cnMaestro 2.1.0 (On-Premises)

Introduction

This document highlights new features and significant updates in cnMaestro On-Premises. cnMaestro 2.1.0 is a major OVA release, and Cambium recommends all customers update to the latest version. cnMaestro 2.1.0 is the next release after 1.6.3 (there was no official 2.0.0).

The latest releases are the cnMaestro 2.1.0-r22 OVA and the cnMaestro 2.1.0-r23 Package. The Package is only for customers who want to upgrade from cnMaestro 2.1.0-r21.

Important: Upgrading from r21 to r23

The cnMaestro 2.1.0-r23 Package is for customers running the previous 2.1.0-r21 OVA : it provides an easier upgrade. Current 1.6.3 users should only install the cnMaestro 2.1.0-r22 OVA and follow the standard upgrade procedure listed below.

Customers blocked importing data from 1.6.3-r39 into 2.1.0-r21 should apply 2.1.0-r23 and then import the data.

A list of fixes in 2.1.0-r22/r23 is presented later in this document.

Important

cnMaestro 2.1.0 On-Premises is distributed as an OVA file which requires installation on a new virtual machine. Existing cnMaestro On-Premises users should export their data and import it into cnMaestro 2.1.0. Only data exported from cnMaestro 1.6.3 is supported.

The basic steps are defined in the User Guide and consist of:

1.      Export Data from current cnMaestro Installation at Application > Server > Operations.

2.      Import Data file into the new cnMaestro 2.1.0 installation at Application > Server > Operations.

Important: VMware ESXi

Some customers have seen SHA-256 errors when importing the OVA into older versions of VMware ESXi using the vSphere C# Client. This is due to a security enhancement by VMware, which deprecated the original SHA-1 hash. To resolve, one can do the following:

1.      Upgrade VMware to the latest version, which uses SHA-256 by default.

2.      Use the ESXi Web Client, instead of the vSphere C# Client.

3.      Use OVFTOOL to convert SHA-256 to SHA-1. See this post for details.

4.      Convert the OVA manually using a shell script. See this post for details.

Important: Web Browser

You may need to restart your browser (or clear the browser cache with a hard reload) after the 2.1.0 update.

Important:  Update Precautions!

This update has significant database changes that require data migration. This process is done in the background, so regular network management operations are not impacted. The migration duration depends on the total number of devices: approximately 30 minutes per 1,000 devices. We recommend limiting UI access during this period, to keep the load down. Devices will otherwise reconnect as normal. Please also do the following:

1.      If the Managed Service Provider (MSP) feature is enabled in the current 1.6.3 system, it is mandatory to first apply the latest 1.6.3-r39 package (available at https://support.cambiumnetworks.com/files/cnmaestro/) before exporting the system backup. This package contains a major fix to export MSP related data.

2.      Keep the system backup from 1.6.3 in a safe location, in case of unforeseen issues.

3.      Export Application > Server > SSL Certificates from the 1.6.3 system and import after upgrading to 2.1.0. This is in addition to the System Backup: certificates are not included and need to be replaced manually.

4.      During data migration, the virtual machine must NOT be rebooted or powered off. Also do not start System Backup or Data Report jobs.

All subsequent updates after cnMaestro 2.1 will be in-system and not require export/import.

PTP 650/670/700 Support

cnMaestro supports the following monitoring and management functionalities on PTP 650/670/700 in both Cloud and On-Premises.

Feature

Details

Onboarding

Onboard PTP devices using MSN or Cambium ID.

Dashboard

Multiple, distinct dashboards, depending upon whether PTP devices are HCMP enabled (and in master or slave state).

Notifications

PTP-specific notifications and alarms.

Statistics/Performance

Device details and performance graphs with the following metrics: channel utilization, throughput, capacity, receive vector error, receive power, receive signal strength ratio, transmit power, link loss, and packet error.

Map

Visual integration into global map.

Hierarchical Tree

Full cnMaestro Tree support, with HCMP visibility.

Operations

Device reboot.

Data Report

Data reports downloaded and scheduled in On-Premises.

System Integration

Fully integrated into system-components, such as System/Network/Tower dashboards, inventory, and managed services.

