ProVision Rel 7.15.0 Install & Admin Guide 2022-DeC

ProVision
Installation & Administration Guide
Version: 7.16.1
614-330053-001
GA Release
Copyright & Terms of Use

March 2023
This documentation describes features and functions provided with ProVision; Version: 7.16.1; GA
Release.
Copyright © 2023 by Aviat Networks.
All rights reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system,
or translated into any language or computer language, in any form or by any means, electronic,
magnetic, optical, chemical, manual, or otherwise, without the prior written permission of Aviat
Networks Inc.
To request permission, contact Aviat via techpubs@aviatnet.com.
Warranty
Aviat Networks makes no representation or warranties with respect to the contents hereof and
specifically disclaims any implied warranties or merchantability or fitness for any particular purpose.
Further, Aviat Networks reserves the right to revise this publication and to make changes from time
to time in the content hereof without obligation of Aviat Networks to notify any person of such
revision or changes.
Safety Recommendations
The following safety recommendations must be considered to avoid injuries to persons and/or
damage to the equipment:
• Installation and Service Personnel: Installation and service must be carried out by
authorized personnel who have the technical training and experience necessary to be aware
of any hazardous operations during installation and service, and of measures to avoid any
danger to themselves, to any other personnel, and to the equipment.
• Access to the Equipment: Access to the equipment in use must be restricted to service
personnel only.
• Safety Norms: Recommended safety norms are detailed in the Health and Safety sections of
the product's Installation guide.
• Service Personnel Skill: Service personnel must have received adequate technical training
on telecommunications, in particular the equipment and capabilities this addendum refers to.
Aviat Networks March 2023 iii

Trademarks
All trademarks are the property of their respective owners.
iv March 2023 Aviat Networks

Aviat Networks Technical Support
Aviat Networks Technical Support

Service and Technical Support:
For customer service and technical support, contact one of the regional Technical Help Desks listed
below.
North America & Latin EMEA APAC

America
San Antonio, TX Motnica 9, 1236 Trzin Clark Freeport Zone
U.S.A. Slovenia Philippines 2023
Email: Email: Email:
TACAM@aviatnet.com tacsupport@aviatnet.com tacsupport@aviatnet.com
Phone: +1 (210) 526 6345
Toll Free (USA): +1-800-227-8332
Global Support Hotline

Call the phone number for support from anywhere in the world. Aviat Networks' Global Support
Hotline is available 24 hours a day, 7 days a week, providing uninterrupted support for all our
customers.
When you call our Global Support Hotline:
• You will be greeted by an automated response that will ask you for your PIN#. Request a
PIN# here: https://aviatnetworks.com/how-can-aviat-help-you/pin-request-form/
• As soon as you enter your PIN#, you will be transferred to our Global Technical Helpdesk that
will assist you with your technical issue.
• If you do not have a PIN# your call will be answered by our Support Assurance Desk. Your
call will be supported and prioritized accordingly.
Or you can contact your local Aviat Networks office. Contact information is available on our website
at: https://aviatnetworks.com/how-can-aviat-help-you/technical-support-tac/
Sales and Sales Support:
For sales information, contact one of the headquarters, or find your regional sales office at:
https://aviatnetworks.com/.
Corporate Headquarters International Headquarters

USA Singapore
200 Parker Drive, Suite C100A 51 Changi Business Park Central 2
Austin, Texas, 78728 #04-10 The Signature
USA Singapore 486066
Phone: +1 (512) 265-3680 Phone: +65 6496 0900

Fax: +1 (512) 827-0350 Fax: +65 6496 0999
Toll Free for Sales Inquiries: Sales Inquiries:
+1 888 478 9669 +1 321 674 4252
Aviat Networks March 2023 v

Conventions and Terminology
Conventions and Terminology

This document uses the following conventions and terminology.
Graphic Cues
The following items have graphic cues to identify important supporting information.
Note: A note item identifies additional information about a procedure or function.
Caution: A caution item identifies important information pertaining to actions that may cause
damage to equipment, loss of data, or corruption of files.
Warning: A warning item identifies a serious physical danger or major possible problem.
Important: An important item identifies additional information that must be heeded.
Font Changes
Bold font style is used for the names of on-screen elements such as; fields, buttons, and drop-down
selection lists, keywords, commands and for keys on the keyboard.
Courier font in blue text is used to indicate commands that the user needs to type in, with the
command prompt shown as brown text.
AOS# show radio-carrier Carrier1/1
Any responses or report output from a command is shown as brown text and indented.
radio-carrier Carrier1/1
status oper-status up
Red text highlights an action, which could be, for example:
• following a menu path
• selecting an option
• clicking a button
• clicking an icon
• pressing a keyboard key.
Common Terminology
Click or Select: Point the mouse pointer at the item you want to select, then quickly press, and
release the left mouse button.
Right-Click: Point the mouse pointer at the item you want to select, then quickly press and release
the right mouse button.
vi March 2023 Aviat Networks

Contents
Contents
Copyright & Terms of Use ...............................................................................................................iii
Aviat Networks Technical Support .................................................................................................. v
Conventions and Terminology ....................................................................................................... vi
Contents .........................................................................................................................................vii
Chapter 1. Administrator Introduction ....................................................................................... 13
Intended Audience ........................................................................................................................ 13
Additional Resources .................................................................................................................... 14
About ProVision ............................................................................................................................. 14
Chapter 2. System Description ................................................................................................... 15
ProVision Architecture ................................................................................................................... 15
ProVision Deployment Options ..................................................................................................... 16
Single Server/Client deployment .............................................................................................. 16
LAN client deployment.............................................................................................................. 17
WAN client deployment ............................................................................................................ 17
Standby server deployment...................................................................................................... 18
Network Communication Ports and Firewalls ............................................................................... 21
Device support .......................................................................................................................... 21
Communication frequencies with network devices .................................................................. 22
Network communication ports for firewalls .............................................................................. 23
Network Management Concepts................................................................................................... 28
Network management and SNMP............................................................................................ 28
Managers, Agents, and MIBs ................................................................................................... 28
Internet and Enterprise-specific MIBS ..................................................................................... 30
Managing Proprietary Protocol Aviat Devices ......................................................................... 30
SNMP traps and managed devices.......................................................................................... 31
Chapter 3. Installing ProVision ................................................................................................... 33
Installation Process Overview ....................................................................................................... 33
Installation Prerequisites ............................................................................................................... 34
Platform requirements .............................................................................................................. 34
FarScan Virtual Machine requirements .................................................................................... 38
Virtual Machine support ............................................................................................................ 38
Device Counts: Server loading value ....................................................................................... 39
ProVision installation files ......................................................................................................... 41
RMI Interface for installation..................................................................................................... 42
Pre-Installation Tasks .................................................................................................................... 43
Setting up computer equipment, user rights, and IPv6 requirements ..................................... 43
Disabling other SNMP trap services ........................................................................................ 44
Exclude scanning MySQL temporary directory ........................................................................ 44
Disabling the PC power saving setting .................................................................................... 44
ProVision commands................................................................................................................ 44
Installing and Uninstalling ProVision ............................................................................................. 45
Installing ProVision ................................................................................................................... 45
Uninstalling ProVision............................................................................................................... 46
Installing the ProVision Windows Server ................................................................................. 46
Enabling/Disabling SFTP server .............................................................................................. 50
Updating private key ................................................................................................................. 51
Installing the ProVision Client................................................................................................... 52
Aviat Networks March 2023 vii
Contents
Installing Eclipse Portal ............................................................................................................ 54

Uninstalling ProVision Server software .................................................................................... 56
Uninstalling ProVision Client software ..................................................................................... 58
Standby Server Installation and Maintenance .............................................................................. 58
Server location .......................................................................................................................... 58
Northbound Interfaces (NBI) .................................................................................................... 59
Data integrity............................................................................................................................. 59
Switch over between servers ................................................................................................... 59
User security ............................................................................................................................. 59
Installing and Uninstalling the ProVision Redundancy Controller ................................................ 59
Prerequisites and warnings ...................................................................................................... 60
Installation of Redundancy Controller on Active and Dormant Windows servers ................... 60
Creation and installation of self-signed certificate for Peer ProVision servers........................ 61
Setting up user names and passwords .................................................................................... 62
After installing the Redundancy Controller............................................................................... 62
Configuring ProVision Server to start as Active when Peer Windows servers reboot at same time
.................................................................................................................................................. 63
Uninstalling the Redundancy Controller ................................................................................... 63
Uninstalling the Redundancy Controller from Windows Servers ............................................. 64
After uninstalling the Redundancy Controller .......................................................................... 64
Chapter 4. Upgrading ProVision ................................................................................................. 65
Chapter 5. Licensing ProVision .................................................................................................. 67
About ProVision Licenses ............................................................................................................. 67
Node licenses ........................................................................................................................... 67
Synergy package ...................................................................................................................... 67
When is a new license required? ............................................................................................. 67
Feature licenses ....................................................................................................................... 67
Trial evaluation license ............................................................................................................. 68
Permanent server license application ...................................................................................... 69
Licensing Procedures .................................................................................................................... 69
Determining the Server’s IP address ....................................................................................... 69
Requesting a permanent license.............................................................................................. 70
Activating a ProVision Server license ...................................................................................... 71
Chapter 6. Setting Up ProVision ................................................................................................. 73
Prerequisites for Setting Up ProVision ......................................................................................... 73
Workflow for Setting Up ProVision ................................................................................................ 74
Changing SFTP/FTP Server Port ................................................................................................. 75
Warnings ................................................................................................................................... 76
Change SFTP/FTP Server Port procedure .............................................................................. 76
Changing Syslog Server Port........................................................................................................ 76
Warnings ................................................................................................................................... 76
Change Syslog Server Port procedure .................................................................................... 76
Configuring for Multiple Network Card Systems ........................................................................... 77
Server interface and SNMP...................................................................................................... 77
Client interface .......................................................................................................................... 77
ProVision configuration for IPv6 support .................................................................................. 78
Redundancy Controller ............................................................................................................. 78
viii March 2023 Aviat Networks

Contents
Configuring RADIUS authentication fallback to local user accounts............................................ 79

Chapter 7. Access Control ........................................................................................................... 81
Introduction .................................................................................................................................... 81
ProVision user access .............................................................................................................. 81
Device security access ............................................................................................................. 81
Strong Security .............................................................................................................................. 82
Eclipse strong security.............................................................................................................. 82
CTR 8540 and CTR 8300 strong security ................................................................................ 82
About Secure Management...................................................................................................... 82
About RADIUS client ................................................................................................................ 83
About payload encryption ......................................................................................................... 84
Update ProVision server self-signed certificate ....................................................................... 84
Eclipse Single Sign On and Strong Security ................................................................................ 85
About single sign on for strong security ................................................................................... 85
SSO authentication matrix........................................................................................................ 85
ProVision User Security Profiles ................................................................................................... 86
User Account and Access Control Procedures ............................................................................ 90
Access control prerequisites .................................................................................................... 90
Creating ProVision user accounts ............................................................................................ 90
Changing a ProVision user account ......................................................................................... 94
Deleting a ProVision user account ........................................................................................... 96
Searching user accounts .......................................................................................................... 97
Exporting user accounts ........................................................................................................... 98
Changing security login policies ............................................................................................... 98
Managing user security policy .................................................................................................. 99
Managing user sessions ......................................................................................................... 101
Locking Eclipse Portal Write Access from ProVision ............................................................. 102
Viewing the security log .......................................................................................................... 104
Device security accounts ........................................................................................................ 104
Enabling a RADIUS Server ......................................................................................................... 117
Prerequisites ........................................................................................................................... 117
Procedure ............................................................................................................................... 118
Configuring RADIUS authentication fallback to local user accounts ..................................... 119
Updating Eclipse RADIUS Authentication Settings .................................................................... 120
Prerequisites ........................................................................................................................... 120
Defining the RADIUS configuration settings .......................................................................... 121
Setting the Radius configuration on a single Eclipse radio ................................................... 123
Chapter 8. Migrating Topology.................................................................................................. 125
About Migrating Topology ........................................................................................................... 125
Parameters ............................................................................................................................. 125
Prerequisites ........................................................................................................................... 125
Dependencies ......................................................................................................................... 125
Importing the Topology ............................................................................................................... 126
Procedure ............................................................................................................................... 126
Exporting the Topology ............................................................................................................... 127
Procedure ............................................................................................................................... 128
Migrating StarView Data into ProVision ...................................................................................... 129
Prerequisites ........................................................................................................................... 129
Aviat Networks March 2023 ix
Contents
Extracting device data from StarView .................................................................................... 130

Applying ProVision configuration to StarView data ............................................................... 130
Importing the new topology into ProVision............................................................................. 133
Importing multiple Starview topologies into ProVision ........................................................... 134
Extracting Constellation device and topology data from StarView ........................................ 134
Applying ProVision configuration to StarView data ............................................................... 135
Chapter 9. Database and Server Management ........................................................................ 137
About Managing and Backing Up the ProVision Database ........................................................ 137
About backup files .................................................................................................................. 137
Backup frequency ................................................................................................................... 138
When to run backups.............................................................................................................. 138
Backup file size ....................................................................................................................... 138
Where to save backups .......................................................................................................... 139
Daily, weekly, and monthly backup processes ...................................................................... 139
Changing database configuration .......................................................................................... 139
Database Backup Procedures .................................................................................................... 140
Setting backup preferences.................................................................................................... 141
Manual backup ....................................................................................................................... 141
Scheduled backup .................................................................................................................. 142
Restoring the ProVision database.......................................................................................... 143
Checking the database integrity ............................................................................................. 145
Changing database purge criteria .......................................................................................... 146
Export configuration backup and restoration ......................................................................... 147
Data Backup and Sharing Using Topology Exports ................................................................... 148
Example .................................................................................................................................. 149
Sample procedure .................................................................................................................. 149
Server and Services Management Procedures .......................................................................... 149
ProVision database commands ............................................................................................. 150
Monitor server disk space and memory ................................................................................. 150
Stopping the ProVision Server ............................................................................................... 152
Starting the ProVision Server ................................................................................................. 153
Resetting the database .......................................................................................................... 153
Removing ProVision from system services............................................................................ 154
Installing ProVision as a system service ................................................................................ 155
Chapter 10. Redundant Server Deployments ........................................................................ 157
Standby Server............................................................................................................................ 157
Redundancy Controller ............................................................................................................... 157
Managing Standby Servers ......................................................................................................... 157
About Primary and Standby servers ...................................................................................... 158
Standby server configuration prerequisites ........................................................................... 159
DCN bandwidth requirements for a Standby server .............................................................. 159
Synchronizing Primary server and Standby server databases.............................................. 160
Configuring server type as Primary ........................................................................................ 161
Configuring server type as Standby ....................................................................................... 161
Primary server failure: Activating a Standby server ............................................................... 162
Primary server restoration ...................................................................................................... 163
Primary server fails: Managing and restoring after failover ................................................... 165
Hot Standby Server Redundancy ............................................................................................... 168
About the Redundancy Controller ............................................................................................... 169
Configuration prerequisites .................................................................................................... 169
x March 2023 Aviat Networks
Contents
DCN Bandwidth and Latency for the Redundancy Controller .................................................... 170
DCN requirements .................................................................................................................. 170
Normal Operation of Redundancy Controller ............................................................................. 171
Logging in to the Redundancy Controller............................................................................... 171
Redundancy Controller status ................................................................................................ 172
Redundancy Controller configuration ..................................................................................... 175
Redundancy Controller security ............................................................................................. 177
Troubleshooting the Redundancy Controller ......................................................................... 179
Using Both the Redundancy Controller and the Standby Server ............................................... 183
Requirements ......................................................................................................................... 183
Chapter 11. Generic Device Management .............................................................................. 185
Managing Generic Devices and Packages ................................................................................. 185
About Generic Device Support (GDS) ................................................................................... 185
About GDS packages ............................................................................................................. 186
Recommendations.................................................................................................................. 186
Limitations ............................................................................................................................... 186
Adding a New Package ............................................................................................................... 187
Re-assigning a Package to a Generic Device ............................................................................ 188
Editing Package Information and Events .................................................................................... 189
Import and export package data (XML files) .......................................................................... 190
Loading a generic device service package ............................................................................ 191
Renaming a package.............................................................................................................. 193
Entering a description for a package...................................................................................... 194
Setting trap mapping to identify package events ................................................................... 195
Managing imported MIBs ....................................................................................................... 205
Importing trap mapping from a MIB file .................................................................................. 207
Importing trap mapping from a CSV file ................................................................................. 208
Setting matching rules for trap mapping ................................................................................ 209
Severity resync functions ....................................................................................................... 214
Configuring generic device resynchronization alarms ........................................................... 214
Creating custom events for packages .................................................................................... 215
Customizing maximum capacity and RF bins ........................................................................ 219
Launching Generic Device Windows Applications from ProVision ............................................ 221
Procedure to add new generic device tool ............................................................................. 221
Craft tool connection commands............................................................................................ 222
Chapter 12. Northbound Interface ........................................................................................... 223
Introduction to the Northbound Interface .................................................................................... 223
NBI and ProVision .................................................................................................................. 224
Accessing files via SFTP/FTP ................................................................................................ 224
NBI Event Management .............................................................................................................. 225
Introduction ............................................................................................................................. 225
Setting up an Event NBI ......................................................................................................... 227
Deploying an Event NBI ......................................................................................................... 227
Testing an Event NBI configuration........................................................................................ 233
Saving, printing, and viewing an Event NBI configuration report .......................................... 235
Editing an Event NBI configuration ........................................................................................ 238
Enabling/Disabling an Event NBI ........................................................................................... 239
Resynchronize an Event NBI ................................................................................................. 239
Remote resynchronize............................................................................................................ 240
Aviat Networks March 2023 xi
Contents
Deleting an Event NBI ............................................................................................................ 240

Renaming an Event NBI ......................................................................................................... 240
NBI Performance Data Management .......................................................................................... 241
About NBI performance data management ........................................................................... 241
Performance data collection ................................................................................................... 242
Deploying a performance data NBI ........................................................................................ 243
Editing performance data NBI configuration .......................................................................... 244
Performance NBI output types ............................................................................................... 246
Testing the performance NBI ................................................................................................. 247
Enabling/Disabling a performance data NBI .......................................................................... 248
Deleting a performance data NBI ........................................................................................... 249
Renaming a performance data NBI........................................................................................ 249
NBI Configuration Management.................................................................................................. 249
About NBI configuration management ................................................................................... 249
Deploying a configuration NBI ................................................................................................ 250
Editing the settings for a configuration NBI ............................................................................ 251
Enabling/Disabling a configuration NBI .................................................................................. 252
Resynchronizing a Configuration NBI ......................................................................................... 253
Resynchronizing ..................................................................................................................... 253
Deleting a configuration NBI................................................................................................... 253
Renaming a configuration NBI ............................................................................................... 253
NBI Topology Management ........................................................................................................ 254
About NBI topology management .......................................................................................... 254
Deploying a topology NBI ....................................................................................................... 254
Editing the settings for a topology NBI ................................................................................... 255
Enabling/Disabling a topology NBI ......................................................................................... 256
Deleting a topology NBI .......................................................................................................... 256
Renaming a topology NBI ...................................................................................................... 257
NBI topology files .................................................................................................................... 257
Chapter 13. Help Desk Reports ............................................................................................... 259
The Help Desk Report ................................................................................................................. 259
Running the Help Desk report ................................................................................................ 259
Using commands to run Help Desk reports ........................................................................... 260
Saving or deleting Help Desk reports .................................................................................... 263
xii March 2023 Aviat Networks

Administrator Introduction
Chapter 1. Administrator Introduction

Welcome to the ProVision Installation and Administration Guide, which is organized into the
following chapters:
• About ProVision (on page 14) - Brief introduction to ProVision and its features.
• System Description (on page 15) - Architecture, platform hardware, software requirements,
deployment options, and an overview of network intelligence and network management
concepts.
• Installing ProVision (on page 33) - Installation prerequisites and the procedures required to
install ProVision:
• Upgrading ProVision (on page 65) - Procedures for upgrading to the current version of
ProVision.
• Licensing ProVision (on page 67) - Information on the licensing requirements and
procedures for ProVision.
• Setting Up ProVision (on page 73) - What is needed to get ProVision running and monitoring
the network.
• Access Control (on page 81) - User accounts and security groups. Also explains how to add
users and set up device security accounts.
• Migrating Topology (on page 125) - How to export the network topology and how to import
the topology XML file.
• Database and Server Management (on page 137) - Database management functions
including: backing up the database, checking the database integrity, and resetting the
database.
• Redundant Server Deployments (on page 157)
• Generic Device Management (on page 185) - Managing packages and entering event trap
mapping for generic devices.
• Northbound Interface (on page 223) - ProVision’s support of Northbound event integration
with higher-level management solutions.
• Help Desk Reports (on page 259) - How to run and save Help Desk reports, which save
important ProVision details.
You may need to have administration-level user ID and password to access these functions. Please
check with your supervisor or system administrator if you have any questions about your user ID
level.
Intended Audience
The information in this guide is designed for the following roles:
Role Brief Description

Network Security Managers Provides details on the user and device security
accounts, including adding, changing, and removing
user accounts and configuring device security
accounts.
Administrators Provides details on maintaining the Server itself,
including tasks such as database backing up,
restoring and purging, and stopping and starting the
service.
Aviat Networks March 2023 13

Administrator Introduction
Additional Resources
The ProVision User Guide (PN 614-330055-001) describes the features and uses of the network
management system. It provides instructions about using to create and maintain a graphical
representation of your network.
This guide also describes how to start and exit user sessions, how to monitor and manage device
status, performance, and event reporting, how to configure devices, and how to generate supporting
reports and graphs.
About ProVision
ProVision is a network management tool developed by Aviat Networks. It provides management
solutions to the SNMP and proprietary protocol products running on your network.
ProVision builds on our expertise, experience, and user feedback to provide significant advances in
functionality and ease of use. ProVision delivers an advanced, flexible, software solution for
managing the devices running on your network.
The ProVision network management base can be used with many third party products and
proprietary operational support systems. It is easily extensible through a variety of standards-based
and proprietary management protocols.
14 March 2023 Aviat Networks

System Description
Chapter 2. System Description

This chapter describes ProVision’s architecture, deployment options, client/server software
relationship, and communications with network elements.
In this chapter
ProVision Architecture ................................................................................................. 15
ProVision Deployment Options ................................................................................... 16
Network Communication Ports and Firewalls .............................................................. 21
Network Management Concepts ................................................................................. 28
ProVision Architecture
ProVision provides a network management solution based on SNMP (Simple Network Management
Protocol), a widely accepted standard for performing network management functions. It does this by
layering one or more Element Manager applications on the foundation system.
ProVision's underlying network management platform is based on an open system architecture.
This enables users to extend network manageability by adding their own applications to the
platform. The resulting application suite delivers a seamless software solution that unifies network
element management across the platform. Users can easily move from viewing an alarm on the
network, to viewing a status screen for the alarmed object, to viewing a performance summary for
the same object.
Figure 1: ProVision Architecture Overview

System Description
ProVision Deployment Options

ProVision can be deployed with one client and one ProVision server, or with multiple Clients
connecting to one Server (up to 15 Clients can be operated from one Server). The deployment
options are based on your front-end user and network requirements.
This section covers the following topics.
Single Server/Client deployment ................................................................................. 16
LAN client deployment ................................................................................................ 17
WAN client deployment ............................................................................................... 17
Standby server deployment......................................................................................... 18
Single Server/Client deployment

The ProVision server installation process includes all of the files required to establish a client
session on the server workstation.
ProVision runs on a Windows workstation called the server. Every ProVision deployment must have
a ProVision server installed.
The server installation includes:
• Server processes that track the current state of the network model, manage user access to
the system, monitor network events, and more.
• The MySQL or PostgreSQL database system used for storing and retrieving network element
data.
• A local client used for establishing a client-to-server session on the server.
This figure is an overview of the single server/client deployment. This is only recommended for
small installations.
Figure 2: ProVision Single Server/Client Deployment

System Description
LAN client deployment

The ProVision client installation installs client software on the local machine, eliminating the need to
mount files across the network. Network traffic occurs only when the client requires data from the
server.
Optional ProVision client workstations enable multiple concurrent user sessions.
A client installation contains only those parts of the ProVision system necessary to allow users to
run a ProVision session. The user session communicates back to the server when required to
retrieve management information. The GUI runs on the client machine, freeing system resources on
the server machine to process network information.
A ProVision client is installed locally on the server. Clients can also be installed on standalone PCs.
This figure shows an overview of the server with clients deployed.
Figure 3: Server with LAN Clients Deployed
WAN client deployment

The ProVision client can also be operated on a remote client machine. For this setup, the remote
client uses a low bandwidth connection with a high latency link. WAN connections typically exhibit
higher latency and lower bandwidth when compared with LAN connections. As the ProVision client
application is optimized for a LAN connection, a WAN client solution needs to be deployed where a
WAN connection is used to connect remote users to the ProVision server.
To support WAN clients, a WAN client server is set up by connecting it to the ProVision server via a
LAN connection. The ProVision client software is installed on the WAN client server.

System Description
The WAN clients are set up by installing a Windows Terminal Server (WTS) or an equivalent remote
client solution such as Citrix Presentation Server.
More than one WAN client can access the WAN client server, however, since only one version of
the ProVision client is used, all ProVision logging from the multiple WAN clients are logged onto a
single file.
This figure is an overview of the server with both LAN clients and WAN clients deployed.
Figure 4: Server with LAN Clients and WAN Clients Deployed
Standby server deployment

ProVision provides business-critical supervision of Aviat Networks equipment. A standby server
deployment protects equipment and system operation against emergencies and outages.
A ProVision standby server solution provides the highest level of system protection by providing two
independent ProVision servers providing parallel supervision of Aviat Networks equipment. Aviat
Networks recommends implementing a standby server deployment if you have strong low-risk
requirements, if you have an SLA that requires uninterrupted 24 -7 access and support, or if you are
located in an area prone to natural disasters, such as earthquakes or hurricanes.
When a standby server is installed, both ProVision servers are independent of each other, and so
are their associated ProVision clients. This would means that ProVision client #1 could log on to
either ProVision server #1 or ProVision server #2, or indeed both at the same time.
There are multiple standby server options, all described in this section.
For information on installing and managing a standby server deployment, See Redundant Server
Deployments (on page 157).
System Description
Standby server deployment: sharing or separate hardware

There are two standby server deployment options:
• Standby Server with Server and Client Sharing Hardware: This is ideal for small
networks where only one user is monitoring the network at any time.
• Standby Server with Server and Client on Separate Hardware: This is required for
systems where more than one user is monitoring the network, for the support of multiple
clients. This option is also required if a server is located off-site or in a secure computer room
with limited access.
The configuration for each of these options is illustrated in the diagrams below.
See also Server and Services Management Procedures (on page 149).
Figure 5: Standby Server with Client and Server Sharing Hardware

System Description
Figure 6: Standby Server with Server and Client on Separate Hardware

System Description
Standby server with WAN and separate hardware

You can set up a standby server with a WAN and with separate hardware.
Figure 7: Servers with Standby Client Deployed via WAN Server
Network Communication Ports and Firewalls

This section covers device support, communication ports and configurations.
Device support
A basic Element Manager supporting SNMP devices provides simple presence polling to an MIB
object enabling communication with the devices.

System Description
Communication frequencies with network devices

This table describes how often ProVision polls the devices on the network, for presence polling,
event polling and trap initiated polling.
Note: Some devices have different polling frequencies for different areas, such as configuration,
link discovery, and plug-in structures.
Table 1: ProVision Network Device Communication Frequencies
Device type Presence polling Event traps frequency Event polling Trap initiated
frequency frequency polling frequency
Accedian 2 min 2 min
ADR 2 min When an event occurs
Altium MX/ 2+0 2 min When an event occurs
Aurora 5 min When an event occurs
CAU 2 min When an even occurs
Cisco Plug-in: 60 mins
Config: 12 hours
Constellation 2 min When an event occurs
Coriant Plug-in: 60 mins
Config: 12 hours
CTR 8500/ 8300 2 min 5 min Based on receiving
Config: 12 hours syslog message
Links: 6 hours
CTR 8740 2 min When an event occurs 2 min
DART 5 min When an event occurs
DVA 2 min When an event occurs
DVM45 5 min When an event occurs
DVM-XT 5 min When an event occurs
DXR 100 2 min 2 min
DXR 200 2 min* 2 min
DXR 700/ SMA DXR 2 min 2 min
E-Band E-Link 2 min 2 min
E-Link 1000 EXR, LR 2 min When an event occurs
Eclipse Node INU/INUe 2 min 2 min As configured
Eclipse Terminal (IDU) 2 min 2 min As configured
Generic 2 min When an event occurs
Intracom StreetNode 2 min 2 min As configured
Links: 60 minutes
LE3000, LE3200 2 min When an event occurs
MegaStar 2 min When an event occurs
Memotec CX-U 2 min When an event occurs
MicroStar I, II, III 2 min When an event occurs
SAGEM 5 min When an event occurs
SPECTRUM 2 SNMP 2 min When an event occurs

System Description
Device type Presence polling Event traps frequency Event polling Trap initiated
frequency frequency polling frequency
SmartCore 2 min When an event occurs
Symmetricom 2 min 2 min
TNet Proxy 5 min*
TRuepoint 2 min When an event occurs
Velox 2 min When an event occurs
WL1000, RW2000 2 min When an event occurs
WSG ASN Controller 2 min When an event occurs
WTM 3100 Config: 12 hours When an event occurs 2 min
Links: 60 minutes
Links: 60 minutes
Plug-in: 12 hours
Links: 60 minutes
Links: 60 minutes
Links: 60 minutes
Links: 60 minutes
WTM 5800 2 min When an event occurs 2 min
Links: 60 minutes
WTM 6000 Config: 12 hours When an event occurs 60 minutes
Plug-in: 12 hours
Integrity: 60 mins
XP4 248x / E3 5 min When an event occurs
* Requires a double failure before transition into loss coms, so has an effective presence poll of 10
minutes.
Network communication ports for firewalls

ProVision uses network UDP/IP and TCP/IP communication ports to communicate with Network
Elements (NE), between Client and Server, and other services, where required. Administrators may
need to adjust these ports to communicate around firewalls.
This section includes the default port data, to be used as a reference.
SFTP/FTP transfer firewall configuration
Most modern firewall products are able to intelligently support SFTP/FTP transfers, avoiding the
need to open a large number of TCP ports.
Also note that the firewall must support Extended Passive Mode SFTP/FTP (use of the EPSV
command) as defined in RFC 2428.
Note: SFTP is enabled by default but FTP can be enabled instead. See Enabling/Disabling
SFTP Server (on page 50).

System Description
Recommended port configuration

The network communications are grouped by integration between five logical entities:
• NE = Network element(s) (e.g. Eclipse INU)
• Server = ProVision server system(s).
• Client = ProVision client system(s); including all bundled applications (e.g. craft tool. browser).
• NBI = Northbound OSS system(s).
• IT = IT infrastructure services.
Note: If any port 5555 needs to be changed, see section Changing SFTP/FTP Server Port (on
page 75).
Warning: If any ports are changed on a Primary Server, you must also change the ports on the
connected Backup Server to match them.
Warning: Java runtime chooses many of the ports will use, based on availability. For some
processes, and because of variability in port selection, ports should not be blocked or firewalled.
Configurable ports are noted in the following tables.
Warning: The Redundancy Controller requires a set of certificates to support the secure the
MySQL database communications between the active and dormant ProVision servers. A script is
provided to generate a set of self-signed certificates which is in the root of the Redundancy
Controller installation. See section Installing and Uninstalling the ProVision Redundancy
Controller (on page 59) for details.
The ProVision client can be run on a remote PC inside a Citrix session (or Remote Desktop client
session). This allows you to implement a firewall between the remote PC and the ProVision system.
Only one port needs to be opened in the firewall. To do this, the ProVision Client must be installed
on a Citrix server (or Terminal services server) that is connected to the ProVision server without
using a firewall. If you have further requirements, please contact Aviat Networks for support.
To network elements
Table 2: To Network Elements
Application Protocol Port From Comments

SNMP UDP 161 Server Management requests
Telnet SSH TCP 23 (telnet) Server Management
22 (SSH)
Telnet SSH TCP 23 (telnet) Client Craft tool (CLI)
22 (SSH)
HTTP TCP 80 Server Configuration backup (GET) or Upgrade
443 (HTTPS) (PUT/POST)
HTTP TCP 80 Client Craft tool (web)
443 (HTTPS)
HTTP TCP 80 Server Eclipse configuration discovery. No
443 (HTTPS) security and basic security uses port 80,
strong security and FIPS security uses
port 443.
HTTP TCP 80 Server Event collection for CTR 8540 and CTR
443 (HTTPS) 8300
Portal TCP 26000 (restore) Client Craft tool (Eclipse Portal)
80, 26003 (normal)
26007 (secure)
Portal UDP 26005 Client Craft tool (Eclipse Portal NE discovery)

System Description

Portal Protocol UDP 26000 (restore) Server Management (Eclipse Only)
26003 (normal) Client
26007 (secure)
RADIUS UDP 1812 * (auth) IT Authentication and accounting
1813 * (accnt) Ports are configurable
NTP UDP 123 IT Date/time auto-configuration
HTTP TCP 80 Server Software upload for Eclipse with s/w
8.0.0 or later and CTR 8540/8300 with
s/w 3.6.0 or later
HTTPS TCP 443 Server Software upload for Eclipse with s/w
8.0.0 or later and CTR 8540/8300 with
s/w 3.6.0 or later
To Server
Table 3: To Server

SNMP UDP Any >1023 NE Management responses
SNMP UDP 162 NE Management notifications
SNMP UDP 162 NBI NBI control
SFTP/FTP (passive) TCP 5555 (control) NE Firmware Upgrade
Any >1023 (data) Port is configurable
Note: SFTP is enabled by default

but FTP can be enabled instead.
SFTP/FTP (passive) TCP 5555 (control) NBI NBI file transfer

SFTP/FTP (passive) TCP 5555 (control) ProVision PCR File Transfer Port is configurable.
Any >1023 (data) Plus
Note: Applicable only when
Eclipse or CTR 8300 or CTR 8540
devices are deployed and when
license for ProVision Plus
Frequency Assurance Software
(FAS) Product Module or Health
Assurance Software (HAS)
Product Module is installed.

and must be used with ProVision
Plus 2.13.1 or later.
Note: FTP must be enabled

instead for ProVision Plus version
2.13.0 or earlier.

System Description

SFTP/FTP (passive) TCP 5555 (control) Client Client file transfer

SFTP/FTP (passive) TCP 5555 (control) Server Redundancy replication

HTTP TCP 80 Client Client web requests
8080 8555
HTTP (SOAP) TCP 80 NBI MTOSI NBI operations
443 (HTTPS) Port is configurable
Java RMI TCP 5001 Client Client RMI requests
5558
Java RMI TCP 5001 Server Redundancy control
5558
RADIUS UDP 1812 * (auth) IT Authentication and accounting
1813 * (accnt) Port is configurable
NTP UDP 123 IT Date/time auto-configuration
SYSLOG UDP 514 NE Management notifications. Port is

configurable
TFTP UDP 69 NE Configuration Backup Files for CTR
8440.
Proprietary TCP 13570 Client Client server messaging
HTTP TCP 8080 NE Software upload for CTR 8540 and CTR
8300
Software upload and Configuration
restore for CTR 8540 and CTR 8300
and other devices
HTTPS TCP 443 NE Software upload and Configuration
restore for CTR 8540 and CTR 8300
and other devices
To Client
Table 4: To Client

Java RMI TCP 5560 + Server Client RMI callbacks
One port for each simultaneous client
session on a single client system. E.g.
5560-5584 for 25 clients.
SFTP/FTP TCP Any > 1023 Server Client file transfer
(control)
Any > 1023 (data) Note: SFTP is enabled by default

System Description

SFTP/FTP (passive) TCP Any > 1023 NE Client file transfer
(control) Upgrade (via Eclipse Portal)
Any > 1023 (data)
Portal UDP 26005-26099 NE Craft tool (Eclipse Portal NE discovery)
Port 26007 needs to be opened
between Portal and Eclipse if using
RADIUS
To NBI
Table 5: To NBI

SNMP UDP 162 Server NBI traps
Port is configurable
Proprietary TCP 8081 Server NBI output (ASCII streaming)
Port is configurable
To IT
Table 6: To IT

RADIUS UDP 1812 (auth) Server Authentication and accounting
1813 (accnt) Port is configurable
RADIUS UDP 1812 (auth) NE Authentication and accounting
1813 (accnt) Port is configurable
NTP UDP 123 Server Date/time auto-configuration
NTP UDP 123 NE Date/time auto-configuration
SMTP TCP 25* Server Email notifications. Port is configurable
To Redundancy Controller Server
Table 7: To Redundancy Controller Server

SNMP UDP 1234 Server Redundancy Controller.
MySQL TCP 3307 Server MySQL Replication
SFTP/FTP TCP 5555 Server Database and external file transfer
Note: SFTP is enabled by default but

FTP can be enabled instead.
HTTPS TCP 9080 Server

System Description
To ProVision Plus Server

Table 8: To ProVision Plus Server

HTTPS TCP 443 Server Applicable when https is enabled. Used for
ProVision NBI (Configurable). Needs to be
changed if ProVision server is installed on
same Windows server as ProVision Plus
server.
Note: Applicable only when ProVision

license with support for ProVision Plus
NBI is installed.
Network Management Concepts

Network management and SNMP ............................................................................... 28
Managers, Agents, and MIBs ...................................................................................... 28
Internet and Enterprise-specific MIBS ......................................................................... 30
Managing Proprietary Protocol Aviat Devices ............................................................. 30
SNMP traps and managed devices ............................................................................. 31
Network management and SNMP

ProVision communicates directly with Aviat Networks SNMP devices. Aviat Networks non-SNMP
devices that do not understand SNMP protocol require the services of proxy software to enable
communication with the manager.
All communication between the ProVision application and Aviat Networks devices is based on
SNMP (Simple Network Management Protocol). SNMP is the de facto standard for systems and
device management on TCP/IP (Transmission Control Protocol/Internet Protocol) networks.
Designed to facilitate the exchange of management information between network devices, SNMP is
rapidly replacing proprietary protocols for telecommunications network management.
This section profiles basic SNMP components and operations, describes the role of the proxy agent
when proprietary protocol devices exist on the network, and introduces Aviat Networks
enterprise-specific MIB modules. It also takes a closer look at how traps are handled in both
SNMP-managed and proxied environments.
Managers, Agents, and MIBs

The SNMP management protocol is based on the manager-agent model, with an intelligent
management system monitoring and controlling multiple device-based agent systems. Manager and
agent systems communicate by setting values in a data structure called a MIB (Management
Information Base), which resides on the agent device. This figure provides a representation of the
manager, agent and MIB interactions.
Figure 8: Manager, Agent and MIB Interaction

System Description
Manager-Agent model
SNMP treats a network as a collection of cooperative, communicating entities consisting of
management systems and agent systems (or managed devices).
A management system, or manager, is the host system running the network management
application and supporting the Simple Network Management Protocol. A manager can solicit and
interpret data about agent systems and network traffic. It can also trigger status and configuration
changes on a managed device. A manager performs these tasks by making requests to the agent
running on the device.
An agent system is the software interface to a managed device, such as a microwave radio. Like a
manager, an agent may actually be one of many processes running on a workstation. Or it might be
implemented in the non-volatile memory of the device itself. An agent is usually a passive entity. It
responds to manager requests and supplies and changes the values of local variables as needed.
An agent can also send unsolicited messages (called traps) to alert the manager of changes on the
managed device.
Managers and agents communicate, or interact, through SNMP. For devices that use protocols
other than SNMP to communicate on a network, a proxy agent, which speaks both languages, is
used as an intermediary. When proprietary protocol Aviat Networks devices exist on an
SNMP-managed network, the Proxy application, developed by Aviat Networks, provides translation
and other services on behalf of these devices. Proxy Agents monitor and control private protocol
Aviat Networks devices at a peer level with SNMP-protocol devices.
Manager and agent communication
Normally, a manager requests information from an agent. In addition, an agent can send messages
to the manager about the current status of a managed device or about its own status. This table
identifies the SNMP requests used to perform basic SNMP operations.
Table 9: SNMP Request Descriptions
SNMP request Description

Set Write new data to one or more of the objects managed by an agent.
Get Request the value of one or more of the objects managed by an agent.
Get Next Request the object identifier(s) and value(s) of the next object(s) managed by
an agent.
Get Bulk Request large amounts of object information in a single request/response
transaction. Get Bulk behaves as if many iterations of Get Next
requests/responses were issued, except that they are all performed in a single
request/response operation.
Response The data returned by an agent.
Trap Send an unsolicited notification from an agent to a manager indicating that an
event or error has occurred on the agent system.
Information exchange and the MIB

Within the SNMP framework, all information accessed or modified through the agent is accessed or
modified through the MIB. Each managed object includes one or more MIBs that define the
manageable information for that object.
A MIB is composed of a set of MIB objects. Each MIB object (also called a MIB variable) represents
a piece of information (configuration, status, control or other management-related information)
about a managed network element, for example, a system description or a performance value. The
existence of a particular value for a MIB object is called a MIB object instance. Some MIB objects
have only a single instance for a given managed device, for example, a system description. Other
MIB objects have multiple instances for the device; for example, the status of each interface on the
device. By reading information from an agent's MIB, an SNMP manager can monitor an agent. By
writing or altering information on the MIB, an SNMP manager can control the behavior of the
managed device on which the agent resides.

