal auto-login, and configuration restore via
ProVision.
5 Enable Syslog notifications after enabling or disabling SNMPv3 access on CTR
Using CTR Portal configure Syslog notifications add Remote Syslog Targets via System
Configuration> Remote Log
Using CTR Syslog Forwarding Configuration Profile in ProVision.
Note: Syslog forwarding is unsecure UDP based but must be configured for CTR event
collection to work.
Step Action
1 Obtain the required security details, including user names and passwords, for the devices.
2 Select Administration > Device Security Accounts. The Device Security Accounts screen
displays.
3 Right-click the required radio and select Edit Account Information.
Step Action
4 The Edit Account Information screen displays:
Note: The Authentication and Privacy types are determined by your organization’s
network policy. An Authentication of MD5 and a Privacy of AES128 is a common
“strong security” combination.
7 Click OK.
8 A Login icon appears in the SNMPv3 column, with the user name and security details.
9 To remove SNMP v3 information only, right-click the device and select Remove SNMP v3.
The login data is deleted, and the Login icon is removed.
10 Click OK to close the Device Security Accounts window.
Step Action
1 Select Administration > Device Security Accounts. The Device Security Accounts
window is displayed.
2 Right-click the required container and select Edit Account Information.
3 The Edit Password window is displayed. In the Account Type drop-down menu, select the
security account type. The values in the screen change to the values for the device security
account type.
• SNMPv3 - see Setting SNMPv3 Security Access (on page 112).
• Device Login - see Setting Device Security Account Values (on page 111).
• Eclipse Login - see Setting Eclipse Device Security Values (on page 106).
4 The values in the screen change to the values for the device type. Enter the values, which
will be applied to all devices in the container, and click OK.
5 The values display in the main Device Security Accounts screen for all devices in the
container.
6 To remove the values from the container, right-click the device and select the Remove
option.
7 Click OK to close the Device Security Accounts window.
Step Action
1 Select Administration > Device Security Accounts. The Device Security Accounts screen
displays.
Step Action
2 Right-click the required radio and select Clear All Account Information.
3 Data is removed from all columns except the SNMP type, indicating that the device security
has been cleared.
Prerequisites
This feature requires additional support with the Eclipse firmware, and it is only available on Eclipse
radios running versions 5.0.xx or greater.
For executing specific operations on the Eclipse Radio when both the ProVision Server & Eclipse
Radio are enabled for Radius Authentication,the logged in ProVision user requires a security profile
and permissions for ProVision and for the Eclipse Radio in the RADIUS server.
See ProVision User Security Profiles (on page 86). These requirements are as follows:
• Eclipse login banner (accessed through the Configuration Profiles in ProVision)
• Radio Accounts (accessed through the Configuration Profiles in ProVision)
• Eclipse RADIUS configuration (accessed through the Configuration Profiles in ProVision)
• Eclipse SNMPv3 User Account (accessed through the Configuration Profiles in ProVision)
o For the above four operations, the ProVision user must have: Configuration and
Administration security profiles in the RADIUS server for ProVision-Security-Profile,
and SecurityOfficer and administerUsers security profiles for
Eclipse-Radio-User-Profile.
• Eclipse Software Loading - Requires Upgrade security profile in the RADIUS server for
ProVision-Security-Profile and Engineer security profile in the RADIUS server for
Eclipse-Security-Profile.
Procedure
Follow these steps to enable Radius server.
Step Action
1 Obtain the information for your RADIUS server:
• Server IP Address
• Shared Secret password
• Authentication Port
• Accounting Port
• Client Session Timeout value in Seconds
2 If required, install the RADIUS server.
3 Log into ProVision as a Security-level user. In the Administration menu, select RADIUS
Server Configuration.
4 In the RADIUS Server Configuration screen, enter the information from Step 1 for the
primary RADIUS server. You can enter data for the secondary server, if required.
Note: RADIUS Authentication Only means that RADIUS server is used only to
authenticate user access to ProVision, and ProVision local accounts are used to
determine users security access. If a user account exists in RADIUS server but not in
ProVision, then log in to ProVision provides user with View only security access. When
enabled a message is also shown in title bar of ProVision User Accounts indicating
that user authentication is via RADIUS server.
Note: When ProVision is configured to use Radius server for authenticating user login
to ProVision server then Background Authentication Credentials need to be configured
in ProVision RADIUS Server Configuration window with a username and password
that has Engineer access to Eclipses. This is required so ProVision server can
discover Eclipse configurations, perform configuration backups, software loading, etc.
Note: ProVision can be configured so that when RADIUS authentication fails it then
118 March 2023 Aviat Networks
Access Control
Step Action
uses local user accounts for authentication. See Configuring RADIUS
authentication fallback to local user accounts (on page 79).
5 Click on Background Authentication Credentials. A screen displays: enter a user name,
password, and confirm password.
6 Click OK.
7 In the RADIUS screen, click OK.
ProVision is now connected to the RADIUS server. In future, all login authentications will be
done using this configured RADIUS server.
8 To set the RADIUS server settings for a new radio, select the radio that the RADIUS server
profile is to be applied to,and then select the already saved RADIUS configuration profile.
See ProVision User Guide, Configuration profile reference.
9 To bulk configure RADIUS server logins for all radios, select the ProVision Physical Root in
the network, right-click and select Configuration > Profiles, then from Configuration
Profile dialog select the Eclipse RADIUS Configuration profile. Set the values as described
in ProVision User Guide, Configuration profile reference.
Note: When you are setting up RADIUS and populating the radreply table, you need to include
attribute values for different Aviat software access groups. These values are listed below.
Step Action
1 Stop the ProVision server using the appropriate command (see ProVision Commands).
2 Edit the server_configuration.xml file of the ProVision server with a text editor. This file is
located at: ProVisionServer\tomcat\webapps\ROOT\pv\templates
Step Action
3 Open this file and edit the value:
<fallBackToLocal>false</fallBackToLocal>
Change from false to true
So line will look like
<fallBackToLocal>true</fallBackToLocal>
Note: When set to true, any fault or failure will use local user accounts. When set to
false (default) any authentication failure will still use RADIUS server for authentication.
All other RADIUS connection faults will use local user accounts but only after all
connection attempts are exhausted.
4 Save the file.
5 Restart the ProVision server to apply the configuration.
Note: See Enabling a RADIUS Server (on page 117) for an overview of the RADIUS enabling
requirements.
Prerequisites
RADIUS configuration features are only available to ProVision administration users. Because this is
a security related feature the user must also have administration privileges on each Eclipse in the
network.
The exact security prerequisites depend on whether the ProVision system is configured to use a
RADIUS server for authentication.
RADIUS user authentication prerequisites
• RADIUS must be enabled on both ProVision and the Eclipse.
• If RADIUS is not enabled in ProVision then the Standard User Authentication requirements
above apply.
• If RADIUS is enabled in ProVision but not in the Eclipse, then a user account must exist in the
Eclipse with same credentials (username and password) as the ProVision user. This
configuration is not recommended.
• Ensure that firewall settings are correct between Eclipse and ProVision.
• The credentials of the ProVision user initiating the operation are used to authenticate with the
Eclipse when reading or writing the configuration profile, therefore:
o This user must have RADIUS credentials defined for both the Eclipse and ProVision.
o Eclipse - Administration.
o ProVision - Administration and Configuration.
Other prerequisites
This feature requires additional support with the Eclipse firmware, thus is only available on radios
running versions 05.00.xx or greater.
Step Action
1 Ensure that the correct ProVision and Eclipse user privileges are configured, based on the
Prerequisites.
2 Select the ProVision Physical Root in the network, right-click and select Configuration >
Profiles, then from the Configuration Profile dialog select the Eclipse RADIUS
Configuration Profile.
Step Action
5 Save the configuration profile; the profile must be saved before it can be written back to the
radios.
6 Click Execute to write the changes to all supported Eclipse devices in the network. A dialog
will appear verifying the radios that this profile will be written to, if necessary radios can be
removed from this list. Press Execute again to complete the operation.
7 The progress of the operation can be monitored using the Task Manager.
Step Action
1 Ensure that the correct ProVision and Eclipse user privileges are configured, based on the
Prerequisites.
2 Select the ProVision Physical Root in the network, right-click and select Configuration >
Profiles, then from the Configuration Profile dialog select the previously saved RADIUS
Configuration profile from the drop down list.
3 Click Execute to write the changes to the selected Eclipse device. Click Execute again on
the following dialog to complete the operation.
4 The progress of the operation can be monitored using the Task Manager.
In this chapter
About Migrating Topology ......................................................................................... 125
Importing the Topology.............................................................................................. 126
Exporting the Topology ............................................................................................. 127
Migrating StarView Data into ProVision..................................................................... 129
Note: If you are upgrading to ProVision after using StarView, you can use the StarView Migration
Tool to convert the StarView data into a ProVision topology. See Migrating StarView Data into
ProVision (on page 129).
Parameters
The network topology is migrated as an .XML file. The .XML file contains:
• Object type (container or device)
• Object name
• Object containment definition
• Device IP addresses (primary)
• SNMP community strings
• Object state (Managed)
• Object performance data collection state (daily enabled/disabled, 15-min enabled disabled)
• Object coordinates (in Map view)
• Link information
Prerequisites
The topology export file is needed when upgrading from ProVision 2.3 or 3.0 to current ProVision
version.
The following parameters must be unique:
• The name of each object in the topology.
• Device object IP address (primary).
Dependencies
The northbound interface (NBI) is dependent on the network topology.
A common problem during an import is when an object that is being imported has the same name of
an object already in the network. The imported object is skipped and the existing object remains in
the network unchanged. The Import Results screen displays the message:
Object name is not unique nnnn. Skipping object: nnnn
Where nnnn is the name of the object in question.
Objects that were not imported can be manually deployed and managed.
Note: Topology imports from ProVision 6.9 onwards include standard and logical links,
containers, and devices. Imports from earlier versions of ProVision do not include logical links
and containers.
Procedure
Follow these steps to import topology.
Step Action
1 Select File > Topology Import. The Topology Import window is displayed.
2
Click the button. The Open window is displayed.
3 Browse to the location of the topology file.
Step Action
4 Highlight the topology file and click Open. The Open window closes and the Topology
Import window is displayed.
5 Click Import.
6 The import is processed. You cannot re-import this file from this screen during this session;
after you complete the import, the Import button is disabled.
7 When the import has completed, click Close.
8 Review the Event Browser for "invalid deployment" events. Use the Filter function to find all
events titled Invalid Deployment, as shown below:
Note: Device Security Accounts are not stored in the topology file. You will need to configure any
device accounts again by following the instructions in Device Security Accounts. See Device
Security Accounts (on page 104).
Note: Aviat Networks recommends that a topology filename include the date the file was
exported.
Note: Topology exports include standard and logical links, containers, and devices.
Note: For backing up as part of an upgrade, see Data Backup and Sharing Using Topology
Exports (on page 148) and ProVision 2.3/3.0 topology migration tool.
Procedure
Follow these steps to export topology.
Step Action
1 Select File > Topology Export. The Topology Export window is displayed.
2
Click the button and browse to the location in which to store the topology file. The
Save window is displayed.