PTP Dashboard

 

PTP Performance

 

Note: Configuration and Image Upgrade should still be performed using the PTP device UI.

cnReach Support

cnMaestro now supports full integration of cnReach devices, including monitoring, configuration, and image upgrade in both Cloud and On-Premises.

Feature

Details

Onboarding

Onboard all cnReach device types using MSN or Cambium ID.

Dashboard

cnReach-specific dashboards, including individual dashboards for cnReach Radio 1 and Radio 2.

Notifications

cnReach notifications and alarms.

Statistics/Performance

Device details and performance graphs with the following metrics: throughput, RSSI, transmit power, noise, and neighbor count.

Map

Visual integration into global map.

Hierarchical Tree

Full integration into the cnMaestro Tree, including deeply-nested cnReach backhaul paths.

Operations

Device reboot support.

Configuration

Template-based device configuration.

Software Update

OS and Radio updates, including bulk software distribution.

Data Report

Data reports can be downloaded and scheduled in On-Premises.

Tools

Ping, RF Ping, RF Throughput

System Integration

Fully integrated into system-components, such as System/Network/Tower dashboards, inventory, managed services.

cnReach Dashboard

 

cnReach Performance

 

cnReach Bulk Software Upgrade

cnReach AP Bulk Software Distribution efficiently copies software to all devices in a VLAN, where it can then be applied.


Email Notification

Email Notification allows Super Administrator and Administrator users to add Subscribers (email addresses) for receiving Alarms.

The Alarm Severity can be filtered by:

  • Critical
  • Major
  • Minor

The content of the email can be either HTML or JSON format. This feature must be enabled globally in Application > Settings.

HTML Email Example

 

JSON Email Example

 

Scheduled Software Upgrade

Select a time to apply device software upgrades.

 

Dashboard Device Health Component

The Dashboard Device Health component has been rewritten to better represent the many device types now supported in cnMaestro.

 2.1.0-10.png

WLAN Overrides (cnPilot Enterprise)

WLAN details unique to a device, such as SSID, Enabling/Disabling SSID and Passphrase, are now supported as part of Device Overrides. These can be configured in the Device Configuration page at Manage > Configuration, and then selecting the device in the tree to update.

 

Link Quality Indicator (LQI) for PMP SMs

The LQI statistic indicates if a PMP link is degraded by interference or noise. An LQI of 100% means there is no interference. A value of 90% or higher is considered reasonable. Depending on their environment, operators may differ on what is unacceptable (i.e. 80%, 70%, 60%). The Manage > Statistics table shows the LQI, in downlink and uplink, for every PMP SM. An administrator can sort the table by downlink or uplink to identify the SMs experiencing the most significant degradation. Click on an individual PMP SM Performance tab to view the LQI over the last day or week to correlate degradations to certain periods of time.

Busy Index for PMP APs

This represents the percentage of time during the last week in which a PMP AP is congested -- determined by the frame utilization exceeding 90%. The System and Tower dashboards display a list of the top five busy PMP APs. The Manage > Statistics table shows the Busy Index, in downlink and uplink, for every PMP AP. An administrator can sort the table to identify the most congested APs. Click on an individual PMP AP Performance tab to view the frame utilization over the last day or week to understand when usage tends to be highest.

 

Bulk Reboot

Bulk reboot is added as part of Actions available on Inventory page.


In-System Upgrade (On-Premises)

Upgrading to new cnMaestro versions post 2.1.0 will not require an Import/Export. Instead, the images can be updated within the current virtual machine.

 

SSH Access (On-Premises)

SSH can be enabled through the Console to provide network access to the cnMaestro CLI. The system uses password authentication, and it is recommended only for debugging purposes. SSH is enabled in the Console at Maintenance > SSH.

 2.1.0-16.png

NTP Support (On-Premises)

NTP is enabled by default, and external servers can be added in the Console at Settings > NTP.

 2.1.0-17.png

CSV Configuration Import (Backhaul Devices)

Global cnMaestro Configuration CSV import is available from the Inventory page at the following levels: System, Network, Managed Account, ePMP or PMP AP devices. This feature is supported only for Access and Backhaul devices (AP and SM).

