OmniVista Cirrus Production Notes 2.1.0
OmniVista® Cirrus is a cloud-based Network Management System (NMS). This cloud-based approach eliminates the need for purchasing and maintaining a physical server and installing the NMS on premise, since everything resides in the cloud. Network Operators can access OmniVista Cirrus from anywhere, using any approved browser and device (e.g., workstation, tablet).
Access to OmniVista Cirrus is supported on the following browsers: Internet Explorer 11+ (on Windows client PCs), Chrome 68+ (on Windows and Redhat/SuSE Linux client PCs), and Firefox 62+ (on Windows and Redhat/SuSE Linux client PCs).
These Production Notes detail new features and functions, network/device configuration prerequisites, supported devices, and known issues/workarounds in OmniVista Cirrus. Please read the Production Notes in their entirety as they contain important operational information that may impact successful use of the application.
- New Features and Functions
- Network and Device Prerequisites
- Supported Devices
- Issues Fixed
- Additional Documentation
An overview of new features and functions is provided below.
OmniVista Cirrus now supports the following devices:
OmniVista Cirrus now supports the following OS Software Versions:
- AOS 6.7.2.R05 - OS6350 and OS6450 Devices
- AWOS 220.127.116.11 - APs
UI Enhancements Across Applications
- LAN/WLAN Menu Option - There is now an option to display application drop-down menus specific to WLAN devices (e.g., SSIDs, APs). The option is available by clicking on the LAN/WLAN Menu drop-down at the top of the screen. By default, all application drop-down menus (for both LAN and WLAN Devices) are displayed ("LAN+WLAN Menu"). Select "WLAN Menu" to display application drop-down menus specific to WLAN devices (e.g., SSIDs, APs). The Banner will turn gray, indicating you are in WLAN Menu Mode. Note that there is no change to the content within the applications (i.e., the applications have not been modified to be "WLAN-specific"). The content of the applications accessed through the WLAN Menu and the LAN+WLAN Menu are the same.
- Alarm Status Bar - A real-time display of unacknowledged alarms is displayed at the bottom of all screens in OmniVista Cirrus. The number of alarms in each category (e.g., Critical, Major, Minor, Warning) is displayed. Click on a category to go to the Notifications application and view all alarms in the selected category.
- Application Results Log - The "Application Results" log now displays actions taken in the SSIDs application (in addition to the Device Catalog application). The "Application Results" button is located in the OmniVista Cirrus Banner to the left of the Support Center link at the top of the screen. Click the button to view application actions. With the log displayed, you can click on the Copy button to copy the log to the Clipboard.
The following new services enable a Business Partner to remotely monitor and manage OmniVista Cirrus Systems.
- Multi-Tenancy Service Master Dashboard - The new Multi-Tenancy Service (MTS) feature enables a Business Partner (MTS Provider) to remotely monitor and manage multiple OmniVista Cirrus Systems (Tenant Systems). A Provider creates an MTS account. When the Provider logs into the account, a Master Dashboard displaying all managed Tenant Systems is displayed. The display provides a high-level overview of each Tenant, and the MTS Provider can click on a Tenant to go to the Tenant's Dashboard and manage the system.
- Multi-Tenancy Service - The Multi-Tenancy application (Administration - Multi-Tenancy Service), is used by Tenant Systems to manage MTS Providers. The application is used to request management from an MTS Provider or respond to an MTS Provider invitation for management. A Tenant can also use the application to enable/disable management of a system by an MTS Provider. Once a Tenant (local system) is being managed by an MTS Provider, the Tenant will have "Read-Only" permission on the system. All of the menus and screens will be available for viewing, but the Tenant will not be able to configure the network. The only exceptions are the Multi-Tenancy Screen and the Users and User Groups Screens.
The following new application has been added to OmniVista Cirrus.
- SSIDs - The new SSIDs application (WLAN - SSIDs) simplifies wireless network configuration with one-step provisioning, including SSID setup as well as authentication and policy configuration. When you create an SSID, relevant related default configurations (Access Role Profile, Access Policy, Authentication Strategy, Guest Access Strategy, BYOD Access Strategy, AAA Server Profile, Tunnel Profile, and Global Configuration) are automatically created and linked to the SSID using a name derived from ESSID. As you go through the creation/customization process you can customize these default SSID configurations (including AP availability schedules) to fit your network requirements. The application replaces the old WLAN Services application.
