Devices Provisioning

Overview

mfusion is a cloud-based platform that simplifies SD-Branch/SD-WAN deployments and handles provisioning, configuration management, and monitoring of all RansNet appliances. Also designed to provide the in-depth network visibility business needs through a secure and intuitive web portal. From servers, routers to applications, mfusion is able to pro-actively monitor and present real-time information from a Centralized Platform.

The key function of mfusion cloud platform includes:

  • Zero-touch provisioning for mbox appliances (HSA, UA, CMG, and HSG). When each mbox appliance powers up, it will auto “call-home” to mfusion, which hosts the configuration repository, and the administrator can simply push the desired config to the targeted host without the need for a certified on-site engineer.
  • Centralized management. mfusion provides centralized config management, config backup, firmware/patch management, and remote control (reboot) of devices without the need to SSH or console into each host. It has a built-in config editor for modifying host config and instantly (or scheduled) push to target hosts, which greatly simplifies operational supports.
  • Centralized visibility. Once each host goes online, it’s automatically monitored by mfusion, which provides complete visibility over network and device health status, and instantly alerts for faults or thresholds. Its customizable report module allows administrators to generate comprehensive usage reports and send them to the target audience without any administrator burdens.
  • Service-provider focused. mfusion is primarily designed for ISP or MSP to manage and support large mbox appliance deployments. Its super-tenancy dashboard access allows providers to give the end customers access to their own devices for real-time visibility. mfusion can be provided as a physical appliance or virtual machine (VM) appliance. It comes with it’s pre-built, hardened, and optimized mboxOS packed with all necessary applications so that ISP/MSP can immediately start to provide end-customer services.

NOTE

mfusion provides multi-tenancy access to devices and data. The device needs to be added as a Host under an ‘Entity (Host Group)‘, and Entities can be grouped under a Parent Entity. User can be attached to several Entities, hence can access all hosts/data under these entities and their child entities.

Management Data Utilization

Understanding management data utilization

When a mbox (CMG/HSG/HSA) is managed by mfusion, there can be several management sessions that will consume bandwidth. If you’re using a 4G/5G SIM with quota limits for the WAN connection, it’s important to understand the “underlying” management data usage, on top of your application data.

  1. Monitoring and orchestration session. Each mbox will automatically report its operating status (eg. cpu, memory, link usage, latency, etc) to mfusion at 2-minute interval. When each mbox is added to the orchestrator for configuration management the box will try to check and pull (if there’s config change) config at 15-second interval. So even if there’s no config change, the box will still send queries to mfusion for config update status every 15s and that will consume bandwidth too. Depending on what monitoring items are enabled and how often you push configs, typically this session can consume about 8Kbps download and 2Kbps upload. In terms of data usage, this translates to (12Kbps x 3600s/hr x 24hr/day x 30 day/month)/8 2.5GB/month download, and 1GB/month upload.
  1. VPN tunnel. When a VPN tunnel is configured, mbox needs to establish tunnels with CMG gateway, and the tunnel needs to be kept alive (permanent) together with tunnel overheads etc. Each tunnel typically consumes about 10Kbps download and 5Kbps upload, which is (10Kbps x 3600s/hr x 24hr/day x 30 day/month)/8 3GB/month download, and 1.5GB/month upload.
  1. Dynamic routing. Under SD-WAN scenario, when VPN tunnel is in “L3 VPN” mode, there’s dynamic routing protocol update within each tunnel, and this can consume another 10Kbps download and 5Kbps upload, eg. (10Kbps x 3600s/hr x 24hr/day x 30 day/month)/8 3GB/month download, and 1.5 GB/month upload.

So in a full SD-WAN connection, the expected extra data usage overhead can be up to 10GB/month download and  5GB/month upload; if you’re running dual tunnels, especially if both tunnels are on the same SIM connection, then it will potentially end up 15GB/month download and  7GB/month upload. 

This overhead can be significant if the SIM card has a quota limit. Many ISP offer xx GB/month data plan, and some even offer “unlimited” plans but the “unlimited” comes at a throttled speed after a certain quota is exceeded.

So there’s a need to optimize management data usage when it’s running on a SIM card:

  1. Try not to use dual VPN tunnels, even if you have 2 SIM cards. Use single tunnel with tracking feature to do failover. Although the failover can be slower (up to 50s compared with 15s for dual tunnels), this helps to save substantial data usage.
  1.  Use “Remote Access” VPN mode instead of “L3 VPN” mode so that there are no dynamic routing protocols running. This requires explicitly injecting routes for each site, but again, some extra configuration efforts can save some data usage.
  1. Do not use VPN tunnels. If your application server is in the cloud and your devices (behind mbox) can send outbound data directly the server via your own secure application sessions (eg. SSL/TLS), you may not need VPN tunnels.