The following parameters are supported for ePMP/PMP AP devices:

  • Latitude
  • Longitude
  • Height
  • Azimuth
  • Elevation

The following parameters are supported for ePMP/PMP SM devices:

  • Latitude
  • Longitude


CSV Example

 

cnPilot Home WLAN and LAN Statistics

The Wireless LAN Dashboard displays  cnPilot Home (R-Series) devices in the Client and Network sections (this functionality is already available for cnPilot Enterprise).

Guest Access Portal Logout

Logout is added to the cnMaestro Guest Access Portal. This feature helps guests use allocated session time more precisely.

For example, if a guest user has a session time of 1 hour, and 1 day as renewal frequency, the user can logout of guest session after 10 min of usage, and the remaining 50 min of session time can be used across different sessions within 1 day (renewal frequency).

  1. Navigate to Services > Guest Access Portal page and select the respective Guest Portal Name.
  2. Select Access
  3. Select Enable Logout functionality for the guest client check box.
  4. Click Save.

 

Twitter Support for Guest Login

Support for Twitter is added under Social Login to Guest Access Portals. Now Guest Clients can login using Twitter.

 

Change Your Password (On-Premises)

cnMaestro users can change their own passwords, irrespective of their role.

 

IPv6 Networking (On-Premises)

cnMaestro supports both IPv4 and IPv6 networking. The eth0 interface requires IPv4 (for the system IP address and cluster configuration), and optionally IPv6.

 2.1.0-27.png

API Updates (On-Premises) image.png

New APIs

Path

Details

Clients API (Section 14.3)

/api/v1/devices/{MAC}/clients/summary

Aggregated data for all Wi-Fi clients

/api/v1/devices/{MAC}/clients/{client MAC}/summary

Aggregated data for a single client

Devices API (Section 8.2, 8.3, 8.4)

/api/v1/devices

Claim new device

/api/v1/devices/{MAC}

Update/Delete an existing device

JOBS API (Section 9)

/api/v1/jobs/{job_id}

Configuration job management

/api/v1/jobs/{job_id}/devices

Networks API (Section 10.2)

/api/v1/networks

Create new network

Sites API (Section 11.2)

/api/v1/networks/{NID}/sites

Create new site

Towers API (Section 12.2)

/api/v1/networks/{NID}/towers

Create new tower

Deprecation/Update Notice for Existing APIs

Path

Details

Devices API

/api/v1/devices

- A new property called site_id is added for WiFi Device

Statistics API

/api/v1/devices/statistics

- site_id property is added for WiFi devices only.

- Until 1.6.3 rx_bps, tx_bps were returning values in kilobits per sec. In 2.1.0 we changed it to return as bits per second

- Until 1.6.3 tx_bytes, rx_bytes were returning values in kilobits. In 2.1.0 tx_bytes, rx_bytes will be sending value as bytes. 

- session_drops field is deprecated.

Performance API

/api/v1/devices/performance

- Until 1.6.3 rx_bps, tx_bps was returning values in kilobits per sec. In 2.1.0 we changed it to return as bits per second

- Until 1.6.3 throughput was returning values in kilobits per sec. In 2.1.0 we changed it to return as bits per second

Sites API

/api/v1/networks/{NID}/sites

- Sites object will contain created_at field denoting site’s creation time. From 2.1.0 this API will accept stop_time and start_time header fields which returns sites created within that period.

Supported Cambium Products

cnMaestro supports the following Cambium Networks products. The software versions are the minimum required to use cnMaestro (not the recommended versions).

Family

Model

Version

cnPilot

cnPilot R200, R200P

4.2.3-R4

cnPilot R201, R201P

4.2.3-R4

cnPilot R190V,  R190W

4.3.2-R4

cnPilot E400/E500

2.5.2-r3

cnPilot E410/E430w/E600

3.5.2-R4

cnPilot E501S

3.2.1-r6

cnPilot E502S

3.2.1-r6

cnPilot E700

3.8

ePMP 1000 Hotspot

ePMP 1000 Hotspot

2.5.2-r3

ePMP

ePMP 1000, Force 180/200

2.6.2

ePMP 2000

3.0.1

ePMP Elevate

3.0.1

ePMP Force 190

3.5

ePMP Force 300

4.1.1

ePMP PTP 550

4.1.1

ePMP 3000

4.3.0.1

PMP

PMP 450i, PMP 450, PMP 450m, PMP 430 SM

15.0.1

PTP 450, and PTP 450i

15.0.1

PTP

PTP 650

01-47

PTP 670 (650 Emulation)

