SpiderNet Release 5.1.

4 Patch 3
Release Notes
DOC-NMS-RN5.1.4
Revision 4
Date: April 6, 2017

© 2017 SpiderCloud Wireless, Inc.

 Table of Contents
1. Introduction .............................................................................................................. 3
2. New Features ........................................................................................................... 3
3. Feature Enhancements and Product Changes ..................................................... 4
4. Resolved Issues ....................................................................................................... 6
5. Known Issues ......................................................................................................... 10
6. SpiderNet Firewall Ports ....................................................................................... 12
6.1 Required Open Firewall Ports in Deployments with IPv6 with Non-Root Users ...................13
7. Oracle Java Runtime Version Notes .................................................................... 14
8. External Authentication Testing Software Versions ........................................... 14
9. SpiderNet Server File System Partitioning Recommendations ......................... 14
10. Installing the ndsend Utility .................................................................................. 15
11. SpiderNet User Profile Permission Note.............................................................. 15
12. Software Version, Upgrade Procedure, and Special Notes................................ 15
12.1 Software Version and Upgrade Path ..............................................................................15
12.2 Supported MIB Versions .................................................................................................16
12.3 Upgrade Notes ...............................................................................................................16
12.4 Java Upgrade Procedure ................................................................................................16
12.5 Configuring Linux Server Parameters .............................................................................16
12.6 Installing MySQL Server Software ..................................................................................17
12.7 High-Level First-Time Installation Procedure ..................................................................19
12.8 Special Notes .................................................................................................................19
13. Related Documentation ......................................................................................... 20

© 2017 SpiderCloud Wireless, Inc. NDA 2

 1. Introduction
This document contains the release notes for SpiderNet software Release 5.1.4. These release notes
capture the new features, enhancements, and defects fixed in software version 5.1.and subsequent
maintenance release 5.1.4.
SpiderNet Release 5.1.4 is available for FTP download for customers that have purchased a SpiderNet
license or have an active trial license. For questions or further clarifications, please visit
http://support.spidercloud.com or contact SpiderCloud at [email protected].

2. New Features
The following table provides a list of the new features and improvements introduced in Release 5.1:

Feature Feature Description

TLS Encryption SpiderNet supports Transport Layer Security (TLS) over HTTP (HTTPS)
for communications between services nodes and SpiderNet. TLS
encryption between the services node and SpiderNet allows management
of E-RAN systems when the system is deployed without a security
gateway. HTTPS functions with or without an IPsec security gateway.
SpiderNet supports a combination of HTTP/ and HTTPS connections. An
existing IPsec tunnel configuration does not prohibit an HTTP/TLS
connection. SpiderNet listens for services node connections on a
configurable port.
LCI Profile This feature allows a user to create an LCI profile that includes the
Generator minimum set of objects/attribute settings that allow a service node to
connect to the SpiderNet server and the optional security gateway after a
services node factory reset. The objects/attribute values are derived from
the last valid values saved in the SpiderNet database. The services node
requires additional provisioning to bring it back into service after importing
the LCI profile.
Java 8 Support on The Oracle Corporation no longer supports Java Runtime Environment
the SpiderNet (JRE) version 7. Going forward, they will only fixed newly discovered bugs
Server and security vulnerabilities in JRE 8 and beyond. Therefore beginning with
SpiderCloud release 5.1, the SpiderNet server requires JRE 8.60 and
above. New SpiderNet server installations and upgrades will verify the
JRE version at the beginning of the installation/upgrade process and fail
the installation unless JRE 8.60 or above is installed and configured on the
SpiderNet server.
The SpiderNet server will accept connections from the stand-alone and
browser-based SpiderNet clients configured with JRE 7 and JRE 8.
SpiderNet Users with non-root privileges on the Linux server are allowed to
Installation and install and manage the SpiderNet server software.
Management as
Non-Root User
Management SpiderNet now supports user-specific non-administrative views that
Domains allow access to views and scheduled and on-demand tasks to
groups, which are subsets of services nodes connected to the
SpiderNet server. This feature provides support for multiple vendors
or partners on the same SpiderNet system.