3 Type a descriptive name in the File Name field.
Note: Save the .xml topology file in a folder outside the software folder. If you do not,
the file will be deleted when is uninstalled.
4 Click Save. The Save window closes and the Topology Export window is displayed.
Step Action
5 Click Export. The Export Results panel displays the final status of the export, including any
items that could not be exported.
6 Click Close. The Export file is now in the folder location where it was saved.
Prerequisites
Administrator-level access to the current StarView installation, and to a complete ProVision
installation, ready to operate.
The zip file SVMigrationx.y.zip. In this file name, X and Y are the StarView migration tool version
numbers. The executable files you will need are in this zip file.
The SQL file sv_pv_migration.sql.
3 Click the Open button near Input SV File. Find the sv_pv_migration.txt file. Select it and
click Open.
4 With this file selected, click the Convert button. You are prompted to enter the name of the
topology export file, and the directory where it will be saved.
Step Action
5 If you have any of the following devices:
• Megastar M:N
• TRuepoint 4040, 5000, 5000 + 2
• MicroStar I, II, or II
• DVM (T,R)
the Device Configuration screen displays:
Step Action
• For devices with + signs beside them, which have multiple IP addresses, mouse over
the device for a tooltip with configuration information.
Note: Any errors in the conversion are displayed in the StarView Migration screen.
These errors are also saved in the log file sv_migration.log. If a device is not
converted and imported into the topology, you will need to enter it manually into
ProVision.
Step Action
Step Action
4 Move, rename, and reparent devices as required.
Important: This step is very important. When you import additional topologies, if
device or container names already exist in ProVision, ProVision will not import those
devices/containers. Renaming imported items with unique names avoids this problem.
5 Import the second topology file into ProVision.
6 Repeat step 4 for each topology that you import.
Step Action
1 Begin with the PC that is running the StarView installation. On this PC, create a new folder.
2 Copy the file sv_pv_migration.sql onto the StarView PC into the created directory.
3 On the StarView PC, open the command prompt.
4 Using commands, go to the created directory.
5 Run the following commands:
ovdwtopo -export
ovdwquery -file sv_pv_migration.sql -out sv_pv_migration.txt -sep ;
ovmapdump –v > ov_pv_migration.txt
Step Action
6 Check the C:\Migration folder. New files should be created, sv_pv_migration.txt and
ov_pv_migration.txt.
7 Copy sv_pv_migration.txt and ov_pv_migration.txt from the StarView server into the
ProVision Client directory on the Client PC.
3 Click the Open button near Iinput SV File. Find the sv_pv_migration.txt file.
Select it and click Open.
4 Click the Open button near Input OV File. Find the ov_pv_migration.txt file. Select it and
click Open.
5 With this file selected, click the Convert button. You are prompted to enter the name of the
ProVision topology export file, and the directory where it will be saved.
6 The StarView data is converted to a ProVision topology file. A log file named
sv_migration.log is also generated, and stored in the StarView migration tool is installed.
Step Action
7 The Topology file can be imported into ProVision and devices can be reparented and
renamed as required.
Note: Any errors in the conversion are displayed in the StarView Migration screen. These errors
are also saved in the log file sv_migration.log.
Caution: If a device is not converted and imported into the topology, you will need to enter it
manually into ProVision.
Note: Devices with duplicate names are renamed by appending a number to duplicate. Illegal
characters in device names are replaced by spaces.
Note: For information on managing Standby servers, including coordinating backups between a
Primary server and a Standby server, see Redundant Server Deployments (on page 157).
In this chapter
About Managing and Backing Up the ProVision Database ....................................... 137
Database Backup Procedures ................................................................................... 140
Data Backup and Sharing Using Topology Exports................................................... 148
Server and Services Management Procedures ......................................................... 149
When you initiate a database backup, creates a backup folder, copies the database into the folder,
and updates the backuplisting.xml file. This view shows the location of the backup folder and an
example of the naming standard used.
Backup frequency
The following backup procedures are recommended:
• Daily - Backup the ProVision database to a CD, DVD, flash drive, or network drive.
• Weekly- Copy the last database backup to a CD, DVD, or flash drive, which is then stored
off-site. Include the network topology file with this backup.
Aviat Networks also recommends that you run a manual backup before any upgrade of ProVision,
and when any significant changes are made to the database. This backup should include event
and performance data, and including the network topology.
Note: Sizes in this table are approximate only and are based on 3 million events in the database
and on the following Database Purge Settings: Purge Daily Performance Data older than 52
weeks, Purge 15-Min Performance Data older than 60 days, Purge Ethernet 15-Min Performance
Data older than 7 days.
Warning: Compressed databases backup and restore times can take up to 10 times as long as
uncompressed backup and restore times and are dependent on the environment where ProVision
server is installed.
Weekly backup
Step Action
1 Aviat Networks recommends that you store each daily backuplisting.xml file on a CD,
DVD, or a flash drive. Place the saved backup in a fireproof safe.
2 At the beginning of each work week, move the backup items to your archival storage
location.
3 The oldest set of CDs or flash drives can be returned to the engineers for reuse.
Monthly backup
Step Action
1 On the fifth working day of the fourth week of each month, you should copy all the backup
files for the entire month onto one read-only CD or flash drive.
2 Label the read-only backup with the month and year that it backs up.
3 Store it permanently off site, at your archival storage location.
Also see Server and Services Management Procedures (on page 149).
Step Action
1 Select Start > ProVision Server > Command Window.
2 At the prompt, type pv db configure. If a window appears with the message "Do you
want to allow the following program to make changes to this computer?" click Yes.
3 The Change Database Details screen displays.
Step Action
1 Start with the ProVision user interface.
2 From the menu bar, select Administration > Database Backup > Backup Preferences.
The Database Backup Preferences window displays.
3 Enter the Backup Location. If it is accessible, a green check displays beside the location. If
it is not accessible, a red X displays, and you must enter a different location.
Note: ProVision also supports network drive locations for Backup Location.
• Change ProVision service in Windows Services. Next, select Log On tab and
change from Local System account to This account. Enter account credentials
that has access to local drive as well as remote share and restart ProVision
service. Every time ProVision server is upgraded the service must be updated as
well.
4 If you need to compress database backups, select the Compress Database Backups
checkbox. This enables database compression, making the database up to 10 times
smaller.
Warning: Compressed databases backup and restore times can take up to 10 times
as long as uncompressed backup and restore times and are dependent on the
environment where ProVision server is installed. To review backup sizes, see About
Managing and Backing Up the ProVision Database (on page 137).
5 When your location is valid, click OK.
6 The window closes. ProVision will save both manual and scheduled backup files to this
location.
Manual backup
Running a manual backup ProVision of takes a backup of the system at the time that you run the
Manual Backup function.
Note: To perform a backup, you must have a ProVision client running to access the database
backup options from the user interface.
Step Action
1 Start with the ProVision user interface.
Step Action
2 From the menu bar, select Administration > Database Backup > Manual Backup. The
Manual Database Backup window displays.
3 In the Description field, type a description of the backup. The description you enter is
written in the backuplisting.xml file, located in the ProVisionServer\mysql\backup or
ProVisionServer\pgsql\backup folder.
4 Use the checkboxes to select additional information to include in the backup:
• Include Event Data
• Include Performance Data
• Include Device Config Files
• Include NBI (note: does not include NBI Performance)
5 Click Backup. You will be prompted to view the backup in the Task Manager. Click OK.
6 The backup is monitored by the Task Manager, and its success or failure is noted.
Scheduled backup
The Scheduled Backup function runs and saves a backup of your ProVision data automatically,
based on the schedule values that you enter.
By default, the Scheduled Backup is enabled to run on a weekly basis. The default Scheduled
Backup includes events and performance data, and runs with a start time of 2 AM. Each weekly
backup is purged after 30 days.
If you want to change these Scheduled Backup values, use the procedure below.
Step Action
1 Start with the ProVision user interface
Step Action
2 From the menu bar, select Administration > Database Backup > Scheduled Backup.
The Scheduled Database Backup window displays.
3 In the Description field, type a description of the backup. The description you enter is
written in the backuplisting.xml file, located in the ProVisionServer\mysql\backup or
ProVisionServer\pgsql\backup folder.
4 Use the checkboxes to select additional information to include in the backup:
• Include Event Data
• Include Performance Data
• Include Device Configuration Files
• Include NBI (note: does not include NBI Performance)
5 In the Next Update field, select the date (up to two weeks in advance) of the next update
using the up and down arrows.
6 In the Start Time field, select the hour that you want the backup to occur using the up and
down arrows. Then select AM or PM. The update occurs on the hour, for example 1 AM
means the update starts at 1:00:00 AM.
7 In the Frequency field, select the how often, in days, you want the update to occur. This
field can be set between 1 and 30 days.
8 In the Purge backup older than field, select how often, in days, you want to purge the
backup files. This field can be set between 2 and 365 days. A minimum of a one-hour buffer
is recommended between scheduled database backups and scheduled database purges.
9 To save the scheduled backup settings, click OK.
Note: If you are restoring from a backup that has been stored on CD, you must remove the
Read-only setting from its Properties. You cannot restore a database from an incompatible
version of ProVision, for example, a ProVision 3.0 database into ProVision 6.5.
Step Action
1 Ensure the backup folder and backuplisting.xml file are in the following directory:
ProVisionServer\mysql\backup or ProVisionServer\pgsql\backup
2 Stop all client sessions, by having the operators log off from ProVision.
3 Select Start > Programs > Server > Command Window.
4 At the prompt, type: pv db restore
The following message is displayed indicating that needs to be shut down. Press any key to
continue.
Step Action
8 When the restore is complete, the following message window is displayed.
If the restore failed, a message informs you that the restore has failed, and asks you to
check restore.log.
Check the file restore.log for details, located in the folder: ProVisionServer/.
9 Click OK.
10 To close the Restore Database window, click Exit.
11 To restart the server, type the following in the Command Window: pv service start
12 To start a ProVision client session and verify the restore was successful, select Start >
Programs > ProVision Client.
Step Action
1 Select Start > ProVision Server >Command Window.
2 At the prompt, type: pv db check
This checks and repairs key database tables.
3 At the prompt, type: pv db check all
This checks and repairs all database tables, but takes longer to run.
The following message is displayed indicating ProVision must be shut down.
Step Action
4 To close the ProVision Server, press Enter. The Command Window indicates when the
database check has finished.
5 Check the results in the file checkrepair.log located in the folder: <Install
Directory>\ProVisionServer\database\.
6 To restart the ProVision Server, type: pv service start
Step Action
Note: If the number of events generated per day, over the purge period, exceeds % of the purge
maximum (500,000 events), will raise an event to notify the administrator.
• For Eclipse devices with Strong or FIPS Security enabled, to enable ProVision to back up
and restore configuration, you need an active SNMPv3 user account for the devices, set up
with the Crypto access level. An Eclipse SNMPv3 user account can be set up from the Portal
craft tool, or set up from ProVision via the Configuration Profile Settings. See Setting
SNMPv3 security access (on page 112) for more details.