System Description
MIB organization
Internet-standard MIBs reflect a hierarchical organization of MIB objects arranged in a tree-like
structure. Each branch in the tree has a unique name and numeric identifier. Intermediate branches
of the tree serve to group related MIB objects together. The leaves of the tree represent the MIB
objects, or actual device data. Branches, or nodes, are similar to directories in a file system in that
they do not contain data in the normal sense. They contain other directories and files. Leaves are
similar to a file in that they contain data that relates to a particular aspect of a device on the
network.
MIB naming conventions
MIB objects are identified, or named, by their place in the overall tree structure. A full object
identifier (OID) consists of the identifier of each branch along the path through the tree hierarchy,
from the top of the tree down to the leaf. The OID is conventionally expressed in dot notation
format, with a period (.) separating each level in the path from the top of the MIB hierarchy down to
the specific MIB object. Each branch and leaf have both a numeric name and an ASCII name, with
the numeric name frequently used for ease of reference. This figure shows two different ways of
naming the same MIB object.
Figure 9: MIB Object Identifier
MIB instance IDs

A particular MIB object instance is distinguished from other instances by an instance ID appended
to the end of the MIB OID. For example, if an object has one and only one instance, then the
instance identifier is zero (0). The instance identifier for a MIB object with more than one instance is
1 or greater.
MIB object attributes
Every MIB object also has certain attributes that describe it. In the case of leaf objects, or MIB
variables, these attributes define the type of information (such as integer, text, or counter), its
access (such as read-write or read-only), and its status (such as mandatory or optional).
Internet and Enterprise-specific MIBS

MIBs are organized into MIB modules. A MIB module is a file defining all the MIB objects under a
subtree. The foundation module is the standards-based MIB-II module defined by RFC 1213:
Management Information Base of Network Management of TCP/IP Internets: MIB-II.
In addition to the Internet-standard MIB-II objects defined in RFC 1213, many hardware vendors,
including Aviat Networks, have developed MIB extensions for their own products. The MIBs defined
by these vendors are referred to as enterprise-specific MIBs.
Managing Proprietary Protocol Aviat Devices

In a proxied environment, Proxy Agents are responsible for translating manager requests and for
notifying the network manager when changes occur on a managed device.

System Description
Private-protocol Aviat Networks devices use the proprietary TNet protocol for network
communication. TNet protocol and SNMP differ significantly in terms of data structure, access
method, and protocol packet content. The Proxy Agent mediates these differences, performing
information preparation and exchange functions on behalf of TNet devices operating in an SNMP.
More about protocol mediation and the Proxy
Using the protocol semantics and polling algorithms, the Proxy Agent converts SNMP requests from
the manager to the proprietary protocols required by TNet devices. The Proxy Agent constructs,
parses, and analyzes each request and resultant response according to the supported protocol
specification, then relays all responses back to the manager using SNMP.
The Proxy Agent polls managed TNet devices for alarm information and creates a set of MIB
objects for each device. The Proxy Agent also interprets the event data sent to it by managed TNet
devices, reformats this data as SNMP traps (notifications), and forwards the traps on to the
manager. The Proxy Agent does not run on the managed TNet device itself, but acts as an
intermediary between the network manager and the device as shown below.
Figure 10: Proxy Agents' Role in Protocol Conversion
SNMP traps and managed devices

Whenever a monitored change occurs in the status of a managed device, an SNMP trap (also
called an event) is generated by the SNMP agent running on the device. Traps are designed to
notify the manager that some monitored condition has changed in the network enterprise. Traps can
range from providing basic status information to indicating critical system or device problems.
Agent software automatically logs device events to an event table maintained in the agent MIB. The
event table tracks the latest events logged for a managed device (the maximum number of recent
events that are maintained in the event table log varies by device type). Logged events are
viewable online via both the Fault window Event Table and via the Event Browser window.
• The Event Table tab displays agent-logged events for a selected Aviat Networks device.
• The Event Browser displays events from many sources, including SNMP traps generated by
agent software, and internal events generated by ProVision. For more information on the
Event Browser, refer to the Managing Events chapter in the ProVision User Guide.

Installing ProVision
Chapter 3. Installing ProVision

This chapter describes the installation requirements and the procedures for installing ProVision.
Note: This chapter focuses on the requirements and instructions for a new, or “clean”, installation
of ProVision. To upgrade an existing installation, see chapter Upgrading ProVision (on page
65).
Warning: ProVision client communication with ProVision server will not work when using a NAT
connection between client and server. All communication between ProVision client and ProVision
server must be through directly routed connection for communication to work correctly. A WAN
Client server solution, that is on the same network as the ProVision server, can also be used.
In this chapter
Installation Process Overview ..................................................................................... 33
Installation Prerequisites ............................................................................................. 34
Pre-Installation Tasks .................................................................................................. 43
Installing and Uninstalling ProVision ........................................................................... 45
Standby Server Installation and Maintenance ............................................................. 58
Installing and Uninstalling the ProVision Redundancy Controller ................................ 59
Installation Process Overview

Here is an overview of the process required to set up and install ProVision.
Step Action
1 Perform Pre-Installation Tasks.
Determine if the software and other equipment were supplied by Aviat Networks.
• No - verify that the equipment and OS software supplied meets the requirements. Check
the amount of ethernet cards in the PCs where server software will be installed: if they
have more than one ethernet card apiece, see section RMI Interface for installation
(on page 42).
• Yes - Unpack and check the supplied equipment.
2 Set up the ProVision computers.
• Ensure that the installer has Administration rights for the computers
• License Microsoft OS SW
• Edit regional settings
• Change PC power saving setting
• Configure Tracker Box if required
• Locate standby servers if required
• Set up any ProVision Client users with Modify rights on the computer’s ProVision
directory
3 Install ProVision software.
• Install ProVision Server software
• Install Portal software
• Install ProVision Client software
4 Install and configure any standby servers for ProVision.
5 Proceed to the setup of ProVision: licensing, system detail entry, and managing.

Installation Prerequisites
This section covers the prerequisites required for installing ProVision.
Platform requirements ................................................................................................. 34
FarScan Virtual Machine requirements ....................................................................... 38
Virtual Machine support............................................................................................... 38
Device Counts: Server loading value .......................................................................... 39
ProVision installation files............................................................................................ 41
RMI Interface for installation ........................................................................................ 42
Platform requirements
This section covers the installation platform requirements.
Java supported ............................................................................................................ 34
Anti-virus software ....................................................................................................... 34
Operating Systems supported ..................................................................................... 35
Server and LAN Client specifications .......................................................................... 36
WAN Client Server and WAN Client specifications ..................................................... 37
Java supported
The following version of the Java platform is incorporated into ProVision:
Table 10: Java Version Used by ProVision
Java Version Notes

Java 8 Standard Edition 1.8.0_362 All supported OS. OpenJDK version.
(J8SE)
Anti-virus software
Compatibility testing has been successfully performed with Microsoft Defender Antivirus software.
Aviat does not perform compatibility testing with other anti-virus software such as Symantec,
McAfee, Kaspersky, or AVG, as the risk of finding compatibility issues is low.

Operating Systems supported

Table 11: Supported Operating Systems
Operating System PV PV Redundancy Notes

Server Client Controller
Windows 2012 Server Yes Yes Yes Standard and Enterprise Editions
supported.
Includes support for 2012 R2.
64 bit and versions supported by Server
and Client.
Enterprise edition needed for >4 GB
RAM.
Windows 2016 Server Yes Yes Yes Standard and Data Center Editions
supported. 64 bit only.
Windows 10 Yes Yes Yes
Windows 11 Yes Yes Yes
Note: Limitation: ProVision Server is not supported when installed in Program Files directory.
Note: For Windows servers, a 64 bit server software OS is required.

The following matrix indicates operating systems that are no longer officially supported:
Table 12: No Longer Supported Operating Systems
Operating System PV PV PV Mobile Notes

Server Client Client
Windows 2003 Server No No - Supported by PV 7.4.0 and earlier only.
Standard and Enterprise Editions
supported.
SP1, SP2 and R2 supported.
32 and 64 bit and versions supported by
Server and Client, however craft tools
not yet verified on 64 bit.
RAM.
Windows 2008 Server Yes Yes - Standard and Enterprise Editions
supported.
Includes support for 2008 R2.
32 and 64 bit and versions supported by
Server and Client, however craft tools
not yet verified on 64 bit.
RAM.
Windows 7 Yes Yes - Limitation:
PV Server not supported when installed
in Program Files directory.
Windows 8, 8.1 Yes Yes - Limitation:
PV Server not supported when installed
in Program Files directory.

Operating System PV PV PV Mobile Notes

Server Client Client
Solaris 10 No - - 64 bit support (default install setting)
required.
Solaris 10 update 9 or later officially
required for PV 6.11.2 and later.
Note: Solaris is not supported for

PV 7.12.2 and later.
Redundancy Controller installation.
Apple iOS - - Yes 1.0: iOS 5, 6, 7.
2.0: iOS 7 only
Android - - Yes 1.0: Beta; Android 4.0 (Ice Cream
Sandwich) and 4.x (Jelly Bean)
Server and LAN Client specifications

This table lists the Windows server and LAN hardware requirements. The hardware specification is
dependent upon the Node Loading Value. The Node Loading Value is based on the number and
type of radios that make up your network. See the ProVision Release Notes, and Device Counts:
Server Loading Value (on page 39) for more information.
Table 13: Minimum Server and LAN Hardware Specifications
Node loading Minimum Windows Server Minimum Client specification

value specification
Up to 100 • 2 GHz processor • 2 GHz processor
• 4 GB RAM • 4 GB RAM 64-bit OS, 2 GB RAM
• 50 GB HD space to install and 32-bit OS
operate • 10 GB HD space to install and
• Ethernet LAN card operate
• Ethernet LAN card
• 10 Mbps LAN connection per Client
connected to the Server
• 32-bit color
• Minimum display resolution
1024 x 768
Up to 1,000 • 1 x 2-core processor • 2 GHz processor
• Ethernet LAN card
• 10 Mbps LAN connection per Client
• 32-bit color
1024 x 768

Node loading Minimum Windows Server Minimum Client specification

value specification
Up to 3,000 • 1 x 4-core processor • 1 x 2-core processor
• 64 bit OS • Ethernet LAN card
• 64-bit PV server option • 10 Mbps LAN connection per Client
• 32-bit color
1024 x 768
Up to 9,000 • 2 x 4-core processors • 1 x 2-core processor
• 64 bit OS • Ethernet LAN card
• 64-bit PV Server option • 10 Mbps LAN connection per Client
• 32-bit color
1024 x 768
Note: When additional features are added to the ProVision product, the RAM requirements may
increase for the node counts specified above.
Note: Executing a ProVision client session on the server reduces the stability of the server. It is
recommended that client sessions are not executed on large server deployments.
WAN Client Server and WAN Client specifications
Where access to client functionality is required over a WAN (Wide Area Network) connection to the
Server, a WAN (or thin) Client solution needs to be deployed. Client session counts refer to the
number of simultaneous client sessions to be executed on a single WAN Client Server machine.
Table 14: Minimum WAN Client Server and WAN Client Hardware Requirements
Node Loading Value Minimum Windows WAN Client Server

specification
Up to 9,000 • Base RAM requirements for Windows and Citrix
• Add 1 GB per Client session
• Up to 5 clients:
o 2-core processor
o 4-core processor
o 2 x 4-core processors
Note: Citrix Presentation Server can be used to provide a WAN Client Server solution.
Note: The WAN Client Server solution must be operated on a stand-alone machine. It cannot be
operated on the same machine as the ProVision server.
FarScan Virtual Machine requirements

In installations where FarScan is required it is recommended that FarScan is installed on separate
hardware the from ProVision server. FarScan can be run in a virtual machine installed on the same
hardware as the ProVision server.
The hardware requirements for a server to support a ProVision server and FarScan virtual machine
installation should exceed the hardware requirements of the individual ProVision, virtual machine
and FarScan components.
The FarScan hardware requirements are defined in the FarScan for Windows Instruction Manual. At
least two real serial communication ports will also be required for each FarScan installation.
Aviat Networks has tested operating a ProVision server and four FarScan installations running in
separate VMware environments on the same hardware.
Virtual Machine support

ProVision server and client applications are supported on VMware and other VM environments.
Supported on all versions of VMware. Validation last completed with VMware ESXi 5.5.
Resource requirements
The ProVision server and client can be installed on a virtual machine, also known as a virtualized or
"cloud" server.
The virtual machine resources created for the ProVision must meet the minimum specifications as
listed below.
Virtual machine resources should be monitored and adjusted if required.
Table 15: Virtual Machines Supported
Operating Virtual Installation reference Support

System Machine
Windows VMware https://www.vmware.com/support/serv Client or server
ices.html
Table 16: Minimum Virtual Machine Server and LAN Hardware Specifications
Node loading Minimum virtual Windows server Minimum virtual client

value
Required For • Ethernet LAN Card • Ethernet LAN Card
All • DISK I/O: 10-20ms access time • 10 Mbit/s LAN connection per Client
• NETWORK I/O: 10 Mbit/s for small connected to the Server
networks <1000 devices and • 10 GB HD space
20 Mbit/s for networks >1000 • DISK I/O: 10-20 ms access time
devices.
• NETWORK I/O: 0.25 Mbit/s or
better
Up to 100 • 2 GHz processor • 2 GHz processor
• 50 GB HD space 32-bit OS
Up to 1,000 • 1 x 2-core processor • 2 GHz processor
Up to 3,000 • 1 x 4-core processor • 1 x 2-core processor

Node loading Minimum virtual Windows server Minimum virtual client

value
Up to 9,000 • 2 x 4-core processors • 1 x 2-core processor
Note: When additional features are added to the ProVision product, the RAM requirements may
increase for the node counts specified above.
Redundancy and Standby Servers with Virtual Machine installations
Redundant and standby servers for ProVision can be installed on virtual hosts. For these
installations, administrators must ensure that:
• Redundant or standby servers are installed on different virtual machines/hosts than the
primary installation.
• Redundant or standby servers match the minimum virtual machine requirements.
• If both redundant and standby servers are used, these must also be installed on different
virtual machines/hosts.
For more information, see Redundant Server Deployments (on page 157).
Device Counts: Server loading value

When planning a network, it is important to know the number of devices your network will ultimately
have. Some devices place more loading on the server than others. Calculating a server loading
value is a requirement to determine system resources. Calculate the server loading value from the
equation:
Node Loading Value = 3A + 2B + C
Where the letter designation A, B, and C are determined by the type of devices in your network and
are listed in the table below:
Device Letter designation

Accedian EtherNID, EtherNODE C
Altium C
Aurora C
CAU C
Cisco C
Constellation B
Control Alarm Unit C
Coriant 7345 C
Coriant 8605 B
Coriant 8609 A + B (5 for each)
CTR 8300 B
CTR 8540 A
CTR 8440 A
DART C
DVA C
DVM C
DXR 200, DXR 100/NMI C
DXR SMA / DXR 700 B
Eclipse IDU B
Eclipse INU, INUe (1), NTU, IRU 600 A
Device Letter designation

E-Band E-Link 1000EXR, 1000LR, 1000Q C
Generic Devices C
Intracom StreetNode C
Juniper A+B
LE3000 C
LE3200 C
MegaStar 1+1 SPU B
MegaStar M:N SPU B
MegaStar M:N SPU B
Memotec CX-U C
Microstar (I, II, III) C
Radwin WinLink 1000 C
Radwin 2000 C
Sagem ADR 155C A
Sagem ADR 2500 A
SAGEM-LINK C
Spectrum II SNMP C
Symmetricom C
TNet C
TRuepoint (4000, 4040, 500) C
TRuepoint 6400 2
TRuepoint 6500 MSTU 1/2 of a C
Velox C
WTM 3100 C
WTM 3200 C
WTM 3300 C
WTM 4100 C
WTM 4200 C
WTM 4500 C
WTM 4800 C
WTM 5800 C
WTM 6000 C
XP4 / XP4 NMI C
For example, for a network with the following devices:
• 100 Eclipse INUs (A)
• 50 Eclipse IDUs (B)
• 200 XP4s (C)
• 10 Altiums (C)
The node loading value is:
= (3 x A) + (2 x B) + (C)
= (3 x 100) + (2 x 50) + (210)
= 610
Note: The Megastar value is per SPU. Where a MegaStar radio consists of multiple SPUs, this
will produce a higher landing value.

ProVision installation files

The ProVision release files include:
• Server and Client Setup applications
• Eclipse Portal application
• Topology and migration tool files
• Readme file which details important information noted after the Release Notes were closed
off.
• ProVision MIBs
• Redundancy Controller software
• Alarm List for devices
• License Request Form
• Deletion of License form
• User Documentation:
o ProVision Quick Start Guide
o ProVision Installation and Administration Guide
o ProVision User Guide
o ProVision Release Notes
o Tech Notes and White Papers
Eclipse Portal
If there are Eclipse radios on the network, you must install the Eclipse craft tool, Portal, on the
ProVision server. Portal enables you to log into the Eclipse radios. The Portal software is provided
with the release media.
See the ProVision release notes for the compatible versions of Portal and ProVision software.
Note: Eclipse help and Eclipse Portal help can be installed by installing Eclipse software from
Eclipse Setup CD or separately installing Eclipse software. This help is also used by Eclipse
Portal launched from ProVision client.
Licensing, database and node support
Licensing requirements
ProVision does not run without a valid product license. It requires either a temporary evaluation
license or a permanent license.
Using a trial evaluation license
A trial evaluation license can be requested from PV-Licensing@aviatnet.com , or by completing
the License_Request_Form.txt in the ProVision release media (see the Documentation directory).
When the evaluation period is complete, to continue to use the software, you have to obtain and
install a permanent license or request another evaluation license.
A ProVision evaluation license is valid for a specified number of days. When the expiry date is
reached, the license key is no longer valid, all ProVision client sessions are stopped. The ProVision
server, however, remains running. The client sessions can be started only when a valid license file
has been copied into the ProVision server directory.
Using a permanent license
A permanent license has no expiry date and is the standard product licensing medium. For
instructions about requesting a permanent license, refer to Licensing ProVision (on page 67).
Database support
ProVision supports the MySQL database, version 5.1.69 and PostgreSQL database, version 9.4.4.
Nodes supported
Where support for a node loading value greater than 6,000 nodes is required, please contact Aviat
Networks for additional information.

Administrator username and password

The default administrator username and password is set as:
• username: admin
• password: admin
The admin password must be changed for security purposes. For more information, refer to
Workflow for Setting Up ProVision (on page 74).
ProVision Server IP address, MAC address
The ProVision server IP address or MAC address is required when applying for a ProVision license,
and server IP address is required for downloading ProVision client software from the ProVision
server to the client PC. To determine the Server IP address, refer to Determining the Server’s IP
address (on page 69).
Note: The Server IP address supplied must be "static", because the license is based on the IP
address and the IP address is verified each time the server starts up.
RMI Interface for installation

If you are installing the ProVision Server on a PC with more than one Ethernet card, additional
configuration is required to ensure the correct operation of the ProVision clients.
Note: This process is not required when the server only has one Ethernet interface.
You must configure the server PC to bind the ProVision Client services onto the network that
interfaces with the internal LAN; Client connections are made from this network. To do this, use the
following procedure.
Standard procedure
Step Action
1 Ensure that you have administration privileges in the PC's operating system.
2 Obtain the required network interface IP address for your Client interface.
3 Log in to the server PC. Stop the server (see ProVision Commands (on page 44)).
4 Open your Server Configuration file located at:
ProVisionServer\tomcat\webapps\ROOT\pv\templates\server_configuration.xml
5 Using a text editor, edit the server_configuration.xml file. If the Client interface is on, for
example, network interface 192.168.1.2 then add this line immediately after the line
<server_configuration>:
<client_interface>192.168.1.2</client_interface>
OR
Alternatively if the client interface address is IPv6, add the value:
<client_interface>a:b:c:d:e:f:g:h</client_interface>
6 Save the file.
7 Restart the server.
Procedure with multiple Ethernet cards

If you are installing the ProVision Client on a PC with more than one Ethernet card, additional
configuration may be required to ensure the correct operation of theProVision clients.
Note: This process is not required when the client only has one Ethernet interface.
Step Action
1 Ensure that you have administration privileges in the PC's operating system.
2 Obtain the required network interface IP address for your ProVision Client interface.

Step Action
3 Log into the ProVision server PC.
4 Disable unused network interfaces on the client. If only one network interface remains, no
further action is required.
5 Add the client hostname and IP address to the client hosts file located in the
Windows\System32\drivers\etc directory.
6 If the client is slow after making this change then edit the file startupClient.bat file in the
ProVisionClient directory as follows:
• At the line beginning with start, add: -
Djava.rmi.server.hostname=`client ip address'
• For example, where 1.2.3.4 is the IP address of the client network interface facing
ProVision server:
start jre\bin\javaw.exe -cp %_LIBJARS% -XX:+DisableExplicitGC -D/.java2d.d3d=false
-Djava.rmi.server.hostname=1.2.3.4 -Xms512m -Xmx1024m
pv.client.framework.ApplicationView
7 Save the file.
8 Start the client session.
Pre-Installation Tasks
Before a new installation of ProVision, the following tasks must be done.
It is also useful to review the ProVision commands (on page 44).
Setting up computer equipment, user rights, and IPv6 requirements .......................... 43
Disabling other SNMP trap services ............................................................................ 44
Exclude scanning MySQL temporary directory ........................................................... 44
Disabling the PC power saving setting ........................................................................ 44
ProVision commands .................................................................................................. 44
Setting up computer equipment, user rights, and IPv6 requirements

Do the following to set up the computer equipment:
• Unpack the equipment and verify the computer and accessories received match the
equipment ordered, by checking off the packing slip.
• If there are any discrepancies between the equipment ordered and the equipment supplied, or
if the equipment is damaged, contact the Aviat Networks Help Desk.
• Connect accessories and turn computer on.
Setting up user rights on the computers
To install ProVision Server and ProVision Client, ensure you have administrator rights for the PC on
which you are installing the ProVision software. If you do not have the correct rights, the software
does not install correctly.
Also, all users who will be logging into the Client need to have Modify rights for the directory
\ProVisionClient\ on the PC where the ProVision Client is installed. To maintain this easily, Aviat
Networks recommends creating a Windows user group that has these rights. Consult the
documentation for your version of Windows for more detailed instructions.
IPv6 address requirements
If there will be network devices managed with IPv6 addresses, ensure that the Windows machine is
configured with both an IPv4 and an IPv6 address.
Note: ProVision now supports devices with IPV6 only addresses as well.
Disabling other SNMP trap services

For ProVision to operate correctly, no other SNMP trap services can be running on the system.
These must be stopped and disabled before starting ProVision. Otherwise, ProVision will not
receive alarm traps from devices.
As an example, Microsoft SNMP Trap Services must be stopped and disabled.
Exclude scanning MySQL temporary directory

For some ProVision server installations it may be necessary to configure the antivirus application to
exclude scanning MySQL temporary directory to ensure the correct operation of the
ProVisionserver.
Exclude the ProVisionServer\mysql\data\tmp directory from being scanned by any antivirus
applications.
Disabling the PC power saving setting

On /windows servers for ProVision, any Power saving setting that switches the server to Standby
needs to be disabled.
This procedure must be performed for all server and client Windows-based computers using
ProVision. To disable power saving mode:
Step Action
1 Select Start > Settings > Control Panel > Power Options. The Power Options Properties
window is displayed.
2 Change the System standby to Never.
3 To save your changes, click OK.
ProVision commands
The tables below define the Windows commands accessible via the ProVision server command
window. These commands are useful as you perform the installation, data checks, backups, and
data restoration.
Table 17: Windows Commands
Windows command Description

pv service start Starts the service
pv service stop Stops the service
pv service install Installs as an operating system service
pv service remove Removes as an operating system service
not applicable for Windows Shows the server status
pv report Generates the helpdesk report
startupclient report Generates the ProVision Client helpdesk report – stored in the
reports directory of ProVisionClient folder
pv help Shows command line help
Table 18: Database Commands

pv db restore Restores a database backup, launches interactive tool
pv db configure Launches window for changing MySQL or PostgreSQL database
username, password, and port.
pv db dump events Saves all events to a CSV line.
Maximum of 1048576 data lines.
pv db check Runs an integrity check on the database (key tables only). Not
supported by PostgreSQL.


pv db check all Runs an integrity check on the database (all tables). Not supported
by PostgreSQL.
pv version Shows the version of the database
pv db reset Destroys all database contents
migrate <directory> Migrates the database
Note: If, after entering a command, a window appears with the message Do you want to allow
the following program to make changes to this computer? click Yes.
Installing and Uninstalling ProVision

Installing ProVision ...................................................................................................... 45
Uninstalling ProVision ................................................................................................. 46
Installing the ProVision Windows Server ..................................................................... 46
Enabling/Disabling SFTP server ................................................................................. 50
Updating private key.................................................................................................... 51
Installing the ProVision Client ...................................................................................... 52
Installing Eclipse Portal ............................................................................................... 54
Uninstalling ProVision Server software ....................................................................... 56
Uninstalling ProVision Client software ......................................................................... 58
For a new installation of ProVision, complete the installation steps in the following order:
ProVision Server Computer
• Installing the ProVision Windows Server (on page 46)
• Installing the ProVision Client (on page 52)
ProVision Client Computer(s)
• Installing the ProVision Client (on page 52)

Uninstalling ProVision
To uninstall ProVision, see these instructions:
• Uninstalling ProVision Server software (on page 56)
• Uninstalling ProVision Client software (on page 58)
Installing the ProVision Windows Server

It is simple to install the ProVision Server on a Windows machine using downloaded installation
files.
Either obtain a full license or a trial evaluation license. A trial evaluation license can be requested
from PV-Licensing@aviatnet.com , or by completing the License_Request_Form.txt in the
ProVision release media (see the Documentation directory). When the evaluation period is
complete, to continue to use the software, you must obtain and install a permanent license or
request another evaluation license.
Standard Windows Server installation procedure
Step Action
1 Before you begin, obtain and verify your root database username, password, and port
number, and obtain a ProVision license.
Note: If there will be network devices managed with IPv6 addresses, ensure that the
Windows machine is configured with both an IPv4 and an IPv6 address.
2 Download the ProVision release files from the release location.
3 Using Windows Explorer locate the installation files.
4 Run installer by right-selecting the file
ProVision-WinServer-x64-Setup-vX.Y.Z-Build-xxx.exe and selecting Run as
Administrator, where X.Y.Z is the ProVision release version and xxx is the release build
number.
Note: For PostgreSQL installations of ProVision, run installer by right-selecting the file
ProVision-WinServer-x64-Postgres-Setup-vX.Y.Z-Build-xxx.exe and selecting Run
as Administrator, where X.Y.Z is the ProVision release version and xxx is the release
build number.
5 First, the installer is verified.
6 Select the installation language.

Step Action
7 The License Agreement window displays.
Read the license details. To accept the license, click I Agree.

8 Follow the installation instructions, accept all defaults, and install the server software in the
default location.

Step Action
9 The window to Generate SSL Private Key, which is required for SFTP server (default), is
displayed.
Select Generate private key and enter the IPv4 address of host network interface (NIC),
then click Next >.
Warning: When ProVision Plus NBI is enabled and Eclipse or CTR 8300 or CTR 8540
devices are deployed, SFTP must be enabled (default) for ProVision Plus 2.13.1 or later
when license for ProVision Plus Frequency Assurance Software (FAS) Product Module
or Health Assurance Software (HAS) Product Module is installed.
devices are deployed, FTP must be enabled for ProVision Plus 2.13.0 or earlier when no
Frequency Assurance Software (FAS) Product Module or Health Assurance Software
(HAS) Product Module is installed. See Enabling/Disabling SFTP server (on page 50).

Step Action
10 The server installation and set up is completed.
Click Finish.
11 Once the server installation is completed, the ProVision server starts automatically and runs
in the background.
12 Install ProVision license into ProVision server by copying provision_license.xml into
ProVisionServer directory and restarting ProVision server.
13 To verify that the ProVision server is running:
Select Start > ProVision Server > Command Window.
At the prompt, type:
pv service start
A message is displayed indicating the server is already running.
If the server is not running, the pv service start command starts the server. If a window
appears with the message “Do you want to allow the following program to make changes to
this computer?” click Yes.
Note: Install any relevant server patches after installing the ProVision Server.
Windows Postgres Server installation procedure

For Windows ProVision server Postgres installation, you must agree and install Microsoft Visual
C++ 2013.
Step Action
1 Install ProVision server ProVision-WinServer-x64-Postgres-Setup-vX.Y.Z-Build-xxx.exe
file, where X.Y.Z is theProVision release version and xxx is the release build number, by
following the same procedure defined in Standard Windows Server installation
procedure (on page 46).

Step Action
2 When prompted to install Microsoft Visual C++ 2013 Redistributable (x64), agree to the
license terms and conditions and click Install.
3 Microsoft Visual C++ 2013 is installed.

4 Installation of server is complete.
Warning: If upgrading ProVision server when the new version is installed, you will be
prompted to Repair, Uninstall or Close Microsoft Visual C++ 2013 installation.
In this case, click Close so that the ProVision server installation can complete
successfully.
Enabling/Disabling SFTP server

Follow these steps to enable or disable SFTP (default) server.
Step Action
1 Stop the ProVision Server using the appropriate command or Windows service.

Step Action
2 On ProVision server, open file server_configuration.xml with a text editor.
This file is located in ProVisionServer\tomcat\webapps\ROOT\pv\templates directory.
Note: We recommend creating a copy of server_configuration.xml file outside of

ProVision Server tree as a precaution in case of any issues so the user can roll back
to the original version.
3 To change from SFTP server to FTP server.
Change:
<sftp_ftp>
<enable>true</enable>

<secured>true</secured>
<port>5555</port>
<pasv_range>0</pasv_range>
<timeout>10000</timeout>
</sftp_ftp>
To:
<sftp_ftp>
<secured>false</secured>
<port>5555</port>
</sftp_ftp>
Note: To enable SFTP server again, change <secured>false</secured> back to

<secured>true</secured>.
devices are deployed, SFTP must be enabled (default) for ProVision Plus 2.13.1 or later
when license for ProVision Plus Frequency Assurance Software (FAS) Product Module
or Health Assurance Software (HAS) Product Module is installed.
devices are deployed, FTP must be enabled for ProVision Plus 2.13.0 or earlier when
no Frequency Assurance Software (FAS) Product Module or Health Assurance Software
(HAS) Product Module is installed. See Enabling/Disabling SFTP server (on page 50).
4 Save the file.
5 Restart the ProVision Server.
6 The ProVision SFTP server or FTP server is now enabled.
Updating private key

Follow these steps to update private key when host IPv4 address is changed.
Step Action
1 Open a Windows command prompt run as administrator on C:\ProVisionServer directory.
2 Run the script sftp-server-self-signed-cert-build.bat <IPv4 Address> in the root of the
ProVisionServer directory to generate a private key using IPv4 address provided.
For example: sftp-server-self-signed-cert-build.bat 10.16.1.21
The script will update the required self-signed certificate for the ProVision server.
3 Restart the ProVision server and SFTP server will now be operational with updated private
key.

Installing the ProVision Client

The client software must be installed on the server and on each of the client PCs. There are two
ways the client software can be retrieved/ installed onto a ProVision client PC.
• Using the downloaded ProVision installation files use the method described in Client
software installation procedure (on page 52).
• The ProVision client software can also be installed from the server using a web browser to
access and login to ProVision server. For more information, refer to Client Software
Installation from the Server (on page 54).
Note: Eclipse Portal is no longer installed by default with ProVision client software and must be
separately installed.
Prerequisites
• The ProVision server software is installed on the server computer.
• The client and server computers are on the LAN.
Note: Install any relevant client patches after installing the ProVision Client.
Client software installation procedure
Step Action
The file name for the ProVision client software is
ProVision-Client-Setup-vX.Y.Z-Build-xxx.exe,
where X.Y.Z is the ProVision release version and xxx is the release build number.
2 Using Windows Explorer, locate the installation files.
3 Run installer by right-selecting the file ProVision-Client-Setup-vX.Y.Z-Build-xxx.exe and
selecting Run as Administrator.
4 Click Open. For this first time installation, the License Agreement window displays.
5 Read the license details. To accept the license, click I Agree.

Step Action
6 Select the installation language.
7 Follow the installation instructions, accept all defaults, and install the client software in the
default location.
8 When the installation is completed, click Finish.
Note: Client software can be uninstalled. For more information, refer to Uninstalling ProVision
Client software (on page 58).

Client software installation from the Server
You can install a client from the Server, if required. You need to know the server’s IP address or
Hostname to access the ProVision client software.
Prerequisites
The ProVision server software must be installed before running this installation.
Procedure
Follow these steps to install the ProVision client software from the server computer.
Step Action
1 On the client computer open a web browser window.
2 In the Address text entry box, type:
https://<server IP address or hostname>
The ProVision web interface is displayed.
3 Click ProVision Client Download to download the ProVision Client Setup package.
4 Follow the installation instructions, accept all defaults, and install the client software in the
default location.
5 When the installation has completed, click Close.
Installing Eclipse Portal

Eclipse Portal application must be installed on the ProVision client when network contains Eclipse
devices.
Prerequisites
• The ProVision client software must already be installed on the client computer.
• Network contains Eclipse devices.

Eclipse Portal software installation procedure

Step Action
The file name for the ProVision client software is
ProVision-Eclipse-Portal-Installer-Setup-vX.Y.Z-Build-xxx.exe,
2 Using Windows Explorer, locate the installation files.
ProVision-Eclipse-Portal-Installer-Setup-vX.Y.Z-Build-xxx.exe and selecting Run as
Administrator.
4 For this first time installation, the License Agreement window displays.
5 Read the license details. To accept the license, click I Agree.

6 When a ProVision Client software installation is not detected the following message is
displayed.
Install ProVision Client and then install Eclipse Portal software again.
7 User has option to install Eclipse Portal support for Eclipse versions earlier than 08.01.36
which also installs Java 6.
Note: Java 6 is required mainly to support Eclipses that have been configured with
Strong security.

Step Action
8 When the installation is completed, click Finish.
Note: Eclipse Portal software will be removed if ProVision client is uninstalled. Eclipse Portal
software will be retained when an upgrade install of ProVision client is done then.
Uninstalling ProVision Server software

Prerequisites
Before you upgrade ProVision to a new version, you must uninstall the ProVision server software.
You also need to backup the database and export the topology. For more information, refer to
Migrating Topology (on page 125).
Warning: ProVision software can become badly corrupted if a reboot is requested during uninstall
but a new ProVision installation is completed before Windows is rebooted.

Procedure
Step Action
1 Close all ProVision client sessions.
2 Select Start > Programs > ProVision server > Uninstall ProVision. The Server Uninstall
confirmation window is displayed.
3 Select Uninstall.
4 When the process is complete, click Finish.
5 You may be prompted to reboot Windows to finish the uninstall.
This reboot can be completed later, but must be completed before beginning a new
ProVision installation: the reboot completely removes all past installation files.

Uninstalling ProVision Client software

When you are upgrading to a new version of ProVision software or upgrading to a new computer,
you need to uninstall the ProVision client software.
Step Action
1 Ensure there is no ProVision client session running on this machine.
2 Select Start > Programs > Client > Uninstall ProVision. The ProVision Client Uninstall
3 Select Uninstall.
4 When the process is complete, click Finish.
Standby Server Installation and Maintenance

This section describes the options and requirements for aspects of installation and use where
standby servers are installed.
See also Installing and Uninstalling the ProVision Redundancy Controller (on page 59).
Note: The Standby Server can be used in tandem with the Redundancy Controller. See Using
Both the Redundancy Controller and the Standby Server (on page 183).
Server location
The server locations are for each installation to decide based on a risk assessment. Some
customers will choose to locate both ProVision servers on the same site. More often, for improved
security, customers will locate the ProVision servers at different sites.
The main requirements when defining the server location are:
• That the DCN between both ProVision servers and the network elements is sufficient to
support communications.
• That the LAN or WAN network between the ProVision servers and ProVision clients is
sufficient to support communications.
• That there is a connection between the main server and the standby server, to allow backup
files from the main server to be saved on the standby server.
• If you want to use both the Redundancy Controller and the Standby Server, the Standby
Server must be installed on a server that is separate from the two Redundancy Controller
servers.