© 2017 SpiderCloud Wireless, Inc. NDA 3

 Expert System The SpiderNet RESTful API has been enhanced to support many
Integration new on-demand tasks. Refer to the SCOS NB Data Model
Reference Guide for more information.

For more detailed descriptions and configuration of each feature, refer to the SpiderNet Management
System Installation and Administration Guide, Release 5.1 and the SpiderNet Feature Description.

3. Feature Enhancements and Product Changes

The following table displays the feature enhancements introduced in Release 5.1.4:

Feature Feature Description

FL-3700 As a security measure the SpiderNet server no longer accepts TLS version 1.0 or 1.1. It now only
SCNM-3402 accepts TLS version 1.2.

FL-3353 SpiderNet now offers the ability to better indicate the status of a services node synchronizing with
SCNM-3275 the SpiderNet server.

FL-3353 SpiderNet will no longer perform scheduled or on-demand tasks on a services node that is
SCNM-3274 synchronizing with the SpiderNet server. It will issue an event and log the task failure. The task is
not automatically rescheduled.
SCNM-3270 The function of file download and system file update are now a single on-demand and scheduled
task for services nodes running SCOS 5.1.5 or greater.
SCNM-3269 Users can now create a file management record and generate a SCOS SSH key in one
scheduled or on-demand task.
SCNM-3268 The inventory tab now displays the REM scan status of services nodes running SCOS 5.1.5 or
higher. This status is also available in the tooltip that displays when you hover your mouse
pointer over the services node icon in the tree view.

The following table displays the feature enhancements introduced in Release 5.1.3:

Feature Feature Description

FL-3139 Services node hostnames can now contain up to 63 characters.

SCNM-3195
FL-2941 You can now configure a service profile to apply one or more configuration templates to a
SCNM-3120 services node immediately after it connects to the SpiderNet server.
SCNM-3222 Removed the 200 character limit of the custom KPI formulas.

SCNM-3216 SpiderNet now runs the client in Java Web Start mode with an option to use the older applet
inside a browser. Web Start applications do not have the compatibility issues that are sometimes
troublesome with Java applets. Refer to SpiderNet Management System, Installation, and
Administration Guide for information about running the SpiderNet browser-based Java applet as
the client.
SCNM-3226 The cell bulk provisioning CSV file now includes Type 6 radio nodes for LTE radio nodes that do
SCNM-3212 not provision the radio 1 but do provision radio 2.

SCNM-3201 The system now supports LTE bands 12 and 17 in the bulk provisioning CSV file.

© 2017 SpiderCloud Wireless, Inc. NDA 4

 N/A The default MySQL database now supports 500 connections. Refer to 11.6 Installing MySQL
Server Software for information about how to configure this parameter.

The following table displays the feature enhancements introduced in Release 5.1.2:

Feature Feature Description

SCNM-3129 SpiderNet now supports up to 20 service provisioning profiles rather than the previous 10.

SCNM-3127 In support of the centralized services node, the bulk provisioning CSV file now supports zones on
a per-cell basis.
SCNM-3126 You can specify that when SpiderNet adds a new services node, the services node automatically
is placed in maintenance mode.
SCNM-3121 SpiderNet R5.1.2 adds the following new services node alarms:
• eranNotifDeviceCertExpiration
• eranNotifRfMgmtNeighborsWithConfusingPcisDetected
• eranNotifLteCellLossOfOtaSync
• eranNotifRfMgmtNeighborsWithCollidingPcisDetected
FL-2813 You can now create a scheduled task when there are no services nodes connected to the
SCNM-3076 SpiderNet server.