- AP Registration
- Access Points
- Scanning Mode - You can set APs to examine the radio frequency environment in which the Wi-Fi network is operating, identify interference, and classify its sources. An analysis of the results can then be used to quickly isolate issues with packet transmission, channel quality, and traffic congestion caused by contention with other devices operating in the same band or channel. Scanning Mode can be enabled on an AP by editing the AP on the Access Points Screen. The data collected in Scanning Mode is displayed on the RF Scan View Screen (WLAN - RF Management - RF Scan View).
- AP Group
- BLE Beaconing - You can enable BLE Beaconing for APs. BLE Beaconing is used by the Location Service to deliver location services like way-finding, geo-location, geo-notification, and geo-fencing. BLE Beaconing is supported on AP1201, AP1231, and AP 1232 Devices.
- Location Service - This new AP Registration option is used to configure Wi-Fi Location Based Service (LBS) Profiles. OmniVista Cirrus integrates with the AeroScout to provide LBS. LBS is configured for APs at the AP Group level using the AP Group Screen. If Location Services are enabled for an AP Group, APs in the group will report wireless scanning data to the Location Engine.
- A new User Activity Report is available in the Audit application. The log contains user login/logout information as well as user Device Catalog actions (e.g., adding devices, licensing devices).
- Authentication Servers
- On Premise LDAP/AD Server - You now have the option to configure an on-premise LDAP/AD Server if you want to use a private LDAP/AD Server instead of one in cloud for AP authentication. In this scenario, user authentication requests are communicated directly between an AP and the LADP/AD server, and are not exposed in the public network. This option is only supported for BYOD access.
- Resource Manager Backup Failure Trap - A new trap has been added to the Notifications application (alaOperationTrap) for Resource Manager Backup Failure. A Trap Responder can be configured to automatically send an e-mail when this trap is triggered.
- Network ID - The Network ID feature provides additional security during the on-boarding process.
- Force Pre-Prov Config - A new Force Pre-Prov Config button has been added to the top of the Device List on the Pre-Provisioning Screen to push the Pre-Provisioning configuration to a device the next time the device "Calls Home". Typically, OmniVista does not send Pre-Provisioning configuration for a Managed device. It only sends it for unmanaged devices to enable them to become managed. However, there may be cases when a managed device loses its Pre-Provisioning configuration (e.g., device is rebooted from a different directory, device is reset to factory defaults). In this case, the Pre-Provisioning configuration needs to be re-sent to the device for OmniVista to continue managing it.
- Network Settings - A new Network Settings area has been added to the SNMP Default Template. The fields can be used to configure the Management VLAN used by devices.
- Modify Factory Default - You can now modify factory-default admin password for AOS switches in the Pre-Provisioning Template.
- License Management
- AP Device Licenses have been increased from 25 Guest Device Licenses/25 BYOD Device licenses per AP, to 50 Guest Device Licenses/50 BYOD Device licenses per AP.
- Geo Map View - The Topology application now provides a Geo Map view to display devices in their physical location on a geographical map. When a device is added to OmniVista Cirrus, you have the option of specifying a Geo Map location for the device using either street address or Latitude/Longitude. (Location information is automatically added when a device is added using the OV Cirrus Assistant App for Android and IOS.) The device will then be displayed in the Geo Map view in Topology. You can also create Map Sites (e.g., Street/City, Data Center, Campus Building), place them in a specific Geo Location and add devices to those sites. A toggle switch in the upper-right corner of the screen enabled you to switch between the Geo Map View and the Traditional Topology View.
- Custom Notes - You can now add custom sticky notes to any Topology map. The notes can be placed anywhere on a map, and can be edited or deleted. Click on the Map Level Actions drop-down and select Add Note. You can also go to the Topology Configuration Screen to set a default option to display notes on maps or hide them.
- RF Scan View - The RF Management RF Scan View application (WLAN - RF Management - RF Scan View) is used to view Scanning Mode data for APs. Wireless networks operate in environments with electrical and radio frequency devices that can interfere with network communications. To view Scanning Mode data for an AP, the AP must be in "Scanning Mode", which is configured on the Access Points Screen.
- Client Summary Report - The Client Summary Report (WLAN - Client - Summary) now displays download and upload throughput data.
DHCP Server Requirements
- IP Address - DHCP Server IP address.
- Option 1 - Subnet Mask.
- Option 2 - Gateway.