Northbound Interfaces (NBI)

Where both ProVision servers are using the NBI to communicate with one or more OSS systems,
the OSS systems should be configured to poll both ProVision servers. This is to detect any failure
and to provide the ability to switch between NBI feeds, either manually or automatically.
Data integrity
One ProVision server must be set up and maintained as the main server. All database changes
should only be done on the main server, including adding, renaming, deleting or re-parenting of
network elements.
The main server and the standby server should have database backups performed on a regular
basis. A database restore to the standby ProVision server should also be done, using the main
ProVision server’s database backup files, again on a regular basis. See About Managing and
Backing Up the ProVision Database (on page 137) for further details and instructions.
With these backups and data restores in place, if the main ProVision server fails or communications
access to the main NOC site goes down, then ProVision client users will be able to switch over to
the standby server and continue operation.
Switch over between servers

Both servers are independent of each other, as are the ProVision clients. This means that, where
more than one server is available, a ProVision client can log on to either ProVision server #1 or
ProVision server #2, or even into both at the same time.
Client users choose which server to log into as part of the login process. You should make sure that
your client users are aware of the standby server setup, and that they have the IP address or
hostname of the main server and the backup server, to use as required.
User security
ProVision user login details are stored in the ProVision server database. If data integrity is assured
by using regular database backups and restores, the same user login details will apply to both
ProVision servers.
Installing and Uninstalling the ProVision Redundancy Controller

The ProVision Redundancy Controller is a separate software module that enables standby server
management of your ProVision network. The ProVision Redundancy Controller module must be
installed after the main ProVision Server is installed.
Note: Before installing the Redundancy Controller, back up the ProVision server database.
Note: Users must have local administrator rights to install Redundancy Controller on Windows.
Note: The Redundancy Controller can be used in tandem with the Standby Server. See Using
Both the Redundancy Controller and the Standby Server (on page 183).
Note: ProVision Redundancy Controller is not supported by PostgreSQL database.
Note: ProVision Redundancy Controller is supported on ProVision Servers with IPv4 addresses
only.

Prerequisites and warnings ......................................................................................... 60
Installation of Redundancy Controller on Active and Dormant Windows servers ........ 60
Creation and installation of self-signed certificate for Peer ProVision servers............. 61
Setting up user names and passwords ....................................................................... 62
After installing the Redundancy Controller .................................................................. 62

Configuring ProVision Server to start as Active when Peer Windows servers reboot at
same time.................................................................................................................... 63
Uninstalling the Redundancy Controller ...................................................................... 63
Uninstalling the Redundancy Controller from Windows Servers ................................. 64
After uninstalling the Redundancy Controller .............................................................. 64
Prerequisites and warnings

Table 19: ProVision Redundancy Controller Software Requirements
Operating System Redundancy Controller

Windows 10 Yes
Windows 2012R2 Server Yes
Windows 2016 Server Yes
Windows 2019 Server Yes
• The Redundancy Controller needs to be installed on two separate ProVision Servers, known
as the Active and Dormant servers. The same version of ProVision Redundancy Controller
must be installed on both servers.
• The Active Server and the Dormant Server each must be set up with the same:
o ProVision Versions.
o License Capabilities. This includes Redundancy, NBI, node code, and other additional
licenses. See Licensing ProVision (on page 67).
o DCN Bandwidth and Latency. See DCN Bandwidth and Latency for the Redundancy
Controller (on page 170).
o Ports. See Network communication ports for firewalls (on page 23).
Warning: Redundancy Controller must be installed in root directory of Windows server.
Warning: Both servers must have their clocks synchronized for the Redundancy Controller
mechanism to operate correctly.
Warning: ProVision service commands (such as pv service stop) must not be used when
ProVision Redundancy Controller is installed and controlling ProVision services. If you need to use
ProVision service commands, the Redundancy Controller must be uninstalled and MySQL
replication must be turned off.
Warning: The Redundancy Controller requires a set of certificates to support the secure the
MySQL database communications between the active and dormant ProVision servers. A script is
provided to generate a set of self-signed certificates which is in the root of the Redundancy
Controller installation. See Installation of Redundancy Controller on Active and Dormant
Windows servers (on page 60) for details.
Installation of Redundancy Controller on Active and Dormant Windows servers

Step Action
1 Obtain the ProVision Redundancy Controller Installer file from the downloaded installation
files.
2 Log onto the Server that contains ProVision Server installation. Copy the
ProVisionRedundancyController_setup-vX.Y.Z-Build-xxx.exe file onto this server,
ProVisionRedundancyController_setup-vX.Y.Z-Build-xxx.exe and selecting Run as
Administrator.

Step Action
4 Select the language. The default is English. Then click OK.
5 to agree to the terms of the License, click I Agree.
6 Review the installation destination directory. Change this if required, then click Next.
7 The Redundancy Controller must link to the ProVision server directory on this Server.
Change the required ProVision directory if incorrect.
Note: A valid ProVision server installation must exist, otherwise this step will not
proceed.
Then, click Install.
The Redundancy Controller installation runs.
8 The Redundancy Controller installation will complete. At the end, click Finish.
The Redundancy Controller is now running as a Service and is configured to automatically
start whenever the Server is powered up. The service can be restarted or stopped from the
main Start menu item ProVision Redundancy Controller.
9 Repeat the above steps for the other ProVision server machine.
10 The Redundancy Controller is now installed and running on both Servers in a dormant
latched state.
11 Next, create self-signed certificates for peer ProVision servers. See Creation and
installation of Self-Signed Certificate for Peer ProVision servers (on page 61).
Note: OpenSSL is required to generate self-signed certificates for both Active and
Dormant servers (Peer servers) and also to create a secure tunnel between Peer
ProVision MySQL databases.
Creation and installation of self-signed certificate for Peer ProVision servers

Important: Script to generate certificates for local and remote ProVision server must only be run
from one of the Peer ProVision servers to ensure correct operation.
Step Action
1 Open a Windows command prompt run as administrator on
C:\ProVisionRedundancyController directory.
Caution: Windows server must be restarted if a command prompt is run as

administrator before script can be run to create self-signed certificate because
OpenSSL path won’t be detected until after Windows reboot.
2 Run the script build-redundancy-controller-server-certs.bat in the root of the
ProVisionRedundancyController directory and follow the instructions on the screen.
User will be asked to input the IP addresses for both the Peer ProVision servers.
Important: Script to generate certificates for local and remote ProVision server must
only be run from one of the Peer ProVision servers to ensure correct operation.
3 Enter the IP addresses of the network interfaces facing the peer redundant ProVision
server.

Step Action
4 The script will create the required self-signed certificates for both redundant servers and will
also create two directories in ProVisionRedundancyController directory called
newcerts-<Local IP address> of the local ProVision server and newcerts-<Remote IP
address> of the remote ProVision server.
Note: If the IP address of either local or remote ProVision server is changed then new
self-signed certificates will need to be created and installed for both local and remote
ProVision servers.
5 Copy the contents of newcerts-<Local IP address> directory into the local
ProVisionRedundancyController\jetty directory.
Warning: If directory is copied, instead of just the contents of the directory to

ProVisionRedundancyController\jetty, directory will stop Redundancy Controller from
operating correctly.
6 Copy the contents of newcerts-<Remote IP address> directory into the remote
ProVisionRedundancyController\jetty directory.
Warning: If directory is copied, instead of just the contents of the directory to

ProVisionRedundancyController\jetty, directory will stop Redundancy Controller from
operating correctly.
7 Restart both ProVision Redundancy Controller Windows servers on both local and remote
peer Windows servers.
The ProVision Redundancy Controller service can be restarted from the main Start menu
item ProVision Redundancy Controller.
Setting up user names and passwords

To use the Redundancy Controller, log in to the Redundancy Controller web page using a web
browser with a user name and password. The default user name and password is admin. To
change the password, log in and go to Redundancy Controller security (on page 177).
If using a Radius Server to manage user names and passwords, the hierarchy changes to the
following:
• Primary Radius server user name/password first if available. Login fails if user/password
incorrect.
• Secondary Radius server user name/password second [if configured] if available. Login fails if
user/password incorrect.
• Local user last [there is only one and it is admin]. This is only attempted if no connections can
be established with a Radius server.
After installing the Redundancy Controller

Step Action
1 The Redundancy Controller is installed and running on both Servers in a dormant latched
state. You must log in to each Redundancy Controller and configure it via its web browser
interface. See Logging in to the Redundancy Controller (on page 171).
Warning: This step is required to activate the Active server and finalize setting up the
Redundancy Controller.

Step Action
2 Configure the Redundancy Controllers Peer IP address correctly. See the example below
and the topic Redundancy Controller configuration screen (on page 175).
Note: For example, Redundancy Controller Server A IP address is 10.18.1.22 and

Redundancy Controller Server B IP address is 10.18.1.28. On Server A, set the Peer
IP address to be 10.18.1.28 and on Server B, set the Peer IP address to be
10.18.1.22. Clear the server latched checkbox and click the Apply button. The two
servers are now configured to communicate with each other.
3 Unlatch both servers by clicking the Unlatch button on the Redundancy Controller Status
screen.
4 The server that is going to be the Active server needs to be switched from dormant latched
to active by clicking the Switch button on the Active server Redundancy Controller Status
screen. See Redundancy Controller status (on page 172).
5 Log in with a ProVision client onto the Active server to check that the server is running
correctly. Clients can now connect to this server, but the Redundancy Controller operation is
not enabled or complete.
6 The Dormant server now resynchronizes with the Active server and loads a copy of the
database. The Dormant server then synchronizes the external files from the Active server.
7 The Redundancy Controller is now fully functional and replicating real time data for
ProVision. See Normal Operation of Redundancy Controller (on page 171).
Configuring ProVision Server to start as Active when Peer Windows servers reboot
at same time
Note: This configuration makes one ProVision server start up as Active server in case where
both peer Windows servers reboot at the same time. Usually both ProVision servers will start up
in Dormant state and will show acquiring peer heartbeat status until user switches one ProVision
server to be Active in Redundancy Controller Status screen.
Step Action
1 On ProVision server, open file redundancy_configuration.xml located in
C:\ProVisionRedundancyController\jetty\webapps\rc\WEB-INF\classes directory in a
text editor.
Note: We recommend creating a copy of redundancy_configuration.xml file as a

precaution in case of any issues so user can roll back to original version.
2 Change line <first_primary value='false'/> to <first_primary value='true'/>
Note: Change must only be applied to only one ProVision server Redundancy
Controller.
3 Save the file redundancy_configuration.xml.
4 Restart the ProVision Redundancy Controller. The ProVision Redundancy Controller service
can be restarted from the main Start menu item ProVision Redundancy Controller.
5 Now in the case where both Windows servers are rebooted simultaneously, such as when
Windows updates are applied, then configured ProVision server will start up as Active
server.
Uninstalling the Redundancy Controller

Caution: If uninstallation is required, uninstall the Dormant server first. This will prevent the
Dormant server becoming Active.

Uninstalling the Redundancy Controller from Windows Servers

Warning: ProVision software can become badly corrupted if a reboot is requested during uninstall
but a new ProVision installation is completed before Windows is rebooted.
Step Action
1 From the Start > ProVision Redundancy Controller menu, select and run Redundancy
Controller Uninstaller.
2 The Uninstallation wizard displays. Click Uninstall to start.
3 Click Yes on the warning that displays.
4 A message asks you to approve the Manual steps. Click OK.
5 Click Finish to confirm the uninstallation has finished.
6 Repeat the above steps for the other server machine.
You may be prompted to reboot Windows to finish the uninstall.
This reboot can be completed later, but must be completed before beginning a new ProVision
installation: the reboot completely removes all past installation files.
After uninstalling the Redundancy Controller

Once the Redundancy Controller has been uninstalled from both the dormant and active systems
as described above, the ProVision Server is not running.
The ProVision Server needs to be restarted on the active Server so that it is running as an
independent Service.
Log in with a ProVision client onto the active server to check that the ProVision Server is running
correctly.

Upgrading ProVision
Chapter 4. Upgrading ProVision

Upgrading is the process of installing a new version of ProVision over an earlier revision, while
retaining data and configurations.
This is documented in the ProVision Upgrade Guide. Refer to this guide for upgrade instructions
specific to your version of ProVision.

Licensing ProVision
Chapter 5. Licensing ProVision

This chapter covers ProVision licenses.
In this chapter
About ProVision Licenses ........................................................................................... 67
Licensing Procedures .................................................................................................. 69
About ProVision Licenses

A software license file needs to be applied to the ProVision Server to enable the software’s
capabilities. The license file mechanism supports two types of licensing; node (or node count)
licenses and feature licenses.
Node licenses
The ProVision solution packs group node licenses into a number of packages, each package
enabling management of a specific number of devices or specific network size.
ProVision solution packs include:
• ProVision software
• All node licenses
In general, each node count enables the system to manage a single device (or single Network
Element) with one IP address. For example a single Eclipse radio. The exceptions are some
trunking radios like WTM 6000 where each path has a node count of 1.
Synergy package
The ProVision Synergy package provides a ProVision installation with media warranty and free
software upgrades for 1 year. It is purchased as an add-on to the main solution pack.
When is a new license required?

If you have installed ProVision with your license from Aviat Networks, and you install an upgrade
later, you do not need a new license for the upgrade.
A new license is required if you need to enable a new function with licensed capability. These
functions may be added to an upgraded version. Review your product release notes for your
upgrade, and see the Featured Licenses section below.
Note: Licenses are required for Carrier Ethernet features.
Feature licenses
In addition to the standard ProVision license, users can acquire feature licenses to enable specific
functions in ProVision. They can only be acquired in addition to standard ProVision software/node
licenses.
Feature license License function

Clock Sync NHR Network Health Report covering Clock Sync performance, and
addition of Clock Sync configuration to the Link Report.
Clock Sync Visualize Discovery and visualization of Clock Sync distribution through
the network distribution view and configuration report.
EOAM Provisioning Provisioning of Ethernet OA&M MAs. Requires VLAN Visualize
and EOAM Visualize licenses.

Licensing ProVision

EOAM Visualize Discovery, visualization and diagnostics of Ethernet OA&M MAs
through the EOAM table and map views. Requires VLAN
Visualize license.
ERP Provisioning Provisioning of ERP rings. Requires all of the above VLAN,
EOAM and ERP visualize and provisioning licenses.
ERP Visualize Discovery and visualization of ERP rings through the VLAN and
EOAM tables and associated map views. Requires VLAN
Visualize and EOAM Visualize licenses.
Link Report Generation of Link Reports, covering configuration, performance
and capacity utilization of the radio links in the network.
ProVision Plus NBI ProVision Plus NBI that provides ProVision Plus to ProVision
device mediation.
Redundant Server (Redundancy Redundant Server provides database synchronization with
Controller) and Standby Server automated failover. Standby Server provides scheduled copying
of the database with on-demand failover.
SNMP Proxy NBI SNMP integration of event management and device state with
Network Management Layer systems.
SNMPv3 Advanced Security Access to >64 bit TDES, AES128, AES192, AES256 SNMPv3
privacy and authentication.
VLAN Provisioning Provisioning of VLANs. Requires VLAN Visualize license.
VLAN Visualize Discovery and visualization of VLANs through the VLAN table
and map views.
The device types in the table below are individually licensed. The licenses for these devices need to
be enabled in the product license file before you can access the associated functionality.
Cisco Deployment and management of all Cisco device types

supported natively. This excludes Cisco devices supported by
GDS packages.
Coriant Deployment and management of Coriant 7345, 8605, 8609,
8611, 8630 and 8660 device types.
This excludes Coriant devices supported by GDS packages.
CTR Deployment and management of Aviat CTR 8300, 8440, 8540
and 8611 device types.
WTM Deployment and management of Aviat WTM 3100, 3200, 3300,
4100, 4200, 4500, and 4800 device types.
Access to WTM 6000 does not require this license.
Note: A completed License Request Form (indicating the required features) must be supplied
when requesting a license file. This form is included in the Documentation folder with the product
distribution.
Trial evaluation license

A trial evaluation license can be requested from PV-Licensing@aviatnet.com , or by completing
the License_Request_Form.txt in the ProVision release media (see the Documentation directory).
When the evaluation period is complete, to continue to use the software, you have to obtain and
install a permanent license or request another evaluation license.
Beginning five days before the evaluation license expiries, each day the ProVision Manager
generates an event warning that the evaluation license is due to expire. The event can be viewed in
the main Event Browser or by right-clicking on the ProVision Manager icon and selecting
Event Browser from the popup menu displayed.

Licensing ProVision
Figure 11: License Expiry Warning Event
A critical event is generated on the day before the trial license expires. If the system does not find
an updated license file when the trial period has expired, all ProVision user sessions are closed,
and you cannot start a new session. The following message displays:
Figure 12: Evaluation License Expiry Message
Note: If you are using an evaluation license from a previous version of ProVision, the evaluation
license may or may not work with the newly installed version of ProVision. Contact Technical
Support for more information.
Permanent server license application

Installing a permanent or extended evaluation license enables ProVision to operate normally,
beyond the 60-day license trial period. You will also receive support from Aviat Networks. To apply
for a permanent server license, see Requesting a Permanent License (on page 70).
Licensing Procedures
This section covers the procedures for licensing ProVision.
Determining the Server’s IP address ........................................................................... 69
Requesting a permanent license ................................................................................. 70
Activating a ProVision Server license .......................................................................... 71
Determining the Server’s IP address

The ProVision server’s IP address is required for the following:
• Requesting a permanent license.
• Installing client software from the server.
• Logging on to a ProVision client session.

Licensing ProVision
Procedure
Follow these steps to determine the server’s IP address in a Windows system.
Step Action
1 On the server, select Start > Run. The Run window is displayed.
2 Type cmd in the dialog box and click OK. A command window is displayed.
3 At the prompt, type: ipconfig
4 The computer’s IP details are displayed.
5 Write down the IP address.

6 Close the window.
Requesting a permanent license

Step Action
1 Locate the license.txt file in Documentation directory of release files.
2 Fill in the required information.
3 Email this information to PV-Licensing@aviatnet.com. A license file is sent to you via
email within three working days.

Licensing ProVision
Activating a ProVision Server license

Use the license file from Aviat Networks, sent as an email attachment.
Procedure
Step Action
1 Select Start > ProVision Server > Command Window.
Note: Open the Command Window by right-clicking the Command Prompt item and
2 At the prompt, type: pv service stop
3 Press Enter. A message is displayed indicating the ProVision server has stopped. If a
window appears with the message “Do you want to allow the following program to make
changes to this computer?” click Yes.
4 Using Windows Explorer, copy the new license.xml file to the ProVision server folder.
5 To overwrite the old license file with the permanent license, click Yes.
6 In the ProVision command window, type pv service start

Licensing ProVision
Step Action
7 Press Enter. A message is displayed indicating the ProVision Server has started.
8 To start the ProVision client, select Start > Programs > ProVision Client > ProVision
Client.
9 To verify the new license is running, log in to ProVision and select Help > License Details.

Setting Up ProVision
Chapter 6. Setting Up ProVision

This chapter covers the main points to consider when setting up ProVision.
After the ProVision server and client PCs have been installed and configured, and the operating
system and ProVision software have been installed and licensed, you need to set up ProVision.
This section details the procedures to get ProVision running, enabling you and the NOC operators
to manage the network.
An overview of the steps for setting up ProVision is as follows:
• Install ProVision.
• License ProVision.
• Set up ProVision. Determine if this installation is an upgrade.
o Yes - Import the Topology file from the previous version.
o No - Set up the Network and enter the network/radio details.
• Set up user access and user accounts.
• Set up device security accounts.
• Set up the Northbound Interface.
• Set up database purging.
• Back up the database and export and save the Topology.
• Deploy devices and manage ProVision as described in the ProVision User Guide.
In this chapter
Prerequisites for Setting Up ProVision ........................................................................ 73
Workflow for Setting Up ProVision .............................................................................. 74
Changing SFTP/FTP Server Port ................................................................................ 75
Changing Syslog Server Port ...................................................................................... 76
Configuring for Multiple Network Card Systems .......................................................... 77
Configuring RADIUS authentication fallback to local user accounts ........................... 79
Prerequisites for Setting Up ProVision

This table provides details of the information required to set up ProVision.
Table 20: Setting Up ProVision Prerequisites
Prerequisite Description
Maps The map files required as backgrounds for the network, on the ProVision
user interface.
ProVision supports the following image formats:
• jpg
• gif (GIF87 and GIF89a)
You can use a search engine to find websites, which provide maps for
countries, regions, and cities that you can download and use in ProVision.
Copy the background maps into the ProVision maps directory:
\ProVisionServer\Maps
Network Topology If upgrading from ProVision 3, you can import the network topology file into
ProVision.
For a new network, you must have a plan of the network regions, sites,
racks, radios, and links to be deployed and managed in ProVision. This is
required to set up the network in the ProVision user interface and if
required service links between devices.

Prerequisite Description
Service Topology (optional) A list of the Services (logical groupings of devices) required and the
devices that are to be included in each Service.
List of the IP addresses of the The radio's IP address is required when deploying the radio.
radios to be deployed in the
network.
List of the users and their security Required to add new ProVision users.
group.
List of radio usernames and If a username and password has been physically set up in the radio, you
passwords. need to know what these are so you can enter the details into ProVision.
Northbound Interface To configure the Northbound Interface, you need the following:
• IP address of "north" computer
• Type of traps required
You also need to know if traps are to be sent and/or information sent to an
ASCII-based file on ProVision the server.
Database purging criteria You need to know how often the events and performance data are to be
deleted from the ProVision database.
Workflow for Setting Up ProVision

The workflow steps to set up ProVision to actively monitor and report on the radio network are
detailed in the table below. It is recommended that you proceed through these steps in the order
that they are listed.
Procedures Description Reference

Start an Admin ProVision client The setting up procedures are ProVision User Guide, Starting a User
performed via the ProVision user Session
interface which is opened for a user
session.
Change the Admin login For security purposes you must ProVision User Guide, Changing Your
password change the admin password. Password
Set up network If upgrading import the network ProVision Installation and Administration
topology file from ProVision 3. Guide
Deploying TNet proxy If the network contains TNET devices ProVision User Guide, TNet device
you need to ensure the TNET proxy deployment
and radio details imported into
ProVision match the details stored in
the proxy.
Note: For a new ProVision network, the order in which you set up the network is flexible and the following is a
recommendation only:
Update ports ProVision Installation and Administration
Guide, Setting Up ProVision (on page
73)
Add network containers ProVision User Guide, Deploying and
Managing Devices
Import background maps ProVision User Guide, Getting Started
Deploy, link (RF and Logical Optional but implemented by most ProVision User Guide, Deploying and
links), and manage devices users. Managing Devices

Procedures Description Reference

• Add logical containers Optional but implemented by most ProVision User Guide, Managing
• Create Scoreboard groups users. Events
• Set up prefilters
• Create customized Event
Browsers
Set up user accounts Required to use ProVision. Functions ProVision Installation and Administration
a user can perform are determined by Guide, User Account and Access
their security group. Control Procedures (on page 90)
Add ProVision Dart, Eclipse, and Only required for Dart, Eclipse, and ProVision Installation and Administration
XP4 radio security accounts XP4 radios with security enabled, to Guide, Device security accounts (on
allow access the radio’s diagnostics. page 104)
Add XP Web security accounts Only required for XP4 radios with XP Web applications online help
security enabled, to allow access the
radio’s diagnostics Via XP Web.
Set up Northbound Interface Required when events/traps are to be ProVision Installation and Administration
forwarded as northbound traffic for Guide, Northbound Interface (on page
fault management, or performance 223)
date is required for performance data
management.
Set up database purging This determines how often and what is ProVision Installation and Administration
purged from the database. Guide, Changing database purging
criteria (on page 146)
Backup the database After completing the ProVision set up, ProVision Installation and Administration
backup the database. Guide, Database Backup Procedures
(on page 140)
Export the network topology Saves the network objects and ProVision Installation and Administration
hierarchy to an.xml file. Guide, Exporting the topology (on
page 127)
Load the updated software for Only required for networks with ProVision User Guide,
the Eclipse radios Eclipse radios Loading/Activating new software and
licenses
Synchronize radio time Radio time and timezone need to be ProVision User Guide, Configuration
synchronized with ProVision time for profile reference
performance data and events to be
displayed correctly and for reports to
be able to compare data between
radios
Set up any generic devices Only required for networks with ProVision Installation and Administration
Generic Devices Guide, Generic Device Management
(on page 185)
Changing SFTP/FTP Server Port

These instructions describe how to change the SFTP/FTP Server Port for a ProVision server
installation. The default SFTP/FTP server port for the ProVision server is port 5555.
On some networks, this port is used by other backup software programs. Because of this, you can
change the ProVision SFTP/FTP server port, if required.
Note: SFTP is enabled by default but FTP can be enabled instead. See section
Enabling/Disabling SFTP Server (on page 50).

Warnings
• Aviat Networks recommends that you only change this port value if it is absolutely necessary.
• If any ports are changed on a Primary Server, you must also change the ports on the
connected Backup Server to match them.
• The ProVision SFTP/FTP server port number must be unique: it must be different from the
port numbers used by any other SFTP/FTP server operating on the same sever.
Change SFTP/FTP Server Port procedure

Step Action
1 Stop the ProVision Server using the appropriate command (see ProVision Commands (on
page 44)).
2 Change the value of the SFTP/FTP server in the server_configuration.xml file of the
ProVision server. This file is located at:
ProVisionServer\tomcat\webapps\ROOT\pv\templates.
3 Open this file and edit the value of the SFTP/FTP server port to the new port number e.g.
5556. Specifically, change the line <port>5555</port> to <port>5556</port>, as shown
below:
<sftp_ftp>
<secured>true</secured>
<port>5556</port>
</sftp_ftp>
4 Save the file.
6 The ProVision SFTP/FTP server port is now changed to the port that you assigned.
Changing Syslog Server Port

These instructions describe how to change the Syslog Server Port for a ProVision server
installation.
The default Syslog server port for the ProVision server is port 514. You can change the ProVision
Syslog server port, if required.
Warnings
• Aviat Networks recommends that you only change this port value if it is necessary.
• If any ports are changed on a Primary/Active Server, you must also change the ports on the
connected Standby/Dormant Server to match them. See About the Redundancy Controller
(on page 169).
• The ProVision Syslog server port number must be unique: it must be different from the port
numbers used by any other Syslog server operating on the same server.
Change Syslog Server Port procedure

Step Action
1 Stop the ProVision Server using pv_service stop command (See ProVision
Commands (on page 44)).
2 Change the value of the Syslog server in the server_configuration.xml file of the
ProVision server. This file is located at:

Step Action
3 Open this file and edit the value of the Syslog server port to the new port number, such as
5140. Specifically, change the line <trap_syslog_port>514</trap_syslog_port> to
<trap_syslog_port>5140</trap_syslog_port> as shown below:
<snmp>
<retry>1< <trap_syslog_port>5140</trap_syslog_port>
<trap_ingress_port>162</trap_ingress_port>/retry>


</snmp>
4 Save the file.
6 The ProVision Syslog server port is now changed to the port that you assigned.
Configuring for Multiple Network Card Systems

If you are installing ProVision for use with a system that has multiple network cards installed, you
need to make changes to the SNMP server interface and/or the Client interface.
Server interface and SNMP

When multiple network interface cards are used, and the SNMP and NBI traffic need to be sent out
from a specific network interface, you need to define the specific network interface for SNMP
connections. This is normally the interface facing the radio network.
Server interface definition procedure
Step Action
1 Stop the ProVision server using the appropriate command (see ProVision Commands (on
page 44)).
2 Edit the server_configuration.xml file of the server. This file is located at:
3 Open this file and add the value:
<interface>a.b.c.d</interface>
After the lines:


(Where a.b.c.d is the IP address of the network interface facing the radio network.)
4 Save the file.
5 Restart the ProVision server.
Client interface
When multiple network interface cards are used, the network interface used for Client interface may
need to be defined as using a specific network interface, normally the interface facing the ProVision
clients.
Client Interface Definition Procedure
Step Action
page 44)).
2 Edit the server_configuration.xml file of the ProVision server. This file is located at:

Step Action
3 Open this file and add the value:
<client_interface>a.b.c.d</client_interface>
After the lines


(Where a.b.c.d is the IP address of the network interface facing the ProVision clients.)
OR
Alternatively if the client interface address is IPv6,
Add the value
<client_interface>a:b:c:d:e:f:g:h</client_interface>
After the lines


(Where a:b:c:d:e:f:g:h is the IP address of the network interface facing the ProVision clients.)
4 Save the file.
ProVision configuration for IPv6 support

In case of multiple network Interface cards (NIC) with IPv4 addresses, client_interface needs to be
specified in server_configuration.xml.
In case of IPv6 addresses (single or multiple interfaces), the client_interface always needs to be
specified.
The table below indicates the cases where client_interface needs to be specified:
Table 21: ProVision Configuration for IPv6 Support
Server Client Single NIC card Multiple NIC cards Primary & Standby Servers
Machine Machine on server on server
single NIC card multiple NIC cards
IPv6 only IPv6 only yes (IPv6) yes (IPv6) yes (IPv6) yes (IPv6)
IPv6 only IPv6 & IPv4 yes (IPv6) yes (IPv6) yes (IPv6) yes (IPv6)
IPv6 & IPv4 IPv4 only yes (IPv6) yes (IPv6) yes (IPv6) yes (IPv6)
IPv6 & IPv4 IPv6 & IPv4 no yes (IPv6 or Pv4) no yes (IPv6 or Pv4)
IPv6 & IPv4 IPv4 only no yes (IPv4) no yes (IPv4)
IPv4 only IPv6 & IPv4 no yes (IPv4) no yes (IPv4)
IPv4 only IPv4 only no yes (IPv4) no yes (IPv4)
Redundancy Controller
If multiple network interface cards are used when using Redundancy Controller it is possible to
force the Redundancy Controller to use a specific Network Interface.

On Windows
Add a system variable jetty.host and give it the value of IP address of network interface card
required.
Figure 13: Adding new system variable example
Configuring RADIUS authentication fallback to local user accounts

These instructions describe how to change the RADIUS authentication configuration to fallback to
using local user accounts on authentication failure or any fault or failure.
Follow these steps to configure RADIUS authentication fallback behavior.
Step Action
1 Stop the ProVision server using the appropriate command (see ProVision Commands).
2 Edit the server_configuration.xml file of the ProVision server with a text editor. This file is
located at: ProVisionServer\tomcat\webapps\ROOT\pv\templates
3 Open this file and edit the value:
<fallBackToLocal>false</fallBackToLocal>
Change from false to true
So line will look like
<fallBackToLocal>true</fallBackToLocal>
Note: When set to true, any fault or failure will use local user accounts. When set to
false (default) any authentication failure will still use RADIUS server for authentication.
All other RADIUS connection faults will use local user accounts but only after all
connection attempts are exhausted.
4 Save the file.
5 Restart the ProVision server to apply the configuration.

Access Control
Chapter 7. Access Control

This chapter covers access control.
In this chapter
Introduction ................................................................................................................. 81
Strong Security............................................................................................................ 82
Eclipse Single Sign On and Strong Security ............................................................... 85
ProVision User Security Profiles.................................................................................. 86
User Account and Access Control Procedures ........................................................... 90
Enabling a RADIUS Server ....................................................................................... 117
Updating Eclipse RADIUS Authentication Settings ................................................... 120
Introduction
Access control can be used to:
• Add users
• Change a user's security group
• Change a user details or password
• Delete users
• Lock users from the application
• Add radio security
ProVision user access

Security groups control access to ProVision functions. A security group defines the group of
functions to which a user has access.
At least one Administrator user must exist at all times. Part of an administrator's role is to create
ProVision user accounts and associate each account with at least one security group. The user
account inherits the access control defined by the security groups to which it belongs. A user
account can belong to different security groups, and these groups control their access to the
ProVision functions.
Before a user can start ProVision, they must have a username and password. When the user logs
in, ProVision validates the username and password before starting the ProVision interface.
A security log records user activities such as logging in, logging out and changing passwords. Only
the administrator has access to the security log.
Device security access

Note: The requirement for radios to have username and password access enabled is determined
by your company's security policy requirements.
ProVision enables users to view device security accounts for all devices. Some devices can have
their security edited as follows:
• Eclipse devices can be set with two sets of passwords so that Portal Engineer users and NOC
Operator users have separate access, even within the same device.
• CTR 8300, CTR 8540 and WTM 4000 devices can be set with passwords.
• Username and password combinations can be set for individuals or groups of devices, if the
groups of radios are of the same type. (For example, a group of Eclipse radios can all have
the same username and password.)

Access Control
• Generic Devices and some other devices, can have their SNMP security and associated
passwords changed.
For more details, see Device security accounts (on page 104).
Strong Security
Strong security options are designed to meet market requirements for secure access to network
equipment and secure delivery of customer’s traffic - they are designed to prevent unauthorized
access and interference from hackers. These options are licensed.
Eclipse strong security ................................................................................................ 82
CTR 8540 and CTR 8300 strong security ................................................................... 82
About Secure Management......................................................................................... 82
About RADIUS client ................................................................................................... 83
About payload encryption ............................................................................................ 84
Update ProVision server self-signed certificate ........................................................... 84
Eclipse strong security

Strong security requires Eclipse software version 5.3 (5.3.xx) or later.
FIPS security requires Eclipse software version 8.0.0 or later.
Note: SNMPv3 is not enabled with SW release 5.3. SNMPv2 (non-secure) must be used in the
interim.
• About Secure Management (on page 82) - secures management access, configuration, and
control.
• Setting SNMPv3 security access (on page 112) - secures SNMP access to devices.
• About RADIUS client (on page 83) - (Remote Authentication Dial In User Service) supports
centralized access control to Eclipse radios.
• About payload encryption (on page 84) - encrypts all traffic carried by the radio.
CTR 8540 and CTR 8300 strong security

Strong security requires CTR software version 3.6 or later.
• About Secure Management (on page 82) - secures management access, configuration, and
control.
• Setting SNMPv3 security access (on page 112) - secures SNMP access to devices.
• Update ProVision server self-signed certificate (on page 84) - enables software loading
and configuration restore to work.
About Secure Management

Secure Management is about ensuring network management for an Eclipse device, or network of
Eclipse devices is held secure from unauthorized access.
In many networks this is not considered a problem because the network management Data
Communication Network (DCN) is isolated from the internet. However, security breaches can be
just as threatening from within private networks as they are over public networks that give hackers
an ability to access network devices, change configuration settings, and cause malicious service
interruptions.
Secure management requires co-operation between the equipment under management (devices)
and the management equipment, in this case the Portal craft tool and the ProVision EMS (or other
authenticated management system). This is achieved through use of secure, encrypted
communication protocols, a requirement for complex passwords, and protection against
mechanized attacks. Communication encryption is based on a FIPS140-2 validated algorithm.
Access Control
• Secure access & control of the radio so no one can tamper with it locally or remotely. It does
not include a RADIUS capability, therefore user accounts can only be managed locally. A
RADIUS client license must be purchased in order to perform remote user account
authentication & management.
• When secure management is implemented, only secure versions of the protocols are allowed
to access the NMS port; TLS/SSL on portal physical connections, HTTPS for software
downloads.
• User selectable encryption cipher suites apply to the Portal connection. Selection is enabled
only at the crypto manager level. Suites include:
o CFB-AES-128
o CFB-AES-192
o CFB-AES-256
o CBC-3DES
o CBC-DES
• Key negotiation is managed under TLS/SSL.
• SNMPv3 is used to secure NMS communication connections.
• SNMPv3 ensures that communication with ProVision is held secure, and with all other
SNMPv3 compliant management systems. HTTPS is used on software downloads.
Note: SNMPv3 is not enabled with SW release 5.3. SNMPv2 (non-secure) must be used in the
interim.
Warning: If Strong Security is enabled for Eclipse, then the SNMP user that is used by ProVision
must have a Crypto access level in Eclipse SNMP User Accounts for ProVision to operate correctly.
Warning: If Strong Security is enabled for Eclipse, Backup and Restore options are not available
from the File menu. This is a known limitation.
Warning: Before deploying or enabling SNMPv3 on a device, ensure that the date and time of the
device matches the ProVision server date and time. If device time is adjusted after deployment or
device is connected to NTP time server then ProVision can lose communication with the device until
the ProVision server is restarted.
After a secure session between a user and the radio has been established, the user is required to
supply a valid username and password (user authentication) before any further access is granted.
Multiple security levels are provided for user read/write access, ranging from security manager write
access at the top, to read-only at the lowest level.
On the radio, all configuration data, event logs and performance data files are encrypted.
About RADIUS client

RADIUS is a client/server protocol that provides centralized authentication, authorization and
accounting (AAA) management for network devices.
RADIUS allows the user to maintain user accounts authentication & management in a central
location rather than in each individual node.
The RADIUS client is loaded into an Eclipse radio as a software feature upgrade. It allows the node
to interface with a user's RADIUS server.
• A RADIUS remote server provides centralized management of authentication data for user
names, passwords, and access permissions.
• RADIUS ensures secure and controlled access to Eclipse devices from Portal and ProVision,
or other authenticated management platforms.
• RADIUS ensures that NOC and field users have consistent access privileges throughout the
network, using a common set of user credentials.

Access Control
• When a user attempts to login to a RADIUS client, such as an Eclipse radio, the radio sends
the authentication request to the RADIUS server. Communication between the RADIUS client
and the RADIUS server is authenticated and encrypted.
• The RADIUS server function is provided within the ProVision server or from a dedicated
RADIUS server.
• The RADIUS server accounting database maintains a log of all requests, access times and
durations.
• RADIUS client can be used with or without Eclipse secure management.
About payload encryption

Payload encryption is an option on RAC 60/6X radio links to prevent eves dropping and
man-in-the-middle attacks. All payload data is encrypted - all user traffic and all management
overheads.
Traffic can include Ethernet, DS1/E1, DS3, OC3/STM1, or any mix up to the max capacity allowed
by the capacity license.
It checks the integrity of each data frame sent over the link to ensure that received data has been
sent by the intended transmitter. If it detects that received data has been modified
(man-in-the-middle attack), then received data is replaced with AIS.
Operation is FIPS-197 compliant, and can be enabled/disabled independently for each wireless link
from an INU.
Encryption selection and cipher key management is enabled at the security manager level.
Features include:
• AES-CCM cipher suite includes AES counter mode data encryption and CBC-MAC data
integrity validation.
• Encryption is with 128, 192, or 256-bit symmetric keys.
• Each link has a randomly generated encryption key. Diffie-Hellman is used for key agreement
between each side of the link.
• A user configurable key change option specifies the maximum time a particular key can be
used. Key change is errorless.
• A user-configurable Group ID for key generation ensures that only radios that belong to the
group can negotiate an encryption key.
• Payload encryption is enabled independently of Secure Management and RADIUS Client.
Note: The default configuration encryption password that is used during configuration backup
when strong security is enabled is ProVision123.
Note: Not all features are supported on the 5.3 software release. Check the Software release
notes or contact the Help Desk for details.
Update ProVision server self-signed certificate

Warning: ProVision server self-signed certificate must be updated when CTR is in Strong Security
mode else software loading and Configuration restore to CTR devices will not work.
Note: ProVision currently only supports networks with CTR 8540 and CTR 8300 deployed using
IPv4 addresses.
Note: ProVision does not currently support networks with CTR 8540 and CTR 8300 deployed
using IPv6 addresses.