The following table includes features enhancements introduced in Release 5.1.1:

Feature Feature Description

FL-2478 SpiderNet now supports for UMTS and LTE REM scans on a per-zone basis.
SCNM-2921
SCNM-3061 Clarified in the SpiderNet northbound RESTful API documentation that all specified paths end in
a period.
SCNM-3004 Redundant SpiderNet server configurations now synchronize their databases in significantly
shorter intervals. Due to changes in data collection starting in Release 5.1.1, performance graphs
will display in fifteen minute and three and six hour increments rather than in fifteen and thirty
minute and two hour increments as in previous releases.
SCNM-2961 SpiderNet redundancy pairing keys now support 4096 bits.

SCNM-2960 SpiderNet now has the option of restricting users to a defined directory and its subdirectories for
file download, exporting the services node data model, and writing to the Linux file system.
SCNM-2959 The SpiderNet server can now be installed, started, and stopped by a non-root user.

SCNM-2957 The SpiderNet server now creates a temporary directory for use in the database backup process.

SCNM-2954 The SpiderNet client now has an optional configuration file that can define the path for the
SCNM-2949 defined SSH client.

SCNM-2936 In redundant configurations, you cannot upgrade from Release 4.1.x to Release 5.1.x without
first breaking the redundant pairing.

© 2017 SpiderCloud Wireless, Inc. NDA 5

 The following table includes features enhancements introduced in Release 5.1:

Feature Feature Description

FL-2314 Entering a fully qualified domain name into the management server URL as well as support for
SW-8780 periodic Inform messages to trigger updates from the radio node to the SpiderNet server
following a DNS based switchover.
SW-8779
FL-1719 SpiderNet has added the ability to import a custom client KeyStore.
SCNM-2900
FL-1706 The SpiderNet browser-based client can now accept a custom certificate imported and
FL-1687 configured by the SpiderNet server.
SCNM-2502
FL-1705 SpiderNet can now import an SSL self-signed certificate.
FL-1688

4. Resolved Issues
The following issues were resolved in Release 5.1.4 Patch 3

Tracking Problem Description

FL-3817 Configuring the services node through the RESTful API does not update a new empty value
SCNM-3440 when using empty brackets ([]).

FL-3847 Occasionally the SpiderNet client fails to connect to the SpiderNet server after installing a new
SCNM-3467 SSL certificate. When the Subject Alternative Name is populated in the certificate, the client will
fail to perform the hostname verification.

The following issues were resolved in Release 5.1.4 Patch 2

Tracking Problem Description

FL-3850 After an upgrade from SpiderNet R5.1.3.9 to R5.1.4.33 remote authentication with SANE does
SCNM-3468 not work.

The following issues were resolved in Release 5.1.4 Patch 1

Tracking Problem Description

FL-3709 In redundant configurations, core network flaps were observed followed by File Sync Down and
SCNM-3395 Device Connected alarms. This was addressed by distributing and optimizing cleanup tasks,
and extending keepalive timers.
FL-3644 In a redundant configuration, a standby server stopped and failed to restart.
SCNM-3349

The following issues were resolved in Release 5.1.3:

© 2017 SpiderCloud Wireless, Inc. NDA 6

 Tracking Problem Description

FL-3342 The SpiderNet server at times does not perform a full synchronization with services nodes with
SCNM-3251 a large number of LTE cells provisioned.

FL-3244 Custom KPI default values are sometimes ignored during KPI calculation.
SCNM-3223
FL-3086 When a threshold crossing alert or fault correlation rule is defined and the server is restarted, a
SCNM-3177 MySQLIntegrityConstraintViolationException exception may occur when trying to store a new
event in the database.
FL-3049 Threshold crossing alerts and fault correlation rules are not restored properly during a database
SCNM-3157 restoration. The work around in this release is to re-configure these rules after a database
restore.
FL-2919 Using the RESTful API, sometimes commits fail and produce the following error message:
SCNM-3112 An Authentication Object Was Not Found in the SecurityContext.
FL-2870 The SpiderNet client does not enforce the maximum number of login attempts setting when
SCNM-2216 enabled. Users with locked user accounts receive an incorrect error message when attempting
to log in.
FL-2586 Some custom KPIs units defined as counts, later edited to bytes, revert to counts.
SCNM-2969
SCNM-3254 The SpiderNet client GUI may lock up while trying to access the show configuration screen of a
system with the very large number of radio nodes.
SCNM-3222 SpiderNet limits custom KPI formulas to 200 characters.