01-47

PTP 670, PTP 700

02-67

cnReach (Beta)

N500

5.2.17e

 Supported Browsers

cnMaestro supports the following browsers:

Platform

Browser

Version

Windows

Internet Explorer

11 and above

Firefox

45 and above

Chrome

49 and above

MacOS

Safari

9 and above

Linux

Firefox

45 and above

Chrome

49 and above

Significant Fixes

The following issues have been fixed:

Id

Details

CNSSNG-1920

Login not working after selecting the user accounts in EDGE browser in Windows 10.

CNSSNG-2222

Device name is not present when exported as CSV/PDF.

CNSSNG-3241

Not able to export the uptime/downtime data from Inventory/Statistics grid.

CNSSNG-8226

PMP/ePMP: Getting upgrade in progress internal error, but the device was upgraded successfully.

CNSSNG-9298

Monitor user should be able to export and schedule Reports at all levels.

CNSSNG-9358

Moving devices to tower after setting the device location fails.

CNSSNG-10112

Job in not started state created from tenant account is not able to start from the global account.

CNSSNG-10107

Devices API sort with name and sort with registration_date is not working

CNSSNG-10042

BHM/BHS software update broken in 1.6.3.

CNSSNG-9979

Scheduled Report issues with devices in MSP accounts.

CNSSNG-8996

Distance value for PMP SMs is not displayed.

CNSSNG-8380

NAS IP should be cnMaestro Server IP instead of RADIUS Server IP.

CNSSNG-9556

PTP550: Devices stuck in onboarding and updating state in production cloud.

CNSSNG-8498

PTP550 and Force 300 devices with build 4.1.1 are not sending the software update events to cnMaestro.

Additional Fixes in cnMaestro 2.1.0-r22

The following updates are in addition to the 2.1.0-r21 release.

Id

Details

CNSSNG-10263

Wi-Fi devices are getting hidden in tree when each of them report each other as parent device

CNSSNG-10276

After update with 2.1.0-r21 "Towers" and "Sites" are not in alphabetical order

CNSSNG-10287

Data migration is failing when 1.6.3-r39 data is imported on 2.1.0-r21

CNSSNG-10293

Tower level Top AP's throughput value is empty

CNSSNG-10300

PMP Medusa AP Downlink data is missing in frameutil performance graphs

CNSSNG-10317

Auto Provisioning feature is not working for cnPilot R-series.

CNSSNG-10343

SM WAN IP is not shown in 2.1.0-r21 version

CNSSNG-10453

Fixed UI dashboard freeze issue due to c3 chart

CNSSNG-10472

Site floor plan got distorted after migrating data from 1.6.3 to 2.1.0

CNSSNG-10486

Sector not showing due to missing gain in Maps

Known Issues

The following issues exist:

Id

Issue

Details

AURA-470

Failure to load success page after quick pay authentication

AURA-474

Error contacting server when clicking on Orange Money button

AURA-388

WiFi Guest Access does not work with Microsoft Edge Browser

Guest Access on cnMaestro does not work with Edge browser on cnPilot 1.4.0-r12 with 3.2.1-6 and 1.5.0-r4 with 3.3 beta builds.

Workaround: Users need to use supported browsers like Chrome, Firefox, or Internet Explorer (IE) 11.

CNSSNG-4083

DHCP errors after cnMaestro Reboot

When cnMaestro On-Premises is rebooted, after Data Import, sometimes DHCP and Disk Errors are encountered.

Workaround: Explicitly run the dhclient command from the Command Line (accessed through the CLI) after reboot to assign the IP address.

RBN-280

DHCP Option 15 not working for cnPilot Home

DHCP Option 15 onboarding is not working for cnPilot Home devices (R-series). These devices cannot use this onboarding mechanism.

CNSSNG-4906

Captive Portal Auto Login fails with latest Android devices

Workaround: Whitelist the URL for Google (*.google.com).

CNSSNG-5365

RADIUS Proxy drops packets after retry exhausted

After RADIUS Proxy Retries are exhausted in cnMaestro On-Premises, all subsequent RADIUS packets are dropped.