Access Control
Update procedure
Follow these steps to update self-signed certificate to add ProVision server IP address of network
interface facing CTR network.
Step Action
page 44)).
2 Open a command prompt running as administrator in directory ProVisionServer\tomcat\conf
3 Run command:
generate_keystore.bat <PV server IP address>
Where <PV server IP address> is the IP address of the ProVision server network interface
facing the CTR devices. This is the same network IP address configured in ProVision via
Configuration > Software Loading Preferences.
Use ProVision server IPv4 address if CTRs are deployed in ProVision with IPv4 addresses.
Use ProVision server IPv6 if CTRs are deployed in ProVision with IPv6 addresses.
Eclipse Single Sign On and Strong Security

About single sign on for strong security
To facilitate Strong Security for devices, ProVision notes the users' security levels when they log in.
This is called a Single Sign On (SSO) mechanism. These SSO credentials enable the user to log in
automatically to Eclipse Portal, Configuration Backups, and Software Loading at the appropriate
level.
The default configuration encryption password that is used during configuration backup when strong
security is enabled is ProVision.
Note: SSO credentials are encrypted and only saved during the session; they are deleted when
the user logs out. Also, for Eclipse Portal, SSO is only active for devices with Eclipse 5.3 and
later installed: devices with earlier versions need to be managed as device security accounts.
See Device security accounts (on page 104).
SSO authentication matrix

The table below shows the different radio firmware and configurations and which credentials SSO
will use when authenticating for specific operations.
Note: For all items marked with * the Eclipse embedded system has 2 default user accounts,
NOC Operator and NOC Engineer; passwords for these user accounts can be stored in and will
be used for authentication AAA Server enabled devices. Also, all failed logins raise a failure event
in ProVision.

Access Control
Table 22: SSO Credentials for Authentication with Eclipse
Function No security Firmware Basic security Strong/FIPS RADIUS enabled in

enabled (All versions security enabled ProVision
Eclipse <5.3 (No RADIUS) (with or without
firmware Strong/FIPS Security)
versions)
Portal login N/A Locally Locally stored Locally stored Standard ProVision
stored credentials if credentials if user credentials. If
radio defined.* defined.* fails, Portal login
security If there are none, If there are none, screen displays.
accounts* standard ProVision standard ProVision
user credentials are user credentials are
used. If fails, Portal used. If fails, Portal
login screen login screen
displays. displays.
Software N/A N/A Locally stored Locally stored Standard ProVision
loading credentials if credentials if user credentials.
defined.* defined.*
If there are none, If there are none,
standard ProVision standard user
user credentials are credentials are
used. used.
Configuratio N/A N/A Locally stored Locally stored Standard ProVision
n restore credentials if credentials if user credentials.
defined.* defined.*
If there are none, If there are none,
standard ProVision standard ProVision
user credentials are user credentials are
used. If fails, a used. If fails, a
message displays. message displays.
Configuratio N/A N/A Locally stored Locally stored Use the locally stored
n backup device credentials if device credentials if “Authenticated
defined.* defined.* Background Task
Credentials” encrypted
and store in the
ProVision database.
ProVision User Security Profiles

The table below describes the ProVision security profiles and the function access levels associated
with each profile. See Setting Eclipse device security values (on page 106) for instructions on
specific device security, and Creating ProVision user accounts (on page 90) for instructions on
assigning security profiles to users.
• RW = Read/write access
• RO = Read-only access
• Full = Function is normally read-only
• ‘--’ = No access
Table 23: Security Profiles and Function Access Levels
Function View Maintenance Configuration Upgrade Admin Security

Administer Device - - RW - - RW
Security Accounts
Administer - - - - RW -
ProVision
Security Accounts
Access Control

Administer - - - - - RW
RADIUS Security
Application FULL FULL FULL FULL FULL FULL
Launch /
Configure
Bandwidth FULL FULL FULL FULL - -
Utilization
Circuit View FULL FULL FULL FULL - -
Circuit Data - - RW - - -
Collection
Circuit - RW RO - - -
Diagnostics
Circuit Renaming - - RW - - -
Collection - - RW - - -
Preferences
Commissioning / - - RW - - -
Decommissioning
CTR 8500/8300 Need to log Auto login with Auto login with - - -
Launch Browser in manually Device Login Device Login
Credentials Credentials
CTR 8500/8300 Need to log Need to login Need to login - - -
Launch in manually manually manually
CLI(Telnet)
CTR 8500/8300 Need to log Auto login with Auto login with - - -
Launch SSH in manually Device Login Device Login
Credentials Credentials
Delete Circuits - - RW - - -
Provisioning - - RW - - -
Client RW RW RW RW RW RW
Subscription
Clock Sync FULL FULL FULL - FULL -
Diagnostics
Configuration - - RW - - -
Profiles
Configure NBI (All RO RO RW RO RW -
NBI)
Configure Viewer FULL FULL FULL FULL - -
Craft Tool Launch RO RW RW RW - -
Database Backup - - RW - RW RW
– Manual
Database Backup - - - - RW -
– Scheduled
Database Purging - - RO RO RW -
Deploy Device - - RW - - -
Device - - RW - - -
Configuration
Backup
Device - - RW - - -
Configuration
Restore
Device RO RW RO - - -
Diagnostics

Access Control

Device RO RW RW RW - -
Maintenance
Eclipse License - - RW RW - -
Loading
Eclipse Portal RO RW RW RW - -
access – Using
local NOC
Engineer
credentials
Eclipse Portal RO RO RO RO - -
access – Using
local NOC
Operator
credentials
Eclipse Portal - - - - RW -
Locking – Feature
Enabling
Email - - - - RW -
Configuration
Event Browser / FULL FULL FULL FULL FULL FULL
Scoreboards
Clear Events - RW RW - - -
Acknowledged RW RW RW RW - -
Events
Event Notification RO RO RW RO RO RO
Event Pre-Filter RO RO RW - - -
ERP Provisioning - - RW - - -
EOAM RO RW RW - - -
Diagnostics and
Provisioning
Generic Device - - RW - - -
Management –
Package
Management
Help FULL FULL FULL FULL FULL FULL
Logical RO RO RW RO RO RO
Containers
Manage / - - RW - - -
Unmanage
Map view RO RO RW RO RO RO
(Unlock, /Change
Background)
Network Auto - - RW - - -
Discovery
Notification RW RW RW RW RW RW
Preferences
Object - - RW - - -
Management
(Deploy, Delete,
Rename,
Reparent, Link)
Performance RO RW RW RO - -
Collection –
Enable / Disable

Access Control

Performance RW RW RW - - -
history, trends,
reports
Performance RO RO RW RO - -
Thresholds
Reports FULL FULL FULL FULL FULL FULL
Deleting Help - - RW - - -
Desk Reports
Search Object FULL FULL FULL FULL - -
Security Log - - - - - RW
Server - - - - RW -
Redundancy
Sleep / Wake RO RW RW RW - -
Software Loading - - - RW - -
Software Loading - - - RW - -
Preferences
Software Table RO RO RO RW - -
Task RO RO RW RW
Management
(SW Tasks Only)
Topology Export FULL FULL FULL FULL - -
Topology Import - - RW - - -
View / Modify IP RO RO RW RO - -
Addresses
View / Modify RW RW RW RW RW RW
Own Security
Details /
Password
Viewing FULL FULL FULL - - -
discovered
VLANs
Viewing VLAN FULL FULL FULL - - -
configuration
details
Identifying and RO RO RW - - -
resolving VLAN
faults
Creating a VLAN - - RW - - -
Modifying a VLAN - - RW - - -
Validating VLAN - - RW - - -
configuration
Deleting a VLAN - - RW - - -

Access Control
User Account and Access Control Procedures

This section covers the user account and access control procedures.
Access control prerequisites ....................................................................................... 90
Creating ProVision user accounts ............................................................................... 90
Changing a ProVision user account ............................................................................ 94
Deleting a ProVision user account .............................................................................. 96
Searching user accounts ............................................................................................. 97
Exporting user accounts .............................................................................................. 98
Changing security login policies .................................................................................. 98
Managing user security policy ..................................................................................... 99
Managing user sessions............................................................................................ 101
Locking Eclipse Portal Write Access from ProVision ................................................. 102
Viewing the security log............................................................................................. 104
Device security accounts........................................................................................... 104
Access control prerequisites

For ProVision, the following prerequisites and dependencies must be in place before you can set up
access control.
• ProVision must be installed and running.
• You need to log in with an administrator-level user name and password. Only
administrator-level users can update user accounts and access control.
• You must have user names and passwords for ProVision users. To set up access control for
each user, you must have the following information:
o User Name
o Contact Details
o Default password
• If required, you must have any specific radio security user names and passwords.
Creating ProVision user accounts

Each ProVision user must be assigned a user account. A user account includes:
• Unique login user name and password
• Region Access control defines which regions and devices in the network the user can see
and edit. If no values are set, the user has access to ALL regions and devices in the network.
• User security profiles. A user can belong to more than one security profile. In addition, this is
a useful location to store phone numbers and email address information for a user.
Administrator level users can manage the requirements for ProVision passwords using the
security_policy template in the ProVision Server program files. In this template, the administrator
can change the values to customize password and user name requirements.
Caution: Only a user with the Administrator profile enabled can make changes to user accounts.
Note: The first user available immediately after installation is the default administrator; all other
users need to be created. When the default administrator first logs in, only Administration
functions are enabled for them; further functions need to be added using the following procedure.

Access Control
Procedure
Follow these steps to create a user account.
Step Action
1 Select Administration > ProVision User Accounts. The ProVision User Accounts window
displays, with the status of each user account.
2 Click Create. The Create User window is displayed.
In the General tab, enter the user details:

• User Name - First and last name of the user. This value is case-sensitive.
• Email Address - Email address of the user.
• Session Timeout - If this user is logged in without any activity for this amount of
minutes, they will be logged out automatically. Only Administrator-level users can set
this value.
• Maximum Password Age - Sets the maximum age in days of the password for this
user. When this value is used, user is notified that their password is nearly expired or
expired, and is prompted to reset the password.
• Maximum Sessions - The maximum number of ProVision Client sessions this user can
have open at one time.
• Contact Details - Additional contact details, including phone numbers, location
addresses, and Skype or other communication IDs.
• Suppress Email Notifications - Check this box if this user should never receive email

Access Control
Step Action
notifications about events.
3 Select the Security Profiles tab.
4 Select checkboxes to enable ProVision functions for this user. Options are defined below.
5 Select OK. Then click on the Regional Access tab.
6 Select checkboxes to enable this user to access specific regions and devices within the
network. Then, click OK.
Note: If no values are set, the user has access to ALL regions and devices in the
network.

Access Control
Step Action
7 Click Change Password. The Change Password window is displayed.
8 Type a password in the New Password field.
Note: Password must not contain username or more than two consecutive letters of
username in order or username in reverse order.
9 Re-type the password in the Confirm New Password field. Click OK.
10 To close the ProVision User Accounts window, click Close.
Note: The original 'admin' user can be deleted, but there must always be at least one user with
Administration functions enabled.
Table 24: Security Profile Values
Security profile Functions

View User can view data in ProVision. This does not enable any data editing.
Maintenance User can view data and set maintenance controls on devices.
Configuration User can view data and change device / ProVision configuration parameters.
Does not include security, administration, or software loading privileges.
Upgrade User can view data and perform software upgrades on the network.
Administration User can view data and perform database administration and ProVision user
account administration tasks. A default administration user will be created by
the system when ProVision is first installed.
Note: At least one Administration user must ALWAYS exist and be

unlocked at all times.
Security The security user is only responsible for configuring and enabling the
information needed to integrate with a RADIUS server and to view Security
logs.
To help users of previous versions of ProVision, below is a table comparing the new Security Profile
values with previous user levels.
Table 25: Current and Past ProVision User Security Comparison
Security profile Past user level Comments

View NOC Operator A very limited access level, “read only” access to
devices and the ProVision database ability to generate
reports.

Access Control
Security profile Past user level Comments

Maintenance Portal Engineer View-only + Ability to set maintenance controls on
devices.
Configuration NOC Engineer Administrator View-only + Ability to change device /
ProVision configuration parameters except security /
administration parameters. Similar to past NOC
Engineer excluding software loading privileges.
Upgrade NOC Engineer View-only + Ability to perform software upgrades on the
Administrator network. Similar to the software loading privileges of the
past NOC Engineer user level.
Administration Administrator View-only + Access is limited to database
administration and ProVision user account
administration tasks.
Security Administrator The security user is only responsible for configuring and
enabling the information needed to integrate with the
RADIUS server.
Changing a ProVision user account

The following items can be changed in a user account:
• Contact Details - user's details change.
• Password - user cannot remember password or it is known to other users.
• Lock/Unlock the Account - person on holiday or temporarily away
• Change the Regional Access and/or security profiles - user promoted or requires greater
functionality.
You can also export a list of all users as a .CSV file.
Procedure
Follow these steps to change user account details.
Step Action
displays.
2 Highlight the user whose details you want to view/change.

3 Click Properties. The User Properties window is displayed. Make changes as required. See
Data Change Procedures after this procedure.
4 To export the list of all users as a .CSV file, click Export Users. Save the file in the desired
network location.
Access Control
Step Action
5 To close the User Properties window, click OK.
6 To exit the User Accounts window, click Close.
Table 26: Data Change Procedures
Data change Procedure

General details Select the General tab and make the required changes.
Password Click Change Password.
In the Change Password dialog box, type the new password, then reconfirm
by typing it again.
To save the new password and exit the dialog box, click OK.
Note: Password must not contain username or more than two

consecutive letters of username in order or username in reverse order
Account Status Select the required status, locked or unlocked, from the Status drop down
menu. Only Administrators have access to locked or unlock user accounts.
Regional Access Select the required regions and/or devices in the regions by clicking on the
check boxes.
You can apply one user's Regional Access settings to other users via the
Apply to Other Users button.
Security Profiles Select the Security Profiles tab and make the required changes.
Password must not contain username or more than two consecutive letters of username in order or
username in reverse order

Access Control
Deleting a ProVision user account

If a user is no longer using ProVision, you can delete the user’s account.
Step Action
1 Select Administration ProVision User Accounts. The ProVision User Accounts window
displays, with the status of each user account.
2 Highlight the user you want to delete.
3 Click Delete. The user is deleted from the system and from the User Accounts window.
Warning: There MUST always be at least one Admin user.

4 To exit, click Close.

Access Control
Searching user accounts

User accounts can be searched/filtered by username only.
Step Action
is displayed.
2 Enter the username or part of username you want to search for in Filter.
Note: The name you enter in Filter is case sensitive.

3 As you type username a list of users are immediately filtered by information entered.

Access Control
Exporting user accounts

User accounts can be exported to a CSV file.
Step Action
is displayed.
2 Click Export Users and enter exported user accounts filename. You can browse to another
file location if required.
3 Click Save and user account information is exported to a .CSV file.
Changing security login policies

Administrators can access a file that enables them to change ProVision login policies. This file,
security_policy.xml, is in the ProVision Server directory.
From this file, administrators can edit:
• Minimum password length
• Minimum user name length
• Requiring passwords to have capital letters, alphanumeric characters, or special characters
(such as punctuation)
• The number of log in retries allowed (for example, 3)
• A log in welcome message
• A password policy message
Procedure
Follow these steps to manage security policy.
Step Action
1 Before you make changes to the security policy, stop the ProVision Server using the
appropriate command (see ProVision Commands (on page 44)).
2 The security_policy.xml file is at the file location:
ProVision\Server\tomcat\webapps\ROOT\pv\templates

Access Control
Step Action
3 Navigate to it using the Command line or Windows Explorer. Open the file using an XML
editor or NotePad.
4 Make the changes for the login policies, as described in the table below.
5 Save and close the file. The login policies will be applied for all users of this installation.
Table 27: Login Policies
Policy Value in XML file

Password length <password>
<length min='# max='#/>
User name length <username>
<length min='#' max='#'/>
Password text <required-characters chars='_#-=' num='YES/NO'
requirements caps='YES/NO'/>
# of retries allowed <login retries='#'/>
Welcome message Edit this text as required between the <html> tags. An example is
provided below.

Password policy message A default message is output if username or password does not meet
security policy. Message also indicates minimum password
requirements.
Password expiry This is used only if password aging is enabled for a user.
notification in days <expiry nearly-threshold='5'/>
Managing user security policy

Administrators and users with the Security profile can change the ProVision login policies using the
User Security Policy screen. The initial values displayed on this screen come from the
security_policy.xml file. See Changing security login policies (on page 98) for more
information.
The details saved on this screen override those in the security_policy.xml file.
Procedure
Follow these steps to manage user security policy.
Step Action
1 In the Administration main menu, select User Security Policy.

Access Control
Step Action
2 The User Security Policy screen displays. See list below for field definitions and usage.
3 Make any changes as required.

4 Click OK. The changes take effect immediately.
Table 28: User Security Policy screen fields
Field Description
Min Minimum allowed length of the Username or Password (values 1 - 40).
Max Maximum allowed length of the Username or Password (values 1 -
40).
Invalid Characters that are not allowed to be used in the Username or
Password.
Required Characters (at least one) that must be used in the Username or
Password.
Caps Select the checkbox if a capital must be used in the Username or
Password
Number Select the checkbox if a number must be used in the Username or
Password.
Warn Password Expiry: # The number of days prior to password expiry when user starts getting
days before the warning.
Lock account after: # login The number of invalid login attempts after which the account is locked.
failures
Post login message Enter a message that will appear every time a user logs in. This field
accepts most HTML tag. For example, <font color="red">.

Access Control
Managing user sessions

ProVision Administrators can manage the logged in sessions of other ProVision users.
Administrators can log out other users. This improves security and enables better use of system
resources.
It also provides options for managing users when Administrators change regional access control.
Administrators now have the option of logging out users whose regional access control is affected
by region changes; logging users out enables the regional access changes of the logged out user.
See Changing a ProVision user account (on page 94) for more information.
Procedure
Follow these steps to manage a user session.
Step Action
1 In the Administrator menu, select Session Manager.
2 The Session Manager screen displays. It includes:
• User - User names
• IP Address - IP address where user is logged in
• Login Time - Time when user logged in
• Latency - speed of access, the speed is accurate to the nearest millisecond
3 To log out a user, select them and click Terminate.

4 A confirmation message displays:
5 You have two termination options. Click the one that you require:
• Terminate and Lock User - Terminates the user's client session and also locks them
out of ProVision until the administrator restores access.
• Terminate - Terminates the user's client session.
6 The user is terminated using the option you have selected.

Access Control
Step Action
7 If a user is being logged out by the administrator, this message appears in their ProVision
Client screen:
8 If a user is being logged out by the administrator due to a regional access change, this
message appears in their ProVision Client screen:
Locking Eclipse Portal Write Access from ProVision

Introduction
From ProVision, Administrator level users can lock and unlock Eclipse Portal at the network level.
Locking Eclipse Portal means that only ProVision users with write access can unlock access to
Portal, giving local Portal users configuration access.
Note: Eclipse Portal Access write locking only locks Portal for Eclipse devices that have Eclipse
software version 5.1 or higher.
Procedure
Follow these steps to manage Eclipse Portal locking.
Step Action
1 Log into as an administrator.
2 Select Administration > Eclipse Portal Locking. The Eclipse Portal Locking screen
displays.
3 To enable the Portal Lock feature, select the checkbox. This locks Eclipse Portal for all
Eclipse devices that have software 5.1 or higher. Then, click Re-apply.
4 To disable the Portal Lock feature, clear the checkbox.

Access Control
Step Action
5 To unlock Eclipse Portal for specific Eclipse devices, go to the device in the Tree Viewer.
Right-click on the device. In the right-click menu, go to the Sleep option. You can select a
checkbox to Allow Eclipse Portal Write Access. This enables the write access for this
Eclipse device only.
6 To check on the Eclipse Portal locking status for an individual device, mouse over it and
read the mouse-over tooltip. This tooltip includes the name of the user who locked Portal.
To check on the Eclipse Portal locking status for all devices, go to the Fault menu and
select Device Maintenance. This screen shows the Eclipse Portal Locking status for all
devices in sleep mode.
Eclipse Portal Locking status options are:

• Locked - Device has Eclipse Portal Locking active.
• Lock Failed - This device can be locked but the most recent lock attempt failed. will
automatically try to relock it every 30 minutes.
• Unlocked - Device has Portal write access for users.
• Unlock Failed - This device can be unlocked but the most recent unlock attempt failed.
• Unsupported -This device has a version of Eclipse software earlier than 5.1 and cannot have
its Eclipse Portal access locked.
• N/A - Not Applicable (i.e., non Eclipse devices in maintenance mode).
Note: If the server is shut down and restarted, if the restart takes place within 1 hour (60 minutes)
the Portal Locking feature stays on and enabled. If the restart takes more than 60 minutes, the
Portal Locking feature stays on, but all radios go to Unlocked status.

Access Control
Note: Engineers may try to reboot Eclipse devices to unlock them for and Portal. To prevent this,
set up a related Configuration Profile, Eclipse Portal Lockout Reboot. Set a long reboot lockout
time, to ensure that maintains access control of Eclipse devices following a reboot. To enable
this, go to Configuration > Configuration Profiles, and in the Configuration Profile screen,
select Eclipse Portal Lockout Reboot Time.
Viewing the security log

The security log enables you to review ProVision user activities that generate normal and
informational events.
The security log is displayed in an event browser window. You can change and save, the filter
settings and browser options.
Step Action
1 Right-click the Manager icon .
2 Select Security Log from the pop-up menu displayed. The Security Log window is
displayed.
Device security accounts

Administrator-level users can view security access details for all Containers and devices in a
network, using the Device Security Accounts screen.
All Containers and many devices can have their security details edited from this screen. This table
describes which devices, of specific SNMP and device-specific security types, can be edited:
Access Control
Table 29: Devices by SNMP Security Type and Editing Level
SNMP security type and editing level Devices

v1, edit community string only (SNMP) • Memotec CX-U
• Aurora
• Constellation
• DVM, all types
v2c, edit community string only (SNMP) • CTR 8540
• WTM 4000 all types
• TRuepoint 6400, 6500, 4040
v2c, edit device login (user name and password) • Eclipse, all types
• CTR 8540
v2c or v3, edit SNMP type • Eclipse, all types
• CTR 8540 and CTR 8300
• TRuepoint 4040, 5000 and 5000 2+0
v1, v2c, or v3, edit SNMP type • Generic Devices
You can set up device security access accounts on a network per region, site, or individual radio
basis.
Editing SNMP community strings .............................................................................. 105
Setting Eclipse device security values....................................................................... 106
Setting up multiple Eclipse radio accounts ................................................................ 108
Setting up NOC Operators with read only Portal access ........................................... 110
Disabling auto-login for Eclipse Portal for user with Engineer security ...................... 111
Disabling auto-login for Eclipse Portal for user with Operator security ...................... 111
Setting device security account values...................................................................... 111
Setting SNMPv3 security access............................................................................... 112
Device security access for multiple radios................................................................. 116
Clearing device security accounts ............................................................................. 116
Editing SNMP community strings

From the Device Security Accounts screen, you can set or edit device SNMP security strings. This
is only required if you have made other security changes for a radio; these strings are normally set
during deployment.
Step Action
1 Obtain the required user names and passwords for the Select Administration > Device
Security Accounts. The Device Security Accounts screen displays.
2 Right-click the required device and select Edit Account Information.

Access Control
Step Action
3 The Edit Account Information screen displays.
4 Reset the Read Community and Write Community levels to private or public.
5 Click OK. The SNMP community strings are reset.
6 To remove the SNMP community string settings, right-click the device and select Remove
SNMP Community.
7 Click OK to close the Device Security Accounts window.
Setting Eclipse device security values

Eclipse radios can be set up to require a user name and password to access the radio’s diagnostic
function. An administrator must set up the access account, with a user name and password. This
can be done in ProVision, from the Device Security Accounts screen.
For an Eclipse radio, the user name and password set up in ProVision must match those stored in
the radio. After this is done, when a ProVision user selects an Eclipse diagnostics or configuration
viewer, ProVision automatically sends the username and password to the device. Then, the device
verifies the data is valid, and allows ProVision access to its diagnostic functions. Without a valid
password, the radio ignores write data commands.
Note: Eclipse radios can be set so that Portal Engineer users and NOC Operator users have
separate access -- even within the same radio. See the specific instructions, Updating
passwords for multiple radio accounts (on page 109).
Procedure
Follow these steps to set Eclipse security accounts.
Step Action
1 Obtain the required user names and passwords for the Eclipse radios. For default Eclipse
passwords, see Configuring User Name and Password in the Portal documentation.
2 Select Administration > Device Security Accounts. The Device Security Accounts screen
displays.

Access Control
Step Action
3 Right-click the required radio and select Edit Account Information.
4 The Edit Account Information screen displays:
5 To set the access for users with Engineer level security access, enter and retype the
password in the Engineer Account section.
Note: When the Portal launch with Provision user credentials checkbox is selected
then Eclipse Portal will use ProVision user login credentials to auto login to Eclipse.
6 To set the access for users with NOC Operator security access, enter and retype the
password in the Operator Account section.
7 Click OK.
8 A Login icon appears in the Eclipse Login column.
Place the cursor over the icon to view how the security accounts are configured.
9 To remove login information only, right-click the device and select Remove Eclipse Login.
The login data is deleted, and the Login icon is removed.

Access Control
Note: The user name and password entered in ProVision for an individual radio overrides any
other user name and password set at a higher level in ProVision, for example, a region.
Setting up multiple Eclipse radio accounts
The Eclipse Radio Accounts Configuration Profile is the fastest way to add new users into the
radios' security accounts. Using a previously saved configuration profile, the administration user can
add the new user and sync all Eclipse radios in the network (or part of the network) with this
account.
With the addition of the Eclipse Radio Accounts Configuration profile, the user can define a single
set of credentials (up to a maximum of 40) that can be written into a group of network elements or
the entire network. This enables the system administrator to update user credentials consistently
across the network in a single action, ensuring that the credentials are the same for all Eclipse
radios in the network.
Note: This feature only applies to local security accounts that are stored on the Eclipse radio
itself.
Prerequisites
• The ProVision user performing this operation must have Administration privileges.
• The ProVision Eclipse Login admin credentials must be defined for each Eclipse device in the
network (see Device security accounts (on page 104)). This can be set on a Container if the
credentials are to be used for all Eclipse within the container.
• An admin user must exist in the Eclipse radio. The admin user is a default user account that
always exists in the Eclipse radio.
• Ensure that firewall settings are correct between ProVision and Eclipse.
Note: If RADIUS is enabled in ProVision then the ProVision user credentials (of the currently
logged in user) are used to log into the Eclipse NOT the Device Security Account credentials. In
this scenario the ProVision user must all have RADIUS credentials defined to access the radio
(Eclipse-Radio-User_Permission=Administration) as well as the correct ProVision credentials
(ProVision-Security-Profile=Administration + Configuration). See Enabling a RADIUS Server (on
page 117) for more details.
Procedure
Follow these steps to set up multiple Eclipse radio accounts.
Step Action
1 Ensure that the correct ProVision and Eclipse user privileges are configured.
2 Select the radios that are to be updated with the new user account. To update the entire
network select the ProVision Physical Root from the Physical View. Right-click and select
Configuration > Profiles, then go to the Profile drop-down menu and select the Eclipse
Radio Accounts profile. If a previous Eclipse Radio Account profile has been saved, it
displays and can be selected:

Access Control
Step Action
3 Add the new user to the profile. Values are:
• User Name - Between 4 and 32 characters
• Password - Between 8 and 32 characters, including at least one letter and one number.
• Confirmation - Retype the Password. Enter this information for each user.
• Permissions - Check the boxes for the user's permission levels for Eclipse radios: Read
Only, Engineer, Admin, Crypto. At least one Permission must be selected for a user.
4 Save the configuration profile.
5 Click Execute to write the changes into each of the selected devices. A dialog will appear
verifying the radios that this profile will be written to. If necessary radios can be removed
from this list. Click Execute again to complete the operation.
6 Optional: to write the changes to other radios or the entire network of Eclipse radios, select
a container or the radios to write this configuration to from the Physical network view. Then
right-click and select Configuration > Profiles. From the Configuration Profile dialog select
the previously saved profile and click Execute.
Note: Any changes to the user account definitions must be made to the previously saved Eclipse
Radio Accounts Profile. The Eclipse Radio Accounts Profile can then be re-applied to the
radios.
Warning: If there are problems applying the Profile to the radios, check the following:
Have user credentials been entered correctly for this device? See the Edit Account Information
screen described in the Standard Procedure earlier in this section.
What security mode is enabled in the radio (None, Basic, Strong, FIPS)?
Is RADIUS authentication being used? See Eclipse Single Sign On and Strong Security (on
page 85).
Updating passwords for multiple radio accounts
The security policy of many organizations requires periodic changes to user passwords. The
administrator can update the passwords of an entire Eclipse network if user permissions are
managed via the Eclipse Radio Accounts in the Configuration Profile.
Step Action
1 Ensure that the correct ProVision and Eclipse user privileges are configured.
2 Select the radios that are to be updated with the new user account. To update the entire
network select the ProVision Physical Root from the Physical View. Right-click and select
Configuration > Profiles, then go to the Profile drop-down menu and select the Eclipse
Radio Accounts profile. If a previous Eclipse Radio Account profile has been saved, it
displays and can be selected:

Access Control
Step Action
3 Add the new user to the profile Values are:
• User Name - Between 4 and 32 characters
• Password - Between 8 and 32 characters, including at least one letter and one number.
• Confirmation - Retype the Password. Enter this information for each user.
• Permissions - Check the boxes for the user's permission levels for Eclipse radios: Read
Only, Engineer, Admin, Crypto. At least one Permission must be selected for a user.
4 Update the passwords and users as required. The password must be between 8 and 32
characters, including at least one letter and one number. To delete a user, delete text from
the User Name field, or overwrite the text with a new user name.
5 When you are done making changes, click Save. Then, to write the changes to the radios,
click Execute.
6 A dialog will appear, verifying the radios that this profile will be written to; if necessary radios
can be removed from this list. Click Execute again to complete the operation.
7 Optional: to write the changes to other radios or the entire network of Eclipse radios, select
a container or the radios to write this configuration to from the Physical network view. Then
right-click and select Configuration > Profiles. From the Configuration Profile dialog, select
the previously saved profile and click Execute.
Setting up NOC Operators with read only Portal access

This procedure requires setting up the NOC Operator password in Portal, then linking the ProVision
NOC Operator access to the Portal access. In Portal, the Operator security level is read-only; by
setting up ProVision to access Portal for NOC Operators using the Portal Operator login, the NOC
Operator access to Portal is also read-only.
Step Action
1 Log into Portal at the Administrator level. Set the Operator password, using the instructions
in the Portal documentation for the topic Configuring User Name and Password.
2 Log into ProVision. Select Administration > Device Security Accounts. The Device
Security Accounts screen displays.
3 Right-click the required radio and select Edit Account Information. The Edit Account
Information screen displays.
4 To set the access for users with NOC Operator security access, enter and retype the
Eclipse Operator user name and password in the Operator Account section.
5 Click OK.
6 The security setting is saved in ProVision. When any NOC Operator opens Portal from
ProVision, Portal will open with read-only access.

Access Control
Disabling auto-login for Eclipse Portal for user with Engineer security
Step Action
page 44)).
2 Edit the server_configuration.xml file of the ProVision server. This file is located at:
ProVisionServer\tomcat\webapps\ROOT\pv\templates
3 Open this file and uncomment line

and change state to true, line should now look like
<eclipse_portal_engineer_auto_login_disabled>true</eclipse_portal_engineer_auto
_login_disabled>
4 Save the file.
5 Restart the ProVisionserver.
Note: When "Portal Launch with ProVision user credentials" is selected then Eclipse Portal will
use ProVision user login credentials to auto login to Eclipse.
Disabling auto-login for Eclipse Portal for user with Operator security
Change operator password in Device Security Accounts to an invalid password to prevent
auto-login for users with View only access.
Setting device security account values
Follow these steps to set or edit device security access for CTR 8540, WTM 4000, XP4, SAGEM,
and DART radios:
Step Action
1 Obtain the required user names and passwords for the devices.
2 Select Administration > Device Security Accounts. The Device Security Accounts
screen displays.

Access Control
Step Action
5 Enter the values for:

• Username
• Password
• Confirmation (re-enter the password here)
6 Click OK.
7 A Login icon appears in the Device Login column.
8 To remove login information only, right-click the device and select Remove Device Login.
Note: The user name and password entered in ProVision for an individual radio overrides any
other user name and password set at a higher level in ProVision, for example, a region.
Setting SNMPv3 security access
For CTR8540 and CTR 8300 and Eclipse devices, for TRuepoint 4040 v2 and 5000 devices with
SNMPv3 controllers, and for Generic Devices, you can implement strong security. This includes
authentication and privacy algorithms. This can be done when the device is deployed, or from the
Device Security Accounts screen.
For a TRuepoint radio, the authentication and privacy information set up in ProVision must match
those stored in the radio.
After this is done, when a ProVision user selects a diagnostics or configuration viewer,
automatically sends the username and password to the device. Then, the device verifies the data is
valid, and allows ProVision access to its diagnostic functions. Without a valid password, the radio
ignores write data commands.

Access Control
Prerequisites
Warning: Before deploying or enabling SNMPv3 on a device, ensure that the date and time of
the device matches the ProVision server date and time. If device time is adjusted after deployment
or device is connected to NTP time server then ProVision can lose communication with the device
until the ProVision server is restarted.
For Eclipse devices that have strong or FIPS security
FIPS security requires Eclipse software version 8.0.0 or later.
To allow ProVision to change the SNMPv3 security settings, configure an active SNMPv3 user
account for the devices. An Eclipse SNMPv3 user account can be set up from the Portal craft tool or
set up from ProVision via the Configuration Profile Settings.
To do this from ProVision, select the Eclipse device and go to Configuration > Configuration
Profiles. Then, select Eclipse SNMPv3 User Account Configuration. Set the SNMPv3 user
values, including access level and authentication password. Access level must be set to Crypto for
ProVision to operate correctly. See ProVision User Guide, Configuration profile reference, for
more details.
For CTR devices that support strong security
CTR software version 3.6.0 or later is required.
Note: CTR user account used by ProVision for CTR Device Login must have root (privilege level
15) access. ProVision needs this account to operate correctly and automatically log into the CTR
to perform operations such as event collection, configuration backup and software download.
Caution: CTR 8540 and CTR 8300 currently limits the number of concurrent http/https and SSH
sessions to 4. ProVision always uses one session for event collection, software loading and
configuration restore. If CTR Portal sessions are opened as well as SSH sessions then maximum
session count can be exceeded and these functions will no longer work. Redundant ProVision
server configurations will also increase the CTR session count.
Note: All CTR CLI secure management commands must be run by a crypto user.
Note: CTR Strong Security requires that a Secure Management license must be installed.
Step Action
1 Enable Strong security on CTR using CTR Portal.
Using CTR Portal, change Security Mode from Basic to Strong via System Configuration
> Admin > Strong Security.
This changes CTR SNMP access to use SNMPv3 only and CTR Portal access to use https
only.
Note: Please refer to CTR8500-8300 Strong Security CLI Commands documentation

for command to configure https.
2 Using CTR Portal Make check that SNMPv3 only is enabled to allow ProVision to
communicate via SNMPv3.
Enable SNNPv3 using CTR CLI run command:
snmp-server allow v3

Access Control
Step Action
3 Create SNMP user.
snmp-server user snmpuser auth sha auth12345 priv AES_CFB128 priv12345
snmp-server group snmpuserg user snmpuser security-model v3
snmp-server view snmpuserv 1 included
snmp-server access snmpuserg v3 priv read snmpuserv write snmpuserv
Change Authentication password from auth12345 and Privacy password from priv12345 as
required.
Note: CTR SNMP user only supports ciphers up to AES128.

4 Disable password ageing of SNMPv3 user used by ProVision
Using CTR CLI run command:
password max-life-time 0
Note: This disables password aging for all CTR http/https users which is required for
event collection, software loading, CTR Portal auto-login, and configuration restore via
ProVision.
5 Enable Syslog notifications after enabling or disabling SNMPv3 access on CTR
Using CTR Portal configure Syslog notifications add Remote Syslog Targets via System
Configuration> Remote Log
Using CTR Syslog Forwarding Configuration Profile in ProVision.
Note: Syslog forwarding is unsecure UDP based but must be configured for CTR event
collection to work.
An additional ProVision function enables you to apply SNMPv3 privacy/encryption. To do this

using the algorithm types of TDES, AES128, or, for AES192 and AES256, your ProVision system
requires:
• A specific ProVision feature license.
Contact your Aviat Networks representative to obtain this license and this extension.
Procedure
Follow these steps to set or edit device security access:to set SNMPv3 security access for radios.
Step Action
1 Obtain the required security details, including user names and passwords, for the devices.
displays.

Access Control
Step Action
5 Select the Account type, SNMPv3.

6 Enter a Username. This is associated with the two passwords below.
• Authentication: This selects the algorithm used for this device’s data. Select an
Algorithm, and enter a Password and a Confirmation for the password.
• Privacy: This selects the encryption algorithm used for this device’s data. Select an
Algorithm, enter a Password and a Confirmation for the password.
• Each password must be 8 characters long.
Note: The Authentication and Privacy types are determined by your organization’s
network policy. An Authentication of MD5 and a Privacy of AES128 is a common
“strong security” combination.
7 Click OK.
8 A Login icon appears in the SNMPv3 column, with the user name and security details.
9 To remove SNMP v3 information only, right-click the device and select Remove SNMP v3.

Access Control
Device security access for multiple radios

From the Device Security Accounts screen, you can edit device security access for all the devices
in a Container.
Step Action
1 Select Administration > Device Security Accounts. The Device Security Accounts
2 Right-click the required container and select Edit Account Information.
3 The Edit Password window is displayed. In the Account Type drop-down menu, select the
security account type. The values in the screen change to the values for the device security
account type.
• SNMPv3 - see Setting SNMPv3 Security Access (on page 112).
• Device Login - see Setting Device Security Account Values (on page 111).
• Eclipse Login - see Setting Eclipse Device Security Values (on page 106).
4 The values in the screen change to the values for the device type. Enter the values, which
will be applied to all devices in the container, and click OK.
5 The values display in the main Device Security Accounts screen for all devices in the
container.
6 To remove the values from the container, right-click the device and select the Remove
option.
Clearing device security accounts

You can clear the current device security access details if they do not match the details stored in
the device.
Step Action
displays.