• CTR 8440 devices can have their configuration backup saved, but not restored. The
configuration backup is done via the TFTP server which comes bundled with the ProVision
Server installation. The TFTP server runs on port 69.
Note: Any external TFTP servers should be stopped for the TFTP server on ProVision to work.
Export configuration backup procedure
Step Action
1 Start with the ProVision user interface.
2 Find the device that you want to back up.
3 From the right-click menu, select Configuration > Export Configuration Backup. The
Export Configuration Backup window displays the available configuration backups for the
radio.
4 Select the backup that you want to export and click Export.
5 You are prompted to save the export file. Select the directory location and click Save.
Example
This diagram shows an example of a 3+1 solution. A backup ProVision master system provides
redundancy for a number of regional ProVision networks. The regional ProVision administrators
send their data to the ProVision master system as topology files. The topology files are imported
into the ProVision master system.
Sample procedure
Step Action
1 Each ProVision site administrator should export their topology. For instructions, see
Exporting the Topology (on page 127).
2 The exported topology file is emailed to the ProVision master administrator.
3 The ProVision master administrator imports the topology files into the ProVision master
installation. For instructions, see Importing the Topology (on page 126).
4 All the devices and configurations from the ProVision sites are coordinated in the ProVision
master system.
Note: For Windows 7, 2008R2 and 8, run these commands as an Administrator. To do this, open
the Commands screen by right-clicking the Command Prompt item and selecting Run as
Adminstrator.
Table 30: Database Commands
Note: If, after entering a command, a window appears with the message Do you want to allow
the following program to make changes to this computer? click Yes.
2 In the right-click menu, select Performance >Trends. The Performance Trends screen
displays.
3 To view the available disk space, go to the Parameters frame. Select the value 15-Min
Disk Space and click Apply. The graph displays the available disk space for the Server.
4 To view memory usage, select 15-Min Memory Usage and click Apply. The graph displays
the memory usage for the Server.
Step Action
4 Edit the following values for available events:
• Event Description - Enter a brief description of a low disk space event. You can retain
an existing event name or alter it.
• Trigger Value - Enter the trigger value in MB. automatically converts this to a
programming value.
• Severity - Select the Severity level from the drop-down menu.
Step Action
1 Select Start > Programs > ProVision server > C:\ Command Window.
Note: Open the Command Window by right-clicking the Command Prompt item and
selecting Run as Administrator.
Step Action
2 At the prompt, type: pv service stop
If a window appears with the message Do you want to allow the following program to
make changes to this computer? click Yes.
p
3 Press Enter. A message displays, indicating the ProVision server has stopped.
Note: Open the Command Window by right-clicking the Command Prompt item and
selecting Run as Administrator.
2 At the prompt, type: pv service start
3 Press Enter. A message is displayed indicating the ProVision server has started.
Note: Always back up the ProVision database before resetting the database.
Step Action
1 Select Start > ProVision Server > Command Window.
2 At the prompt, type: pv db reset
The following message is displayed, indicating that ProVision needs to be shut down. If a
window appears with the message “Do you want to allow the following program to make
changes to this computer?” click Yes.
3 To close the ProVision server, press Enter to continue. The Command Window displays the
reset actions
.
The database is now reset.
Note: Removing ProVision from the system services does not remove any of the ProVision files.
Step Action
1 Select Start > ProVision Server > Command Window.
2 At the prompt, type: pv service remove
3 Press Enter.
The command window's message indicates ProVision has been removed.
Step Action
1 Select Start > ProVision Server > Command Window.
2 At the prompt, type: pv service install
3 Press Enter.
The command window’s message indicates ProVision has been installed.
In this chapter
Standby Server ......................................................................................................... 157
Redundancy Controller.............................................................................................. 157
Managing Standby Servers ....................................................................................... 157
Hot Standby Server Redundancy .............................................................................. 168
About the Redundancy Controller ............................................................................. 169
DCN Bandwidth and Latency for the Redundancy Controller .................................... 170
Normal Operation of Redundancy Controller ............................................................ 171
Using Both the Redundancy Controller and the Standby Server ............................... 183
Standby Server
The Standby Server provides the following capabilities:
• Warm standby server redundancy with manual failover.
• Active server database backed up to standby server at regular time interval, typically once per
day.
• Performance and configuration change data since the last backup is lost when the active
server fails. If backup is daily, hence up to a day's worth of data is lost.
• Both servers are active (although there are restrictions with standby server), enabling the
standby server to be used to support an increased number of Client sessions.
See the section Managing Standby Servers (on page 157) for related topics and instructions.
Redundancy Controller
The Redundancy Controller provides the following capabilities:
• Hot standby server redundancy with automated failover.
• Server databases synchronized in near-real-time through database replication process,
ensuring minimal loss of data when the main server fails.
• Only one of the servers is fully active at a given time, although switching occurs quickly to the
peer server when the main server fails.
• Redundancy Controller application license required.
See the section Hot Standby Server Redundancy (on page 168) for related topics and
instructions.
Warning: If you want to use both the Redundancy Controller and the Standby Server, the Standby
Server must be installed on a server that is separate from the two Redundancy Controller servers.
• Both servers are active (although there are restrictions with standby server), enabling the
standby server to be used to support an increased number of Client sessions.
ProVision includes the functions to help manage standby servers.
This section covers the following topics.
About Primary and Standby servers .......................................................................... 158
Standby server configuration prerequisites ............................................................... 159
DCN bandwidth requirements for a Standby server .................................................. 159
Synchronizing Primary server and Standby server databases .................................. 160
Configuring server type as Primary ........................................................................... 161
Configuring server type as Standby .......................................................................... 161
Primary server failure: Activating a Standby server ................................................... 162
Primary server restoration ......................................................................................... 163
Primary server fails: Managing and restoring after failover ....................................... 165
Warning: When Primary and Standby servers use IPv6 addresses, ProVision client to Standby
server must not be connected using the Primary ProVision server machine and vice versa. Doing so
will break RMI connectivity and affect the functionality of the Primary and Standby servers.
• If Windows operating systems are used, both the Primary and Standby server must use the
same version for Windows, either 32 or 64 bit. For requirements, go to Standby Server
Configuration Prerequisites (on page 159).
• Do NOT use any Standby clients to deploy devices or change system or network
configuration.
• For examples of Primary and Standby networks, see Standby Server Deployment (on page
18).
Table 31: Enabled and Disabled Functions by Server Type
NBI and performance data are still shown as enabled in the Standby clients, even though these
functions are disabled on the server.
Note: For information on installing a Standby Server, see Standby Server Installation and
Maintenance (on page 58).
Warning: If you want to use both the Redundancy Controller and the Standby Server, the Standby
Server must be installed on a server that is separate from the two Redundancy Controller servers.
Note: Database backup is transferred in a single compressed file, to minimize the burden on the
DCN.
DCN requirements
Because the required DCN bandwidth is based on the database backup file size and the time to
perform the transfer, we recommend the following bandwidths for different size network
deployments.
Note: To enable this, see Configuring server type as Primary (on page 161).
This section describes what happens when backup files are transferred from the Primary server to
the Standby server. It also notes what happens when the transfer process fails.
Normal transfer process
The normal transfer process is as follows:
Step Action
1 The Primary Server saves its scheduled backup. The backup file is zipped into a file named
transit.zip and saved to the location ProVisionServer/mysql/backup or
ProVisionServer\pgsql\backup.
2 The Primary Server starts to send the transit.zip file. An event showing that the backup
transfer is in progress is displayed:
Caution: The Primary Server must have Scheduled Backup enabled. The frequency and type of
scheduled backup on the Primary Server determine when the database gets transferred to the
Standby Server. See Scheduled backup procedure (on page 142).
Caution: If you are synchronizing the Primary Server and the Standby Server by running a
manual backup, allow the manual backup to run completely. Do not run the manual backup a
second time: the Standby Server needs time to process the first manual backup and its related
restarts.
Note: The minimum DCN bandwidth must be available between Primary and Standby servers.
See DCN bandwidth and port requirements for a Standby server (on page 159).
Step Action
1 Start with the ProVision user interface on the Primary server.
2 Set up Scheduled Backup (Scheduled Backup Procedure (on page 142)).
3 From the menu bar, select Administration > Server Redundancy. The Server
Redundancy window is displayed. It should show the System Type as Primary.
Note: See also Synchronizing Primary server and Standby server databases (on page 160).
Step Action
1 Start with the ProVision user interface on the server that you are configuring.
2 From the menu bar, select Administration > Server Redundancy. The Server
Redundancy window is displayed. It should show the System Type assigned to the server.
Step Action
3 To change the System Type, select the Standby option.
4 Click OK.
5 The server is reconfigured as the Standby server. In the lower left corner of the ProVision
Client interface, text appears indicating that this is the Standby server.
Note: When you set a server to be a Standby server, in the Server Redundancy window, the
Enable Backup to Standby and Standby Server values are grayed out. These are only enabled
for a Primary Server.
Note: The Standby server uses data from the most recent backup. Note that performance data or
system changes may be missing, based on how frequently backups are scheduled.
Step Action
1 Start with the ProVision user interface on the Standby server.
2 From the menu bar, select Administration > Server Redundancy. The Server
Redundancy window is displayed. It should show the System Type as Standby.
3 Select the System Type option Primary. Clear the Enable Backup to Standby checkbox.
Then, click OK.
Step Action
4 The Standby server is reconfigured as the temporary Primary server. This process takes
approximately 15 seconds. When this happens, any disabled functions, such as
performance data collection and NBI, are fully enabled.
5 Review the server configuration, and make changes as required.
Note: When the Standby server is activated, the following settings are the same as
those of the Primary server.
• Server IP address under Configuration > Software loading preferences
• Database backup location under Administration > Database Backup > Backup
Preferences.
• For software loading and database backup to work correctly, these settings need
to be updated.
• See ProVision User Guide, Deploying and Managing Devices,
Loading/Activating New Software and Licenses, Part A: Register the
software onto the server to reconfigure server settings.
• See Set backup preferences (on page 141) to reconfigure Backup location
settings.
6 Operate the system in this new configuration until you are ready to restore the long-term l
Primary server. See Primary server restoration (on page 163).
This graphic shows the differences between normal operation, operation when the primary server is
down, and the database restoration process.
Step Action
9 Select the System Type option Primary. Select the Enable Backup to Standby checkbox,
and enter the Standby Server IP address.
10 This server is reconfigured as the Primary server. When this happens, any disabled
functions, such as performance data collection and NBI, are fully enabled.
11 In the Redundancy Configuration window, change the Standby Server IP address back to
the long-term Standby server.
Step Action
1 Log in to the Standby server.
Step Action
2 In ProVision, select Administration > Server Redundancy. Change the System Type to
Primary. Do not select the Enable Backup to standby checkbox at this point.
3 The Standby server is now functioning as the Primary server. It will start sending
Emails/SMS when alarms are received and/or cleared.
Step Action
1 Log back in to the Primary Server, which has been off line. Open ProVision. Configure it as
the Standby server in the Administration > Server Redundancy screen, as shown below.
Also, note the IP address of this server.