- Option 6 - Domain Name Servers - Required for FQDN resolution of OmniVista Cirrus connection points.
- Option 28 - Broadcast Address. This option is only recommended, not required.
- Option 42 - NTP Server(s) - Required for Certificate validation (start date and duration), and all related encryption functions. This option is not required on devices running AOS 6.7.2 R04 / AOS 8.5R2 / AWOS 18.104.22.1686 or higher. It is however, recommended.
ALE Specific Requirements
- Option 43
- Sub-Option 1 - Vendor ID. Validate the DHCP response (must be set with the value alenterprise). This sub-option is only required if you specify any of the sub-options listed below, or any devices on your network are running AOS 6.7.2 R03.
The following Sub-Options are only required if you are using a Proxy to connect to the Internet.
- Sub-Option 129 - Proxy URL. It can be either an IP address or a URL (e.g., "IP-address=22.214.171.124", "URL=http://server.name").
- Sub-Option 130 - Proxy Port.
- Sub-Option 131 - Proxy User Name. If the customer proxy access requires authentication, both 131 and 132 can be supplied via these sub-options.
- Sub-Option 132 - Proxy Password.
- Sub-Option 133 - Network ID.
- Option 138 - Remove any existing configuration (required for all ALE Devices).
For basic onboarding of devices and connection to the OmniVista Cirrus Server, a minimum of 10 kbps end-to-end network throughput is required between the device and OmniVista Cirrus.
To enable statistics data transfer, status queries, configuration commands, and other requests/responses between devices and OmniVista Cirrus, a minimum of 64 kbps end-to-end network throughput is required between the device and OmniVista Cirrus. APs must be running the latest AWOS software version.
If a device is accessing the Internet via an HTTP/HTTPs proxy, the proxy server must be specified in DHCP Option 43, Sub-option 129 (Server) and Sub-Option 130 (Port). The server may be specified in 1 of 2 formats: 1) “URL=http://server.domain”, or 2) “IP-address=126.96.36.199”. The port is specified as a number (8080).
The following ports must be configured to allow outbound traffic from your local network if you are not using a Proxy to connect to the Internet, or if your DNS or NTP Servers are outside of your network:
- 443 - If you are not using a Proxy to connect to the Internet. Either your firewall must allow outbound access to this port; or if you have one, you may access the port via your local proxy.
- 80 - If you are not using a Proxy to connect to the Internet. Either your firewall must allow outbound access to this port; or if you have one, you may access the port via your local proxy.
- 123 - If you are using an NTP Server that is outside of your network. If External, you must ensure that your firewall allows outbound access to port 123 udp. This access cannot be mediated by a proxy, it must be direct (NAT is allowed).
- 53 - If you are using a DNS Server that is outside of your network. If External, you must ensure that your firewall allows outbound access to both port 53 tcp and port 53 udp. This access cannot be mediated by a proxy, it must be direct (NAT is allowed).
An NTP Server(s) is required for Certificate validation (start date and duration), and all related encryption functions. Devices must have access to at least one NTP Server, whether local or external. Note that if a device's System Time is not correct, it may take several attempts to synchronize with the NTP Server before the device connects to the OmniVista Cirrus Server.
The minimum device software versions for onboarding and management are detailed below. The minimum onboarding versions are required for the device to connect the to the OmniVista Cirrus Server. The specified management software versions are required to support all of the management features available in OmniVista Cirrus 2.1.0.
For onboarding (call home and connection to the OmniVista Cirrus Server), devices must be running the following minimum software versions:
- AOS 188.8.131.52.R03
- AOS 184.108.40.206.R03
- AWOS 220.127.116.11.
Devices must be running the software versions specified below to support all of the management features available in OmniVista Cirrus 2.1.0.
- Essential Switch (E) - OS6350/OS6450 - (6.7.2.R05), OS6465 (8.5.255R2), OS6560 (8.5.265R2)
- Core Switch (C) - OS6900 (8.5.255R2)
- Advanced Switch (A) - OS6860/OS6860E/OS6865 (8.5.255R2)
- Stellar AP (SA) - OAW-AP1101, OAW-1201, OAW-1201H, OAW-AP1221, OAW-AP1222, OAW-AP1231, OAW-AP1232, OAW-AP1251 (AWOS 18.104.22.168)
A link to the latest software images is included in the Verification E-Mail you receive when you create your account. If necessary, click on the link and download the required AOS software. Release Notes, containing detailed upgrade instructions for each device type, are available on the ALE Business Portal.