Access Control
Step Action
2 Right-click the required radio and select Clear All Account Information.
3 Data is removed from all columns except the SNMP type, indicating that the device security
has been cleared.
Enabling a RADIUS Server

ProVision can authenticate users from a RADIUS server. The RADIUS Server centralizes user
names, logins, and security for users of ProVision, Eclipse, and other devices.
When the RADIUS Server is used for a network:
• It is installed and maintained separately from ProVision by Administrator-level users. If you
need to install a RADIUS server, for instructions on installing RADIUS, see the separate Tech
Note document Free RADIUS Configuration for Aviat Networks.
• Administrators must enable the RADIUS Server connection from ProVision, using the RADIUS
Server Configuration screen.
• RADIUS settings can be configured for all Eclipse radios using the RADIUS option in
Updating Eclipse Radius Authentication Settings (on page 120) (See also, ProVision User
Guide topic Configuration profile reference).
Prerequisites
This feature requires additional support with the Eclipse firmware, and it is only available on Eclipse
radios running versions 5.0.xx or greater.
For executing specific operations on the Eclipse Radio when both the ProVision Server & Eclipse
Radio are enabled for Radius Authentication,the logged in ProVision user requires a security profile
and permissions for ProVision and for the Eclipse Radio in the RADIUS server.
See ProVision User Security Profiles (on page 86). These requirements are as follows:
• Eclipse login banner (accessed through the Configuration Profiles in ProVision)
• Radio Accounts (accessed through the Configuration Profiles in ProVision)
• Eclipse RADIUS configuration (accessed through the Configuration Profiles in ProVision)

Access Control
• Eclipse SNMPv3 User Account (accessed through the Configuration Profiles in ProVision)
o For the above four operations, the ProVision user must have: Configuration and
Administration security profiles in the RADIUS server for ProVision-Security-Profile,
and SecurityOfficer and administerUsers security profiles for
Eclipse-Radio-User-Profile.
• Eclipse Software Loading - Requires Upgrade security profile in the RADIUS server for
ProVision-Security-Profile and Engineer security profile in the RADIUS server for
Eclipse-Security-Profile.
Procedure
Follow these steps to enable Radius server.
Step Action
1 Obtain the information for your RADIUS server:
• Server IP Address
• Shared Secret password
• Authentication Port
• Accounting Port
• Client Session Timeout value in Seconds
2 If required, install the RADIUS server.
3 Log into ProVision as a Security-level user. In the Administration menu, select RADIUS
Server Configuration.
4 In the RADIUS Server Configuration screen, enter the information from Step 1 for the
primary RADIUS server. You can enter data for the secondary server, if required.
Note: RADIUS Authentication Only means that RADIUS server is used only to
authenticate user access to ProVision, and ProVision local accounts are used to
determine users security access. If a user account exists in RADIUS server but not in
ProVision, then log in to ProVision provides user with View only security access. When
enabled a message is also shown in title bar of ProVision User Accounts indicating
that user authentication is via RADIUS server.
Note: When ProVision is configured to use Radius server for authenticating user login
to ProVision server then Background Authentication Credentials need to be configured
in ProVision RADIUS Server Configuration window with a username and password
that has Engineer access to Eclipses. This is required so ProVision server can
discover Eclipse configurations, perform configuration backups, software loading, etc.
Note: ProVision can be configured so that when RADIUS authentication fails it then
Access Control
Step Action
uses local user accounts for authentication. See Configuring RADIUS
authentication fallback to local user accounts (on page 79).
5 Click on Background Authentication Credentials. A screen displays: enter a user name,
password, and confirm password.
6 Click OK.
7 In the RADIUS screen, click OK.
ProVision is now connected to the RADIUS server. In future, all login authentications will be
done using this configured RADIUS server.
8 To set the RADIUS server settings for a new radio, select the radio that the RADIUS server
profile is to be applied to,and then select the already saved RADIUS configuration profile.
See ProVision User Guide, Configuration profile reference.
9 To bulk configure RADIUS server logins for all radios, select the ProVision Physical Root in
the network, right-click and select Configuration > Profiles, then from Configuration
Profile dialog select the Eclipse RADIUS Configuration profile. Set the values as described
in ProVision User Guide, Configuration profile reference.
Note: When you are setting up RADIUS and populating the radreply table, you need to include
attribute values for different Aviat software access groups. These values are listed below.
Access group Attribute value

View Only 1
Controls 514
Configuration 1028
Upgrade 2056
Administration 4112
Security 8224
Configuring RADIUS authentication fallback to local user accounts

These instructions describe how to change the RADIUS authentication configuration to fallback to
using local user accounts on authentication failure or any fault or failure.
Follow these steps to configure RADIUS authentication fallback behavior.
Step Action
1 Stop the ProVision server using the appropriate command (see ProVision Commands).
2 Edit the server_configuration.xml file of the ProVision server with a text editor. This file is
located at: ProVisionServer\tomcat\webapps\ROOT\pv\templates

Access Control
Step Action
3 Open this file and edit the value:
<fallBackToLocal>false</fallBackToLocal>
Change from false to true
So line will look like
<fallBackToLocal>true</fallBackToLocal>
Note: When set to true, any fault or failure will use local user accounts. When set to
false (default) any authentication failure will still use RADIUS server for authentication.
All other RADIUS connection faults will use local user accounts but only after all
connection attempts are exhausted.
4 Save the file.
5 Restart the ProVision server to apply the configuration.
Updating Eclipse RADIUS Authentication Settings

Periodically the system administrator may need to change the settings of the RADIUS server that
the Eclipse devices in the network use for authentication. Typically all Eclipse devices in the
network will point to the same set of RADIUS servers, thus each Eclipse needs to be updated
whenever the RADIUS server address or shared secret is changed.
The Eclipse RADIUS Configuration Profile allows the administrator to setup and save the settings of
the RADIUS servers (i.e. IP Address, Port and Shared Secret) within ProVision and then apply
these settings to some or all of the Eclipse devices in the network in a single operation.
Note: See Enabling a RADIUS Server (on page 117) for an overview of the RADIUS enabling
requirements.
Prerequisites
RADIUS configuration features are only available to ProVision administration users. Because this is
a security related feature the user must also have administration privileges on each Eclipse in the
network.
The exact security prerequisites depend on whether the ProVision system is configured to use a
RADIUS server for authentication.
RADIUS user authentication prerequisites
• RADIUS must be enabled on both ProVision and the Eclipse.
• If RADIUS is not enabled in ProVision then the Standard User Authentication requirements
above apply.
• If RADIUS is enabled in ProVision but not in the Eclipse, then a user account must exist in the
Eclipse with same credentials (username and password) as the ProVision user. This
configuration is not recommended.
• Ensure that firewall settings are correct between Eclipse and ProVision.
• The credentials of the ProVision user initiating the operation are used to authenticate with the
Eclipse when reading or writing the configuration profile, therefore:
o This user must have RADIUS credentials defined for both the Eclipse and ProVision.
o Eclipse - Administration.
o ProVision - Administration and Configuration.
Other prerequisites
This feature requires additional support with the Eclipse firmware, thus is only available on radios
running versions 05.00.xx or greater.

Access Control
Defining the RADIUS configuration settings

In a typical network using RADIUS authentication there is generally a pair of centralized RADIUS
(primary and secondary) servers that are accessible to the all devices in the network. The settings
for these servers needs to be configured in each device in the network and as such the user can
define a single Eclipse RADIUS Configuration profile for the whole network. This scenario shows
how this profile can be created and then applied to all Eclipse devices.
Step Action
1 Ensure that the correct ProVision and Eclipse user privileges are configured, based on the
Prerequisites.
2 Select the ProVision Physical Root in the network, right-click and select Configuration >
Profiles, then from the Configuration Profile dialog select the Eclipse RADIUS
Configuration Profile.
3 Select the Enable RADIUS Authentication checkbox.

4 Enter the IP Address, Port and Confirm Shared Secret of each of the required RADIUS
servers. The Eclipse radios will try to authenticate any login request against each RADIUS
server in the order they are listed until one of the RADIUS servers responds.

Access Control
Step Action
5 Save the configuration profile; the profile must be saved before it can be written back to the
radios.
6 Click Execute to write the changes to all supported Eclipse devices in the network. A dialog
will appear verifying the radios that this profile will be written to, if necessary radios can be
removed from this list. Press Execute again to complete the operation.
7 The progress of the operation can be monitored using the Task Manager.

Access Control
Setting the Radius configuration on a single Eclipse radio

When a new Eclipse radio has been added to the network it is possible to re-apply the RADIUS
configuration profile to a single Eclipse. This is easily done by selecting the Eclipse that the profile is
to be applied to and then selecting the already saved RADIUS configuration profile.
Step Action
1 Ensure that the correct ProVision and Eclipse user privileges are configured, based on the
Prerequisites.
2 Select the ProVision Physical Root in the network, right-click and select Configuration >
Profiles, then from the Configuration Profile dialog select the previously saved RADIUS
Configuration profile from the drop down list.
3 Click Execute to write the changes to the selected Eclipse device. Click Execute again on
the following dialog to complete the operation.
4 The progress of the operation can be monitored using the Task Manager.

Migrating Topology
Chapter 8. Migrating Topology

This chapter covers topology migration.
In this chapter
About Migrating Topology ......................................................................................... 125
Importing the Topology.............................................................................................. 126
Exporting the Topology ............................................................................................. 127
Migrating StarView Data into ProVision..................................................................... 129
About Migrating Topology

When you are upgrading to a new version of ProVision, or backing up ProVision, it is useful to
create and save a topology file. A topology file contains the details of your current setup for sites,
regions, radios, and other important network data. It does not include Map graphics.
Note: If you are upgrading to ProVision after using StarView, you can use the StarView Migration
Tool to convert the StarView data into a ProVision topology. See Migrating StarView Data into
ProVision (on page 129).
Parameters
The network topology is migrated as an .XML file. The .XML file contains:
• Object type (container or device)
• Object name
• Object containment definition
• Device IP addresses (primary)
• SNMP community strings
• Object state (Managed)
• Object performance data collection state (daily enabled/disabled, 15-min enabled disabled)
• Object coordinates (in Map view)
• Link information
Prerequisites
The topology export file is needed when upgrading from ProVision 2.3 or 3.0 to current ProVision
version.
The following parameters must be unique:
• The name of each object in the topology.
• Device object IP address (primary).
Dependencies
The northbound interface (NBI) is dependent on the network topology.

Migrating Topology
Importing the Topology

This function imports a previously exported network topology file. The Tree and Map Viewers are
automatically populated with containers and devices.
Any issues encountered during the import are displayed in the Import Results panel and recorded
in the <pvroot>Client/system-client.log.
A common problem during an import is when an object that is being imported has the same name of
an object already in the network. The imported object is skipped and the existing object remains in
the network unchanged. The Import Results screen displays the message:
Object name is not unique nnnn. Skipping object: nnnn
Where nnnn is the name of the object in question.
Objects that were not imported can be manually deployed and managed.
Note: Topology imports from ProVision 6.9 onwards include standard and logical links,
containers, and devices. Imports from earlier versions of ProVision do not include logical links
and containers.
Procedure
Follow these steps to import topology.
Step Action
1 Select File > Topology Import. The Topology Import window is displayed.
2
Click the button. The Open window is displayed.
3 Browse to the location of the topology file.

Migrating Topology
Step Action
4 Highlight the topology file and click Open. The Open window closes and the Topology
Import window is displayed.
5 Click Import.
6 The import is processed. You cannot re-import this file from this screen during this session;
after you complete the import, the Import button is disabled.
7 When the import has completed, click Close.
8 Review the Event Browser for "invalid deployment" events. Use the Filter function to find all
events titled Invalid Deployment, as shown below:
9 Delete the Invalid Deployment events.

10 One hour later, review the Event Browser again. If any Invalid Deployment events recur for
Eclipse devices, this indicates a deployment problem. Record the device details. Delete the
affected devices, and redeploy the devices with the correct radio type. See Deploying and
Managing Devices in the ProVision User Guide for more information.
Note: Device Security Accounts are not stored in the topology file. You will need to configure any
device accounts again by following the instructions in Device Security Accounts. See Device
Security Accounts (on page 104).
Exporting the Topology

This function exports the network topology (objects and hierarchy) to an.XML file. The network
topology can be exported for several reasons, as a backup, for support diagnostic purposes, for 3rd
party northbound integration, and for future migrating to a later version of ProVision.
Note: Aviat Networks recommends that a topology filename include the date the file was
exported.
Note: Topology exports include standard and logical links, containers, and devices.
Note: For backing up as part of an upgrade, see Data Backup and Sharing Using Topology
Exports (on page 148) and ProVision 2.3/3.0 topology migration tool.

Migrating Topology
Procedure
Follow these steps to export topology.
Step Action
1 Select File > Topology Export. The Topology Export window is displayed.
2
Click the button and browse to the location in which to store the topology file. The
Save window is displayed.
3 Type a descriptive name in the File Name field.
Note: Save the .xml topology file in a folder outside the software folder. If you do not,
the file will be deleted when is uninstalled.
4 Click Save. The Save window closes and the Topology Export window is displayed.

Migrating Topology
Step Action
5 Click Export. The Export Results panel displays the final status of the export, including any
items that could not be exported.
6 Click Close. The Export file is now in the folder location where it was saved.
Migrating StarView Data into ProVision

StarView users can import the microwave network data that has been managed by StarView into
ProVision. This data is imported in the same format as a ProVision Network Topology file.
To do this, you need to install and use the StarView Migration Tool provided by Aviat Networks.
The StarView Migration tool enables users to:
• Extract data from StarView
• Apply configuration to the data
• Import the data into
• Migrates data for the following device types:
o Aurora
o CAU
o Constellation
o DVA
o DVM (T,R) and DVM XT
o MicroStar I, II, or III
o Megastar 1+1, M:N
o TRuepoint 4000, 4040v1, 4040v2, 5000, 5000 2+0, 6400
• Migrates device data and topology data for the following device types:
o Constellation
Prerequisites
Administrator-level access to the current StarView installation, and to a complete ProVision
installation, ready to operate.
The zip file SVMigrationx.y.zip. In this file name, X and Y are the StarView migration tool version
numbers. The executable files you will need are in this zip file.
The SQL file sv_pv_migration.sql.

Migrating Topology
Extracting device data from StarView

Step Action
1 Begin with the PC that is running the StarView installation. On this PC, create a new folder.
2 Copy the file sv_pv_migration.sql onto the StarView PC into the created directory.
3 On the StarView PC, open the command prompt.
4 Using commands, go to the created directory.
5 Run the following commands:
ovdwtopo -export
ovdwquery -file sv_pv_migration.sql -out sv_pv_migration.txt -sep ;
6 Check the C:\Migration folder. A new file should be created, sv_pv_migration.txt.
7 Copy sv_pv_migration.txt from the StarView server into the directory where the StarView
migration tool will be installed.
Applying ProVision configuration to StarView data

Step Action
1 Unzip the SVMigrationx.y.zip file into a directory.
2 Run the tool SVMigration.bat. The StarView Migration Tool screen appears:
3 Click the Open button near Input SV File. Find the sv_pv_migration.txt file. Select it and
click Open.
4 With this file selected, click the Convert button. You are prompted to enter the name of the
topology export file, and the directory where it will be saved.

Migrating Topology
Step Action
5 If you have any of the following devices:
• Megastar M:N
• TRuepoint 4040, 5000, 5000 + 2
• MicroStar I, II, or II
• DVM (T,R)
the Device Configuration screen displays:
6 In the Device Configuration screen, you can:

• Edit the Name and Configuration values for devices. The values you enter here will be
applied to these devices in the topology.
• For DVM and MegaStar devices, double-click on them to directly edit their configuration
values. A window pops up to enable this:

Migrating Topology
Step Action
• For devices with + signs beside them, which have multiple IP addresses, mouse over
the device for a tooltip with configuration information.
• Sort the data columns by clicking on the column headings.

7 Once you are done making changes in the Device Configuration screen, click OK.
8 The StarView data is converted to a topology file. A log file named SVmigration.log is also
generated, and stored in the Client folder.
Note: Any errors in the conversion are displayed in the StarView Migration screen.
These errors are also saved in the log file sv_migration.log. If a device is not
converted and imported into the topology, you will need to enter it manually into
ProVision.

Migrating Topology
Step Action
9 Close the StarView Migration Tool.
Importing the new topology into ProVision

Step Action
1 On theProVision PC, open the ProVision Client. Go to File > Topology Import.
2 In the Topology Import screen, select the new .XML file.
3 The StarView data is now imported into ProVision. It displays in the Tree Viewer. This data
is structured in a Container named SV Import -(datetime), sorted into sub-containers by
device family.

Migrating Topology
Step Action
4 Move, rename, and reparent devices as required.
Importing multiple Starview topologies into ProVision

Step Action
1 On the ProVision PC, open the Client. Go to File > Topology Import.
2 In the Topology Import screen, select the .XML file for the first topology you are importing.
3 The StarView data is now imported into ProVision. It displays in the Tree Viewer. This data
is structured in a Container named SV Import -(datetime), sorted into sub-containers by
device family.
4 Rename and reparent the devices, placing them in new containers. Make sure that no
devices have duplicate names.
Important: This step is very important. When you import additional topologies, if
device or container names already exist in ProVision, ProVision will not import those
devices/containers. Renaming imported items with unique names avoids this problem.
5 Import the second topology file into ProVision.
6 Repeat step 4 for each topology that you import.
Extracting Constellation device and topology data from StarView

Caution: This section is applicable to Constellation devices only.
Step Action
1 Begin with the PC that is running the StarView installation. On this PC, create a new folder.
2 Copy the file sv_pv_migration.sql onto the StarView PC into the created directory.
3 On the StarView PC, open the command prompt.
4 Using commands, go to the created directory.
5 Run the following commands:
ovdwtopo -export
ovdwquery -file sv_pv_migration.sql -out sv_pv_migration.txt -sep ;
ovmapdump –v > ov_pv_migration.txt

Migrating Topology
Step Action
6 Check the C:\Migration folder. New files should be created, sv_pv_migration.txt and
ov_pv_migration.txt.
7 Copy sv_pv_migration.txt and ov_pv_migration.txt from the StarView server into the
ProVision Client directory on the Client PC.
Applying ProVision configuration to StarView data

Step Action
1 Unzip the SVMigrationx.y.zip file into a directory.
2 Run the tool SVMigration.bat. The StarView Migration Tool screen appears.
3 Click the Open button near Iinput SV File. Find the sv_pv_migration.txt file.
Select it and click Open.
4 Click the Open button near Input OV File. Find the ov_pv_migration.txt file. Select it and
click Open.
5 With this file selected, click the Convert button. You are prompted to enter the name of the
ProVision topology export file, and the directory where it will be saved.
6 The StarView data is converted to a ProVision topology file. A log file named
sv_migration.log is also generated, and stored in the StarView migration tool is installed.

Migrating Topology
Step Action
7 The Topology file can be imported into ProVision and devices can be reparented and
renamed as required.
Note: Any errors in the conversion are displayed in the StarView Migration screen. These errors
are also saved in the log file sv_migration.log.
Caution: If a device is not converted and imported into the topology, you will need to enter it
manually into ProVision.
Note: Devices with duplicate names are renamed by appending a number to duplicate. Illegal
characters in device names are replaced by spaces.

Database and Server Management
Chapter 9. Database and Server Management

This section describes the commands and menu options for managing the database. It also
includes information on server/services management.
Note: For information on managing Standby servers, including coordinating backups between a
Primary server and a Standby server, see Redundant Server Deployments (on page 157).
In this chapter
About Managing and Backing Up the ProVision Database ....................................... 137
Database Backup Procedures ................................................................................... 140
Data Backup and Sharing Using Topology Exports................................................... 148
Server and Services Management Procedures ......................................................... 149
About Managing and Backing Up the ProVision Database

ProVision includes complete functionality for generating backups. Administrator-level users can also
manage the server and services using database commands.
See the following topics for more information:
• Daily, weekly, and monthly backup processes (on page 139)
• Changing database configuration (on page 139)
About backup files

Generating and managing backup files is very important for network security and integrity.
Administrators can schedule automatic backups of the network. Administrators can also run
backups manually, whenever they are required.
If the database gets corrupted, you can restore the database from a backup. If you need to identify
whether a database is corrupted, you can run the database integrity check.
The following data is copied to the hard drive when you backup the database:
• Security data
• User accounts, security groups, device security accounts
• Configuration data
• Deployed network topology, device configuration and status
You also have the option to backup the event and/or the performance data.

When you initiate a database backup, creates a backup folder, copies the database into the folder,
and updates the backuplisting.xml file. This view shows the location of the backup folder and an
example of the naming standard used.
The following diagram shows a breakdown of the naming convention used.
Backup frequency
The following backup procedures are recommended:
• Daily - Backup the ProVision database to a CD, DVD, flash drive, or network drive.
• Weekly- Copy the last database backup to a CD, DVD, or flash drive, which is then stored
off-site. Include the network topology file with this backup.
Aviat Networks also recommends that you run a manual backup before any upgrade of ProVision,
and when any significant changes are made to the database. This backup should include event
and performance data, and including the network topology.
When to run backups

When the system is performing a backup, ProVision automatically locks object deployment, alarm
processing, software installation, and the network topology.
Because of this, you should plan to run backups during a time when there is minimal operator
activity on ProVision. Administrators often schedule backups to run at midnight, a good time for
avoiding operator activity.
Backup file size

Network size Database backup size
RF ODU Ethernet ports Uncompressed Compressed
100 200 650 MB 80 MB
1000 2000 6.5 GB 800 MB
3000 6000 22 GB 3 GB
9000 20000 65 GB 8 GB
Database sizes shown assume that 15 minute and daily collection are enabled on all RF links and
enabled Ethernet ports only.

Note: Sizes in this table are approximate only and are based on 3 million events in the database
and on the following Database Purge Settings: Purge Daily Performance Data older than 52
weeks, Purge 15-Min Performance Data older than 60 days, Purge Ethernet 15-Min Performance
Data older than 7 days.
Warning: Compressed databases backup and restore times can take up to 10 times as long as
uncompressed backup and restore times and are dependent on the environment where ProVision
server is installed.
Where to save backups

We recommend that database backups are either copied from ProVision server to a location
different from the ProVision server or alternatively the database backup location is configured to be
a different location from the ProVision server by setting the database backup location, see Set
backup preferences (on page 141). This will help protect against Windows server/OS crashes.
Daily, weekly, and monthly backup processes

Aviat Networks recommends that you use the ProVision backup functions to save your ProVision
databases and topology. For best practice and system security, use the following procedures.
Daily backup
Step Action
1 Run the database backup from the ProVision User Interface. In the Administration menu,
go to Database Backup and run the Scheduled or Manual Backup.
2 ProVision then creates a backup folder at ProVisionServer\mysql\backup or
ProVisionServer\pgsql\backup. The folder is named for the backup date and time.
ProVision copies the database to this folder and updates the backuplisting.xml file.
3 Then, copy the backup folder and the backuplisting.xml file to a CD, a DVD, a flash drive, or
to a network drive.
Weekly backup
Step Action
1 Aviat Networks recommends that you store each daily backuplisting.xml file on a CD,
DVD, or a flash drive. Place the saved backup in a fireproof safe.
2 At the beginning of each work week, move the backup items to your archival storage
location.
3 The oldest set of CDs or flash drives can be returned to the engineers for reuse.
Monthly backup
Step Action
1 On the fifth working day of the fourth week of each month, you should copy all the backup
files for the entire month onto one read-only CD or flash drive.
2 Label the read-only backup with the month and year that it backs up.
3 Store it permanently off site, at your archival storage location.
Also see Server and Services Management Procedures (on page 149).
Changing database configuration

Administrator level users can change the MySQL or PostgreSQL database details, updating the
user name, password, and port number. To access this, use the procedure below.
Note: This is not supported on ProVision Redundant Server installations.

Step Action
2 At the prompt, type pv db configure. If a window appears with the message "Do you
want to allow the following program to make changes to this computer?" click Yes.
3 The Change Database Details screen displays.
4 Enter the updated MySQL or PostgreSQL database details:

• Username - Between 4 and 16 alphabetic characters
• Password - Minimum length of 8 characters
• Port number - In a range between 1025 to 65534.
To return to the default installation values, click Use Default.
To save the entered values, click Set.
You are returned to the Command window.
5 Restart the Service with the command pv service start
Database Backup Procedures

It is important to back up your ProVision system on a regular basis. There are two types of backup
process available, Manual and Scheduled.
The processes below all describe the backup process for a Primary Server installation of ProVision.
If your system uses Standby servers, see also Synchronizing Primary server and Standby
server databases (on page 160).
Setting backup preferences....................................................................................... 141
Manual backup .......................................................................................................... 141
Scheduled backup ..................................................................................................... 142
Restoring the ProVision database ............................................................................. 143
Checking the database integrity ................................................................................ 145
Changing database purge criteria ............................................................................. 146
Export configuration backup and restoration ............................................................. 147

Setting backup preferences

Administrators can set the location where ProVision will save backup files. ProVision will save both
manual and scheduled backup files to this location.
Step Action
1 Start with the ProVision user interface.
2 From the menu bar, select Administration > Database Backup > Backup Preferences.
The Database Backup Preferences window displays.
3 Enter the Backup Location. If it is accessible, a green check displays beside the location. If
it is not accessible, a red X displays, and you must enter a different location.
Note: ProVision also supports network drive locations for Backup Location.
• Change ProVision service in Windows Services. Next, select Log On tab and
change from Local System account to This account. Enter account credentials
that has access to local drive as well as remote share and restart ProVision
service. Every time ProVision server is upgraded the service must be updated as
well.
4 If you need to compress database backups, select the Compress Database Backups
checkbox. This enables database compression, making the database up to 10 times
smaller.
Warning: Compressed databases backup and restore times can take up to 10 times
as long as uncompressed backup and restore times and are dependent on the
environment where ProVision server is installed. To review backup sizes, see About
Managing and Backing Up the ProVision Database (on page 137).
5 When your location is valid, click OK.
6 The window closes. ProVision will save both manual and scheduled backup files to this
location.
Manual backup
Running a manual backup ProVision of takes a backup of the system at the time that you run the
Manual Backup function.
Note: To perform a backup, you must have a ProVision client running to access the database
backup options from the user interface.
Step Action

Step Action
2 From the menu bar, select Administration > Database Backup > Manual Backup. The
Manual Database Backup window displays.
3 In the Description field, type a description of the backup. The description you enter is
written in the backuplisting.xml file, located in the ProVisionServer\mysql\backup or
ProVisionServer\pgsql\backup folder.
4 Use the checkboxes to select additional information to include in the backup:
• Include Event Data
• Include Performance Data
• Include Device Config Files
• Include NBI (note: does not include NBI Performance)
5 Click Backup. You will be prompted to view the backup in the Task Manager. Click OK.
6 The backup is monitored by the Task Manager, and its success or failure is noted.
Scheduled backup
The Scheduled Backup function runs and saves a backup of your ProVision data automatically,
based on the schedule values that you enter.
By default, the Scheduled Backup is enabled to run on a weekly basis. The default Scheduled
Backup includes events and performance data, and runs with a start time of 2 AM. Each weekly
backup is purged after 30 days.
If you want to change these Scheduled Backup values, use the procedure below.
Step Action
1 Start with the ProVision user interface

Step Action
2 From the menu bar, select Administration > Database Backup > Scheduled Backup.
The Scheduled Database Backup window displays.
3 In the Description field, type a description of the backup. The description you enter is
written in the backuplisting.xml file, located in the ProVisionServer\mysql\backup or
ProVisionServer\pgsql\backup folder.
4 Use the checkboxes to select additional information to include in the backup:
• Include Event Data
• Include Performance Data
• Include Device Configuration Files
• Include NBI (note: does not include NBI Performance)
5 In the Next Update field, select the date (up to two weeks in advance) of the next update
using the up and down arrows.
6 In the Start Time field, select the hour that you want the backup to occur using the up and
down arrows. Then select AM or PM. The update occurs on the hour, for example 1 AM
means the update starts at 1:00:00 AM.
7 In the Frequency field, select the how often, in days, you want the update to occur. This
field can be set between 1 and 30 days.
8 In the Purge backup older than field, select how often, in days, you want to purge the
backup files. This field can be set between 2 and 365 days. A minimum of a one-hour buffer
is recommended between scheduled database backups and scheduled database purges.
9 To save the scheduled backup settings, click OK.
Restoring the ProVision database

Some common reasons for wanting to restore the database are upgrading to a higher version of or
replacing a corrupted database.
It is important to remember that the restore feature overwrites the existing data in the database with
the stored backup data. Database backups can be stored locally on the Server hard drive, on a
network drive, or externally on a CD. For to restore a database from a backup, the backup folder
and backuplisting.xml file must be in the following directory:
ProVisionServer\mysql\backup or ProVisionServer\pgsql\backup

Note: If you are restoring from a backup that has been stored on CD, you must remove the
Read-only setting from its Properties. You cannot restore a database from an incompatible
version of ProVision, for example, a ProVision 3.0 database into ProVision 6.5.
Step Action
1 Ensure the backup folder and backuplisting.xml file are in the following directory:
ProVisionServer\mysql\backup or ProVisionServer\pgsql\backup
2 Stop all client sessions, by having the operators log off from ProVision.
3 Select Start > Programs > Server > Command Window.
4 At the prompt, type: pv db restore
The following message is displayed indicating that needs to be shut down. Press any key to
continue.
ProVision shuts down automatically.

5 The ProVision Restore Database window is displayed, listing the backups.
6 Select the required backup and click Restore.

7 To observe the restore actions, select the Command Window screen. The changes are
shown in this screen.

Step Action
8 When the restore is complete, the following message window is displayed.
If the restore failed, a message informs you that the restore has failed, and asks you to
check restore.log.
Check the file restore.log for details, located in the folder: ProVisionServer/.
9 Click OK.
10 To close the Restore Database window, click Exit.
11 To restart the server, type the following in the Command Window: pv service start
12 To start a ProVision client session and verify the restore was successful, select Start >
Programs > ProVision Client.
Checking the database integrity

If ProVision is not displaying information correctly, check the database integrity.
This function checks the integrity of the MySQL database table pointers and indexes, and also
repairs these problems if found. It does not check and repair corruption of data in the database.
Corruption of the data means you must restore to a backup of the database before the corruption
occurred.
Note: This is not supported by ProVision server PostgreSQL server installations.

The results from the database check are stored in: \ProVisionServer\database\checkrepair.log
Follow these steps to check the database integrity.
Step Action
1 Select Start > ProVision Server >Command Window.
2 At the prompt, type: pv db check
This checks and repairs key database tables.
3 At the prompt, type: pv db check all
This checks and repairs all database tables, but takes longer to run.
The following message is displayed indicating ProVision must be shut down.

Step Action
4 To close the ProVision Server, press Enter. The Command Window indicates when the
database check has finished.
5 Check the results in the file checkrepair.log located in the folder: <Install
Directory>\ProVisionServer\database\.
6 To restart the ProVision Server, type: pv service start
Changing database purge criteria

By default, the ProVision database is purged at regular periods. The data to be purged from the
database has been separated into the following groups:
• Daily performance data
• 15-minute performance data
• Cleared events
• Security events
Step Action
1 Start a ProVision user session.
The ProVision user interface is displayed.
2 From the menu bar, select Administration > Database Purge.
The Database Purge window is displayed.

Step Action
3 Make the required changes.
Note: A minimum of a one-hour buffer is recommended between scheduled database

backups and scheduled database purges.
4 To run a purge immediately, click Purge Now.
5 To accept the changes, click OK.
Note: If the number of events generated per day, over the purge period, exceeds % of the purge
maximum (500,000 events), will raise an event to notify the administrator.
Export configuration backup and restoration

The Export Configuration Backup function saves and restores configuration for the following device
types:
• Accedian
• CTR 8300
• CTR 8440 (see note)
• CTR 8540
• Eclipse (see notes)
• Symmetricom
• WTM 3200 (export only, restore is available from the craft tool)
The ProVision server stores up to 5 different configuration backups for each device. For most
devices, ProVision checks for device configurations every 12 hours, and saves any changed
Eclipse configurations to the ProVision server.
Prerequisites and notes
• Devices requiring configuration backup/restoration need to have their correct credentials
entered in the device Security Account. See Device security accounts (on page 104) for
more details.
• CTR 8540 and CTR 8300 devices need to configure ProVision server in Configuration >
Software Loading Preferences for configuration restore.
• Eclipse devices can have their configuration backup saved, and then restored via Portal.

• For Eclipse devices with Strong or FIPS Security enabled, to enable ProVision to back up
and restore configuration, you need an active SNMPv3 user account for the devices, set up
with the Crypto access level. An Eclipse SNMPv3 user account can be set up from the Portal
craft tool, or set up from ProVision via the Configuration Profile Settings. See Setting
SNMPv3 security access (on page 112) for more details.
• CTR 8440 devices can have their configuration backup saved, but not restored. The
configuration backup is done via the TFTP server which comes bundled with the ProVision
Server installation. The TFTP server runs on port 69.
Note: Any external TFTP servers should be stopped for the TFTP server on ProVision to work.
Export configuration backup procedure
Step Action
2 Find the device that you want to back up.
3 From the right-click menu, select Configuration > Export Configuration Backup. The
Export Configuration Backup window displays the available configuration backups for the
radio.
4 Select the backup that you want to export and click Export.
5 You are prompted to save the export file. Select the directory location and click Save.
Data Backup and Sharing Using Topology Exports

As an alternative to database backup, some ProVision users benefit from using ProVision topology
export/import functions to backup and share data. For an overview of topology export/import, see
About Migrating Topology (on page 125).

Example
This diagram shows an example of a 3+1 solution. A backup ProVision master system provides
redundancy for a number of regional ProVision networks. The regional ProVision administrators
send their data to the ProVision master system as topology files. The topology files are imported
into the ProVision master system.
Sample procedure
Step Action
1 Each ProVision site administrator should export their topology. For instructions, see
Exporting the Topology (on page 127).
2 The exported topology file is emailed to the ProVision master administrator.
3 The ProVision master administrator imports the topology files into the ProVision master
installation. For instructions, see Importing the Topology (on page 126).
4 All the devices and configurations from the ProVision sites are coordinated in the ProVision
master system.
Note: Limitations: Topology data does not include performance data.
Server and Services Management Procedures

Server and services management procedures enable users to start and stop the server, install and
remove ProVision as a system service, and reset the ProVision database.
See also Database Backup Procedures (on page 140).
ProVision database commands ................................................................................. 150
Monitor server disk space and memory..................................................................... 150
Stopping the ProVision Server .................................................................................. 152
Starting the ProVision Server .................................................................................... 153
Resetting the database ............................................................................................. 153
Removing ProVision from system services ............................................................... 154
Installing ProVision as a system service ................................................................... 155

ProVision database commands

This table defines the database commands accessible via the server command window. These
commands are useful as you perform data checks, backups, and data restoration.
Note: For Windows 7, 2008R2 and 8, run these commands as an Administrator. To do this, open
the Commands screen by right-clicking the Command Prompt item and selecting Run as
Adminstrator.
Table 30: Database Commands

pv db restore Restores a database backup, launches interactive tool
pv db configure Launches window for changing MySQL or PostgreSQL database
username, password, and port.
pv db dump events Saves all events to a CSV line.
Maximum of 1048576 data lines.
pv db check Runs an integrity check on the database (key tables only). Not
supported by PostgreSQL.
pv db check all Runs an integrity check on the database (all tables). Not supported
by PostgreSQL.
pv version Shows the version of the database
pv db reset Destroys all database contents
migrate <directory> Migrates the database
Note: If, after entering a command, a window appears with the message Do you want to allow
the following program to make changes to this computer? click Yes.
Monitor server disk space and memory

From the ProVision Manager object in the Tree Viewer, you can review the Server's available disk
space and memory usage. You can also set up a Performance Threshold to trigger an event when
disk space is below a minimum value.

Check available space and memory

Step Action
1 In the Tree Viewer, right-click on the ProVision Manager object.
2 In the right-click menu, select Performance >Trends. The Performance Trends screen
displays.
3 To view the available disk space, go to the Parameters frame. Select the value 15-Min
Disk Space and click Apply. The graph displays the available disk space for the Server.
4 To view memory usage, select 15-Min Memory Usage and click Apply. The graph displays
the memory usage for the Server.
Create a low disk space event

Step Action
1 In the Tree Viewer, right-click on the ProVision Manager object.
2 In the right-click menu, select Performance >Thresholds. The Performance Thresholds

screen displays.
3 Select the value 15-Min Disk Free Space. The available events display.

Step Action
4 Edit the following values for available events:
• Event Description - Enter a brief description of a low disk space event. You can retain
an existing event name or alter it.
• Trigger Value - Enter the trigger value in MB. automatically converts this to a
programming value.
• Severity - Select the Severity level from the drop-down menu.
5 After you have edited available events, click OK.

6 If the system disk space goes below the trigger value for an event, you will be alerted via a
ProVision Event.
Stopping the ProVision Server

There are times when you must stop the ProVision server, for instance, when you want to activate a
new license.
Step Action
1 Select Start > Programs > ProVision server > C:\ Command Window.

Step Action
2 At the prompt, type: pv service stop
If a window appears with the message Do you want to allow the following program to
make changes to this computer? click Yes.
p
3 Press Enter. A message displays, indicating the ProVision server has stopped.
Starting the ProVision Server

When the server computer is turned on, the ProVision server software automatically starts and runs
in the background. However, if you have stopped the ProVision server, you must manually start the
ProVision server.
Step Action
1 Select Start > ProVision Server >Command Window.
2 At the prompt, type: pv service start
3 Press Enter. A message is displayed indicating the ProVision server has started.
Resetting the database

When you reset the database, you delete all the database contents, from performance data and
event history to the network topology.
Note: Always back up the ProVision database before resetting the database.

Step Action
2 At the prompt, type: pv db reset
The following message is displayed, indicating that ProVision needs to be shut down. If a
window appears with the message “Do you want to allow the following program to make
changes to this computer?” click Yes.
3 To close the ProVision server, press Enter to continue. The Command Window displays the
reset actions
.
The database is now reset.
Removing ProVision from system services

Use this command when you want to start the server computer without the ProVision server starting
automatically.
If you have removed ProVision from the system services, you cannot start the ProVision server or a
client user session until you install ProVision as a system service.
Note: Removing ProVision from the system services does not remove any of the ProVision files.
Step Action
2 At the prompt, type: pv service remove
3 Press Enter.
The command window's message indicates ProVision has been removed.

Installing ProVision as a system service

You would use this command to install ProVision as a system service, if you removed it. Once you
have installed ProVision as system service you also need to start the ProVision server.
Step Action
2 At the prompt, type: pv service install
3 Press Enter.
The command window’s message indicates ProVision has been installed.