Step Action
2 Log back in to the temporary Primary server/former Standby server. In the Administrator >
Server Redundancy screen, select the Enable Backup to Standby checkbox, and enter
the IP address of the desired Primary Server from step 1.
3 Go to Administration > Database Backup > Manual Backup and run a manual backup.
This will back up all the alarms, including the newer ones that came to the system while the
Primary server was off line.
4 When the manual backup finishes, it will be transferred to the other server.
5 Log in again to the Primary server and verify that the newer alarms are appearing.
Step Action
6 Re-configure this as the Primary server.
Note: The Redundancy Controller is a licensed feature. If you operate the Redundancy Controller
with an expired trial license, the functionality is enabled, but it does not accept Client connect ions.
Please contact your sales representative about the Redundancy Controller license.
Note:
• ProVision clients can only connect to the Active Main Server. It is not possible to connect to
a Dormant Server.
• There is only one Active Main Server and one Dormant Server per network.
Configuration prerequisites
• The Redundancy Controller needs to be installed on both the Active Main Server and Dormant
Server. See Installing and Uninstalling the ProVision Redundancy Controller (on page
59).
• The Active Server and the Dormant Server each must be set up with the same:
o ProVision versions.
o License capabilities. This includes Redundancy, NBI, node code, and other additional
licenses. See Licensing ProVision (on page 67).
o DCN bandwidth and latency. See DCN Bandwidth and Latency for the Redundancy
Controller (on page 170).
o Ports. See Network communication ports for firewalls (on page 23).
DCN requirements
The required DCN bandwidth and latency is dependent on the size of the ProVision database, and
the size of the external database files. Latency is the main factor in minimizing the transfer times. If
the latency time between the Main Active Server and the Dormant Server is high this significantly
increases the transfer times.
The table below details the time required for the Database and external files to fully resynchronize
between the Active and Dormant servers using the specified bandwidth and latency criteria. These
times were recorded using an uncompressed database of 2.5 GB (2000+ devices) and
uncompressed external files of 0.8 GB (40000+ external files).
Note:
• Database Synchronization Time = amount of time required for the Dormant Server to
transfer and load into its database a copy of the Active Main Servers database.
• External File Synchronization Time = amount of time required for the Dormant Server to
transfer a copy of the Active Main Servers external files.
• Catchup Time = amount of time required for the Dormant Server, once it has transferred
and loaded the Active Servers Database, to catchup and replicate any database changes
that have since occurred on the Active Main Server during this transfer.
• Effective Bandwidth = actual bandwidth calculated to transfer the database from the
Active Server to the Dormant Server under latency.
• The transfer times are also inclusive of local processing times, which include factors such
as compressing and uncompressing files, as well as time required to transfer across the
network.
• ProVision is running on the Active Main Server collecting performance data. ProVision Clients
connect to the Active Main Server. ProVision Clients cannot connect to a Dormant Server.
• All database information from the ProVision Active Main Server is replicated to the Dormant
Server in near real time. All external database information such as NBI is synchronized to the
Dormant Server daily at a scheduled time.
• The Redundancy Controller software on both servers monitors for failover events. The
Dormant Server will failover to Active if there is a problem with the current Active Main Server.
In a failover event all existing clients will need to be manually reconnected to the New Active
Main Server.
• The Redundancy Controllers on both the Active Main Server and Dormant Server record
information in their log files. Also, certain events are sent out as SNMP traps. Details of the
SNMP trap destination can be configured on both servers.
This section covers the following topics.
Logging in to the Redundancy Controller .................................................................. 171
Redundancy Controller status ................................................................................... 172
Redundancy Controller configuration ........................................................................ 175
Redundancy Controller security ................................................................................ 177
Troubleshooting the Redundancy Controller ............................................................. 179
Note: You must be an Administrator user to access the Redundancy Controller. If you require
access and do not have it, please check with your ProVision administrator.
Caution: The web browser interface must have Javascript enabled for you to use the
Redundancy Controller.
Warning: The Redundancy Controller interface is not compatible with the web browser Internet
Explorer 9. We recommend Firefox or Internet Explorer 8.
Step Action
1 In the Start menu, click the ProVision Redundancy Controller link from the Redundancy
Controller menu.
The Redundancy Controller displays.
Note: You can also access the login screen by entering the URL of the Redundancy
Controller IP address or server name, https://<redundancy controller IP
address>:9080/rc. For example: https://pvwenz04:9080/rc.
2 Enter your user name and password. Click Login.
Item Value
System State
Local Status Status of the local server.
Peer Status Status of the remote peer server
Control
Item Value
Switch/Unlatch Click Switch to change the local server from Active to Dormant or vice versa. If
the peer server is Active you cannot switch the local server to Active, because
you cannot manually switch to two Active servers.
Note: When you click Switch, a message appears, asking you to confirm
the change. Click Yes to confirm.
Click Unlatch to move the local server out of the Dormant Latched state. This
button only becomes available when the local server is in the Dormant Latched
state.
Note: The Redundancy Controller provides a Web Brower Interface that can be accessed from
both Servers. If one Server displays “Local Status: Active Main Server” and Peer Status
“Dormant”, then the other server will display “Local Status: Dormant” and Peer Status “Active
Main Server”.
The table below describes a list of statuses (Local Status and Peer Status) that typically appear on
the status page in the Redundancy Controller Web Interface , followed by a second table that lists
all available statuses.
Status Description
Acquiring Peer Heartbeat The Redundancy Controller is monitoring its Peer to check its status
Active Main Server The Active Redundancy Controller is currently replicating and providing
redundancy. ProVision Server is running and ProVision Clients can be
connected to this Server.
Active Server Failing The Active Redundancy Controller has detected a self fail condition and
will restart. It will restart in either Dormant Latched or Dormant
(depending on whether it is configured with Dormant Latched checked).
Dormant The Dormant Redundancy Controller is currently replicating any changes
on the Active ProVision Server system.
Dormant Latched The Redundancy Controller has started but is in a Latched state. This
means there is no replication of data between itself and its Peer. It also
means automatic failover is currently disabled. When in Dormant
Latched State the Redundancy Controller can be Unlatched into
Dormant State by Unlatching it in the Redundancy Controller Web
Browser Interface .
Status Description
Failing Over The Dormant Redundancy Controller has lost communication with its
Peer. If this loss in communication continues for longer than the failover
window then the Dormant Redundancy Controller will automatically
switch to the Active Redundancy Controller
Initialization The Redundancy controller is starting up and initializing
Resynchronizing The Dormant Redundancy Controller is currently Resynchronizing with
the Active Redundancy Controller to ensure the Dormant Server is up to
date with the Active Servers ProVision database.
Resynchronizing The Active Redundancy Controller has received a request from the
Dormant Server Dormant Redundancy Controller and is resynchronizing the ProVision
Server database.
Resynchronizing Files The Dormant Redundancy Controller is currently Resynchronizing with
the Active Redundancy Controller to ensure the Dormant Server is up to
date with the Active Servers ProVision external files.
Resynchronizing Files The Active Redundancy Controller has received a request from the
With Dormant Server Dormant Redundancy Controller and is resynchronizing the ProVision
Server external files.
Server Not Licensed The Redundancy Controller is not licensed on this Server. No Replication
or Redundancy is enabled in this state. Redundancy is a Licensed
Feature of the server.
Starting Up Active The Redundancy Controller is starting up as the Active Server.
Unknown State The Redundancy Controller is unable to communicate with its Peer and
therefore its Peer State is Unknown. Check in the Redundancy
Controller Web Browser Interface that the Peer IP address is correct.
See also:
• Redundancy Controller configuration (on page 175)
• Redundancy Controller security (on page 177)
Item Value
System
Peer IP Address IP address of the peer server.
Peer SFTP/FTP Port SFTP/FTP port of the peer server.
File Synchronization Hour Files are synchronized between the local and peer servers once per day
at this hour. Enter a value between 0 and 23.
Server Latched Check this to configure the server for entering into the "Dormant
Latched" state when it is transferring from the Active state.
Failover
Heartbeat Timeout If the heartbeat synchronization fails, the timeout is the period of time in
seconds between retries. The default value is 5 seconds and the range
can be from 5 to 20 seconds. This value should be the same on the
peer.
Item Value
Heartbeat Retries If the heartbeat synchronization fails, the retry is the number of times
synchronization is attempted again. This value must be the same on the
new peer. The default value is 5 retries and the range can be from 4 to
10 retries.
The ProVision Redundancy Controller can forward SNMP traps indicating Redundancy Controller
status to a third party NMS system in the same format as ProVision event forwarding NBI.
The SNMP trap format used is the same format is Event NBI SNMPv1 traps and uses MIB
STXN-PV-V1-TRAPS-MIB (MIBS for Event NBI can be located with release files and also in
ProVisionServer\mibs directory). Refer to ProVision NBI System Integration Guide section
Event-Forwarding NBI SNMP Traps Northbound SNMPv1 Trap for information about SNMPv1
traps.
An Excel spreadsheet, ProVision Redundancy Controller SNMP Alarm List.xlsx, containing a
list of possible Redundancy Controller SNMP Alarms, is included with release files in
System_Integration Directory.
See also:
• Redundancy Controller status (on page 172)
• Redundancy Controller security (on page 177)
Item Value
Security
Password Change the password for the Administrator user.
Confirm Password Confirm the changed password for the Administrator user.
Radius Server
Checkbox Link the Redundancy Controller to the Radius server by selecting this
checkbox.
Shared Secret Enter the "shared secret" password for the Radius server.
Confirm Shared Confirm the "shared secret" password for the Radius server.
Secret
Primary Radius Enter the following values for the primary Radius server:
• Server IP address
• Authentication Port
Secondary Radius Enter the following values for the secondary Radius server:
• Select the checkbox to enable this server if required
• Server IP address
• Authentication Port
See also:
• Redundancy Controller status (on page 172)
• Redundancy Controller configuration (on page 175)
The Redundancy Controller Web Browser Interface on the Active Server will show a status of:
• Local Status: Active Main Server
• Peer Status: Unknown State
Impact
• Minimal Impact while the Dormant server is off line.
• No Redundancy or Replication available until the Dormant server is back on line.
• No outage as ProVision is monitoring the Network on the Active server.
• Client sessions will still be connected to the Active server.
Recovery actions
When the Dormant server is back on line, it will automatically start resynchronizing with the Active
Server and provide redundancy and replication.
Log in to the Redundancy Controller Web Browser Interface on the Active server and ensure it
shows a status of:
• Local Status: Active Main Server
• Peer Status: Dormant
The system is now back to normal operation. See Normal Operation of Redundancy Controller
(on page 171).
After the failover window time elapses, the Dormant server fails over to become the new temporary
Active server.
The Redundancy Controller Web Browser Interface on the new temporary Active server will show a
status of:
• Local Status: Active Main Server
• Peer Status: Unknown State
Impact
• Outage of ProVision server until the Dormant server becomes the new temporary Active
server.
• Client Sessions will become disconnected.
• The time of outage is dependent on two factors:
o the time taken for Dormant server to failover (failover window).
o the time taken for the Dormant server to start up as the new temporary Active Server.
The time taken for the Dormant server to start up as the new temporary Active server is dependent
on the size of the database and the specification of the server machine.