Workaround: Reboot cnMaestro.

CNSSNG-7626

Access token is expired after data migration

Workaround: User has to generate a new token after the migration.

CNSSNG-7372

Auto sync always times out if the device IP changes during auto sync

CNSSNG-8304

ePMP: “No GPS Sync” or
“GPS Sync Down” alarm/event not raised in cnMaestro

ePMP devices are not sending the GPS Sync status events to cnMaestro when GPS Sync is down or there is NO GPS Sync.

Also for PMP GPS SYNC events, details shows sync source instead of indicating whether the GPS SYNC source is up or Down.

CNSSNG-10223

MSP images not imported on server when exported in 1.6.3 and imported in 2.1.0 

Workaround: Customers need to apply 1.6.3-r39 build and then import the data to 2.1.0

CNSSNG-10189

cnReach performance reports do not have throughput values for radios

CNSSNG-10145

Certificate exports are not part of Data Backup and restore

Certificates must be exported manually.

CNSSNG-10187

While Migration is happening moving or deleting a device from the Managed account will mark all the events and alarms as undefined once migration is completed

10 Likes

These are some great features, the email notifications will be particularly useful!

When do you plan to upgrade the cloud to this version?

Cloud version we will start rolling in the next 2 weeks, we have servers across region so it may take some time.

Rupam

3 Likes

Hi, during deploy on ESXi 6.7 booting ends in Busy box. Looks like that provided ova file is corrupted or contains some error. Could you check it please?

hi

could you please validate the sha256sum with the OVA which you downloaded?

sha256sum -  96c8b55f74bf7467e2d1cb69f939a9b4a1fb799648b3905361f5ceeb27cf5bfc

1 Like

I did it and it matches.

After powering on  I can see only this ...

i have sent you a private message.

I'd like a bit of clarity before I get really angry - the notes explicitly say "Only data exported from cnMaestro 1.6.3 is supported." I am running Version 1.6.0-r22, and I really don't want to have to backup, update to 1.6.3, reconfigure it and import data, then back that up, update to 2.1.0, and reconfigure and import data again. It's not like this is an ancient version - please tell me that there are no significant differences in the data between these two versions and I can just do the one upgrade...

1 Like

Hi dshea -- the upgrade process from the 1.6.0 version will require an intermediate step to 1.6.3 (which includes exporting and importing data). The 2.1.0 release removes this complexity moving forward, and it will be upgraded in-system (with no more export/import). However to get to this point, the baseline data needs to be exported off a cnMaestro 1.6.1 OVA installation with a package upgrade to 1.6.3. This can be done either by importing into 1.6.1 and upgrading to 1.6.3, or by installing 1.6.1 and upgrading to 1.6.3 before the import.

Both 2.1.0 and 1.6.3 have significant database updates that make this process especially complex as we look at supporting earlier versions for data migration. 1.6.3 added an updated data model for MSP and multiple tenants  (which entailed a significant transition), and 2.1.0 includes additional data restructuring for performance and scalability.

3 Likes

That's awsome job! Can't wait to test it the first thing tomorrow morning.

Yes,

we have error in vmware ESXi.

pls check the file.

thank you.

NR

File?


@netreality wrote:

Yes,

we have error in vmware ESXi.

pls check the file.

thank you.

NR


Tested file in VirtualBox: works.

Upgraded to this new version.

8000+ devices onboarded.

Imported backup file and after some few hours seems all be up but first thing i noticed is that the Towrs and Sites are not in alphabetical order but are all mixed up...

I keep you updated with some testing...

hi netreality,

I have sent private message.

1 Like

Hi.
Could you please help me with configuring email settings?
We get error:

Error
Error on sending mail: unable to verify the first certificate

This is on port 587 with STARTTLS.
 
Kind regards

Ciao,

ho un problema nella creazione dell' OVA

mi viene fuori l' errore in allegato

come posso risolvere?

You have to use OVF vmware tool to convert from SHA256 to SHA1. Or use vmware greater than 6.5


Kind regards

Having issues booting the OVA provided online. Runing xen 6.5 it fails to emergency boot console.

Tried it on a VMware 6.5u1 box I run personally and it boots fine.

Anyone else running Xen figure out how to get this OVA to boot?