Preparing mfusion Access


Provisioning Procedure

  1. Create Customer Entity
  2. Create mfusion User Account
  3. Add Host and map to an entity.

Prerequisites

  • mbox device should have internet access
  • mbox with a valid license, warranty / Care (Support),
  • Credentials to access mfusion URL
    • [For the mFusion URL & login credentials you can contact your System Integrator / OEM]
  • Take a note of the MAC address and Serial Number of the box
    • [ MAC address & Serial Number can be obtained from the label on the cardboard packaging box. ]

Create Customer Entity

In a multi-tenancy setup, partners are allowed to add customer entities under the mfusion portal ADMIN tab, to provision a separate entity for each customer, and assign a login account for each entity, so that each customer is restricted to access their own entity data. Particularly in a cloud-based deployment, the entity names must be as specific as possible, Yet still, keep a short-form for easy search, and identify the location with a country code.

Find the steps below to create a customer’s entity

  1. Browse mfusion URL and login with the credential
  2. Navigate to ‘ADMIN‘ and click the ‘Entities‘ submenu, then the LIST OF ENTITIES screen opens-up.
Image 1 : List of entities
  1. Click on New Entity btn to create an entity.
  2. Fill the Entity Details (Entity Name (CompanyFullName(no space)_ShortForm(optional)_CountryCode) and Remarks (optional)) and click on the Entity savechanges button

NOTE

The entity naming convention is extremely important as it spans across multiple modules and the entity name can’t be changed once added, and later if you delete, all hosts, Ads, CMS, MACC contents, and users belonging to this entity will be deleted too.

Image 2 : List of Entity Details
S/NFieldsDescription
01. StatusThis shows the current status of the entity you created. The Enabled / Disabled option can be changed here.
02.Entity NameShows the name of the entity you created. – (Read-Only)
03.Parent EntityThis option can change the created entity name as the parent entity (ROOT) or as a child entity of a parent Entity.
Table 1 : The Fields of Entity Details

NOTE

Partner entity (created by super admin) – Service providers who purchased mbox with provider license can create Parent entity, then partners can manage their own customer entity.
Child entity (created by partner admin) – Service providers who purchased mbox with provider license can create child entity, then partners can manage their own customer entity (Child Entity).

Create mfusion User Account

Find the steps below to create mfusion account

  1. Navigate to ‘ADMIN’ > Accounts‘ , then click on button and fill up the user details form.
Image 3: List of New User Account Details
  1. Select the User Profile to define what rights/menu the user can access.
    • Admin profile has access to all the major modules including MAP center, mfusion cloud, Reports, and ADMIN (to create customer entity, Accounts, and Hosts)
    • MACC profile has access to MAP Cloud Center to Monitoring, Planning, Configuration & Maintenance of the Access point.
    • For on-premises mfusion setup, you can create your own profiles.
  2. Click Entity savechanges button, the Edit User page will show. Assign User to desired Entities.

NOTE

The profile here is different from the RADIUS profile in the HotSpot users menu which defines user’s access profile of their Wi-Fi connection (eg. speed, time, volume, etc.)

<Space>

NOTE

2-Factor Authentication (2FA) can be enabled for user login with one-time pin sent by Email or SMS.

– System Admin needs to enable 2FA login for mfusion and configure SMTP Mail server / SMS Gateway settings in ‘ADMIN > General‘ *
– User can set up 2FA login themselves by clicking > ‘My Profile‘ at the top right corner.

* This only applies to on-premise mfusion setup, as RansNet cloud mfusion (portal.ransnet.com) has already enabled 2FA support.

Provisioning mbox appliances

Getting Device Online

Device should be online and able to connect to mfusion. See mbox bootstrapping.

Add Host to Target Entities

In mfusion configuration GUI, each “Host” refers to a mbox device (RansNet appliance), eg. CMG/HSG/HSA/UA.
Follow the steps below to add Host
  1. Navigate to ‘ADMIN‘ > ‘Hosts’ s, then click on button.
    • The NEW HOST (Host Details) form opens-up
Image 4: List of New Host
S/NHost Details FieldsDescriptions
01. Host TypeSelect “mfusion mbox”
02.Host NameThis should be the MAC address of the mbox eth0 interface,
The format should be (xx-xx-xx-xx-xx-xx),
and all alphabet characters have to be in lower case.
03.EntityThis option will bind the mbox to the created entity.
04.AliasThis is the display name to identity the mbox (Alias name)
05.Serial NoThis should be the Serial Number of the mbox *
06.Remote Firmware UpgradeThis upgrades the firmware of the box to the latest released version.
07.Remote Config UpdateThis updates the configuration centrally.
08.TemplateChoose the correct template type for your mbox, depending on its respective model (eg. CMG, HSG, UA, or HSA)
09. Host LocationYou need to enter the location address of the mbox located
Table 2: The Fields of Add New Hosts
  1. Select the ‘mfusion mbox‘ option from the Host Type dropdown menu
  2. Select the entity that you wanted to map the mbox device.
  3. Enter the Serial number of the mbox (You can find it on the packaging box)
  4. Select the Template_HSA (Product: HSA/UA) or Template_mbox (Product: HSG/CMG) from the Template option.
  5. Enter the mac address in lowercase, in the ‘Host Name‘ textbox
  6. Click on Entity savechanges

<<Space>>

Once the provisioning is successfully completed, you can go to the menu ‘ORCHESTRATOR > Monitoring > Hosts’ Tab to view the Hosts.

Image 5 : mfusion cloud hosts

Access to Device Monitoring

See Device Monitoring link

Access to Device Orchestration

See Device orchestration link