This outage is typically less than 2.5 minutes in which there will be a loss in the collection of
Performance data and events.
Recovery actions
Clients will be disconnected and will need to be reconnected to the new temporary Active server ,
once it has started up.
When the Original Active Server is back on line it will start resynchronizing with the new temporary
Active server , and becomes the new Dormant server.
Log in to the Redundancy Controller Web Browser Interface on the new Dormant server and ensure
it shows a status of:
• Local Status: Dormant
• Peer Status: Active Main Server
The system is now back to normal operation but has switched from the original configuration. The
initial Active server is now the new Dormant server and the initial Dormant server is now the new
Active server.
The administrator needs to decide when to switch back to the original configuration. (This process
requires another service outage, as already described).
To do this:
Log in to the Redundancy Controller Web Browser Interface on the new Active server and click the
Switch button. This will restore the system back to its original state. Ensure the Browser Interface
shows a status of:
• Local Status: Dormant
• Peer Status: Active Main Server
The system is now back to normal operation. See Normal Operation of Redundancy Controller
(on page 171).
Network communication failure between Active and Dormant servers
Because of a loss in communication there are two Active ProVision Systems trying to monitor and
collect data from the Network.
The Dormant server fails over to become the new temporary Active server.
The Redundancy Controller Web Browser Interface on the new temporary Active server will show a
status of:
• Local Status: Active Main Server
• Peer Status: Unknown State
The Redundancy Controller Web Browser Interface on the original Active server will show a status
of:
• Local Status: Active Main Server
• Peer Status: Unknown State
Impact
• There should be no loss in the collection of Performance data and Events, unless connectivity
is lost with the Radio network.
• Client Sessions should still be connected unless they lose connection with the server.
• Any data that was collected by the most New Active Server, but not collected by the original
Active server , during this loss in communication, will be lost.
Recovery actions
When the network communication is restored, the new Active server automatically goes back into
the dormant state whereby it will start resynchronizing again with the original Active server.
Log in to the Redundancy Controller Web Browser Interface on the original Active server and
ensure it shows a status of:
• Local Status: Active Main Server
• Peer Status: Dormant
The system returns to normal operation. See Normal Operation of Redundancy Controller (on
page 171).
Requirements
• Three servers are required: two for the Redundancy Controller system and one for the
Standby server system.
• The Standby server system must be installed on its own separate server. The ProVision
Redundancy Controller system must not be installed on this server.
This diagram shows a sample configuration with the three servers in place:
Caution: These functions are for administration-level users with advanced event management
system skills. Users must be able to generate device events, access device MIBs, and possibly
communicate with device manufacturers.
Note: Previously installed GDS Ethernet devices can be discovered using Network
auto-discovery for devices: see ProVision User Guide.
Note: Provides consulting services for Generic Device integration. Please contact your Aviat
Networks sales and support staff for more information.
In this chapter
Managing Generic Devices and Packages................................................................ 185
Adding a New Package ............................................................................................. 187
Re-assigning a Package to a Generic Device ........................................................... 188
Editing Package Information and Events................................................................... 189
Launching Generic Device Windows Applications from ProVision ............................ 221
Note: Generic Device management at the package level is licensed as part of the standard
ProVision license.
The step-by-step process for assigning events to a package is as follows:
Step Action
1 Make sure that all generic devices are correctly assigned to the package (see
Re-Assigning a Package to a Generic Device (on page 188)).
2 Using the MIB data for the devices and test devices, generate events against the devices.
OR, import the MIB data directly (see Importing trap mapping from a MIB file (on page
207)).
3 Use the Trap Mapping function and the event data to generate event records in ProVision
for the devices in the package (see Setting trap mapping to identify package events (on
page 195)).
4 If necessary, create any Match Rules for grouping events, or acknowledging different types
of events (see Setting matching rules for trap mapping (on page 209)).
5 If necessary, create any custom events that are required for the package (see Creating
custom events for packages (on page 215)).
6 Configure the resynchronization alarm events for the package (see Configuring generic
device resynchronization alarms (on page 214)).
Once this process is complete, ProVision can identify and record these events for all Generic
Devices assigned to the Package.
You will also want to enable generic device craft tools for the fully enabled devices. See Launching
Generic Device Windows Applications from ProVision (on page 221).
Recommendations
Configuring events for packages, to apply to generic devices, takes time. Here are some
suggestions to help you save time as you enter and manage this data:
• Use the MIB files for devices as a reference and a source of event data.
• Set up major events first, using the Trap Mapping or MIB Import functions.
• You can load some data against a generic device from a two-column .CSV file. This is helpful
to create detailed trap mappings from device data, such as a device alarm list.
Limitations
Events from generic devices cannot be pre-filtered.
The NBI number for generic devices defaults to zero. As a result, no different type numbers are
identified in NBI output.
186 March 2023 Aviat Networks
Generic Device Management
When the Generic Device Management screen is open, you can only open new screens from the
Generic Device Management screen. If you want to perform additional system maintenance, or view
event browsers, open another ProVision client.
Note: After you have fully configured a generic device and/or a package, all the event and
configuration information is saved when the ProVision database is backed up, or when the user
exports the package configuration. Users can import the package configuration into another
installation of ProVision and benefit from this saved configuration.
GDS packages from Aviat Networks should never be edited. Editing them may invalidate your
service agreement. For more details, see Loading a generic device service package (on page
191).
Note: Previously installed GDS Ethernet devices can be discovered using Network
auto-discovery for devices: see ProVision User Guide.
Step Action
1 Log in as an Administrator.
2 In the Administration menu, select Generic Device Management.
The Generic Device Management screen displays.
3 To add a new package, click Add.
The Add Package screen displays.
4 Select the Object Class for the package from the drop-down menu. The package will be
available to any new objects in the selected object class.
5 In the Package Name field, enter the name for the package. Then, click OK.
6 The package displays in the Generic Device Management screen. Note that this screen
shows the versions of currently loaded packages. The Object Class, Package name, and
Version are automatically displayed. An icon displays whether the package is available on
an accessible disk, or whether it has been deleted (exclamation point icon).
Step Action
Step Action
1 In the Tree Viewer or Map View, right-click on the generic device that you want to edit.
Note: You can select multiple generic devices that belong to the same Class.
2 In the right-click menu, select Configuration. Then, select Object Package Selection.
The Object Package Selection screen displays.
Step Action
3 From the Package drop-down menu, select the package for the generic device. Then, click
OK.
The changes are saved for the device.
Note: To duplicate an existing package for editing, use the Save As button in the main Edit
Device Package screen. Packages for similar devices may have only minor differences.
Step Action
6 A Save screen displays, prompting you to enter a file name and folder location for the file.
Enter this information and click Save.
Note: Previously installed GDS Ethernet devices can be discovered using Network
auto-discovery for devices: see ProVision User Guide.
Caution: Do not rename or edit a GDS package from ProVision. Some of these packages are in
a file type, PKG, that cannot be edited; others are in editable XML.
Step Action
1 Log in to ProVision as an Administrator.
2 In the Administration menu, select Generic Device Management.
The Generic Device Management screen displays.
3 To import a GDS XML or PKG package from ProVision, click Load.
Step Action
4 The Open screen displays, prompting you to select a file to import. Navigate to the file folder
that has the GDS package. Select it and click Open.
Renaming a package
If you have created a package, you can rename that package. The name change is applied to all
devices assigned to the package.
Package names can be up to 200 characters in length.
Caution: Do not rename or edit any GDS package from Aviat Networks. Some of these packages
are in a file format that cannot be edited; others are in editable .XML.
Step Action
1 In the Tree Viewer or Map View, select the generic device to edit.
2 In the Administration menu, select Generic Device Management. The screen displays.
3 Select the package that you want to rename, and click Rename Package.
4 ProVision prompts you to confirm that you want to rename the package. Click Yes.
5 The rename screen displays.
Step Action
1 In the Tree Viewer or Map View, select the generic device to edit.
2 In the Administration menu, select Generic Device Management.
The Generic Device Management screen displays.
3 Select the package that you want to edit, and click Edit Device Package.
The Edit Device Package screen displays.
4 Go to the Information tab. In the Description field, enter the description.
5 Click OK, or go to another tab to make further changes. The description is applied to all
devices in this package.
Note: Aviat Networks provides consulting services for generic device integration. Contact your
local Aviat Networks sales and support staff for more information.
Trap mapping tools
The Trap Mapper tab contains the following areas:
• Received Traps - This displays a list of the most recently received traps for a selected
generic device.
• Trap Viewer - This shows the detailed values for a selected trap.
• Editor - This contains the trap editing tools and sections for Event Name, Severity, and State
data. Users click and drag data into an area to identify it and save it for ProVision. If data is
placed in an incorrect section, the section border is red, and the user cannot edit the data. A
green section border shows that the data is matched to the correct section and can be edited.
An example Trap Mapper tab, opened to the Mapping Rules tab, is shown below.
These are the trap mapping tools, and how they are used to edit traps.
• Substring: With this tool, a user selects part of the trap. Characters that are not selected are
removed. This only removes characters with absolute positions.
• Remove: Users enter text to be removed from a trap. This function searches for and removes
the text. Users can search for specific text or use any regular search expression, such as .*
Common text to remove includes time/date information and spacing dashes.
• Replace: Users can find and replace text in a trap. Again, users can apply this to specific text
or use the irregular search, ending with .*
• Trim: This function specifically removes padding characters from the beginning and end of a
trap. This is different from the Substring selection or the Remove function, because it removes
characters that have flexible positions. The Trim function only works for characters at the start
and end of a string.
• Append: Use this to add additional text and field values to a trap. Common data to add
includes card numbers and port numbers.
• Map: Adding the Map function to a trap enables you to assign OID values to a trap. The
values entered here are used by the trap to receive OID input and match it to an event name,
state, or severity.
• Trash: To delete an editing tool, click and drag it into the Trash.
Procedure
Follow these steps to set trap mapping.
Step Action
1 In the Tree Viewer or Map View, select the generic device to edit.
2 In the Administration menu, select Generic Device Management. The Edit Device
Package screen displays.
3 Go to the Trap Mapper tab and select the Mapping Rules tab.
Step Action
4 Check to see that events have been generated for devices in this package. If events are
available, they display in the Received Traps area. If there are no events in this area, click
the Refresh Traps button at bottom right of the area. Any received traps will display.
5 Select an event. The fields, OIDs, and values for the event display in the Trap Viewer area.
Note: You can apply the Trap Mapping tools in any order; however, a Map icon must
always conclude the string.
198 March 2023 Aviat Networks
Generic Device Management
Step Action
Warning: Never use punctuation marks in a Trap Mapping string. These include; : , ? !
and single quotes '. Using punctuation marks or other control characters may create
invalid commands and corrupt the database irreparably.
8 Next, locate and edit the Severity for the event.
• In the Selected Trap tab, click on a Value and drag it to the Severity frame. A Value icon
displays.
• Add a Map icon to conclude the string.
• The Mapping tool displays. Enter the Severity values from the MIB.
9 Finally, locate and edit the State for the event.
• In the Selected Trap tab, click on a State and drag it to the State frame. A Value icon
displays.