Redundant Server Deployments
Chapter 10. Redundant Server Deployments

This section describes the two types of redundant server deployments available in ProVision.
In this chapter
Standby Server ......................................................................................................... 157
Redundancy Controller.............................................................................................. 157
Managing Standby Servers ....................................................................................... 157
Hot Standby Server Redundancy .............................................................................. 168
About the Redundancy Controller ............................................................................. 169
DCN Bandwidth and Latency for the Redundancy Controller .................................... 170
Normal Operation of Redundancy Controller ............................................................ 171
Using Both the Redundancy Controller and the Standby Server ............................... 183
Standby Server
The Standby Server provides the following capabilities:
• Warm standby server redundancy with manual failover.
• Active server database backed up to standby server at regular time interval, typically once per
day.
• Performance and configuration change data since the last backup is lost when the active
server fails. If backup is daily, hence up to a day's worth of data is lost.
• Both servers are active (although there are restrictions with standby server), enabling the
standby server to be used to support an increased number of Client sessions.
See the section Managing Standby Servers (on page 157) for related topics and instructions.
Redundancy Controller
The Redundancy Controller provides the following capabilities:
• Hot standby server redundancy with automated failover.
• Server databases synchronized in near-real-time through database replication process,
ensuring minimal loss of data when the main server fails.
• Only one of the servers is fully active at a given time, although switching occurs quickly to the
peer server when the main server fails.
• Redundancy Controller application license required.
See the section Hot Standby Server Redundancy (on page 168) for related topics and
instructions.
Warning: If you want to use both the Redundancy Controller and the Standby Server, the Standby
Server must be installed on a server that is separate from the two Redundancy Controller servers.
Managing Standby Servers

The Standby Server provides the following capabilities:
• Warm standby server redundancy with manual failover.
• Active server database backed up to standby server at regular time interval, typically once per
day.
• Performance and configuration change data since the last backup is lost when the active
server fails. If backup is daily, hence up to a day’s worth of data is lost.

• Both servers are active (although there are restrictions with standby server), enabling the
standby server to be used to support an increased number of Client sessions.
ProVision includes the functions to help manage standby servers.
About Primary and Standby servers .......................................................................... 158
Standby server configuration prerequisites ............................................................... 159
DCN bandwidth requirements for a Standby server .................................................. 159
Synchronizing Primary server and Standby server databases .................................. 160
Configuring server type as Primary ........................................................................... 161
Configuring server type as Standby .......................................................................... 161
Primary server failure: Activating a Standby server ................................................... 162
Primary server restoration ......................................................................................... 163
Primary server fails: Managing and restoring after failover ....................................... 165
About Primary and Standby servers

For ProVision, administrators have the option of configuring ProVision to have a Primary and a
Standby server. The two server types are:
• Primary - The ProVision server currently in use by operators. New devices are deployed,
network changes are implemented, and performance data is collected.
• Standby - A ProVision server held on standby as an operations backup for the Primary
server. Because the Standby server is not in daily use, certain functions are disabled, as
noted below.
Primary and Standby server requirements
• When a ProVision server is switched from Primary to Standby mode or from Standby to
Primary mode all users should log off or have their user session terminated using "Session
Manager". This ensures that the ProVision client display correctly reflects ProVision server
mode.
• There is only one Primary and one Standby server per network.
• Both Primary and standby servers need to use either IPv4 addresses, or both should have
ProVision servers with IPv6 addresses.
Warning: When Primary and Standby servers use IPv6 addresses, ProVision client to Standby
server must not be connected using the Primary ProVision server machine and vice versa. Doing so
will break RMI connectivity and affect the functionality of the Primary and Standby servers.
• If Windows operating systems are used, both the Primary and Standby server must use the
same version for Windows, either 32 or 64 bit. For requirements, go to Standby Server
Configuration Prerequisites (on page 159).
• Do NOT use any Standby clients to deploy devices or change system or network
configuration.
• For examples of Primary and Standby networks, see Standby Server Deployment (on page
18).
Table 31: Enabled and Disabled Functions by Server Type
Function Primary server Standby server

NBI Enabled Disabled
Performance Data Collection Enabled Disabled
Event Collection Enabled Enabled
Ethernet OAM Enabled Disabled
Ethernet VLAN Enabled Disabled

NBI and performance data are still shown as enabled in the Standby clients, even though these
functions are disabled on the server.
Standby server configuration prerequisites

Each ProVision Standby server must have the ProVision installation configured with the following:
• ProVision License: The Standby server must be set up with the same license capability as
the Primary server that it is linked to. This includes NBI, node count, and other additional
licenses. See licensing ProVision (on page 67).
• Matching ProVision Versions: If your ProVision installation includes both Primary and
Standby servers, both types of server must have the same ProVision version of installed. If
Windows operating systems are used, it is recommended that both the Primary and Standby
server must use the same version for Windows, either 32 or 64 bit. If you upgrade one server,
you must upgrade the other server. Upgrade both your Primary and Standby servers at the
same time.
• DCN Bandwidth: Set the DCN bandwidth based on the server requirement. See DCN
bandwidth requirements for a Standby server (on page 159).
• Ports: Set the ports to match the Primary server's ports. See Changing SFTP/FTP Server
Port (on page 75) and Network Communication Ports for Firewalls (on page 23).
You also need to note the IP address or Host name of the Standby Server. This is used for:
Synchronizing Primary server and Standby server databases (on page 160).
Once you have set up the server with the license, DCN bandwidth, and SFTP/FTP ports, and noted
its IP address or Host name, you are ready to confirm it as the Standby Server. To configure the
Primary Server, see Configuring server type as Primary (on page 161).
Note: For information on installing a Standby Server, see Standby Server Installation and
Maintenance (on page 58).
Warning: If you want to use both the Redundancy Controller and the Standby Server, the Standby
Server must be installed on a server that is separate from the two Redundancy Controller servers.
DCN bandwidth requirements for a Standby server

Specific DCN bandwidths and open ports are required to support database synchronization
between the Primary Server and the Standby Server. (See Synchronizing Primary server and
Standby server databases (on page 160) for this procedure).
The DCN bandwidth intensive aspect of database synchronization occurs when the Primary Server
database backup file is transferred to the Standby Server. You need to provide enough DCN
bandwidth to minimize the transfer time.
Note: Database backup is transferred in a single compressed file, to minimize the burden on the
DCN.
DCN requirements
Because the required DCN bandwidth is based on the database backup file size and the time to
perform the transfer, we recommend the following bandwidths for different size network
deployments.

Compressed Deployment with 15 min. Ethernet Max. Min. DCN

database file performance data collection transfer time bandwidth
size Enabled Disabled
>1GB 2,000+ devices 2,000+ devices 10+ minutes 15 Mbit/s
500MB - 1GB 1,000+ devices 2,000+ devices 10 minutes 15 Mbit/s
100MB - 500+ devices 1,000+ devices 10 minutes 8 Mbit/s
500MB
<100MB <200 devices 500+ devices 10 minutes 2 Mbit/s
The database backup compressed file (transit.zip) is saved to the directory
ProVisionserver/mysql/backup or ProVisionServer\pgsql\backup on the Primary Server.
Synchronizing Primary server and Standby server databases

Synchronizing a backup of ProVision sets up a Primary Server to forward database backups to the
Standby Server. Once this is set up, every time the Primary Server runs a backup, the backup files
are forwarded via SFTP/FTP to the linked Standby Server. The Standby Server then automatically
unpacks and installs the backup file. This ensures that the Standby Server is ready to be used at
any time, with the most recently backed up database.
Note: To enable this, see Configuring server type as Primary (on page 161).
This section describes what happens when backup files are transferred from the Primary server to
the Standby server. It also notes what happens when the transfer process fails.
Normal transfer process
The normal transfer process is as follows:
Step Action
1 The Primary Server saves its scheduled backup. The backup file is zipped into a file named
transit.zip and saved to the location ProVisionServer/mysql/backup or
ProVisionServer\pgsql\backup.
2 The Primary Server starts to send the transit.zip file. An event showing that the backup
transfer is in progress is displayed:
3 The transit.zip file is transferred to the Standby Server.

4 Once the transfer is complete, this event is cleared automatically.
5 The Standby Server automatically unzips the file.
6 When that is complete, the Primary Server sends a resync command to the Standby
Server.
7 The Standby Server is stopped. Active Client sessions on the Standby Server are closed.
8 The transferred database is restored, and the Standby server restarts. New Client sessions
can be opened on the Standby server.
Failed transfer process

If the database backup fails to transfer, an event is raised:
This event has to be cleared by the operator.

If the transfer fails, examine the log files for both the Primary and Standby Server to identify the
cause of failure.
Caution: The Primary Server must have Scheduled Backup enabled. The frequency and type of
scheduled backup on the Primary Server determine when the database gets transferred to the
Standby Server. See Scheduled backup procedure (on page 142).
Caution: If you are synchronizing the Primary Server and the Standby Server by running a
manual backup, allow the manual backup to run completely. Do not run the manual backup a
second time: the Standby Server needs time to process the first manual backup and its related
restarts.
Note: The minimum DCN bandwidth must be available between Primary and Standby servers.
See DCN bandwidth and port requirements for a Standby server (on page 159).
Configuring server type as Primary

You need to identify servers as either Primary or Standby. These instructions describe how to set
up the Primary server.
Step Action
1 Start with the ProVision user interface on the Primary server.
2 Set up Scheduled Backup (Scheduled Backup Procedure (on page 142)).
3 From the menu bar, select Administration > Server Redundancy. The Server
Redundancy window is displayed. It should show the System Type as Primary.
4 Select the Enable Backup to Standby checkbox.

5 In the Standby Server field, enter the IP address for the Standby Server.
6 Click OK.
7 The server is now set up as the Primary Server. It will now send all backups to the Standby
Server.
Note: See also Synchronizing Primary server and Standby server databases (on page 160).
Configuring server type as Standby

You need to identify servers as either Primary or Standby. These instructions describe how to set
up the Standby server.
Step Action
1 Start with the ProVision user interface on the server that you are configuring.
Redundancy window is displayed. It should show the System Type assigned to the server.

Step Action
3 To change the System Type, select the Standby option.
4 Click OK.
5 The server is reconfigured as the Standby server. In the lower left corner of the ProVision
Client interface, text appears indicating that this is the Standby server.
Note: When you set a server to be a Standby server, in the Server Redundancy window, the
Enable Backup to Standby and Standby Server values are grayed out. These are only enabled
for a Primary Server.
Primary server failure: Activating a Standby server

If the Primary server fails, the Standby server needs to become the temporary Primary server.
When you do change the server status from Standby to Primary, all of its disabled functions come
on line, and the Standby server takes over as the temporary Primary server.
Note: The Standby server uses data from the most recent backup. Note that performance data or
system changes may be missing, based on how frequently backups are scheduled.
Step Action
1 Start with the ProVision user interface on the Standby server.
Redundancy window is displayed. It should show the System Type as Standby.
3 Select the System Type option Primary. Clear the Enable Backup to Standby checkbox.
Then, click OK.

Step Action
4 The Standby server is reconfigured as the temporary Primary server. This process takes
approximately 15 seconds. When this happens, any disabled functions, such as
performance data collection and NBI, are fully enabled.
5 Review the server configuration, and make changes as required.
Note: When the Standby server is activated, the following settings are the same as
those of the Primary server.
• Server IP address under Configuration > Software loading preferences
• Database backup location under Administration > Database Backup > Backup
Preferences.
• For software loading and database backup to work correctly, these settings need
to be updated.
• See ProVision User Guide, Deploying and Managing Devices,
Loading/Activating New Software and Licenses, Part A: Register the
software onto the server to reconfigure server settings.
• See Set backup preferences (on page 141) to reconfigure Backup location
settings.
6 Operate the system in this new configuration until you are ready to restore the long-term l
Primary server. See Primary server restoration (on page 163).
Primary server restoration

Once a problem requiring use of the Standby server is resolved, you need to restore the Primary
server as your center of system operation. You also need to decide when and how to restore the
servers to their original roles. There are two options:
• Simple Restoration - If the Primary Server has only been out of use for a few hours, or
switched off, restart the Primary Server and switch the other server back to Standby mode.
• Database Restoration - If the Primary Server has been off line for a day or longer, you can
update its database from the Standby Server.

This graphic shows the differences between normal operation, operation when the primary server is
down, and the database restoration process.
Establishing Primary and Standby servers

Step Action
1 Clearly identify which server is the long-term Primary server, and which server is the
long-term Standby server. Obtain both of their IP addresses for reference.
2 Start with the ProVision user interface on the server in use as the temporary Primary server.
3 From the menu bar, select Administration > Redundancy Configuration. The
Redundancy Configuration window is displayed. First, select the Enable Backup to
Standby checkbox. Then, enter the Standby Server field IP address; this should match the
server that you use for the long-term Primary server.
4 Go to the long-term Primary server. In the Redundancy Configuration window, change the
System Type to Standby. This is now a temporary Standby server.
5 On the server being used as the temporary Primary server, run a manual backup. This is
saved to both the temporary Primary server and the temporary Standby server.
6 The temporary Standby server restarts after receiving the backup. When the temporary
Standby server has restarted, open one of its clients.
7 Go to the temporary Primary server. In the Redundancy Configuration window, change the
System Type to Standby.
8 Go to the temporary Standby server. The Redundancy Configuration window should show
the System Type as Standby.

Step Action
9 Select the System Type option Primary. Select the Enable Backup to Standby checkbox,
and enter the Standby Server IP address.
10 This server is reconfigured as the Primary server. When this happens, any disabled
functions, such as performance data collection and NBI, are fully enabled.
11 In the Redundancy Configuration window, change the Standby Server IP address back to
the long-term Standby server.
Primary server fails: Managing and restoring after failover

If the ProVision Primary server fails, users are alerted with alarms.
Checking for "Primary Server Is Unavailable" alarm
If the Primary server is unavailable:
• The Standby server will display an alarm saying that the Primary server is unavailable in the
Event Browser window.
• The Standby server will also send an Email / SMS with the same alarm:
Enabling Standby server as temporary Primary server

When the Primary Server is unavailable, an administrator needs to enable the Standby Server, as
shown:
Follow these steps todo this.
Step Action
1 Log in to the Standby server.

Step Action
2 In ProVision, select Administration > Server Redundancy. Change the System Type to
Primary. Do not select the Enable Backup to standby checkbox at this point.
3 The Standby server is now functioning as the Primary server. It will start sending
Emails/SMS when alarms are received and/or cleared.
Restoring the Primary server

When the Primary server is back in service, we need to Transfer all the database from the
temporarily Main server to the original Main server.
Step Action
1 Log back in to the Primary Server, which has been off line. Open ProVision. Configure it as
the Standby server in the Administration > Server Redundancy screen, as shown below.
Also, note the IP address of this server.

Step Action
2 Log back in to the temporary Primary server/former Standby server. In the Administrator >
Server Redundancy screen, select the Enable Backup to Standby checkbox, and enter
the IP address of the desired Primary Server from step 1.
3 Go to Administration > Database Backup > Manual Backup and run a manual backup.
This will back up all the alarms, including the newer ones that came to the system while the
Primary server was off line.
4 When the manual backup finishes, it will be transferred to the other server.
5 Log in again to the Primary server and verify that the newer alarms are appearing.

Step Action
6 Re-configure this as the Primary server.
7 Re-configure the other server as the Standby server.
Hot Standby Server Redundancy

The ProVision Redundancy Controller is a separate software module that enables standby server
management of your ProVision network.
The Redundancy Controller provides the following capabilities:
• Hot standby server redundancy with automated failover.
• Server databases synchronized in near-real-time through database replication process,
ensuring minimal loss of data when the main server fails.
• Only one of the servers is fully active at a given time, although switching occurs quickly to the
peer server when the main server fails.
With the Redundancy Controller, setting up your ProVision redundancy and servers is simple. Log
in and enter your server values into the Status, Configuration, and Security screen. For
configuration and setup details, see the following topics:
• About the Redundancy Controller (on page 169)
• DCN Bandwidth and Latency for the Redundancy Controller (on page 170)
• Normal Operation of Redundancy Controller (on page 171)
• Logging in to the Redundancy Controller (on page 171)
• Redundancy Controller status (on page 172)
• Redundancy Controller configuration (on page 175)
• Redundancy Controller security (on page 177)
• Troubleshooting the Redundancy Controller (on page 179)
See also Installing and Uninstalling the ProVision Redundancy Controller (on page 59)

Note: The Redundancy Controller is a licensed feature. If you operate the Redundancy Controller
with an expired trial license, the functionality is enabled, but it does not accept Client connect ions.
Please contact your sales representative about the Redundancy Controller license.
About the Redundancy Controller

The Redundancy Controller provides automatic failover ability so that when a problem occurs with
the Active Main Server (or there is a network outage), the Dormant Server will automatically
become the currently Active Main Server. In a failover scenario, ProVision Clients will have to be
manually switched to the New Active Main Server.
The Redundancy Controller consists of two identical server machines. The two servers can be
located at different sites. The two servers are:
• Active Main Server – The ProVision server currently in use by ProVision Clients. New
devices are deployed, network changes are implemented, and performance data is collected.
• Dormant Server – A server currently replicating data from the Active Main Server in near real
time. This server will automatically become the new Active Main Server should the existing
Active Main Server suffer a power loss or a network outage.
The Active Main and Dormant Servers host their own web servers on port 9080. They are
configured and monitored using the Redundancy Controller software, via a web browser interface.
When the Redundancy Controller Installer software is first installed on each of these servers they
must be configured to act as the Active Main Server and Dormant Server. See Installing and
Uninstalling the ProVision Redundancy Controller (on page 59).
Table 32: The table below shows the Functions by Server Type.
Active Main Server Dormant Server (ProVision

(ProVision enabled) disabled)
Performance Data Enabled Replicated in real time.
Collection Resynchronized on startup
Event Collection Enabled Replicated in real time.
Resynchronized on startup
NBI, backup, Generic Enabled Resynchronized daily on the
Device Packages, hour and on startup
software, repository
licenses, maps
Whenever there is a change to the ProVision on the Active Main Server, that change is replicated to
the Dormant Server in near real time.
The dataset (either the ProVision database or External files) is copied from the Active Main Server
to the Dormant Server. This happens when the Dormant Server is started normally or when there is
a failover event. Data external to the database is synchronized every 24 hours at a configurable
time of day.
Note:
• ProVision clients can only connect to the Active Main Server. It is not possible to connect to
a Dormant Server.
• There is only one Active Main Server and one Dormant Server per network.
Configuration prerequisites
• The Redundancy Controller needs to be installed on both the Active Main Server and Dormant
Server. See Installing and Uninstalling the ProVision Redundancy Controller (on page
59).
• The Active Server and the Dormant Server each must be set up with the same:
o ProVision versions.

o License capabilities. This includes Redundancy, NBI, node code, and other additional
licenses. See Licensing ProVision (on page 67).
o DCN bandwidth and latency. See DCN Bandwidth and Latency for the Redundancy
Controller (on page 170).
o Ports. See Network communication ports for firewalls (on page 23).
DCN Bandwidth and Latency for the Redundancy Controller

For the Redundancy Controller, database and file synchronization between the Active and Dormant
servers requires specific DCN bandwidths and latency. The systems require enough DCN
bandwidth and latency to optimize the amount of time required for database and file
resynchronization.
DCN requirements
The required DCN bandwidth and latency is dependent on the size of the ProVision database, and
the size of the external database files. Latency is the main factor in minimizing the transfer times. If
the latency time between the Main Active Server and the Dormant Server is high this significantly
increases the transfer times.
The table below details the time required for the Database and external files to fully resynchronize
between the Active and Dormant servers using the specified bandwidth and latency criteria. These
times were recorded using an uncompressed database of 2.5 GB (2000+ devices) and
uncompressed external files of 0.8 GB (40000+ external files).
DCN Latency Database External file Effective

bandwidth (ms) synchronization time + synchronization bandwidth
(Mbps) catchup time (mins) time (mins) (Mbps)
10 0 30 10 9
10 10 40 15 7
10 100 200 30 1
20 0 20 7 18
20 10 30 10 9
20 100 200 25 1
Note:
• Database Synchronization Time = amount of time required for the Dormant Server to
transfer and load into its database a copy of the Active Main Servers database.
• External File Synchronization Time = amount of time required for the Dormant Server to
transfer a copy of the Active Main Servers external files.
• Catchup Time = amount of time required for the Dormant Server, once it has transferred
and loaded the Active Servers Database, to catchup and replicate any database changes
that have since occurred on the Active Main Server during this transfer.
• Effective Bandwidth = actual bandwidth calculated to transfer the database from the
Active Server to the Dormant Server under latency.
• The transfer times are also inclusive of local processing times, which include factors such
as compressing and uncompressing files, as well as time required to transfer across the
network.

Normal Operation of Redundancy Controller

Under normal operation, minimal supervision of the Active Main Server and Dormant Server is
required. Normal operation is shown in this diagram and defined below:
• ProVision is running on the Active Main Server collecting performance data. ProVision Clients
connect to the Active Main Server. ProVision Clients cannot connect to a Dormant Server.
• All database information from the ProVision Active Main Server is replicated to the Dormant
Server in near real time. All external database information such as NBI is synchronized to the
Dormant Server daily at a scheduled time.
• The Redundancy Controller software on both servers monitors for failover events. The
Dormant Server will failover to Active if there is a problem with the current Active Main Server.
In a failover event all existing clients will need to be manually reconnected to the New Active
Main Server.
• The Redundancy Controllers on both the Active Main Server and Dormant Server record
information in their log files. Also, certain events are sent out as SNMP traps. Details of the
SNMP trap destination can be configured on both servers.
Logging in to the Redundancy Controller .................................................................. 171
Redundancy Controller status ................................................................................... 172
Redundancy Controller configuration ........................................................................ 175
Redundancy Controller security ................................................................................ 177
Troubleshooting the Redundancy Controller ............................................................. 179
Logging in to the Redundancy Controller

Logging in to the Redundancy Controller via a web browser is simple.
Note: You must be an Administrator user to access the Redundancy Controller. If you require
access and do not have it, please check with your ProVision administrator.
Caution: The web browser interface must have Javascript enabled for you to use the
Redundancy Controller.
Warning: The Redundancy Controller interface is not compatible with the web browser Internet
Explorer 9. We recommend Firefox or Internet Explorer 8.

Step Action
1 In the Start menu, click the ProVision Redundancy Controller link from the Redundancy
Controller menu.
The Redundancy Controller displays.
Note: You can also access the login screen by entering the URL of the Redundancy
Controller IP address or server name, https://<redundancy controller IP
address>:9080/rc. For example: https://pvwenz04:9080/rc.
2 Enter your user name and password. Click Login.
Redundancy Controller status

From the Redundancy Controller, Status tab, you can:
• Monitor and change the System State
• Switch the Active server to become the Dormant server
• Unlatch a Dormant Latched server
Figure 14: Redundancy Controller Screen - Status
Table 33: Status Screen Values
Item Value
System State
Local Status Status of the local server.
Peer Status Status of the remote peer server
Control

Item Value
Switch/Unlatch Click Switch to change the local server from Active to Dormant or vice versa. If
the peer server is Active you cannot switch the local server to Active, because
you cannot manually switch to two Active servers.
Note: When you click Switch, a message appears, asking you to confirm
the change. Click Yes to confirm.
Click Unlatch to move the local server out of the Dormant Latched state. This
button only becomes available when the local server is in the Dormant Latched
state.
Note: The Redundancy Controller provides a Web Brower Interface that can be accessed from
both Servers. If one Server displays “Local Status: Active Main Server” and Peer Status
“Dormant”, then the other server will display “Local Status: Dormant” and Peer Status “Active
Main Server”.
The table below describes a list of statuses (Local Status and Peer Status) that typically appear on
the status page in the Redundancy Controller Web Interface , followed by a second table that lists
all available statuses.

Table 34: Frequently Seen Status
Local status Peer status Description

Acquiring Peer Acquiring Peer Typically, the Servers have not been configured within
HeartBeat HeartBeat correct Peer IP addresses so they cannot communicate
with each other.
Active Main Server Active Main Server This state is not allowed under normal operation but
can occur when there is a communication loss between
Active and Dormant, causing both servers to become
Active. As soon as the communication is restored and
the servers can communicate with each other, the Most
recent Active Main Server will automatically go back to
being in Dormant State, and resynchronize with the
Active server again.
Active Main Server Dormant Normal operation – The Active and Dormant Servers
are in sync and the Active is replicating to the Dormant.
ProVision Server is running on the Active and Clients
can connect to this Server.
Dormant Latched Dormant Latched This is typically seen after an installation of the
Redundancy Controller system - Both Servers will be in
Dormant Latched. ProVision Server is not running. The
Administrator needs to perform a switch on the correct
Server to Make it Active. Then, the Administrator will
need to unlatch the other dormant server so that it goes
into Dormant State so that the Servers are running in
normal operation
Resynchronizing Resynchronizing The Active Server and Dormant Server are
Dormant Server resynchronizing the ProVision Server database from
Active to Dormant. This occurs each time the Dormant
Redundancy Controller is started either manually or
automatically on an error condition.
Resynchronizing Resynchronizing The Active Server and Dormant Server are
Files with Dormant Files resynchronizing the external files from Active to
Server Dormant. This occurs each time the Dormant Server is
started either manually or automatically on an error
condition. It also occurs daily as configured in the Web
Browser on the Dormant Server (See File
Synchronization Hour on the Configuration tab)
Table 35: All Available Redundancy Controller Statuses:
Status Description
Acquiring Peer Heartbeat The Redundancy Controller is monitoring its Peer to check its status
Active Main Server The Active Redundancy Controller is currently replicating and providing
redundancy. ProVision Server is running and ProVision Clients can be
connected to this Server.
Active Server Failing The Active Redundancy Controller has detected a self fail condition and
will restart. It will restart in either Dormant Latched or Dormant
(depending on whether it is configured with Dormant Latched checked).
Dormant The Dormant Redundancy Controller is currently replicating any changes
on the Active ProVision Server system.
Dormant Latched The Redundancy Controller has started but is in a Latched state. This
means there is no replication of data between itself and its Peer. It also
means automatic failover is currently disabled. When in Dormant
Latched State the Redundancy Controller can be Unlatched into
Dormant State by Unlatching it in the Redundancy Controller Web
Browser Interface .

Status Description
Failing Over The Dormant Redundancy Controller has lost communication with its
Peer. If this loss in communication continues for longer than the failover
window then the Dormant Redundancy Controller will automatically
switch to the Active Redundancy Controller
Initialization The Redundancy controller is starting up and initializing
Resynchronizing The Dormant Redundancy Controller is currently Resynchronizing with
the Active Redundancy Controller to ensure the Dormant Server is up to
date with the Active Servers ProVision database.
Resynchronizing The Active Redundancy Controller has received a request from the
Dormant Server Dormant Redundancy Controller and is resynchronizing the ProVision
Server database.
Resynchronizing Files The Dormant Redundancy Controller is currently Resynchronizing with
the Active Redundancy Controller to ensure the Dormant Server is up to
date with the Active Servers ProVision external files.
Resynchronizing Files The Active Redundancy Controller has received a request from the
With Dormant Server Dormant Redundancy Controller and is resynchronizing the ProVision
Server external files.
Server Not Licensed The Redundancy Controller is not licensed on this Server. No Replication
or Redundancy is enabled in this state. Redundancy is a Licensed
Feature of the server.
Starting Up Active The Redundancy Controller is starting up as the Active Server.
Unknown State The Redundancy Controller is unable to communicate with its Peer and
therefore its Peer State is Unknown. Check in the Redundancy
Controller Web Browser Interface that the Peer IP address is correct.
See also:
Redundancy Controller configuration

From the Redundancy Controller, Configuration tab, you can:
• Enter the Peer Server IP values to pair the local server with its remote peer server
• Set up file synchronization frequencies
• Set up failover times and heartbeat timeout
• Set up trap destinations
• Set up the server to enter the Dormant Latched state when applicable

Figure 15: Redundancy Controller Screen - Configuration
Item Value
System
Peer IP Address IP address of the peer server.
Peer SFTP/FTP Port SFTP/FTP port of the peer server.
File Synchronization Hour Files are synchronized between the local and peer servers once per day
at this hour. Enter a value between 0 and 23.
Server Latched Check this to configure the server for entering into the "Dormant
Latched" state when it is transferring from the Active state.
Failover
Heartbeat Timeout If the heartbeat synchronization fails, the timeout is the period of time in
seconds between retries. The default value is 5 seconds and the range
can be from 5 to 20 seconds. This value should be the same on the
peer.
Note: We recommend using the default timeout.

Item Value
Heartbeat Retries If the heartbeat synchronization fails, the retry is the number of times
synchronization is attempted again. This value must be the same on the
new peer. The default value is 5 retries and the range can be from 4 to
10 retries.
Note: We recommend using the default retries.
The failover window is defined in seconds by (heartbeat timeout *

heartbeat retries). If no heartbeat is received by the dormant system
during this window the dormant system will failover and become the
active system automatically so this range can be from 20 seconds to
200 seconds.
Trap Destinations
Trap IP Address IP address for trap listener, e.g. third party NMS system.
Trap Port Port for trap listener. Default is 162.
The ProVision Redundancy Controller can forward SNMP traps indicating Redundancy Controller
status to a third party NMS system in the same format as ProVision event forwarding NBI.
The SNMP trap format used is the same format is Event NBI SNMPv1 traps and uses MIB
STXN-PV-V1-TRAPS-MIB (MIBS for Event NBI can be located with release files and also in
ProVisionServer\mibs directory). Refer to ProVision NBI System Integration Guide section
Event-Forwarding NBI SNMP Traps Northbound SNMPv1 Trap for information about SNMPv1
traps.
An Excel spreadsheet, ProVision Redundancy Controller SNMP Alarm List.xlsx, containing a
list of possible Redundancy Controller SNMP Alarms, is included with release files in
System_Integration Directory.
See also:
Redundancy Controller security

From the Redundancy Controller, Security tab, you can:
• Change the Administrator password.
• Configure login authentication to use Primary and Secondary Radius servers, instead of local
authentication.
• Click the Apply button at the bottom of the screen to save these changes.

Figure 16: Redundancy Controller Screen - Security
Item Value
Security
Password Change the password for the Administrator user.
Confirm Password Confirm the changed password for the Administrator user.
Radius Server
Checkbox Link the Redundancy Controller to the Radius server by selecting this
checkbox.
Shared Secret Enter the "shared secret" password for the Radius server.
Confirm Shared Confirm the "shared secret" password for the Radius server.
Secret
Primary Radius Enter the following values for the primary Radius server:
• Server IP address
Secondary Radius Enter the following values for the secondary Radius server:
• Select the checkbox to enable this server if required
• Server IP address
See also:

Troubleshooting the Redundancy Controller

This section describes how to resolve problems that may occur with the Redundancy Controller.
Dormant server power loss or shutdown ................................................................... 179
Active server power loss or shutdown ....................................................................... 180
Network communication failure between Active and Dormant servers ...................... 181
Dormant server power loss or shutdown

The Active server can no longer replicate data to the Dormant server.
The Redundancy Controller Web Browser Interface on the Active Server will show a status of:
• Local Status: Active Main Server
• Peer Status: Unknown State
Impact
• Minimal Impact while the Dormant server is off line.
• No Redundancy or Replication available until the Dormant server is back on line.
• No outage as ProVision is monitoring the Network on the Active server.
• Client sessions will still be connected to the Active server.
Recovery actions
When the Dormant server is back on line, it will automatically start resynchronizing with the Active
Server and provide redundancy and replication.
Log in to the Redundancy Controller Web Browser Interface on the Active server and ensure it
shows a status of:
• Peer Status: Dormant
The system is now back to normal operation. See Normal Operation of Redundancy Controller
(on page 171).

Active server power loss or shutdown

The Active server has a power loss or shuts down, losing data transmission to both the Clients and
the Dormant server.
After the failover window time elapses, the Dormant server fails over to become the new temporary
Active server.
The Redundancy Controller Web Browser Interface on the new temporary Active server will show a
status of:
Impact
• Outage of ProVision server until the Dormant server becomes the new temporary Active
server.
• Client Sessions will become disconnected.
• The time of outage is dependent on two factors:
o the time taken for Dormant server to failover (failover window).

o the time taken for the Dormant server to start up as the new temporary Active Server.
The time taken for the Dormant server to start up as the new temporary Active server is dependent
on the size of the database and the specification of the server machine.
This outage is typically less than 2.5 minutes in which there will be a loss in the collection of
Performance data and events.
Recovery actions
Clients will be disconnected and will need to be reconnected to the new temporary Active server ,
once it has started up.
When the Original Active Server is back on line it will start resynchronizing with the new temporary
Active server , and becomes the new Dormant server.
Log in to the Redundancy Controller Web Browser Interface on the new Dormant server and ensure
it shows a status of:
• Local Status: Dormant
• Peer Status: Active Main Server
The system is now back to normal operation but has switched from the original configuration. The
initial Active server is now the new Dormant server and the initial Dormant server is now the new
Active server.
The administrator needs to decide when to switch back to the original configuration. (This process
requires another service outage, as already described).
To do this:
Log in to the Redundancy Controller Web Browser Interface on the new Active server and click the
Switch button. This will restore the system back to its original state. Ensure the Browser Interface
shows a status of:
• Local Status: Dormant
• Peer Status: Active Main Server
The system is now back to normal operation. See Normal Operation of Redundancy Controller
(on page 171).
Network communication failure between Active and Dormant servers
Because of a loss in communication there are two Active ProVision Systems trying to monitor and
collect data from the Network.

The Dormant server fails over to become the new temporary Active server.
The Redundancy Controller Web Browser Interface on the new temporary Active server will show a
status of:
The Redundancy Controller Web Browser Interface on the original Active server will show a status
of:
Impact
• There should be no loss in the collection of Performance data and Events, unless connectivity
is lost with the Radio network.
• Client Sessions should still be connected unless they lose connection with the server.
• Any data that was collected by the most New Active Server, but not collected by the original
Active server , during this loss in communication, will be lost.
Recovery actions
When the network communication is restored, the new Active server automatically goes back into
the dormant state whereby it will start resynchronizing again with the original Active server.
Log in to the Redundancy Controller Web Browser Interface on the original Active server and
ensure it shows a status of:
• Peer Status: Dormant
The system returns to normal operation. See Normal Operation of Redundancy Controller (on
page 171).

Using Both the Redundancy Controller and the Standby Server

If required, networks can be configured to use both the ProVision Redundancy Controller system
and the Standby server system. When both are deployed together, this provides the most effective
data redundancy and recoverability solution.
Requirements
• Three servers are required: two for the Redundancy Controller system and one for the
Standby server system.
• The Standby server system must be installed on its own separate server. The ProVision
Redundancy Controller system must not be installed on this server.
This diagram shows a sample configuration with the three servers in place:

Generic Device Management
Chapter 11. Generic Device Management

This chapter covers management of generic devices and packages.
Caution: These functions are for administration-level users with advanced event management
system skills. Users must be able to generate device events, access device MIBs, and possibly
communicate with device manufacturers.
Note: Previously installed GDS Ethernet devices can be discovered using Network
auto-discovery for devices: see ProVision User Guide.
Note: Provides consulting services for Generic Device integration. Please contact your Aviat
Networks sales and support staff for more information.
In this chapter
Managing Generic Devices and Packages................................................................ 185
Adding a New Package ............................................................................................. 187
Re-assigning a Package to a Generic Device ........................................................... 188
Editing Package Information and Events................................................................... 189
Launching Generic Device Windows Applications from ProVision ............................ 221
Managing Generic Devices and Packages

This section covers managing generic devices and packages.
About Generic Device Support (GDS) ....................................................................... 185
About GDS packages ................................................................................................ 186
Recommendations .................................................................................................... 186
Limitations ................................................................................................................. 186
About Generic Device Support (GDS)

In ProVision, a “generic device” is an object that you deploy and configure. Some objects, such as
Eclipse and TRuepoint radios, have their configurations pre-defined in ProVision. The Generic
Device object allows you to deploy a device that has not had its configuration pre-defined in
ProVision.
There are two levels of Generic Device management. The first is deploying a generic device, as
described in the ProVision User Guide. After a device is deployed, an administrator-level user
needs to set up the events for the Generic Device. This is done at the second level of Generic
Device management, Package-level management. Package-level management enables event
collection and management for SNMP devices. In ProVision, these SNMP devices are categorized
as:
• Multiplexers
• Routers
• Switches
• Microwave Radios
• Power Supplies
• Site Alarm Units
• Base Stations
• Other ancillary equipment that provides an SNMP interface
About GDS packages

A GDS package enables ProVision to capture and collect alarms/events and performance data from
a managed device type that supports the SNMP protocol. It contains the information needed to
extract the alarms/events and performance data from the device’s Management Information Base
(MIB) using the SNMP protocol. Once a GDS package has been loaded, multiple devices of the
type supported by the package, can then be deployed and managed using ProVision’s standard
fault and performance management capabilities.
Aviat Networks has developed GDS package support for many telecommunication devices that are
often deployed in microwave networks. These packages are available for purchase. Aviat can also
develop GDS packages for customers on request.
A third option is that the customer or their system integrator can develop GDS packages, using the
instructions provided in this documentation.
To see a list of existing GDS packages available for purchase, see the ProVision User Guide or
contact Aviat Networks Technical Support.
Note: Generic Device management at the package level is licensed as part of the standard
ProVision license.
The step-by-step process for assigning events to a package is as follows:
Step Action
1 Make sure that all generic devices are correctly assigned to the package (see
Re-Assigning a Package to a Generic Device (on page 188)).
2 Using the MIB data for the devices and test devices, generate events against the devices.
OR, import the MIB data directly (see Importing trap mapping from a MIB file (on page
207)).
3 Use the Trap Mapping function and the event data to generate event records in ProVision
for the devices in the package (see Setting trap mapping to identify package events (on
page 195)).
4 If necessary, create any Match Rules for grouping events, or acknowledging different types
of events (see Setting matching rules for trap mapping (on page 209)).
5 If necessary, create any custom events that are required for the package (see Creating
custom events for packages (on page 215)).
6 Configure the resynchronization alarm events for the package (see Configuring generic
device resynchronization alarms (on page 214)).
Once this process is complete, ProVision can identify and record these events for all Generic
Devices assigned to the Package.
You will also want to enable generic device craft tools for the fully enabled devices. See Launching
Generic Device Windows Applications from ProVision (on page 221).
Recommendations
Configuring events for packages, to apply to generic devices, takes time. Here are some
suggestions to help you save time as you enter and manage this data:
• Use the MIB files for devices as a reference and a source of event data.
• Set up major events first, using the Trap Mapping or MIB Import functions.
• You can load some data against a generic device from a two-column .CSV file. This is helpful
to create detailed trap mappings from device data, such as a device alarm list.
Limitations
Events from generic devices cannot be pre-filtered.
The NBI number for generic devices defaults to zero. As a result, no different type numbers are
identified in NBI output.
When the Generic Device Management screen is open, you can only open new screens from the
Generic Device Management screen. If you want to perform additional system maintenance, or view
event browsers, open another ProVision client.
Note: After you have fully configured a generic device and/or a package, all the event and
configuration information is saved when the ProVision database is backed up, or when the user
exports the package configuration. Users can import the package configuration into another
installation of ProVision and benefit from this saved configuration.
GDS packages from Aviat Networks should never be edited. Editing them may invalidate your
service agreement. For more details, see Loading a generic device service package (on page
191).
Adding a New Package

This procedure describes how to add a new package that you will be able to edit. To load a GDS
Service Package provided by Aviat Networks, see Loading a generic device service package (on
page 191).
Step Action
1 Log in as an Administrator.
2 In the Administration menu, select Generic Device Management.
The Generic Device Management screen displays.
3 To add a new package, click Add.
The Add Package screen displays.
4 Select the Object Class for the package from the drop-down menu. The package will be
available to any new objects in the selected object class.
5 In the Package Name field, enter the name for the package. Then, click OK.
6 The package displays in the Generic Device Management screen. Note that this screen
shows the versions of currently loaded packages. The Object Class, Package name, and
Version are automatically displayed. An icon displays whether the package is available on
an accessible disk, or whether it has been deleted (exclamation point icon).