A full list of ALE supported devices/AOS releases can be found here.
AV No Longer Supports OS6900 Switches (OVC-4381)
Summary: Application Visibility no longer supports OS6900 Switches.
Workaround: NA - Informational.
OV Managed Device Automatically Deleted and License Unassigned (OVC-4683)
Summary: A currently-managed device can be automatically deleted, its license unassigned, and the device moved to “Registered” if the IP address assignments of devices are changed.
For example, suppose there are two devices discovered and managed by OmniVista: Device1 with IP address "IP1", and Device2 with IP address "IP2". At some point, the IP Address assignment for these devices are changed as follows: Device1 IP address is changed from "IP1" to "IP2"; and Device2 IP address is changed from "IP2" to something else. This scenario could happen, for example, if the DHCP Server is restarted and does not attempt to give the same IP address as before to the DHCP clients.
If Device1 is then rediscovered (as part of periodic polling or by a manual user action), Device2 will be deleted from OmniVista when OmniVista discovers that Device1 now has the "IP2" IP address to avoid the situation where two devices have the same IP address in OmniVista.
Workaround: Network Administrators must ensure that OmniVista-managed device IP addresses are not recycled to other OmniVista-managed devices.
Upgrades Are Triggered Differently for 6x and 8x Switches (OVC-435)
Summary: The Activation Server checks the "current software version" from the switches to determine whether a switch should upgrade or not. Because of the different behaviors of 6x and 8x Switches, there may be some inconsistencies about when a switch will be triggered to upgrade.
- AOS 8x switches send current software version of the current running directory.
- AOS 6x switches send current software version of WORKING directory when in sync.
Example AOS 6x:
Assume switch comes up in the Certified Directory.
Assume /flash/working has the same image version as "desired software version" set in Device Catalog, whereas /flash/certified has a lower version. Since AOS 6x sends current software version of /flash/working, upgrade will NOT be triggered on the switch.
Example AOS 8x:
Assume switch comes up in the Certified Directory.
Assume /flash/cloud has the same image version as "desired software version" set in Device Catalog, whereas /flash/certified has a lower version. Since AOS 8x sends current software version of current running directory which is /flash/certified. there will be an upgrade. The switch will download the desired software version to /flash/cloud and reboots from /flash/cloud.
Workaround: NA - Informational.
Upgrade Workflow Should Be Changed When Device Is Loaded From Certified Directory (OVC-435)
Summary: When an AOS 6.x Switch with "Set to Software Version" set to "Latest Version" contacts the OmniVista Server, the server checks the Working Directory to see if it is running the latest AOS software. If the Working Directory contains the latest software version, an upgrade will not be triggered, even if the Certified Directory is running on an older software version. To upgrade the Certified Directory to the latest software, reboot the switch from the Working Directory.
Workaround: NA - Informational.
If Network ID Strict Mode Is Enabled Some Devices Will Be Unable to On-Board (OVC-4381)
Summary: If Network ID Strict Mode is enabled, only devices running AOS 672.R05 and AWOS 22.214.171.124 will be able to onboard.
Workaround: NA - Informational.
No CLI Command to Configure Network ID in Statically Configured Cloud Agents (OVC-4569)
Summary: You cannot configure Network ID/Strict Mode using the CLI (AOS or Express Mode).
Workaround: No workaround at this time.
Pre-Provisioning Fails When NTP Server Is Configured in a Pre-Provisioning Template (OVC-4682)
Summary: If you configure the NTP Server in a Pre-Provisioning Template and on your on-premise DHCP Server, pre-provisioning will fail.
Workaround: Do not configure the NTP Server on both the Pre-Provisioning Template and your on-premise DHCP Server. The on-premise DHCP server should not return the NTP Server IP address if the NTP IP is specified in the pre-provisioning configuration in OmniVista. Alternatively, if the DHCP Server is returning the NTP Server IP address to devices, do not specify the NTP Server IP address in the pre-provisioning configuration in OmniVista.
Unable to Map SSID to Different VLANs on Different AP Groups (OVC-4989)
Summary: You cannot Map an SSID to different VLANs on different AP Groups.
Workaround: If you require an SSIDs Default Access Role Profile to map to different VLANs/Tunnels on different AP Groups, go to the Access Role Profile page (Unified Access - Unified Profile - Template - Access Role Profile), choose the entry with the SSID Profile name, click on the Apply to Devices button, select the desired VLAN/Tunnel ID and AP Group(s) and click the Apply button. Repeat the procedure for different VLANs/Tunnel IDs.