• Add a Map icon to conclude the string.
• The Mapping tool displays. Enter the Status values from the MIB.
Note: You can import some event string values from a .CSV file. See Importing Trap
Mapping from a .CSV File (on page 208).
10 Repeat steps 5- 9 to configure other events from the Trap Mapping.
11 Click Save. The events are now saved in ProVision. ProVision will now use the edited trap
mapping string to record this event in records.
Note: A completed Trap Mapping for an event must have Event Name, Severity, and
State values. Severity and State values must end with the Map function.
Step Action
2 Generate and capture traps for the generic device.
• Go to the Loop 9100 telnet interface.
• Configure the ProVision server as a trap destination.
• Use the telnet interface to generate traps using event commands. For the Loop 9100 in
this example, this was done by logging in and out, resetting performance counters, and
using the maintenance controls.
3 In ProVision, open the package for the generic device.
• In the Tree Viewer or Map View, select the generic device to edit.
• In the Administration menu, select Generic Device Management. The Edit Device
Package screen displays.
• Go to the Trap Mapper tab and select the Mapping Rules tab. The Received Traps
area should display data, as shown below.
For this example, the trap contains a description of the event as a fixed size string:
• Note the hyphens in the trap. The hyphens are being used as padding characters.
• In the Selected Trap tab, click on the trap and drag it to the Event Name in Editor. A
Value icon displays, and the event shows as Output at the bottom of the frame.
Step Action
Step Action
• Hover over the Event Trap in the Editor to see the results of editing the substring for this
trap.
6 Remove padding hyphens from the Event Name.
• The hyphens can now be removed, using the Trim Tool.
• Select the Trim item and drag it to follow the Substring item. The Trim Tool displays. In
this example, the '-' character is being trimmed from the right.
Step Action
Step Action
• The Mapping Tool displays. Map the severity values for this trap as shown.
Step Action
• The Mapping Tool displays. Map the State values for this trap as shown.
Step Action
1 Save the MIB file or files to the ProVision Client PC. Save them to the main Client install
folder on the install directory: ProVisionClient/clientmibs
2 Open ProVision on the Client PC.
3 In the Tree Viewer or Map View, select the generic device to edit.
Step Action
4 In the Administration menu, select Generic Device Management. Select the MIB
Management tab. The screen displays, listing all loaded MIBs.
Step Action
7 To fix the errors, close the MIB Errors screen. In the Loaded MIBs list, select the MIB and
click Rescan MIB Folder.
8 ProVision finds and rescans the MIB. The MIB data is refreshed and should display with a
check mark beside it.
9 You are now ready to import the trap mapping from the scanned MIB files.
In addition, after MIB traps are loaded, the trap OIDs now display as text names, not as numerical
names.
Procedure
Follow these steps to import a trap from MIB.
Step Action
1 In the Tree Viewer or Map View, select the generic device to edit.
2 In the Administration menu, select Generic Device Management. The Edit Device
Package screen displays.
3 Go to the Trap Mapper tab and select the Mapping Rules tab.
4 Go to the lower edge of the Received Traps area.
5
Click on the Add Traps from MIB button
6 The MIB Object Selector screen displays. Select the MIB and click Select.
Step Action
7 In the Received Traps area of the Mapping Rules tab, the field is now populated with
traps. The traps sourced from the MIB display with blue icons. In addition, MIB-sourced trap
OID values now display as text values in the Trap Viewer, identifying their purpose.
Note: You can edit the MIB trap values directly from the Trap Viewer frame. To do this,
triple-click on a MIB trap (MIB traps are colored blue).
8 When you click Save, the mapping will be saved with other package configurations.
Step Action
1 In the Tree Viewer or Map View, select the generic device to edit.
Step Action
2 In the Administration menu, select Generic Device Management. The Edit Device
Package screen displays.
3 Go to the Trap Mapper tab and select the Mapping Rules tab.
4 Create a basic map, as described in Setting trap mapping to identify package events (on
page 195).
5 Click on the Map tool in the map/string/name to be decided. The Mapping Tool appears at
the bottom of the screen.
6 Click Load Mappings. An Open screen displays.
Note: Aviat Networks provides consulting services for generic device integration. Contact your
local Aviat Networks sales and support staff for more information.
Button Function
Import traps from an MIB file.
Add a match rule.
Delete a selected match rule.
Save a match rule.
Load a saved match rule.
An example Trap Mapper tab, opened to the Match Rules tab, is shown below.
Step Action
2 Go to the Trap Mapper tab and select the Match Rules tab.
3 Check to see that events have been generated for devices in this package. If events are
available, they display in Received Traps. If there are no events listed, click Refresh Traps.
Any received traps will display.
4 Select an event. The fields, OIDs, and values for the event display in the Trap Viewer.
These are helpful when you are assigning values to match rules.
5 Set up your match rules. For each match rule, enter a Rule Name. Then, select one or
more Match Criteria value checkboxes, and enter a value:
• Trap OID - Creates a rule grouping traps that have this specific OID.
• Generic Types - Creates a rule
• Specific Type - Creates a rule
• Num Fields - Creates a rule grouping traps that have a specific number of fields.
• Field OID - Creates a rule grouping traps that have a specific number of fields and a
specific OID.
• Field Value - Creates a rule grouping traps that have a specific varbind value.
Note: Users can set multiple values for a match rule. The match rule will apply to any
traps that match all the values.
6 The match rule is created and applied to all the traps. The new match rule displays in the
Received Traps list. Traps display in the Received Traps list under the match rule that
applies.
7
If required, use the buttons to move the position of a selected match rule.
8
Use the and buttons to add and delete match rules.
9 Create a final match rule. Leave this value as Rule Unknown. This allows users to view
traps that do not match any of the match rules.
Note: Users can import and export match rules as well as mapping rules. Users can export all the
trap mapping data, or just the match rules, as specific modules.
Match rules example: Multiple trap types
This is a step-by-step example of how to set up match rules for a device. Devices with multiple and
distinct trap formats require match rule settings to identify the different trap types. In this example,
the goal is to map events from MIB data into two different trap types.
In this example, some traps have the value ifindex in Field 1. Other traps have a severity value
assigned to Field 1. This point of difference will be used to identify the two different trap types, by
creating a separate match rule for traps that include the value ifindex.
Step Action
1 Set up the generic device.
• Follow the instructions for Generic device deployment, as described in the ProVision
User Guide. Assign a package name to the device.
• Obtain a copy of the device MIB. This is used later in this process as a reference.
2 In ProVision, open the package for the generic device.
• In the Tree Viewer or Map View, select the generic device to edit.
• In the Administration menu, select Generic Device Management. The Edit Device
Package screen displays.
Aviat Networks March 2023 211
Generic Device Management
Step Action
3 Go to the Trap Mapping area. Follow the instructions for importing the device MIB, as
described in Importing trap mapping from a MIB file (on page 207). When this is done,
the MIB traps display.
4
Select the Match Rules tab. Click the button to add a match rule.
5 The new rule displays in the Received Traps list. It displays at the bottom of the trap list as
Rule: Unknown. Select Rule: Unknown.
Step Action
6 The values for Rule: Unknown display in the Match Rules editing area. Enter the new
Rule Name as Match Interface Traps.
7
Move this rule to the top of the list, using the button.
8 Edit the Match Interface Traps rule so that it selects traps with the ifindex varbind value.
To do this, you are identifying a different OID for this rule. Edit the Field OID value for this
rule as follows:
• Review traps in the Trap Viewer until you find one that includes the ifindex object.
Note that you can mouse over an MIB-sourced object to view its complete values.
• Select the Field OID checkbox. This activates Field OID as a value for the rule.
• Click and drag the ifindex object into the Field OID field. Its OID value displays.
• Enter the Field Number that holds the ifindex object. The field number is 1.
In the Field OID field, add a wild card to the end of the OID value. This ensures that this
rule identifies any instance of ifindex.
Step Action
• Click Apply.
9 The new rule is applied. Examples in the Received Traps frame are reorganized based on
this new rule.
10 Create additional Match Rules to identify other trap types, as required.
11 Create a final Match Rule. Leave this value as Rule Unknown. This allows users to view
traps that do not match any of the Match Rules.
Step Action
3 Select the Severity Resync tab. In this tab, go to the Summary Events.
4 To create a new alarm, click Add. A new Summary Event line should display.
To do this, you specify the generic devices to be polled, the custom event name associated with the
device, and the values that will result in a specific severity (event raised) or event clearing condition.
As with Alarm Resynchronization, the specified OIDs are polled at 2 minute intervals, with polling
initiated following transition to the Managed state and Wake (exiting Sleep) state.
Each unique event is determined by the Event Name. This provides great flexibility, enabling you to
configure all of the following event types:
• An event whose severity and state is defined by a single OID.
• An event whose severity and state is defined by multiple OIDs.
• An OID whose severity and states represents multiple events.
For example, for a particular event, one OID may indicate the raised condition and another OID may
indicate the clearing condition.
See the Resynchronization and custom events example (on page 217), in the following pages,
for further details.
Procedure to create custom events
Step Action
1 In the Tree Viewer or Map View, select the Generic Device to edit.
2 In the Administration menu, select Generic Device Management. The Edit Device
Package screen displays.
3 Select the Severity Resync tab. In this tab, go to the Custom Events.
4 To create a new custom event, click Add. A new Custom Event line should display.
Step Action
5 Enter the following values for the custom event:
• OID - The MIB object being polled.
• Event Name - Name for the event.
• Severity - The severity value for the event.
• Value - A numerical value for the event. This value must be different for each OID and
Severity pair.
6 All devices assigned to this package now have a custom event alarm. Click Save when you
are done editing this package, and the screen closes (refer to the following example).
Step Action
1 In the Tree Viewer or Map View, select the generic device to edit.
2 In the Administration menu, select Generic Device Management. Select the package for
the generic device. The Edit Device Package screen displays.
3 Select the Severity Resync tab. In this tab, go to the Summary Events.
4 To create a new alarm, click Add. A new Summary Event line should display. The Summary
Event line includes the beginning of an OID.
5 Enter the following values for the resynchronization alarm:
• OID: .1.3.6.1.4.1.2347.1.5.6.1.0.1.0 = The OID address of the MIB object being read.
This must include the instance of the OID.
• Severity: Critical.
• Value: 1.
6 The resynchronization alarm requires two more severity levels. Click Add again, and enter
the following values:
• Severity: Warning.
• Value: 2.
7 Click Add again, and enter the last set of values:
• Severity: Normal.
• Value: 3.
Step Action
8 The Resynchronization event is now complete. The Summary Events now includes three
events for the same OID:
12 Click Add again. A new summary line displays. Note that this summary line includes the
same OID as for the event entered in step 9.
Step Action
13 Enter the following values for the Temperature Sensor Warning event:
• OID: 1.3.6.1.4.1.2347.1.5.6.1.2.1.2
• Event Name: Temperature Sensor Warning
• Severity: Warning.
• Value: 3.
14 All devices assigned to the package now have a resynchronization alarm and two custom
event alarms. When you click Save, all changes are saved for this package.