Step Action
7 You can now:

• Assign the Package to new Generic Devices of that object class
• Modify the Package by Editing Package Information and Events (on page 189)
including:
o Entering a description for a package (on page 194)
o Setting trap mapping to identify package events (on page 195)
o Creating custom events for packages (on page 215)
o Import and export package data (XML files) (on page 190)
o Importing trap mapping from a MIB file (on page 207)
o Importing trap mapping from a CSV file (on page 208)
.
Re-assigning a Package to a Generic Device

When a user creates a generic device, they are prompted to add or select a Support Package
name. Linking a generic device to a Support Package provides ProVision with the logic to translate
Traps and polled MIB objects into events in the ProVision events database.
Users can change the package linked to a generic device. They can also add a package to a
generic device that did not receive a package when it was created.
Step Action
1 In the Tree Viewer or Map View, right-click on the generic device that you want to edit.
Note: You can select multiple generic devices that belong to the same Class.
2 In the right-click menu, select Configuration. Then, select Object Package Selection.
The Object Package Selection screen displays.

Step Action
3 From the Package drop-down menu, select the package for the generic device. Then, click
OK.
The changes are saved for the device.
Editing Package Information and Events

For generic devices, you edit device information and events from the Edit Device Package screen.
Information entered here is applied to all devices in a Package.
From this screen, you can carry out the following actions listed in this section to customize a
Package for Generic Devices.
See also:
• Trap mapping example (on page 199)
• Match rules example: multiple trap types (on page 211)
• Resynchronization and custom events example (on page 217)
Note: To duplicate an existing package for editing, use the Save As button in the main Edit
Device Package screen. Packages for similar devices may have only minor differences.

Import and export package data (XML files) .............................................................. 190
Loading a generic device service package................................................................ 191
Renaming a package ................................................................................................ 193
Entering a description for a package ......................................................................... 194
Setting trap mapping to identify package events ....................................................... 195
Managing imported MIBs .......................................................................................... 205
Importing trap mapping from a MIB file ..................................................................... 207
Importing trap mapping from a CSV file .................................................................... 208
Setting matching rules for trap mapping .................................................................... 209
Severity resync functions .......................................................................................... 214
Configuring generic device resynchronization alarms ............................................... 214
Creating custom events for packages ....................................................................... 215
Customizing maximum capacity and RF bins ............................................................ 219

Import and export package data (XML files)

You can import and export Package data from ProVision. The package data file is an XML (.xml)
file.
Using these imports and exports, you can:
• Move package data between different ProVision installations
• Send package data to Aviat Networks technical support
Step Action
1 In the Tree Viewer or Map View, select the generic device to edit.
2 In the Administration menu, select Generic Device Management. Select and double-click
a package. The Edit Device Package screen displays.
3 To import an XML package, click Import.
4 An Open screen displays, prompting you to select a file to import. Select it and click Open.
The selected file is imported.

5 To export an XML file for a package, click Export.

Step Action
6 A Save screen displays, prompting you to enter a file name and folder location for the file.
Enter this information and click Save.
The package data is exported to the file.
Loading a generic device service package

Aviat Networks can provide Generic Device Service (GDS) packages. These are pre-formatted XML
or PKG files of data for specific Generic Device types. You can purchase these from with a features
license (contact your sales representative). This procedure describes how to download and install
these packages.
Caution: Do not rename or edit a GDS package from ProVision. Some of these packages are in
a file type, PKG, that cannot be edited; others are in editable XML.
Step Action
1 Log in to ProVision as an Administrator.
3 To import a GDS XML or PKG package from ProVision, click Load.

Step Action
4 The Open screen displays, prompting you to select a file to import. Navigate to the file folder
that has the GDS package. Select it and click Open.
The selected package is loaded.

5 It displays in the Packages tab. The Object Class, Package name, and Version are
automatically displayed. An icon displays whether the package is available on an accessible
disk, or whether it has been deleted (exclamation point icon).

Renaming a package
If you have created a package, you can rename that package. The name change is applied to all
devices assigned to the package.
Package names can be up to 200 characters in length.
Caution: Do not rename or edit any GDS package from Aviat Networks. Some of these packages
are in a file format that cannot be edited; others are in editable .XML.
Step Action
2 In the Administration menu, select Generic Device Management. The screen displays.
3 Select the package that you want to rename, and click Rename Package.
4 ProVision prompts you to confirm that you want to rename the package. Click Yes.
5 The rename screen displays.
Enter the New Package Name, then click OK.

The package is renamed.

Entering a description for a package

You can enter a detailed description for a generic device package. The description should include
what the Package is for and list the generic device types it includes.
Step Action
3 Select the package that you want to edit, and click Edit Device Package.
The Edit Device Package screen displays.
4 Go to the Information tab. In the Description field, enter the description.
5 Click OK, or go to another tab to make further changes. The description is applied to all
devices in this package.

Setting trap mapping to identify package events

An SNMP trap is an unsolicited message sent by the radio or other device to ProVision. Each trap
usually contains alarm or event information.
Trap mapping tells ProVision how to extract the event name, severity and state information from
each received alarm or event trap.
The user defines trap mapping for each of these three parameters by identifying the field or OID
and how to interpret the contents or values. A set of mapping tools, as described below, enable you
to define the mapping.
Prerequisites
To use the trap mapping, users need to generate traps. For this, the users supply their own
expertise about the generic devices. Work with test installations of the radios and devices to trigger
events for trap mapping. Use the device MIB as a reference.
You may want to review the Trap mapping example (on page 199).
Note: Aviat Networks provides consulting services for generic device integration. Contact your
local Aviat Networks sales and support staff for more information.
Trap mapping tools
The Trap Mapper tab contains the following areas:
• Received Traps - This displays a list of the most recently received traps for a selected
generic device.
• Trap Viewer - This shows the detailed values for a selected trap.
• Editor - This contains the trap editing tools and sections for Event Name, Severity, and State
data. Users click and drag data into an area to identify it and save it for ProVision. If data is
placed in an incorrect section, the section border is red, and the user cannot edit the data. A
green section border shows that the data is matched to the correct section and can be edited.

An example Trap Mapper tab, opened to the Mapping Rules tab, is shown below.
These are the trap mapping tools, and how they are used to edit traps.
• Substring: With this tool, a user selects part of the trap. Characters that are not selected are
removed. This only removes characters with absolute positions.
• Remove: Users enter text to be removed from a trap. This function searches for and removes
the text. Users can search for specific text or use any regular search expression, such as .*
Common text to remove includes time/date information and spacing dashes.

• Replace: Users can find and replace text in a trap. Again, users can apply this to specific text
or use the irregular search, ending with .*
• Trim: This function specifically removes padding characters from the beginning and end of a
trap. This is different from the Substring selection or the Remove function, because it removes
characters that have flexible positions. The Trim function only works for characters at the start
and end of a string.
• Append: Use this to add additional text and field values to a trap. Common data to add
includes card numbers and port numbers.
• Map: Adding the Map function to a trap enables you to assign OID values to a trap. The
values entered here are used by the trap to receive OID input and match it to an event name,
state, or severity.
• Trash: To delete an editing tool, click and drag it into the Trash.
Procedure
Follow these steps to set trap mapping.
Step Action
2 In the Administration menu, select Generic Device Management. The Edit Device
Package screen displays.
3 Go to the Trap Mapper tab and select the Mapping Rules tab.

Step Action
4 Check to see that events have been generated for devices in this package. If events are
available, they display in the Received Traps area. If there are no events in this area, click
the Refresh Traps button at bottom right of the area. Any received traps will display.
5 Select an event. The fields, OIDs, and values for the event display in the Trap Viewer area.
6 The selected trap is now ready to be edited.

7 First, locate and edit the Event.
• In the Selected Trap tab, click on the trap and drag it to the Editor area. A Value icon
displays, and the Output shows at the bottom of the frame.
• Use the Trap Mapping tools to edit the Output.
Normally, users apply these tools as required:
• Use Substring to select the significant portion of the string.
• Use Remove to delete unwanted text from the string.
• Use Trim to delete padding characters from the string.
• Use Replace and/or Append to edit the string.
• Add a Map icon to conclude the string.
Note: You can apply the Trap Mapping tools in any order; however, a Map icon must
always conclude the string.
Step Action
Warning: Never use punctuation marks in a Trap Mapping string. These include; : , ? !
and single quotes '. Using punctuation marks or other control characters may create
invalid commands and corrupt the database irreparably.
8 Next, locate and edit the Severity for the event.
• In the Selected Trap tab, click on a Value and drag it to the Severity frame. A Value icon
displays.
• The Mapping tool displays. Enter the Severity values from the MIB.
9 Finally, locate and edit the State for the event.
• In the Selected Trap tab, click on a State and drag it to the State frame. A Value icon
displays.
• The Mapping tool displays. Enter the Status values from the MIB.
Note: You can import some event string values from a .CSV file. See Importing Trap
Mapping from a .CSV File (on page 208).
10 Repeat steps 5- 9 to configure other events from the Trap Mapping.
11 Click Save. The events are now saved in ProVision. ProVision will now use the edited trap
mapping string to record this event in records.
Note: A completed Trap Mapping for an event must have Event Name, Severity, and
State values. Severity and State values must end with the Map function.
Trap mapping example

• This is a step-by-step example of how to set up trap mapping for a device.
• The device in this example is a Loop 9100 Multiplexer.
• The goal is to map events from received traps.
Procedure to configure event traps
Step Action
1 Set up the generic device.
• Follow the instructions for Generic device deployment, as described in the ProVision
User Guide. Assign a package name to the device.
• Obtain a copy of the device MIB. This is used later in this process as a reference.

Step Action
2 Generate and capture traps for the generic device.
• Go to the Loop 9100 telnet interface.
• Configure the ProVision server as a trap destination.
• Use the telnet interface to generate traps using event commands. For the Loop 9100 in
this example, this was done by logging in and out, resetting performance counters, and
using the maintenance controls.
3 In ProVision, open the package for the generic device.
• In the Tree Viewer or Map View, select the generic device to edit.
• In the Administration menu, select Generic Device Management. The Edit Device
• Go to the Trap Mapper tab and select the Mapping Rules tab. The Received Traps
area should display data, as shown below.
4 Extract the event name.

• Select an event name in Received Traps. The event information displays in the Trap
Viewer.
For this example, the trap contains a description of the event as a fixed size string:
• Note the hyphens in the trap. The hyphens are being used as padding characters.
• In the Selected Trap tab, click on the trap and drag it to the Event Name in Editor. A
Value icon displays, and the event shows as Output at the bottom of the frame.

Step Action
5 Remove the timestamp from the trap name.

• Select the Substring item and drag it to follow the Value icon. The Substring Tool
displays for the trap.
• Use the Substring Tool sliders to highlight the example from the start of the trap to the
end of the padding hyphens. This crops the text to match the selected part of the trap. It
is IMPORTANT to retain the hyphens; they may contain useful information.

Step Action
• Hover over the Event Trap in the Editor to see the results of editing the substring for this
trap.
6 Remove padding hyphens from the Event Name.
• The hyphens can now be removed, using the Trim Tool.
• Select the Trim item and drag it to follow the Substring item. The Trim Tool displays. In
this example, the '-' character is being trimmed from the right.

Step Action
7 Edit the event header.

• The final step in editing the trap is to remove the severity text from the beginning of the
string name.
• Select the Remove item and drag it to follow the Trim item. The Remove Tool displays.
• The text '.*>' is entered to be removed. This regular expression represents 'any number
of characters ending with >'. Any severity text (CRIT>, INFO>, etc.) is now removed.

Step Action
The trap is complete.

8 Map the event Severity.
• Refer to the MIB for this device. This informs us that the event severity value is in field 6
of the trap, and that the severity values are:
o 1 - Critical
o 2 - Major
o 3 - Minor
o 4 - Informational
• Add the Value to the Severity frame.
• Then, select the Map item and drag it to follow the Value in the Severity frame.
• The Mapping Tool displays. Map the severity values for this trap as shown.

Step Action
9 Map the event State.

• Again, refer to the MIB for this device. This informs us that the event status value is in
field 7 of the trap, and that the status values are:
o 1 - Active Event
o 2 - Cleared Event
• Add the Value to the State frame. Then, select the Map tool and drag it to follow the
Value in the State frame.
• The Mapping Tool displays. Map the State values for this trap as shown.
10 Repeat Steps 3 - 9 for other traps for this device.

11 Click Save.
Managing imported MIBs

You need to manage and scan the MIB files to import them into ProVision(Importing trap mapping
from a MIB file (on page 207)). If a MIB file needs to be rescanned, it is identified.
Step Action
1 Save the MIB file or files to the ProVision Client PC. Save them to the main Client install
folder on the install directory: ProVisionClient/clientmibs
2 Open ProVision on the Client PC.

Step Action
4 In the Administration menu, select Generic Device Management. Select the MIB
Management tab. The screen displays, listing all loaded MIBs.
5 A MIB with a check beside it is loaded correctly and fully valid.

6 A MIB with a red X beside it is loaded with errors. To review the errors, click on the MIB.
The MIB Errors screen displays, listing the errors for that MIB:

Step Action
7 To fix the errors, close the MIB Errors screen. In the Loaded MIBs list, select the MIB and
click Rescan MIB Folder.
8 ProVision finds and rescans the MIB. The MIB data is refreshed and should display with a
check mark beside it.
9 You are now ready to import the trap mapping from the scanned MIB files.
Importing trap mapping from a MIB file

You can import a MIB file into ProVision. You can then review the MIB-sourced trap details in
ProVision.
To do this, first, you have to save the MIB file to the ProVisionClient PC. Then, you scan the MIB
against a specific package (see Managing Imported MIBs (on page 205)).
In the Edit Device Package screen, note that traps captured from the radio have a yellow icon, and
that traps from MIBs have a blue icon, as shown below:
In addition, after MIB traps are loaded, the trap OIDs now display as text names, not as numerical
names.
Procedure
Follow these steps to import a trap from MIB.
Step Action
4 Go to the lower edge of the Received Traps area.
5
Click on the Add Traps from MIB button
6 The MIB Object Selector screen displays. Select the MIB and click Select.

Step Action
7 In the Received Traps area of the Mapping Rules tab, the field is now populated with
traps. The traps sourced from the MIB display with blue icons. In addition, MIB-sourced trap
OID values now display as text values in the Trap Viewer, identifying their purpose.
Note: You can edit the MIB trap values directly from the Trap Viewer frame. To do this,
triple-click on a MIB trap (MIB traps are colored blue).
8 When you click Save, the mapping will be saved with other package configurations.
Importing trap mapping from a CSV file

For some devices the event name is not provided in the SNMP Trap; instead only a value is
provided.
When this is the case, you need to either manually enter the set of event names, or import the event
names through a CSV file.
The .CSV file must be formatted with two columns: one for the event name, and one with the event
OID value.
Step Action

Step Action
4 Create a basic map, as described in Setting trap mapping to identify package events (on
page 195).
5 Click on the Map tool in the map/string/name to be decided. The Mapping Tool appears at
the bottom of the screen.
6 Click Load Mappings. An Open screen displays.
7 Find and select the CSV file and click Open.

8 The maps from the CSV file display in the Mapping Tool. These maps are now applied to
the map from step 4. When you click Save, the mapping will be saved with other package
configurations.
Setting matching rules for trap mapping

To manage trap mappings, and to support devices with multiple trap types, users can set up a trap
mapping matching rule. A matching rule is a set of trap mapping values to select subsets of traps.
Matching rules are defined by match criteria.
Matching rules tells ProVision how to group received alarms or event traps for a package, and
assign trap mapping rules to them, based on their match criteria. Users can set up matching rules
based on trap OIDs and/or fields.
The user defines the matching rules by identifying the field or OID and how to interpret the contents
or values. A set of mapping tools, as described below, enable you to define the mapping.
Prerequisites
To use the matching rules, traps should be generated first, or imported from MIB files. For this, the
users supply their own expertise about the generic devices. Work with test installations of the radios
and devices to trigger events for trap mapping. Use the device MIB as a reference and/or trap
source.
It is also useful to review the matching rules use example, Match rules example: multiple trap
types (on page 211).
Note: Aviat Networks provides consulting services for generic device integration. Contact your
local Aviat Networks sales and support staff for more information.

Matching rule tools

The Match Rules tab contains the following areas:
• Received Traps - This displays a list of the most recently received traps for a selected
generic device, and the rules that they are assigned to. You can move a rule set up and down
in the list. This is important; the rules are analyzed in the order listed, and the first rule match
for a trap is assigned to the trap.
• Trap Viewer - This shows the detailed values for a selected trap.
• Match Criteria - This contains the rule editing tools and sections for trap OIDs and fields.
To create and manage match rules, use the buttons below the Received Trap list.
Button Function
Import traps from an MIB file.
Add a match rule.
Delete a selected match rule.
Save a match rule.
Load a saved match rule.
Move match rules up and down in the Received Traps list.
An example Trap Mapper tab, opened to the Match Rules tab, is shown below.
Procedure to set matching rules

Step Action

Step Action
2 Go to the Trap Mapper tab and select the Match Rules tab.
3 Check to see that events have been generated for devices in this package. If events are
available, they display in Received Traps. If there are no events listed, click Refresh Traps.
Any received traps will display.
4 Select an event. The fields, OIDs, and values for the event display in the Trap Viewer.
These are helpful when you are assigning values to match rules.
5 Set up your match rules. For each match rule, enter a Rule Name. Then, select one or
more Match Criteria value checkboxes, and enter a value:
• Trap OID - Creates a rule grouping traps that have this specific OID.
• Generic Types - Creates a rule
• Specific Type - Creates a rule
• Num Fields - Creates a rule grouping traps that have a specific number of fields.
• Field OID - Creates a rule grouping traps that have a specific number of fields and a
specific OID.
• Field Value - Creates a rule grouping traps that have a specific varbind value.
Note: Users can set multiple values for a match rule. The match rule will apply to any
traps that match all the values.
6 The match rule is created and applied to all the traps. The new match rule displays in the
Received Traps list. Traps display in the Received Traps list under the match rule that
applies.
7
If required, use the buttons to move the position of a selected match rule.
8
Use the and buttons to add and delete match rules.
9 Create a final match rule. Leave this value as Rule Unknown. This allows users to view
traps that do not match any of the match rules.
Note: Step 9 is required whenever you create match rules.

10 Save all the mapping rules you have created.
Note: Users can import and export match rules as well as mapping rules. Users can export all the
trap mapping data, or just the match rules, as specific modules.
Match rules example: Multiple trap types
This is a step-by-step example of how to set up match rules for a device. Devices with multiple and
distinct trap formats require match rule settings to identify the different trap types. In this example,
the goal is to map events from MIB data into two different trap types.
In this example, some traps have the value ifindex in Field 1. Other traps have a severity value
assigned to Field 1. This point of difference will be used to identify the two different trap types, by
creating a separate match rule for traps that include the value ifindex.
Step Action
1 Set up the generic device.
• Follow the instructions for Generic device deployment, as described in the ProVision
User Guide. Assign a package name to the device.
• Obtain a copy of the device MIB. This is used later in this process as a reference.
2 In ProVision, open the package for the generic device.
• In the Tree Viewer or Map View, select the generic device to edit.
• In the Administration menu, select Generic Device Management. The Edit Device
Step Action
3 Go to the Trap Mapping area. Follow the instructions for importing the device MIB, as
described in Importing trap mapping from a MIB file (on page 207). When this is done,
the MIB traps display.
4
Select the Match Rules tab. Click the button to add a match rule.
5 The new rule displays in the Received Traps list. It displays at the bottom of the trap list as
Rule: Unknown. Select Rule: Unknown.

Step Action
6 The values for Rule: Unknown display in the Match Rules editing area. Enter the new
Rule Name as Match Interface Traps.
7
Move this rule to the top of the list, using the button.
8 Edit the Match Interface Traps rule so that it selects traps with the ifindex varbind value.
To do this, you are identifying a different OID for this rule. Edit the Field OID value for this
rule as follows:
• Review traps in the Trap Viewer until you find one that includes the ifindex object.
Note that you can mouse over an MIB-sourced object to view its complete values.
• Select the Field OID checkbox. This activates Field OID as a value for the rule.
• Click and drag the ifindex object into the Field OID field. Its OID value displays.
• Enter the Field Number that holds the ifindex object. The field number is 1.
In the Field OID field, add a wild card to the end of the OID value. This ensures that this
rule identifies any instance of ifindex.

Step Action
• Click Apply.
9 The new rule is applied. Examples in the Received Traps frame are reorganized based on
this new rule.
10 Create additional Match Rules to identify other trap types, as required.
11 Create a final Match Rule. Leave this value as Rule Unknown. This allows users to view
traps that do not match any of the Match Rules.
Severity resync functions

From the Edit Device Package screen, Severity Resync tab, you can set up the following generic
device customizations:
Summary Events frame -
• Configuring generic device resynchronization alarms (on page 214)
• Resynchronization and custom events example (on page 217)
Custom Events frame -
• Creating custom events for packages (on page 215)
Configuring generic device resynchronization alarms

For some devices, one or more summary alarm objects are provided. They indicate the current
highest active alarm severity of the device.
Polling these objects at a regular interval can ensure that ProVision is synchronized with the highest
active severity state of the device. In this situation the Resynchronization Alarm function should be
used.
You can specify the object(s) to be polled, and the values that will result in a specific severity (event
raised) or event clearing condition.
When the specified OID value condition is detected, an Alarm Resynchronization event with the
specified severity is generated by ProVision.
Polling is initiated when a device enters the Managed state or enters the Wake (exits Sleep) state.
This function accommodates scenarios where either a single or multiple OIDs need to be polled.
See the Resynchronization and custom events example (on page 217), in the following pages,
for further details.
Procedure to configure GD resync alarms
Step Action
1 In the Tree Viewer or Map View, select the Generic Device to edit.
2 In the Administration menu, select Generic Device Management. Select and double-click
a package. The Edit Device Package screen displays.
Step Action
3 Select the Severity Resync tab. In this tab, go to the Summary Events.
4 To create a new alarm, click Add. A new Summary Event line should display.
5 Enter the following values for the resynchronization alarm:

• OID - The OID address of the MIB object being read.
• Severity - The severity value for the event.
• Value - A numerical value for the event. This value must be different for each OID and
Severity pair. If two events for one OID have different Severity values and the same
number value, this number value defaults to the higher severity.
6 All devices assigned to this package now have a resynchronization event. Click Save when
you are done editing this package, and the screen closes.
Creating custom events for packages

You can create a custom event for a package. When a custom event is detected, ProVision will
refer to the indicated MIB and match the event value to the custom event. Custom events are a
supplement to the Trap Mapping and Alarm Resynchronization functions.
Custom events are similar to Summary events. Using Custom Events, you can configure any
number of events for a package, by specifying event names.

To do this, you specify the generic devices to be polled, the custom event name associated with the
device, and the values that will result in a specific severity (event raised) or event clearing condition.
As with Alarm Resynchronization, the specified OIDs are polled at 2 minute intervals, with polling
initiated following transition to the Managed state and Wake (exiting Sleep) state.
Each unique event is determined by the Event Name. This provides great flexibility, enabling you to
configure all of the following event types:
• An event whose severity and state is defined by a single OID.
• An event whose severity and state is defined by multiple OIDs.
• An OID whose severity and states represents multiple events.
For example, for a particular event, one OID may indicate the raised condition and another OID may
indicate the clearing condition.
See the Resynchronization and custom events example (on page 217), in the following pages,
for further details.
Procedure to create custom events
Step Action
1 In the Tree Viewer or Map View, select the Generic Device to edit.
3 Select the Severity Resync tab. In this tab, go to the Custom Events.
4 To create a new custom event, click Add. A new Custom Event line should display.

Step Action
5 Enter the following values for the custom event:
• OID - The MIB object being polled.
• Event Name - Name for the event.
• Severity - The severity value for the event.
• Value - A numerical value for the event. This value must be different for each OID and
Severity pair.
6 All devices assigned to this package now have a custom event alarm. Click Save when you
are done editing this package, and the screen closes (refer to the following example).
Resynchronization and custom events example

This is a step-by-step example of how to set up resynchronization and custom events for a generic
device.
The goal is to set up the following alarms for the device:
• A resynchronization alarm
• An alarm warning that remote radio connectivity is lost
• A temperature sensor warning alarm
Each alarm is linked with a specific OID, as recorded in the device MIB.
Step Action
2 In the Administration menu, select Generic Device Management. Select the package for
the generic device. The Edit Device Package screen displays.
3 Select the Severity Resync tab. In this tab, go to the Summary Events.
4 To create a new alarm, click Add. A new Summary Event line should display. The Summary
Event line includes the beginning of an OID.
5 Enter the following values for the resynchronization alarm:
• OID: .1.3.6.1.4.1.2347.1.5.6.1.0.1.0 = The OID address of the MIB object being read.
This must include the instance of the OID.
• Severity: Critical.
• Value: 1.
6 The resynchronization alarm requires two more severity levels. Click Add again, and enter
the following values:
• Severity: Warning.
• Value: 2.
7 Click Add again, and enter the last set of values:
• Severity: Normal.
• Value: 3.

Step Action
8 The Resynchronization event is now complete. The Summary Events now includes three
events for the same OID:
9 Next, in this screen, go to the Custom Events.

10 To create a new custom event, click Add. A new Custom Event line displays. Again, this
includes the beginning of an OID.
11 Enter the following values for the Remote Radio Connectivity Lost event:
• OID: .1.3.6.1.4.1.2347.1.5.6.1.2.1.1
• Event Name: Remote Radio Connectivity Lost
• Severity: Critical.
• Value: 2.
12 Click Add again. A new summary line displays. Note that this summary line includes the
same OID as for the event entered in step 9.

Step Action
13 Enter the following values for the Temperature Sensor Warning event:
• OID: 1.3.6.1.4.1.2347.1.5.6.1.2.1.2
• Event Name: Temperature Sensor Warning
• Severity: Warning.
• Value: 3.
14 All devices assigned to the package now have a resynchronization alarm and two custom
event alarms. When you click Save, all changes are saved for this package.
Customizing maximum capacity and RF bins

Certain values for GDS packages can be customized by editing the related.xml files. These include:
• Maximum capacity -Where an ifSpeed object in IF-MIB does not provide the maximum
configured capacity for an interface, this can be customized through the GDS XML definition.
• RF bin -This value enables collection of RF performance parameters from bin-based objects
(15-minute and Daily).
Procedure to customize maximum capacity

Step Action
1 Navigate to the directory ProVisionServer/Generic Device Packages. Locate the device
you want to customize and the file Generic-snmp-EthernetMC.xml.

Step Action
2 Open this file in an XML editor.
3 Customize it with the following code, inserted after the <discovery> tag. You are setting
values for:
• OID - for example, .1.3.6.1.2.1.2.2.1.5. Entering an OID only applies this customization
to the port with this OID.
• Divider or multiplier - Use the divider to break down a capacity into Mbps. Use a
multiplier to increase a capacity into Gbps
• IFINDEX (not required)
4 Refer to the examples following these instructions.
5 Save the file with the changes.
Examples
The following are examples of this code customization.
To edit maximum capacity for a port in Mbps:
<discovery type="iftable">
<max_capacity divider="1000000">.1.3.6.1.2.1.2.2.1.5.IFINDEX</max_capacity>
<ethernet_module type="iftable">
</ethernet_module>
</discovery>
To edit maximum capacity for an individual port in Mbps:
<discovery type="iftable">
<max_capacity divider="1000000">.1.3.6.1.2.1.2.2.1.5</max_capacity>
<ethernet_module type="iftable">
</ethernet_module>
</discovery>
Procedure to customize RF bins

Step Action
1 Navigate to the directory ProVisionServer/Generic Device Packages. Locate the device
you want to customize and the sensor metadata file.
2 Open this file in an XML editor.
3 Customize it with the following code, inserted after the <discovery> tag. You are setting
values for:
• Change index type - Daily or 15 (for 15 minutes)
• Parameter type - Daily or 15 (for 15 minutes) (difference between this and Change
Index?)
• OID - for example, .1.3.6.1.2.1.2.2.1.5. Entering an OID only applies this customization
to the port with this OID.
• Key - (not required)
• Read Community - Specify the slot for this read community
• Divider or multiplier - Use the divider to break down a capacity into Mbps. Use a
multiplier to increase a capacity to Gbps
• CHANGE - (not required)
• IFINDEX - (not required)
4 Refer to the examples following these instructions.
5 Save the file with the changes.
Examples
The following are examples of this code customization.
<rf_module name="Link 1">
<change_index type="15">.1.3.6.1.4.1.2509.8.17.2.1.0</change_index>

<change_index type="daily">.1.3.6.1.4.1.2509.8.17.2.2.0</change_index>
<read_community>slot1</read_community>
<parameter type="15">
<key>G826EB</key>
<oid>.1.3.6.1.4.1.2509.8.17.2.11.1.5.1.CHANGE</oid>
</parameter>
<parameter type="daily">
<key>G826US</key>
<oid>.1.3.6.1.4.1.2509.8.17.2.12.1.13.1.CHANGE</oid>
</parameter>
</rf_module>
Launching Generic Device Windows Applications from ProVision

To allow users to launch generic device windows applications from a generic device object
displayed in ProVision, the system administrator must pre-configure the application integration.
Administrators can set up multiple applications to be launched from a type of generic device.
Note: For each application to be used, the craft tools need to be installed on each individual
client. Note the system location where the installation files are saved, for use in the launch
configuration procedure.
Procedure to add new generic device tool

Step Action
1 In ProVision, set up the Generic Devices and Packages.
2 On the Client, install the Generic Device craft tool or tools.
3 Log in to ProVision at the NOC engineer or system administrator level, i.e., using the NOC
engineer or administrator user name and password.
4 In the Tree Viewer, locate a generic device that you want to connect with craft tools.
Right-click on its icon. In the right-click menu, click on Applications > Edit Applications.
The Edit Applications screen displays.
5 To add a new application for this generic device type, click Add. A new line appears in the
screen. Double-click in the fields to enter the following values:
• Name - Enter the name of the craft tool application.
• Executable Path - Navigate to the location of the generic device craft tool executable
file (.exe) for this Generic Device. Select the .exe file.
• Parameters - Customize the .exe file with command line parameters. This specifies the
Generic Device object attributes that are applied to the Windows executable when it is
launched from ProVision.

Step Action
6 To enter additional Applications, click Add again. You can save multiple applications for
each device, as shown.
7 The right-click menu for the device now displays Applications > [Craft Tool Names].
8 The selected craft tool opens for the device.

9 If you need to update the craft tool link, click on Applications > Edit Applications again.
This re-opens the Edit Applications screen. Make changes to the craft tool link from this
screen.
Craft tool connection commands

Craft tool connection commands include the following.
Command Command Value

ipaddress Device IP Address
name Device name
read_community Read community string
write_community Write community string
snmp_version SNMP version 1 or 2c
support_package Package name
An example of the use of these commands is:
mgibbpe.exe -address %ipaddress -community %read_community -autocontact
This command line is enabling the following:
• mgibbpe.exe = Enables this specific .exe file.
• -address %ipaddress = Defines the ip address of the specific Client PC.
• -community %read_community = Defines the community string.
• -autocontact = This command is specific to the mgibbpe.exe executable and the MIB
Browser it enables. This command instructs the executable to automatically contact the
device identified by the IP address parameter.
Note: Always precede a craft tool connection command with the % symbol.

Northbound Interface
Chapter 12. Northbound Interface

This chapter covers the Northbound Interface (NBI).
In this chapter
Introduction to the Northbound Interface ................................................................... 223
NBI Event Management ............................................................................................ 225
NBI Performance Data Management ........................................................................ 241
NBI Configuration Management ................................................................................ 249
Resynchronizing a Configuration NBI........................................................................ 253
NBI Topology Management....................................................................................... 254
Introduction to the Northbound Interface

ProVision’s Northbound Interface (NBI) functions provide easy to implement data integration
interfaces. ProVision can manage many device types used by larger operators, and bundles the
information for higher-level network management. And ProVision provides network data in a range
of formats, including ASCII, CSV, SNMP, XML, and via SOAP web-services.
For most integration, ProVision is the higher order element management solution for events,
performance, topology, configuration and inventory. ProVision’s NBI applications provide access to
this information, and include interfaces to support resynchronization processes between an OSS
and ProVision.
This diagram shows where ProVision operates in the NBI hierarchy.
• Network Element Level. Management functions and craft tool data for individual network
elements (Eclipse, CTR, SNMP and third party devices).
• Element Management Level. As an Element Manager, ProVision is at this level, managing
all subsidiary network devices.
• Network Management Level. Additional systems for higher-level service and business
management. ProVision also features at this level, managing the two prior levels.

NBI and ProVision

The NBI supports data exchange between the EML, represented by ProVision, and the higher-level
applications of the NML. ProVision can be configured to transmit the network information in the
specific format (ASCII, SNMP, XML) required for any NML application. The prime function of
ProVision is to provide an integration capability with the higher-order, layer 3 NML.
Different northbound systems have different capabilities and requirements for handling the events
forwarded by ProVision. In ProVision, you can set up filters so that only the events that match the
filter criteria are forwarded to a particular destination.
ProVision supports NBI with higher order management solutions such as:
• TeMIP and HP OpenView for Event Management
• Concorde for Performance Data Management
ProVision is used as the higher order management solution for Topology, Configuration and
Inventory Management.
Note: The international standard ITU-T Recommendation M.3010 describes the concepts of TMN
architectures and their fundamental elements.
The deployed NBI applications are grouped under the ProVision Manager in the Tree Viewer, and
are displayed as icons in the Map Viewer.
Event severity colors are used with the NBI icons. For example, green indicates the NBI is enabled
with no errors, whereas blue indicates the NBI is disabled. (See the ProVision User Guide for more
information.)
The ProVision NBI can forward the following information sets:
• NBI Event Management (on page 225)
• NBI Performance Data Management (on page 241)
• NBI Configuration Management (on page 249)
• NBI Topology Management (on page 254)
The configuration required to forward this information is typically done during network installation
and configuration.
Accessing files via SFTP/FTP

NBI event data files, performance data files, configuration data files, and topology data files can be
accessed from the ProVision server through a shared network drive.
They can also be accessed through the SFTP/FTP server that is embedded into ProVision. When
accessing the files using SFTP/FTP, the northbound management system needs to access
ProVision’s SFTP/FTP server using the following credentials and port.
• User: nbi
• Password: qospa7AZUC#a
• Port: 5555
Note: The topology NBI data file has the same format as the output that is generated when using
the topology export command. See Exporting the topology (on page 127) for additional
information.
NBI Event Management

This section covers the NBI Event Management.
Note: For System Integration, see the ProVision NBI System Integration Guide.
Also see ProVision User Guide topic Event browsers.
Introduction ............................................................................................................... 225
Setting up an Event NBI ............................................................................................ 227
Deploying an Event NBI ............................................................................................ 227
Testing an Event NBI configuration ........................................................................... 233
Saving, printing, and viewing an Event NBI configuration report ............................... 235
Editing an Event NBI configuration ............................................................................ 238
Enabling/Disabling an Event NBI .............................................................................. 239
Resynchronize an Event NBI .................................................................................... 239
Remote resynchronize .............................................................................................. 240
Deleting an Event NBI ............................................................................................... 240
Renaming an Event NBI ............................................................................................ 240
Introduction
NBI event management enables integration of event management with Network Management Layer
systems.
The main purpose of NBI event management is to convert events, as displayed in the Event
Browser, into a consistent output format for porting to the Network Management Layer.
ProVision can output events raised as a result of:
• Traps sent from a managed network device
• Events raised as a result of polling a managed network device
• Events raised by the ProVision platform
The following steps describe how an event from a managed network device (for example, an
Eclipse radio) is forwarded to the higher-level Network Management System (NMS):
Step Action
1 The event is passed through the PreFilter application.
2 The event is stored in the ProVision database.
3 The event is passed to the Event Browser and NBI event management.
4 NBI event management ensures the event is from a required device and verifies that the
severity and status parameters match the parameters set in the filter file.
• If the event is not from a required device, the process stops.
• If the event is from a required device, it goes to the forwarding function.
• If the parameters do not match, the process stops.
• If the parameters do match, the event is then sent to the NML.