BYOD Access Strategy "Go to initial URL" Option Does Not Work on AOS 6x Switches (OVC-421)
Summary: The "Go to Initial URL" option for successful login does not work on AOS 6x Switches. It does work on APs and 8x Switches running a minimum build of 8.5R2 GA.
Workaround: There is no workaround at this time.
External LDAP Server Requires Direct Connection (OVCLOUD-2832)
Summary: If you are using an external LDAP Server, you must have a direct connection to the server using a public IP address.
Workaround: NA - Informational.
HTTPs Traffic is Not redirected to Portal Page for an HSTS Website (OVC-1777)
Summary: The first time a user opens an HSTS website, they are redirected to the portal page, as expected. The second time a user opens an HSTS website, the redirection will not work. If the user clears browser cache and retries connecting to the HSTS website, it will work. The behavior depends on the browser used. Chrome is very strict, so the problem is always seen, Firefox is not as strict; the problem will still happen but not as frequently.
Workaround: There is no workaround at this time.
If You Remove a Master from a Virtual Chassis Slave Devices Lose Connectivity
Summary: If You Remove a Master from a Virtual Chassis (VC), Slave devices Lose Connectivity Due to stale certificates. Devices use a certificate to communicate with OmniVista Cirrus. This certificate is given to the devices by the OmniVista Cirrus on their first Activation attempt. In a VC, the Master chassis is issued a certificate for its Serial Number and this certificate is copied over to all the Slaves. If the owner of the certificate (Master) is removed permanently from the VC, the remaining chassis will form a VC and attempt activation using the certificate of the old Master, but will be unable to activate using this certificate. Customers should raise a ticket with ALE Customer Support to overcome this issue. After understanding the VC topology, ALE Customer Support might take a decision to remove the certificate from the VC and enable the remaining chassis in the VC to attempt Cloud Activation afresh.
Workaround: Raise a ticket with ALE Customer Support. After investigating the VC topology, ALE Customer Support may decide to remove the certificate from the VC and enable the remaining chassis in the VC to re-attempt activation.
Issues Fixed Since Release 2.0
- Cannot Remove a BYOD/Guest Online Device From Device List on AOS 8x Switches (OVC-419)
- Cannot Find Audit Logs in OmniVista Cirrus (OVC-456)
- Error When Applying Access Role Profile with Policy List to 6x Device (OVC-459)
- Cannot Apply Policy List from RADIUS Attribute "Alcatel-Policy-List" in UPAM on AOS 6.x Switches (OVC-463)
- Captive Portal Page Is Not Kept After Upgrading From 1.0.2 (OVC-2467)
- AP Image Upgrade From 3.0.2 to 3.0.4 Requires 2 Reboots (OVC-2957)
- Device Status Color Does Not Change When a Trap is Sent From an AP (OVC-3220)
- Minimum OS Versions Required for Full OmniVista Cirrus Functionality (OVC-3468)
- OS6560 Device Loses VPN Connectivity and Remains in a DOWN State (OVC-3530)
- Guidance for Users with ALE Business Store Based OmniVista Cirrus Subscriptions That Are Pending Activation (OVC-3776)
- OS6560 Dumps ipcmmd pmds When Calling Home (OVC-3834)
Issues Fixed Since Release 1.0.2
- Hide Top N clients and Top N App Charts (OVC-1565)
- OS6560 Does Not Support Policy List on OS6560 Switch running AOS 8.4.1.R03 (OVCLOUD-1384)
- Status of All AOS Devices Changed from “OV Managed” to “Pre-Provisioning" in Device Catalog (OVC-145)
- Analytics Line Chart Does Not Display Date in X-Axis (OVC-461)
Issues Fixed Since Release 1.0.1
- Device Added to Data Lake Is Not Added to Device Catalog Even Though "Call Home" Was Successful (OVC-146)
- VC of 2 OS6900-X20 Disappeared from the List of Managed Devices (OVC-147)
Online help is available in OmniVista Cirrus and can be access by clicking on the Help Link (?) in the upper-right corner of any screen. You can also search through the online help on the OmniVista Cirrus Home Page. An overview of OV Cirrus as well as Getting Started Guides for Freemium, Trial, and Paid Accounts is available here.