Step Action
2 Open this file in an XML editor.
3 Customize it with the following code, inserted after the <discovery> tag. You are setting
values for:
• OID - for example, .1.3.6.1.2.1.2.2.1.5. Entering an OID only applies this customization
to the port with this OID.
• Divider or multiplier - Use the divider to break down a capacity into Mbps. Use a
multiplier to increase a capacity into Gbps
• IFINDEX (not required)
4 Refer to the examples following these instructions.
5 Save the file with the changes.
Examples
The following are examples of this code customization.
To edit maximum capacity for a port in Mbps:
<discovery type="iftable">
<max_capacity divider="1000000">.1.3.6.1.2.1.2.2.1.5.IFINDEX</max_capacity>
<ethernet_module type="iftable">
</ethernet_module>
</discovery>
To edit maximum capacity for an individual port in Mbps:
<discovery type="iftable">
<max_capacity divider="1000000">.1.3.6.1.2.1.2.2.1.5</max_capacity>
<ethernet_module type="iftable">
</ethernet_module>
</discovery>
Examples
The following are examples of this code customization.
<rf_module name="Link 1">
<change_index type="15">.1.3.6.1.4.1.2509.8.17.2.1.0</change_index>
<parameter type="daily">
<key>G826US</key>
<oid>.1.3.6.1.4.1.2509.8.17.2.12.1.13.1.CHANGE</oid>
</parameter>
</rf_module>
Note: For each application to be used, the craft tools need to be installed on each individual
client. Note the system location where the installation files are saved, for use in the launch
configuration procedure.
Step Action
6 To enter additional Applications, click Add again. You can save multiple applications for
each device, as shown.
7 The right-click menu for the device now displays Applications > [Craft Tool Names].
Note: Always precede a craft tool connection command with the % symbol.
In this chapter
Introduction to the Northbound Interface ................................................................... 223
NBI Event Management ............................................................................................ 225
NBI Performance Data Management ........................................................................ 241
NBI Configuration Management ................................................................................ 249
Resynchronizing a Configuration NBI........................................................................ 253
NBI Topology Management....................................................................................... 254
• Network Element Level. Management functions and craft tool data for individual network
elements (Eclipse, CTR, SNMP and third party devices).
• Element Management Level. As an Element Manager, ProVision is at this level, managing
all subsidiary network devices.
• Network Management Level. Additional systems for higher-level service and business
management. ProVision also features at this level, managing the two prior levels.
Note: The international standard ITU-T Recommendation M.3010 describes the concepts of TMN
architectures and their fundamental elements.
The deployed NBI applications are grouped under the ProVision Manager in the Tree Viewer, and
are displayed as icons in the Map Viewer.
Event severity colors are used with the NBI icons. For example, green indicates the NBI is enabled
with no errors, whereas blue indicates the NBI is disabled. (See the ProVision User Guide for more
information.)
The ProVision NBI can forward the following information sets:
• NBI Event Management (on page 225)
• NBI Performance Data Management (on page 241)
• NBI Configuration Management (on page 249)
• NBI Topology Management (on page 254)
The configuration required to forward this information is typically done during network installation
and configuration.
• Password: qospa7AZUC#a
• Port: 5555
Note: The topology NBI data file has the same format as the output that is generated when using
the topology export command. See Exporting the topology (on page 127) for additional
information.
Note: For System Integration, see the ProVision NBI System Integration Guide.
Also see ProVision User Guide topic Event browsers.
This section covers the following topics.
Introduction ............................................................................................................... 225
Setting up an Event NBI ............................................................................................ 227
Deploying an Event NBI ............................................................................................ 227
Testing an Event NBI configuration ........................................................................... 233
Saving, printing, and viewing an Event NBI configuration report ............................... 235
Editing an Event NBI configuration ............................................................................ 238
Enabling/Disabling an Event NBI .............................................................................. 239
Resynchronize an Event NBI .................................................................................... 239
Remote resynchronize .............................................................................................. 240
Deleting an Event NBI ............................................................................................... 240
Renaming an Event NBI ............................................................................................ 240
Introduction
NBI event management enables integration of event management with Network Management Layer
systems.
The main purpose of NBI event management is to convert events, as displayed in the Event
Browser, into a consistent output format for porting to the Network Management Layer.
ProVision can output events raised as a result of:
• Traps sent from a managed network device
• Events raised as a result of polling a managed network device
• Events raised by the ProVision platform
The following steps describe how an event from a managed network device (for example, an
Eclipse radio) is forwarded to the higher-level Network Management System (NMS):
Step Action
1 The event is passed through the PreFilter application.
2 The event is stored in the ProVision database.
3 The event is passed to the Event Browser and NBI event management.
4 NBI event management ensures the event is from a required device and verifies that the
severity and status parameters match the parameters set in the filter file.
• If the event is not from a required device, the process stops.
• If the event is from a required device, it goes to the forwarding function.
• If the parameters do not match, the process stops.
• If the parameters do match, the event is then sent to the NML.
The processes for setting up, deploying, and testing an event NBI are described in the following
sections:
• Setting up an Event NBI (on page 227)
• Deploying an Event NBI (on page 227)
• Testing an Event NBI configuration (on page 233)
The processing to forward an event to an NML is as follows:
Step Action
1 The event is generated by an event source:
• Device Traps
• Presence Polling
• ProVision platform
2 The event is received by ProVision.
3 ProVision filters the events and stores them in the database.
4 Events sent to the Events Northbound Interface are analyzed to see if they meet the event
filter criteria. Events that do not meet the criteria are ignored. Events that do meet the
criteria are forwarded to the NML.
This table lists the events associated with NBI Event Management.
Table 36: NBI Event Management Events
Event Description
Event-forwarding Corrects any mismatch between the data in the ProVision database
resynchronization and the Network Management Level (NML)
Event-forwarding activation Initiates an event to be forwarded to the NML
Event NBI remote Similar to event-forwarding resynchronization, corrects any mismatch
resynchronization between the data in the ProVision database and the Network
command Management Level (NML) except that the command is issued external
to ProVision.
The information contained in the forwarded event is comprehensive and is mapped into the X.733
event model. This table describes the information contained in each northbound event, based on
the format of internal ProVision events.
Table 37: NBI Event Information Description
Field Description
ProVision server Identifies the ProVision server that has forwarded the event.
Address
Trap Number The unique number allocated by ProVision to each forwarded event.
Trap Timestamp The time the event was forwarded from ProVision.
Trap Source Path The full physical path of the device where the event occurred.
Trap Device Type For example, an Eclipse radio.
Trap Source Address IP address of the object (radio or ProVision server) raising the event.
Trap State Active or cleared
Trap Severity Information, normal, warning, minor, major, critical
Event Timestamp The event time recorded in the ProVision database
Event Description A description of the event, for example, Trib 13 uncommissioned traffic
Caution: Editing the SNMP interface affects all SNMP traffic, including the SNMP traffic to the
radio and NBI SNMP traffic.
Overview
There are several steps involved in setting up an event NBI.
Step Action
1 Deploy Event Destination:
• Enter the destination name and select forwarding method(s)
• If required, change filter settings
2 Test Event Destination Configuration:
• ProVision generates events that match the filter settings and forwards them to the
destination management system.
3 Save and/or Print the Forwarding Configuration Format report.
Step Action
1 In the Tree Viewer, right-click the Manager icon . The right-click menu is displayed.
Step Action
2 Select Deploy NBI.
The NBI Deployment window is displayed.
3
Click the NBI event icon .
The Deploying Event-forwarding window is displayed.
Step Action
4 Enter the NBI values, including:
• Destination Name = Higher-level network manager (for example, HPOpenView) or the
name of the computer to which the events are forwarded (for example, PC435).
• IP address, UDP port, community string. IPv4 or IPv6 IP address can be used.
• Select the required event forwarding method. You may select any of the forwarding
methods, two of the three, or all three.
Forwarding Actions
Method
SNMP Select the SNMP checkbox.
Enter the IP address of the northbound computer.
If required, change the UDP Port and/or the Community String settings.
If required, select the boxes for Use SNMP V1 Trap MIB. For an SNMPv2
trap, select Include Probable Cause.
6 To edit the filter settings, click Edit. The Filters window is displayed. See The Filter
Settings for an Event NBI table below this procedure for filter options.
7 Make the required filter changes as described in the table above and click OK.
Step Action
8 The updated filter settings are displayed. Click Next > to continue.
9 The Heartbeat Trap setting is displayed. A heartbeat trap is a message that sends, at
regular intervals, to the northbound application to confirm the connection.
• To forward heartbeat traps, select the checkbox and select the time interval (0-60
minutes) for heartbeat trap forwarding. Click Deploy to continue.
• The deployment results are displayed, and the event NBI icon is displayed in the Tree
and Map Viewers.
10 To close the Event Forwarding Configuration window, click Close.
11 After deploying the event NBI, test its configuration to ensure the correct events are being
forwarded. Refer to Testing an Event NBI configuration (on page 233).
Table 38: The Filter Settings for an Event NBI
Caution: Aviat Networks recommends limiting the number of devices of the same type when
executing this test function. Otherwise a lengthy test procedure could result.
Note: The test feature is only available for the SNMP interface.
Step Action
1
From the Tree Viewer, right-click the required NBI event icon .
2 Select Edit to display the Event Forwarding Configuration window.
3 Select the Filters tab to display the current filter settings.
Test procedure
Step Action
1
From the Tree Viewer, right-click the required NBI event icon .
The right-click menu is displayed.
Step Action
2 Select Test. The Event Forwarding Test window is displayed.
3 To start the event NBI configuration test, click Start. The Event Forwarding disruption
message is displayed.
Note: The details displayed in the Event Forwarding Report window and the saved report are
different: see the report values table in this topic.
Procedure
Step Action
1
From the Tree Viewer, right-click the required NBI event icon .
2 Select Report. The Event Forwarding Configuration Report window is displayed.
Field Description
1 - Type of Event Identifies the event type: Acknowledged (3), Cleared (2), Raised(1)
2 - Server Address
3 - Trap Index The unique number allocated by to each forwarded event
4 - Trap Timestamp Date / Time the entry was added to the file
5 - Blank row No data
6 - Trap Source Path The full physical path of the device where the event occurred
7 - Trap Device Type Class of device, for example, an Eclipse IDU radio
8 - Trap Source Address IP address of the object (radio or server) raising the event
9 - Trap Device ID Unique ID of the device generating the event
10 - Event ID Unique ID of the type of event
11 - Event Date/Time The event time recorded in the database
12 - Event State Status of event: Active (0), Cleared by User(1), Cleared by Network /
Resync (2), Cleared( 3)
Field Description
13 - Event Severity Severity of event: Critical (6), Major(5), Minor (4), Warning(3),
Normal(2), Informational(1)
14 - Event Name A description of the event, for example, Trib 13 uncommissioned traffic
15 - NBI Integer ID Unique ID of this event
16 - Event Category Category of event: Unknown (0), Communications (1), Environmental
(2), Equipment (3), Processing Error (4), Quality of Service (5)
17 - User Name The user name associated with this event.
3 The configuration options are described below. Make any required changes on the General
and Filters tabs and click OK.