The processes for setting up, deploying, and testing an event NBI are described in the following
sections:
• Setting up an Event NBI (on page 227)
• Deploying an Event NBI (on page 227)
• Testing an Event NBI configuration (on page 233)
The processing to forward an event to an NML is as follows:
Step Action
1 The event is generated by an event source:
• Device Traps
• Presence Polling
• ProVision platform
2 The event is received by ProVision.
3 ProVision filters the events and stores them in the database.
4 Events sent to the Events Northbound Interface are analyzed to see if they meet the event
filter criteria. Events that do not meet the criteria are ignored. Events that do meet the
criteria are forwarded to the NML.
This table lists the events associated with NBI Event Management.
Table 36: NBI Event Management Events
Event Description
Event-forwarding Corrects any mismatch between the data in the ProVision database
resynchronization and the Network Management Level (NML)
Event-forwarding activation Initiates an event to be forwarded to the NML
Event NBI remote Similar to event-forwarding resynchronization, corrects any mismatch
resynchronization between the data in the ProVision database and the Network
command Management Level (NML) except that the command is issued external
to ProVision.
The information contained in the forwarded event is comprehensive and is mapped into the X.733
event model. This table describes the information contained in each northbound event, based on
the format of internal ProVision events.
Table 37: NBI Event Information Description
Field Description
ProVision server Identifies the ProVision server that has forwarded the event.
Address
Trap Number The unique number allocated by ProVision to each forwarded event.
Trap Timestamp The time the event was forwarded from ProVision.
Trap Source Path The full physical path of the device where the event occurred.
Trap Device Type For example, an Eclipse radio.
Trap Source Address IP address of the object (radio or ProVision server) raising the event.
Trap State Active or cleared
Trap Severity Information, normal, warning, minor, major, critical
Event Timestamp The event time recorded in the ProVision database
Event Description A description of the event, for example, Trib 13 uncommissioned traffic

Setting up an Event NBI

Prerequisites
To set up an event NBI, you need the following data:
• The managed network devices to be monitored for the NBI
• The types of events to be forwarded
• The forwarding mechanism to be used
• The output type (SNMP trap, ASCII file or TCP port)
For SNMP trap forwarding, the following two items are required:
• The IP address of the Northbound system. Both IPv4 and IPv6 addresses are supported for
event forwarding.
• The UDP port of the Northbound system
For TCP port output, the TCP port, on which the northbound destination system receives the data,
is required.
Caution: Editing the SNMP interface affects all SNMP traffic, including the SNMP traffic to the
radio and NBI SNMP traffic.
Overview
There are several steps involved in setting up an event NBI.
Step Action
1 Deploy Event Destination:
• Enter the destination name and select forwarding method(s)
• If required, change filter settings
2 Test Event Destination Configuration:
• ProVision generates events that match the filter settings and forwards them to the
destination management system.
3 Save and/or Print the Forwarding Configuration Format report.
Deploying an Event NBI

Note: When you add an event forwarding destination, by default, it is enabled and starts
forwarding events immediately. You can stop event forwarding by disabling the event forwarding
destination. Refer to Enabling/Disabling an Event NBI (on page 239).
Step Action
1 In the Tree Viewer, right-click the Manager icon . The right-click menu is displayed.

Step Action
2 Select Deploy NBI.
The NBI Deployment window is displayed.
3
Click the NBI event icon .
The Deploying Event-forwarding window is displayed.

Step Action
4 Enter the NBI values, including:
• Destination Name = Higher-level network manager (for example, HPOpenView) or the
name of the computer to which the events are forwarded (for example, PC435).
• IP address, UDP port, community string. IPv4 or IPv6 IP address can be used.
• Select the required event forwarding method. You may select any of the forwarding
methods, two of the three, or all three.
Forwarding Actions
Method
SNMP Select the SNMP checkbox.
Enter the IP address of the northbound computer.
If required, change the UDP Port and/or the Community String settings.
If required, select the boxes for Use SNMP V1 Trap MIB. For an SNMPv2
trap, select Include Probable Cause.
Note: By default, the ProVision NBI uses SNMP V2 traps. If you

need to use SNMP V1 traps instead, select the Use SNMP V1
Trap MIB checkbox. SNMP V1 traps always include Probable
Cause.
ASCII file Select the Save to ASCII File checkbox.
The ASCII file is located in ProVisionServer\NBI\Event on the ProVision
server. The filename matches the destination name you entered in step 3,
for example, HPOpenView.nbf. When the file reaches 10 MB it is
renamed to <destination>.old and a new.nbf file is started.
The ASCII file can also be sent via SFTP/FTP.
TCP Port Select the Output to TCP Port checkbox.
Enter the TCP Port on which the northbound destination system receives
the event data.
5 Click Next >. The default filter settings are displayed.
6 To edit the filter settings, click Edit. The Filters window is displayed. See The Filter
Settings for an Event NBI table below this procedure for filter options.
7 Make the required filter changes as described in the table above and click OK.

Step Action
8 The updated filter settings are displayed. Click Next > to continue.
9 The Heartbeat Trap setting is displayed. A heartbeat trap is a message that sends, at
regular intervals, to the northbound application to confirm the connection.
• To forward heartbeat traps, select the checkbox and select the time interval (0-60
minutes) for heartbeat trap forwarding. Click Deploy to continue.
• The deployment results are displayed, and the event NBI icon is displayed in the Tree
and Map Viewers.
10 To close the Event Forwarding Configuration window, click Close.
11 After deploying the event NBI, test its configuration to ensure the correct events are being
forwarded. Refer to Testing an Event NBI configuration (on page 233).
Table 38: The Filter Settings for an Event NBI
Filter Setting Definition

Simple tab • State - By default, only active events are
selected to be forwarded to the destination
system.
To forward cleared events, select the
Cleared checkbox.
When a main selection criteria’s (for
example, State) option is selected then
filtering is enabled using the selection
criteria.
• Acknowledgement - By default, events are
forwarded regardless of whether or not they
are acknowledged.
• Severity - By default, all events are
forwarded.
To exclude any of the event types from
being forwarded, clear the associated
checkbox.
• Category - By default, all event categories
are forwarded.
To enable specific category filtering, select
the Category checkbox. Then select the
categories required. All other category
types are not forwarded.


Date / Time tab By default, there is no filtering on date and
time. You can set date/time values for Raised
and Cleared events.
To activate the date and time filter, select the
Date / Time checkbox.
To enable the filter’s start date and time:
• Select the Start checkbox.
• Select the associated drop-down arrow.
• From the calendar displayed select the
required month and day.
• Change the time, if required.
To enable the filter’s end date and time, repeat
the above four steps for the filter End date.
Objects tab By default, there is no filtering on object types,

and events for all object types are forwarded.
To filter for events generated by specific object
types:
• Select the Object Type checkbox.
• Select the object types required.
Only events generated by the selected object
types and their associated child objects are
forwarded.


Text tab By default, there are no text filters applied to
the event descriptions.
You might for example, be interested in “lost
comms” events so you could set up a text filter
to include only lost comms events.
To apply a filter for an event description:
• Select the Text Filter checkbox.
• Click Add.
• Type the filter text in the Text field.
By default, the Include checkbox is selected.
To exclude events that contain the filter text,
select the Exclude checkbox.
Containment tab By default, there are no containment filters

applied.
This is the most useful and flexible filter setting.
You can filter for all events generated from the
general (for example, a region) to the specific
(for example, from an Eclipse radio’s ODU).
To filter for events generated by a specific
object/objects:
• Select the Objects checkbox.
• If required, expand the toggles, and select
the object that is generating the events
required, for example, an Eclipse radio
ODU.


Notification Criteria tab Enter the time value for each of the following.
Time values can be set in seconds, minutes, or
hours.
• After Event Duration - Event notification
will be sent after the event has lasted for
this amount of time.
• Guard Time - Guards against excessive
notifications. will notify for the first
occurrence of a matching event for this
device, then ignore recurrences for this
device within this period of time.
• Reminder After - A reminder about the
event will be sent after this amount of time.
• Notify on resolution - Select this
checkbox, and a notification will be sent
when the event either clears or is otherwise
resolved.
Testing an Event NBI configuration

Once the event NBI configuration is set up, it is important to test it to verify that the communication
channel works and that the configuration was set up correctly. Typically, you would use this test
under one of the following circumstances:
• Migrating from ProVision to ProVision
• New ProVision deployment
• Higher-level manager has changed
When you test an event NBI configuration, ProVision generates events that match the filter settings
and forwards these to the configured destination.
Once the test is completed, you can verify that the communication channel is valid and that the
configuration was set up properly.
For example, the Eclipse radio (depending on the mix of plug-ins) could have 400 or more
messages for each of the four alarm events: raise, clear, acknowledge, and unacknowledge. So, for
example, if you ran a test procedure on a network with 100 identical Eclipse radios without limiting
the number of devices to be tested, ProVision tests all 400 or so messages for each alarm event
and for each radio. This amounts to 160,000 messages and can take over 11 hours.
Caution: Aviat Networks recommends limiting the number of devices of the same type when
executing this test function. Otherwise a lengthy test procedure could result.
Note: The test feature is only available for the SNMP interface.

Filter settings procedure

To limit the number of devices that undergo the test procedure (and thereby limit the length of the
test), use the filter settings as described in the procedure below.
Step Action
1
From the Tree Viewer, right-click the required NBI event icon .
2 Select Edit to display the Event Forwarding Configuration window.
3 Select the Filters tab to display the current filter settings.
4 Click Edit to display the Filters window.

5 Make any required changes, then click OK.
6 Click OK to close the Event Forwarding Configuration window.
Test procedure
Step Action
1
The right-click menu is displayed.

Step Action
2 Select Test. The Event Forwarding Test window is displayed.
3 To start the event NBI configuration test, click Start. The Event Forwarding disruption
message is displayed.
4 To proceed with the configuration test, click Yes.

• The verification test may take some time. When the test is finished the Save button is
enabled.
• Click Cancel to end the verification test.
5 A message displays, prompting you to save the Event Forwarding Report.
6 Click Save to save the event forwarding report. The default location and filename is:
Client\NBI\Event\filename.test
where filename is the event NBI name you selected when you deployed it.
7
To change either the directory name or file name, click the directory select icon ,
browse to the required location, and click Save.
8 The event forwarding report can be viewed in a document or spreadsheet application.
Saving, printing, and viewing an Event NBI configuration report

You can view and save the event destination configuration details. This can include the event
forwarding destination, the filters, the event sources, and the events that can be generated,
including the event ID and description.
The report detailing the event destination configuration can be printed or saved as an ASCII file.
The default location for the file is Client\NBI\Event.
The filename matches the event NBI name you entered when you deployed the event NBI and the
suffix .rec. For example the event NBI named OpenView has the file name OpenView.rec. Use a
text editor to view the file.

Note: The details displayed in the Event Forwarding Report window and the saved report are
different: see the report values table in this topic.
Procedure
Step Action
1
2 Select Report. The Event Forwarding Configuration Report window is displayed.
3 To save the report, click Save.

4 To save the file in the default directory, click Save.
5
To save the file in another directory, click the button to open the directory browser.
Browse to the desired directory, enter the file name, then click Save. In the Save Event
Forwarding Report window, click Save.
6 To print the report, click Print. Select the required printer in the Print window, then click OK.
7 The report values in the saved file are listed in the table below.
Table 39: NBI Event Information Report Values
Field Description
1 - Type of Event Identifies the event type: Acknowledged (3), Cleared (2), Raised(1)
2 - Server Address
3 - Trap Index The unique number allocated by to each forwarded event
4 - Trap Timestamp Date / Time the entry was added to the file
5 - Blank row No data
6 - Trap Source Path The full physical path of the device where the event occurred
7 - Trap Device Type Class of device, for example, an Eclipse IDU radio
8 - Trap Source Address IP address of the object (radio or server) raising the event
9 - Trap Device ID Unique ID of the device generating the event
10 - Event ID Unique ID of the type of event
11 - Event Date/Time The event time recorded in the database
12 - Event State Status of event: Active (0), Cleared by User(1), Cleared by Network /
Resync (2), Cleared( 3)

Field Description
13 - Event Severity Severity of event: Critical (6), Major(5), Minor (4), Warning(3),
Normal(2), Informational(1)
14 - Event Name A description of the event, for example, Trib 13 uncommissioned traffic
15 - NBI Integer ID Unique ID of this event
16 - Event Category Category of event: Unknown (0), Communications (1), Environmental
(2), Equipment (3), Processing Error (4), Quality of Service (5)
17 - User Name The user name associated with this event.

Editing an Event NBI configuration

Step Action
1
From the Tree Viewer, right-click the required NBI event icon . The right-click menu is
displayed.
2 Click Edit. The Event Forwarding Configuration window is displayed.
3 The configuration options are described below. Make any required changes on the General
and Filters tabs and click OK.
4 To close the Event Forwarding Configuration window, click OK.
Table 40: Configuration Options When Editing an Event NBI
Filter Setting Filter Options

General tab • Destination Name - Name of this event NBI's destination (higher-level
network manager, name of the computer receiving events).
• SNMP - Select this checkbox to enable SNMP forwarding.
• IP Address - IP address of the northbound computer.
• UDP Port - UDP port number.
• Community String - Community string name.
• Include Probable Cause - Check to include a Probable Cause field into the
trap (PVRaiseTrapwithCause is used instead of PVRaiseTrap).
Note: By default, SNMPv2 traps are sent. To use SNMP v1 traps with
Probable Cause, select Use SNMPv1 trap MIB.
• Save to ASCII File - Select the checkbox to save the Event MIB as an ASCII
file.
• Output to TCP Port -Select the checkbox to enable output to the TCP port.
Enter the TCP Port on which the northbound destination system receives the
event data.
Filters tab Current filter settings are displayed. Click Edit to change them.

Filter Setting Filter Options

Advanced tab The current heartbeat trap settings are displayed. A heartbeat trap is a message
that ProVision sends at regular intervals to the Northbound application to
confirm the connection.
Enabling/Disabling an Event NBI

By disabling an event NBI you are stopping events being forwarded to a NBI. However, the
configuration settings are still retained and can be enabled at a later time.
The main reason to disable an event NBI is because the destination computer is offline or not yet
set up.
Step Action
1
From the Tree Viewer, right-click the required NBI event icon.
The right-click menu is displayed.
2 Enable or disable on the menu, as required.
Resynchronize an Event NBI

Occasionally a mismatch may occur between the data in ProVision database and in the
higher-order Network Management Level (NML) due to an interruption of the network connection
between the two levels.
For example, the object pvTrapIndex keeps track of the number of events. If this value is 64 when
the data is sent to the NML and the next time its value is 80, then 16 traps were missed. In this
example, a resynchronization is required. The three-step resynchronize process is:
Step Action
1 The Network Management Level (NML) sends a resynchronize request trap to ProVision.
2 ProVision tells the NML to clear all active events by sending resynchronization event trap.
3 ProVision re-sends all active events to the NML.
The resynchronize process can also be manually invoked by the user. The steps are described
next.
Procedure to manually resynchronize an Event NBI
Step Action
1
2 Select Resynchronize. The event data in ProVision and in the NML is synchronized.
3 The resynchronize event is cleared from the event browser after it is completed. To view the
event, open an event browser by right-clicking the required NBI event icon from the
Tree Viewer.
4 Select Event Browser.

Step Action
5
Select the filter icon to open the Filters window. The resynchronize events are
displayed in the Event Browser.
Remote resynchronize
It is also possible to send a resynchronize command to the event NBI from the northbound
application. For more information, see the ProVision NBI System Integration Guide.
Deleting an Event NBI

Step Action
1
2 Select Delete. The Delete Objects window is displayed.
3 To delete the selected object(s), click Yes.
Renaming an Event NBI

Step Action
1
2 Select Rename. The Rename window with the selected event's Object name is displayed.

Step Action
3 Make the required changes to the name.
4 To save the changes, click OK.
NBI Performance Data Management

This section covers NBI performance data management.
About NBI performance data management ............................................................... 241
Performance data collection ...................................................................................... 242
Deploying a performance data NBI ........................................................................... 243
Editing performance data NBI configuration .............................................................. 244
Performance NBI output types .................................................................................. 246
Testing the performance NBI .................................................................................... 247
Enabling/Disabling a performance data NBI .............................................................. 248
Deleting a performance data NBI .............................................................................. 249
Renaming a performance data NBI ........................................................................... 249
About NBI performance data management

The NBI performance data management feature enables the integration collected performance data
from managed devices with management systems for the network or the service layer’s
performance.
The integration is achieved through delivering the collected performance data from the ProVision
performance database as a set of ASCII text files that can be accessed by a northbound system.
Prerequisites
The prerequisites for NBI performance data management include:
• The type of performance data you are interested in (15-minute, daily, or all.)
• The format of the output file (single/multiple files per device/device type).
• The output format of the performance data file (one file for each device or one file for an entire
device type).
• The frequency that the performance data files are to be purged from the server.
Associated event
The one event that is associated with NBI performance data management is Performance NBI
Activation, which initiates the performance data to be forwarded to the NML.
Performance data is collected by the following sources:
• Device daily bins
• Device 15-min bins
• Device real-time data
ProVision performance data is gathered by a specific collection application.
The collected performance data is saved to a database in ProVision.
Then, the performance data is analyzed and divided:
• ProVision performance data is displayed in the History Viewer and the Trends Viewer.
• Northbound Interface performance data is stored in files marked for devices and device types.
Northbound Interface performance data is accessed via network file sharing and SFTP/FTP.
Note: For consistency with Eclipse, ProVision presents the CTR queue numbering for the Per
Queue Ethernet Performance Parameters (Out Dropped, Out Dropped Octets, Out Passed and
Out Passed Octets) as Q0 to Q7, whereas CTR Web Portal and CLI interface present as Q1 to
Q8.
Performance data collection

This section describes the performance data collection for Eclipse devices. Specifically, it describes
how the Eclipse device bin file that is stored on the device relates to the ProVision database and
NBI files.
This process is illustrated below, where the numbers in the figure refer to the numbered steps
below. In this example, the network is set up for daily data collection and the data is collected for
the purposes of the NBI as per device type. See Editing performance data NBI configuration
(on page 244) for information on the data collection options.
It is not feasible for ProVision to read all daily bins from all of the devices in the network due to
processor loading and NMS channel restrictions. Therefore the collection of the data from the bins
is staggered over a 24 hour period.
Figure 17: Eclipse Device Performance Data Collection and NBI Behavior
Item Description
1 Each Eclipse device creates a daily bin file at 12:00 midnight for that day. In this example, a
block of data we will call “Sunday bin” (blue) is created at the end of the day at 12:00
midnight.
2 For this example, let’s assume a network operator enables daily data collection at 00:00 am
on Monday.
• A performance bin file with a time stamp for “Sunday midnight” is created in the
database when ProVision reads the data from the first device on Monday.
• See ProVision NBI System Integration Guide, topic System Integration Performance
Data Files for more information on the performance data file name.
3 From 00:00 am on Monday, ProVision starts collecting the “Sunday bin” data collection from
all the devices, and the bins are written to the ProVision database, until all bin devices are
read and recorded.
4 ProVision writes the “Sunday bin” data to the NBI files at the same time as it writes to the
ProVision database.
5 At the end of the day a new daily bin is created on each Eclipse device. In this example, the
“Monday bin” (yellow) is created at the end of Monday at 12:00 midnight.
6 On Tuesday, ProVision begins the “Monday bin” data collection from the Eclipse devices.
• A performance bin file with a time stamp for “Monday midnight” is created in the
database when ProVision reads the data from the first device on Tuesday.
7 Again, from 00:00 am on Tuesday, ProVision starts collecting the “Monday bin” data
collection from all the devices. The bins are written to the ProVision database, until all bin
devices are read and recorded.

Item Description
8 ProVision writes the “Monday bin” data to the NBI files at the same time as it writes to the
ProVision database.
As long as data collection is enabled, ProVision continues to collect the previous day’s daily bin
data.
This procedure applies to the G.826 performance as well as the Ethernet statistics data collection.
However, since Ethernet data collection is based on real-time counts in the device, ProVision only
creates the first Ethernet bin AFTER two samples (24 hours apart). Therefore, in the above
example, the first bin of data is created at the end of the day on Tuesday.
Other points to keep in mind when collecting NBI performance data:
• If the ProVision server is restarted, then all daily performance data collection is rescheduled,
where the data collection is spread out over the next 24 hours.
• If the radio loses communications, then the radio’s daily performance collection is also
rescheduled.
• If the method of NBI performance data collection is “per device type”, then the performance
file is not complete until the next file is created.
Deploying a performance data NBI

The ProVision server periodically polls the managed network devices and stores the events
generated in the ProVision database. The NBI performance data is extracted from the ProVision
database.
Note: Before deploying the performance data NBI, think about the NBI performance data settings
you want to implement. For example, if 15-min. and daily data types are enabled and the output
file is set to per Device; for a network of 200 radios this creates 200 daily performance data files
and 19200 15-min. performance data files each day. This could very quickly cause problems with
the computer’s file allocation system unless the files are purged on a regular basis.
Step Action
1 In the Tree Viewer, right-click the Manager icon .
2 Select Deploy NBI. The NBI Deployment window is displayed.

Step Action
3
Select the performance data NBI icon .
The Deploying Performance Data-forwarding window is displayed. For details of the
performance data settings, see Editing performance data NBI configuration (on page
244).
4 To save the performance data NBI configuration, click Deploy.

The deployment results are displayed, and the performance data NBI icon is displayed in
both the Tree and Map Viewers.
5 To close the Deploying Performance Data-forwarding window, click Close.
Editing performance data NBI configuration

Step Action
1
From the Tree Viewer, right-click the required performance data NBI icon .

Step Action
2 Select Edit. The Performance NBI Configuration window is displayed.
3 When you select your output file format, the purge criteria for the output file format display.
Set the required purge criteria.
4 Make any other required changes and click OK.
Table 41: Performance Data NBI Settings
Performance Data Description and Actions

NBI Configuration
Name Type a name for the performance data NBI.
Data Type The options are: Ethernet 15-Min, 15 Min, and Daily.
Daily is selected by default. To enable the Ethernet 15-min or 15-min data
collection, select the checkbox. All types of performance data collection can
be enabled for NBI forwarding.
Only data from devices currently being performance monitored by is
exported. Performance data collection is detailed in the ProVision User
Guide, System Diagnostics.

Performance Data Description and Actions

NBI Configuration
Output File To set output file types, select one option from the Format drop-down menu
and one option from the Per drop-down menu:
See the following table for a detailed list of output file types and values,
Performance NBI Output Types.
If required, check the box to Include 15-Min Ethernet & RF in same
folder. This saves both sets of performance files in the same network
folder.
Purge Criteria By default, the current NBI file is renamed to ".old" and a new NBI is created
every 7 days for 15-minute data and every 30 days for Daily data.
Where the option is available for the format type, use the up and down
arrows to set the daily purge criteria from 1 to 52 weeks.
By default the 15-min NBI performance data files older than one day are
purged. Use the up and down arrows to set the 15-min purge criteria from 1
to 60 days.
For the Single File per Device Type per Day, you can enable or disable
the purge by clicking Purge Enabled.
Enabled Enable or disable the performance data NBI.
Performance NBI output types

This table describes the performance NBI output types. Use the scalability and recommendation
columns to select the performance NBI outputs to create using the process in Editing performance
data NBI configuration (on page 244).
Output file File content 15 minute scalability Recommendation

Multiple Files per Each performance Does not scale on large networks as too Not recommended for
Device data file contains a many files are created each day. networks with over 1000
single record for a One file per interface/port is created devices or with more
single device. every 15-mins. than 5000 Ethernet
E.g. For 2000 DAC GE3 over 1.5 million ports.
files created per day.
Multiple Files per Each performance Scales well on larger networks. Preferred option for
Device Type data file contains a One File per interface/port type created large networks.
single record for all every 15-mins.
devices of a particular E.g. for 2000 DAC GE3get 96 files
type. created per day.

Output file File content 15 minute scalability Recommendation

Single File per Each performance Does not scale on large networks as too Not recommended for
Device data file contains all many files are created each day. networks with over 1000
records for a single One file per interface/port appended to devices or with more
device. every 15-mins. than 5000 Ethernet
E.g for 2000 DAC GE3 up to 16,000 file ports.
created per day.
Single File per A single performance Does not scale on large networks as file Not recommended for
Device Type data file is created gets very large. networks with over 1000
containing all records One file per device interface/port type devices or with more
for all devices of a appended to every 15-mins than 5000 Ethernet
selected type. E.g. for 2000 DAC GE3 get 1 file created ports.
but with up to 16,000 rows per day.
Device Type with data file is created, gets very large. networks with over 1000
RF Grouping with all 15 minute RF One file per device interface/port type devices or with more
data stored in the appended to every 15-mins. than 5000 Ethernet
same file in the same E.g. for 2000 DAC GE3 get 1 file created ports.
directory. but with up to 16,000 rows per day
(112,000 rows per week).
Device Type per data file is created for gets very large. networks with over 1000
Day each device type One file per device interface/port type devices or with more
once a day. appended to every 15-mins and only 1 than 5000 Ethernet
file per day. ports.
E.g. for 2000 DAC GE3 get 1 file created
but with up to 16,000 rows per day.
Testing the performance NBI

Users can generate sample Performance NBI data output files by running the Performance
Data-Forwarding Test. A Performance NBI must be implemented and saved to run this test.
Step Action
1 In the Tree viewer, go to the Performance NBI that you need to test. Right-click it and select
Test.

Step Action
2 The Performance Data-Forwarding Test screen displays, showing the values for this
Performance NBI. Click Start.
3 You are prompted to save the file to a secure location. Select the save location for the
sample Performance NBI output. click Save.
4 The test outputs the sample files.
5 To review the files, go to the save location. The test file names match the standard NBI
output file names.
Enabling/Disabling a performance data NBI

Disabling a performance data NBI stops the generation of NBI performance data files. The
configuration settings are retained and can be enabled at a later time.
Step Action
1
From the Tree Viewer, right-click the required performance data NBI icon .
2 Enable or disable the performance data NBI, on the menu, as required.

Deleting a performance data NBI

Step Action
1
From the Tree Viewer, right-click the required NBI icon .
Renaming a performance data NBI

Step Action
1
From the Tree Viewer, right-click the required performance NBI icon .
2 Select Rename. The Rename window with the selected performance data NBI's name is
displayed.

NBI Configuration Management

This section covers NBI configuration management.
Note: For System Integration, see the separate ProVision NBI System Integration Guide.
About NBI configuration management....................................................................... 249
Deploying a configuration NBI ................................................................................... 250
Editing the settings for a configuration NBI ............................................................... 251
Enabling/Disabling a configuration NBI ..................................................................... 252
About NBI configuration management

NBI configuration management includes all the information relevant to the configuration of a
network. The output is in XML format and includes information such as:
• ProVision server name and IP address

• Device name, type and IP address

• Plug-in name, type, part number, serial number and software version
• Specific plug-in information such as capacity and bandwidth
• Link information
• Cross-connect information
This information helps users track of the inventory that makes up the network, plan a new network,
and improve existing networks.
The configuration NBI output file is supported for a limited number of devices such as Eclipse, CTR
and WTM.
Associated events
The events associated with NBI configuration management are:
• Configuration NBI activation - Initiates the network configuration data to be forwarded to the
NML.
• Configuration NBI file updated - Updates the network configuration data in the NML.
Deploying a configuration NBI

Step Action
1 In the Tree Viewer, right-click the Manager icon. .

Step Action
3
Select the configuration NBI icon .
The Deploying Configuration-forwarding window is displayed.
4 To save the configuration NBI configuration, click Deploy. The deployment results are
displayed, and the configuration NBI icon is displayed in both the Tree and Map Viewers.
5 To close the Deploying Configuration-forwarding window, click Close.
Editing the settings for a configuration NBI

Step Action
1
From the Tree Viewer, right-click the required configuration NBI icon .

Step Action
2 Select Edit. The Configuration NBI window is displayed.
3 Make the required changes and click OK.
Configuration NBI setting

Table 42: Configuration NBI Settings
Configuration Setting Description and Actions

Name Type a name for the configuration NBI.
Configuration Components Basic Configuration includes information on the NBI
destination, device and network inventory.
Circuit Configuration includes information on the radios,
links, and cross-connections.
Enabled By default, the configuration NBI is enabled. Select or clear
the checkbox to enable the configuration NBI as required.
Also see Deploying a configuration NBI (on page 250).
Enabling/Disabling a configuration NBI

Disabling the configuration NBI stops the generation of NBI configuration files. The settings are
retained and can be enabled at a later time.
Step Action
1
From the Tree Viewer, right-click the required configuration NBI icon . The right-click
menu is displayed.
2 Enable or disable the configuration NBI, on the menu, as required.

Resynchronizing a Configuration NBI

This section covers resynchronizing a configuration NBI.
Resynchronizing
The resynchronize feature for configuration NBI obtains an image of the system to be stored in the
database. The database is updated periodically; the information in the database is from the last
update, and not from the radios’ current configuration.
The configuration file is located in the following directory, where icon_name is the name of the NBI
configuration management icon:
<pv root>\ProVisionServer\NBI\Configuration\icon_name
The line called <creation date> indicates when the configuration file was last updated. For
example, the file with the following notation was created on 12 July 2009 at 4:51 p.m.
<creation_date>Fri Jul 12 16:51:21 NZST 2009</creation_date>
The output file collected the last time the resynchronization feature was performed on the
configuration NBI can be used in the event the network needs to be rebuilt. The output file can now
be sent via SFTP/FTP.
Deleting a configuration NBI

Step Action
1
Renaming a configuration NBI

Step Action
1
2 Select Rename. The Rename window with the selected configuration NBI's name is
displayed.


NBI Topology Management

This section covers NBI topology management.

About NBI topology management.............................................................................. 254
Deploying a topology NBI .......................................................................................... 254
Editing the settings for a topology NBI ...................................................................... 255
Enabling/Disabling a topology NBI ............................................................................ 256
Deleting a topology NBI............................................................................................. 256
Renaming a topology NBI ......................................................................................... 257
NBI topology files ...................................................................................................... 257
About NBI topology management

The NBI topology management feature is similar to the import and export topology feature
described in Migrating Topology (on page 125). It collects information on network topology,
including:
• Object type
• Object name
• Object containment definition
• Device IP address
• SNMP community strings
• Object state (managed or unmanaged)
• Object performance data collection state (daily enabled/disabled, 15-minute enabled/disabled)
• Object coordinates (in the Map Viewer)
However, NBI topology management is more robust in than the import and export topology feature
for the following reasons:
• It saves the topology as icons on the physical and map viewers.
• It schedules the topology export for automatic execution.
• The file in which NBI topology is collected can be sent via SFTP/FTP.
NBI topology management can be very useful when rolling out a new network. If you periodically
save the network topology, it is easy to restore the network if there are any problems.
NBI topology management events
The events associated with NBI Topology management are listed in the table below.
Table 43: NBI Topology Management Events
Event Description
Topology NBI activation Notes when a topology NBI is deployed.
Topology NBI output file created Notes when a topology NBI output file is created or updated.
Deploying a topology NBI

Step Action
1 In the Tree Viewer, physical pane right-click the Manager icon .

Step Action
3
Select the topology NBI icon . The Deploying Topology-forwarding window is
displayed.
4 To save the topology NBI configuration, click Deploy. The deployment results are displayed,
and the topology NBI icon is displayed in both the Tree and Map Viewers.
5 To close the Deploying Topology window, click Close.
Editing the settings for a topology NBI

Step Action
1
From the Tree Viewer, right-click the required topology NBI icon .
Step Action
2 Select Edit. The Topology NBI window is displayed.
3 Make the required changes and click OK.
Topology NBI settings

Table 44: Topology NBI Settings
Topology Setting Description and Actions

Name Type a name for the topology NBI.
Execution Criteria Allows you to set the time of day that the daily output is generated.
Use the up and down arrows to set the hour, then select AM or PM.
Purge Criteria Allows you to set the length of time that files are to be kept. Use the
up and down arrows to set the number of days for the files to be
purged.
Enabled By default, the configuration NBI is enabled. Select or clear the
checkbox to enable the configuration NBI as required.
Enabling/Disabling a topology NBI

Enabling the topology NBI activates the generation of NBOI topology files. Disabling the topology
NBI stops the generation of NBI topology files. The settings are retained and can be enabled at a
later time.
Step Action
1 From the Tree Viewer, right-click the required topology NBI icon.
2 Enable or disable the topology NBI, on the menu, as required.
Deleting a topology NBI

Step Action
1

Step Action
Renaming a topology NBI

Step Action
1
2 Select Rename. The Rename window with the selected topology NBI's name is displayed.

NBI topology files

File location
The topology NBI configuration outputs can be found in the directory:
ProVisionServer\NBI\Topology
Note: The topology NBI data file has the same format as the output that is generated when using
the topology export command. See Exporting the Topology (on page 127) for additional
information.

Help Desk Reports
Chapter 13. Help Desk Reports

The Help Desk Report collects information about the environment and configuration of ProVision.
Run and save this report to provide a record of your system's configured setup, and to send to Aviat
Networks Technical Support when you have a problem.
The Help Desk Report

The Help Desk Report collects information about the environment and configuration of ProVision. It
captures the configuration and license information of your ProVision installation whenever you run
the report. This report is important for system maintenance and support.
The Help Desk Report must be run and saved at the time that your system is fully commissioned.
This captures the environment and configuration of your ProVision installation.
The purpose of this report is to capture any problems in your system, and to collate all the
information required to enable the Aviat Networks HelpDesk to assist you with your problem. The
Aviat Networks HelpDesk compares the data in your Help Desk report to the Help Desk report that
you generated at the time of system commissioning.
This report automatically includes:
• License details
• System configuration
• Log of SNMP round trip times for each radio
• Log of heartbeat round trip times between the client and the server
• Client log files
• Server log files
• Server Status page log files (stored as .zip files, located inside
ProVisionServer/repository/logs/statuspages)
You can generate this report to include your current database. If a database is not included in a
Help Desk report, the topology export file will be included. All the Help Desk report data is saved in
one Zip file, with the name and date. It is saved to the file location:
ProVisionServer/repository/reports
Also, The Client helpdesk report can be generated to collect information about client system and
system-client log. This report is saved as zip file with client PC name and date. It is saved to file
location: ProVisionClient/reports
Running the Help Desk report

You can run a Help Desk report at any time. Note the following:
• Generating an additional Help Desk Report does not over-write any previous Help Desk
Reports.
• Including the database in a Help Desk Report increases the size of the Help Desk report zip
file. If you need to send multiple Help Desk reports to the Aviat Networks Help Desk, we
recommend that you include your database with the first Help Desk Report that you send.
Then, later Help Desk Reports can be sent without the database. (If a database is not
included in a Help Desk report, the topology export file will be included.)

Help Desk Reports
Procedure
Follow these steps to run the commissioning report.
Step Action
1 In the menu bar, go to Reports > Help Desk, then select Generate.
2 The Report Information screen displays.
3 Select the checkboxes if you want to:

• Include the database backup in the report.
• Open the Task Manager.
Then, click OK.
4 The Task Manager displays the status of the report generation and shows when the report
is complete.
5 Go to the file location where the Help Desk report has been saved:
ProVisionserver/repository/reports
6 The report file is there, with values for the date and time it was created in its title:
PV_HelpDesk_Report_<Weekday>_<Date>_<ReportID>_<TimeZone>.zip
Send this zip file to your Aviat Networks support contact. Save a copy of this at an archive
location for your users.
Using commands to run Help Desk reports

You can use commands to run the Help Desk report from a command line. This is useful if you are
having problems with the client or server, and you cannot run the Help Desk Report in ProVision.
Procedure to run server reports
Follow these steps to to run the ProVision server report from the Command Window.
Step Action
1 From the Start menu, go to Start > All Programs > Server > Command Window.
2 Enter the command: pv report

Help Desk Reports
Step Action
3 The system will ask:
Do you want to include database backup in the report? (y/n)
Type y for yes or n for no.
4 The ProVision Client Help Desk report is generated. The Command Window shows the
location where the report is saved.
5 Send the completed Client report .zip to ProVision technical support.
Alternatively, follow these steps to to run the ProVision server report from the Command Window.
Step Action
1 Log in to the server where the ProVision Server is installed and open a Command Window,
as noted above.
2 Enter the command: pv report
3 The ProVision Server Help Desk report is generated. The Command Window shows the
system location where the report is saved:
4 Retrieve and send the Server report .zip to ProVision technical support.

Help Desk Reports
Procedure to run Help Desk reports

Follow these steps to run the ProVision client-Helpdesk report on the Client from the Command
Window;
Step Action
1 Log in to the client and go to the directory where ProVision Client is installed and open a
command window, as below.
2 Enter the command: startupclient report

3 The file is saved in the reports directory of ProVision Client folder as shown below.
4 Retrieve and send the Server report .zip to ProVision technical support.

Help Desk Reports
Saving or deleting Help Desk reports

After you have created a Help Desk report, you can also:
• Save the Help Desk report to an additional network location
• Delete the Help Desk report.
Step Action
1 In the menu bar, go to Reports > Server Reports.
The Server Reports information screen displays.
2 This screen displays all the Help Desk reports that are saved in the database.
To save a Help Desk report to an additional network location, click the Save icon for
that report.
The Save screen displays.
3 Choose the network location where you want to save the report. Edit the file name of the
report. Then, click Save.
The report is saved to the specified network location.
4 To delete a Help Desk report from the system, click the Delete icon for that report.
The selected Help Desk report is deleted.

614-330053-001
GA Release

ProVision Rel 7.15.0 Install &amp; Admin Guide 2022-DeC

Uploaded by

Copyright:

Available Formats

You might also like

ProVision Rel 7.15.0 Install &amp; Admin Guide 2022-DeC

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ProVision Rel 7.15.0 Install &amp; Admin Guide 2022-DeC

Uploaded by

Copyright:

Available Formats

ProVision

Installation & Administration Guide

Copyright & Terms of Use

Aviat Networks March 2023 iii

iv March 2023 Aviat Networks

Aviat Networks Technical Support

North America & Latin EMEA APAC

Global Support Hotline

Corporate Headquarters International Headquarters

Phone: +1 (512) 265-3680 Phone: +65 6496 0900

Aviat Networks March 2023 v

Conventions and Terminology

Note: A note item identifies additional information about a procedure or function.

Important: An important item identifies additional information that must be heeded.

vi March 2023 Aviat Networks

Installing Eclipse Portal ............................................................................................................ 54

viii March 2023 Aviat Networks

Configuring RADIUS authentication fallback to local user accounts............................................ 79

Extracting device data from StarView .................................................................................... 130

Deleting an Event NBI ............................................................................................................ 240

xii March 2023 Aviat Networks

Chapter 1. Administrator Introduction

Role Brief Description

Aviat Networks March 2023 13

14 March 2023 Aviat Networks

Chapter 2. System Description

Aviat Networks March 2023 15

ProVision Deployment Options

Single Server/Client deployment

16 March 2023 Aviat Networks

LAN client deployment

WAN client deployment

Aviat Networks March 2023 17

Standby server deployment

Standby server deployment: sharing or separate hardware

Aviat Networks March 2023 19

Figure 6: Standby Server with Server and Client on Separate Hardware

20 March 2023 Aviat Networks

Standby server with WAN and separate hardware

Network Communication Ports and Firewalls

Aviat Networks March 2023 21

Communication frequencies with network devices

22 March 2023 Aviat Networks

Network communication ports for firewalls

Aviat Networks March 2023 23

Recommended port configuration

Application Protocol Port From Comments

24 March 2023 Aviat Networks

Application Protocol Port From Comments

Application Protocol Port From Comments

Note: SFTP is enabled by default

Note: SFTP is enabled by default

Note: SFTP is enabled by default

Note: FTP must be enabled

Aviat Networks March 2023 25

Application Protocol Port From Comments

Note: SFTP is enabled by default

Note: SFTP is enabled by default

SYSLOG UDP 514 NE Management notifications. Port is

ProVision Rel 7.15.0 Install & Admin Guide 2022-DeC

ProVision Rel 7.15.0 Install & Admin Guide 2022-DeC

ProVision Rel 7.15.0 Install & Admin Guide 2022-DeC