4 To close the Event Forwarding Configuration window, click OK.
Note: By default, SNMPv2 traps are sent. To use SNMP v1 traps with
Probable Cause, select Use SNMPv1 trap MIB.
• Save to ASCII File - Select the checkbox to save the Event MIB as an ASCII
file.
• Output to TCP Port -Select the checkbox to enable output to the TCP port.
Enter the TCP Port on which the northbound destination system receives the
event data.
Filters tab Current filter settings are displayed. Click Edit to change them.
Step Action
1
From the Tree Viewer, right-click the required NBI event icon.
The right-click menu is displayed.
2 Enable or disable on the menu, as required.
Step Action
1 The Network Management Level (NML) sends a resynchronize request trap to ProVision.
2 ProVision tells the NML to clear all active events by sending resynchronization event trap.
3 ProVision re-sends all active events to the NML.
The resynchronize process can also be manually invoked by the user. The steps are described
next.
Procedure to manually resynchronize an Event NBI
Step Action
1
From the Tree Viewer, right-click the required NBI event icon .
2 Select Resynchronize. The event data in ProVision and in the NML is synchronized.
3 The resynchronize event is cleared from the event browser after it is completed. To view the
event, open an event browser by right-clicking the required NBI event icon from the
Tree Viewer.
4 Select Event Browser.
Step Action
5
Select the filter icon to open the Filters window. The resynchronize events are
displayed in the Event Browser.
Remote resynchronize
It is also possible to send a resynchronize command to the event NBI from the northbound
application. For more information, see the ProVision NBI System Integration Guide.
Step Action
3 Make the required changes to the name.
4 To save the changes, click OK.
Note: For System Integration, see the ProVision NBI System Integration Guide.
Also see ProVision User Guide topic Event browsers.
This section covers the following topics.
About NBI performance data management ............................................................... 241
Performance data collection ...................................................................................... 242
Deploying a performance data NBI ........................................................................... 243
Editing performance data NBI configuration .............................................................. 244
Performance NBI output types .................................................................................. 246
Testing the performance NBI .................................................................................... 247
Enabling/Disabling a performance data NBI .............................................................. 248
Deleting a performance data NBI .............................................................................. 249
Renaming a performance data NBI ........................................................................... 249
Northbound Interface performance data is accessed via network file sharing and SFTP/FTP.
Note: For consistency with Eclipse, ProVision presents the CTR queue numbering for the Per
Queue Ethernet Performance Parameters (Out Dropped, Out Dropped Octets, Out Passed and
Out Passed Octets) as Q0 to Q7, whereas CTR Web Portal and CLI interface present as Q1 to
Q8.
Item Description
1 Each Eclipse device creates a daily bin file at 12:00 midnight for that day. In this example, a
block of data we will call “Sunday bin” (blue) is created at the end of the day at 12:00
midnight.
2 For this example, let’s assume a network operator enables daily data collection at 00:00 am
on Monday.
• A performance bin file with a time stamp for “Sunday midnight” is created in the
database when ProVision reads the data from the first device on Monday.
• See ProVision NBI System Integration Guide, topic System Integration Performance
Data Files for more information on the performance data file name.
3 From 00:00 am on Monday, ProVision starts collecting the “Sunday bin” data collection from
all the devices, and the bins are written to the ProVision database, until all bin devices are
read and recorded.
4 ProVision writes the “Sunday bin” data to the NBI files at the same time as it writes to the
ProVision database.
5 At the end of the day a new daily bin is created on each Eclipse device. In this example, the
“Monday bin” (yellow) is created at the end of Monday at 12:00 midnight.
6 On Tuesday, ProVision begins the “Monday bin” data collection from the Eclipse devices.
• A performance bin file with a time stamp for “Monday midnight” is created in the
database when ProVision reads the data from the first device on Tuesday.
7 Again, from 00:00 am on Tuesday, ProVision starts collecting the “Monday bin” data
collection from all the devices. The bins are written to the ProVision database, until all bin
devices are read and recorded.
Item Description
8 ProVision writes the “Monday bin” data to the NBI files at the same time as it writes to the
ProVision database.
As long as data collection is enabled, ProVision continues to collect the previous day’s daily bin
data.
This procedure applies to the G.826 performance as well as the Ethernet statistics data collection.
However, since Ethernet data collection is based on real-time counts in the device, ProVision only
creates the first Ethernet bin AFTER two samples (24 hours apart). Therefore, in the above
example, the first bin of data is created at the end of the day on Tuesday.
Other points to keep in mind when collecting NBI performance data:
• If the ProVision server is restarted, then all daily performance data collection is rescheduled,
where the data collection is spread out over the next 24 hours.
• If the radio loses communications, then the radio’s daily performance collection is also
rescheduled.
• If the method of NBI performance data collection is “per device type”, then the performance
file is not complete until the next file is created.
Note: Before deploying the performance data NBI, think about the NBI performance data settings
you want to implement. For example, if 15-min. and daily data types are enabled and the output
file is set to per Device; for a network of 200 radios this creates 200 daily performance data files
and 19200 15-min. performance data files each day. This could very quickly cause problems with
the computer’s file allocation system unless the files are purged on a regular basis.
Step Action
1 In the Tree Viewer, right-click the Manager icon .
2 Select Deploy NBI. The NBI Deployment window is displayed.
Step Action
3
Select the performance data NBI icon .
The Deploying Performance Data-forwarding window is displayed. For details of the
performance data settings, see Editing performance data NBI configuration (on page
244).
Step Action
2 Select Edit. The Performance NBI Configuration window is displayed.
3 When you select your output file format, the purge criteria for the output file format display.
Set the required purge criteria.
4 Make any other required changes and click OK.
See the following table for a detailed list of output file types and values,
Performance NBI Output Types.
If required, check the box to Include 15-Min Ethernet & RF in same
folder. This saves both sets of performance files in the same network
folder.
Purge Criteria By default, the current NBI file is renamed to ".old" and a new NBI is created
every 7 days for 15-minute data and every 30 days for Daily data.
Where the option is available for the format type, use the up and down
arrows to set the daily purge criteria from 1 to 52 weeks.
By default the 15-min NBI performance data files older than one day are
purged. Use the up and down arrows to set the 15-min purge criteria from 1
to 60 days.
For the Single File per Device Type per Day, you can enable or disable
the purge by clicking Purge Enabled.
Step Action
1 In the Tree viewer, go to the Performance NBI that you need to test. Right-click it and select
Test.
Step Action
2 The Performance Data-Forwarding Test screen displays, showing the values for this
Performance NBI. Click Start.
3 You are prompted to save the file to a secure location. Select the save location for the
sample Performance NBI output. click Save.
5 To review the files, go to the save location. The test file names match the standard NBI
output file names.
Step Action
1
From the Tree Viewer, right-click the required performance data NBI icon .
2 Enable or disable the performance data NBI, on the menu, as required.
Note: For System Integration, see the separate ProVision NBI System Integration Guide.
Also see ProVision User Guide topic Event browsers.
This section covers the following topics.
About NBI configuration management....................................................................... 249
Deploying a configuration NBI ................................................................................... 250
Editing the settings for a configuration NBI ............................................................... 251
Enabling/Disabling a configuration NBI ..................................................................... 252
Step Action
3
Select the configuration NBI icon .
The Deploying Configuration-forwarding window is displayed.
4 To save the configuration NBI configuration, click Deploy. The deployment results are
displayed, and the configuration NBI icon is displayed in both the Tree and Map Viewers.
5 To close the Deploying Configuration-forwarding window, click Close.
Step Action
2 Select Edit. The Configuration NBI window is displayed.
Step Action
1
From the Tree Viewer, right-click the required configuration NBI icon . The right-click
menu is displayed.
2 Enable or disable the configuration NBI, on the menu, as required.
Resynchronizing
The resynchronize feature for configuration NBI obtains an image of the system to be stored in the
database. The database is updated periodically; the information in the database is from the last
update, and not from the radios’ current configuration.
The configuration file is located in the following directory, where icon_name is the name of the NBI
configuration management icon:
<pv root>\ProVisionServer\NBI\Configuration\icon_name
The line called <creation date> indicates when the configuration file was last updated. For
example, the file with the following notation was created on 12 July 2009 at 4:51 p.m.
<creation_date>Fri Jul 12 16:51:21 NZST 2009</creation_date>
The output file collected the last time the resynchronization feature was performed on the
configuration NBI can be used in the event the network needs to be rebuilt. The output file can now
be sent via SFTP/FTP.
Note: For System Integration, see the ProVision NBI System Integration Guide.
Event Description
Topology NBI activation Notes when a topology NBI is deployed.
Topology NBI output file created Notes when a topology NBI output file is created or updated.
Step Action
2 Select Deploy NBI. The NBI Deployment window is displayed.
3
Select the topology NBI icon . The Deploying Topology-forwarding window is
displayed.
4 To save the topology NBI configuration, click Deploy. The deployment results are displayed,
and the topology NBI icon is displayed in both the Tree and Map Viewers.
5 To close the Deploying Topology window, click Close.
Step Action
2 Select Edit. The Topology NBI window is displayed.
Step Action
1 From the Tree Viewer, right-click the required topology NBI icon.
2 Enable or disable the topology NBI, on the menu, as required.
Step Action
2 Select Delete. The Delete Objects window is displayed.
Note: The topology NBI data file has the same format as the output that is generated when using
the topology export command. See Exporting the Topology (on page 127) for additional
information.
Procedure
Follow these steps to run the commissioning report.
Step Action
1 In the menu bar, go to Reports > Help Desk, then select Generate.
5 Go to the file location where the Help Desk report has been saved:
ProVisionserver/repository/reports
6 The report file is there, with values for the date and time it was created in its title:
PV_HelpDesk_Report_<Weekday>_<Date>_<ReportID>_<TimeZone>.zip
Send this zip file to your Aviat Networks support contact. Save a copy of this at an archive
location for your users.
Step Action
1 From the Start menu, go to Start > All Programs > Server > Command Window.
2 Enter the command: pv report
Step Action
3 The system will ask:
Do you want to include database backup in the report? (y/n)
Type y for yes or n for no.
4 The ProVision Client Help Desk report is generated. The Command Window shows the
location where the report is saved.
5 Send the completed Client report .zip to ProVision technical support.
Alternatively, follow these steps to to run the ProVision server report from the Command Window.
Step Action
1 Log in to the server where the ProVision Server is installed and open a Command Window,
as noted above.
2 Enter the command: pv report
3 The ProVision Server Help Desk report is generated. The Command Window shows the
system location where the report is saved:
4 Retrieve and send the Server report .zip to ProVision technical support.
Step Action
1 Log in to the client and go to the directory where ProVision Client is installed and open a
command window, as below.
4 Retrieve and send the Server report .zip to ProVision technical support.
2 This screen displays all the Help Desk reports that are saved in the database.
To save a Help Desk report to an additional network location, click the Save icon for
that report.
The Save screen displays.
3 Choose the network location where you want to save the report. Edit the file name of the
report. Then, click Save.
The report is saved to the specified network location.
4 To delete a Help Desk report from the system, click the Delete icon for that report.
The selected Help Desk report is deleted.