SCNM-3217 In a redundant configuration the standby server application restarts due to database update
failures.
SCNM-3215 Some custom KPI formulas return incorrect results.

The following issues were resolved in Release 5.1.2:

Tracking Problem Description

FL-3126 In redundant configurations, if the servers are lightly loaded, the standby may occasionally
SCNM-3187 encounter a recoverable error causing the two servers to fall out of sync. The problem is
detected and the server quickly resynchronizes.
FL-2952 You cannot schedule a file download task if a fully qualified domain name is used in the host
SCNM-3122 name field.
FL-2921 A scheduled task is re-applied to a services node after it is deleted and later added again.
SCNM-3118
FL-2912 At times, a services node that had become disconnected from the SpiderNet server and later
SCNM-3115 added back will fail to collect performance management data on all cells.
FL-2866 Multiple users with the same username are able to log into the SpiderNet client even when the
SCNM-3105 The Login is Exclusive option is selected.
SCNM-2791
FL-2710 The RESTful API does not validate or display an error when the endOccurredDate parameter is
SCNM-2991 older than that of the startOccurredDate parameter.

© 2017 SpiderCloud Wireless, Inc. NDA 7

 FL-2332 SpiderNet clients with 64-bit Java Runtime Environments can receive the following error:
SCNM-2073 Install Wizard Could not find a Java Runtime Environment on the system. Please locate a
suitable 32-bit JRE.
FL-2150 When adding a services node manually to the topology through the hardware ID, the SpiderNet
SCNM-2796 client returns an error. A manually added services node will be polled periodically for
performance and fault management. These polls will fail and report exceptions until an actual
services node with an active TR agent is connected to the SpiderNet server and an IP address
is assigned.
SCNM-3172 When a user creates a new template in the Configuration Template tab, that template is not
automatically shown in the template list of the Service Provisioning Assign Configuration
Template wizard and a manual refresh is required.
SCNM-3067 Custom KPIs display cell numbers rather than cell names.

SCNM-2783 In redundant configurations, the system forwards a RedundancyConnectionDown message to

the northbound interface but fails to send an email to configured user groups when the active
SpiderNet server goes down, or both servers go down and only one server successfully restarts.
SCNM-1846 At times the SpiderNet performance management indicator is slow in updating when enabling or
disabling data collection.

The following issues were resolved in Release 5.1.1:

Tracking Problem Description

FL-2933 On a rare occasion, both SpiderNet servers in a redundant configuration can become active.
SCNM-3119
FL-2730 In redundant configurations, the Test Connection button in the Administration >> Server
SCNM-3015 Settings >> Redundancy >> Configuration tab will return incorrect readings.

SCNM-2981 File downloads from SpiderNet to services nodes are supported only through SCP. The FTP
server configuration screens on the SpiderNet client interfaces have been removed.
FL-2703 During database synchronization SpiderNet erroneously reports services nodes as
SCNM-3028 disconnected.
FL-2629 When provisioning with the RESTful API the system at times reports No Supported errors.
SCNM-2975
FL-2619 SpiderNet fails to start when port 161 is in use by a non-SNMP application even if the SNMP
SCNM-2974 server is disabled or uses another port.
FL-2608 The RESTful API erroneously lists both servicesnode and servicesnodes parameters rather
SCNM-2971 than the correct servicesnodes.
FL-2575 When TR access control is enabled, at times SpiderNet reports services nodes connected and
SCNM-2946 disconnected at the same time.
SCNM-2945
FL-2562 SpiderNet at times fails to remove temporary files after a failed database backup.
SCNM-2957
SNNM-2956
FL-1993 An external SSH window does not always open with a services node is selected in the topology
SCNM-2703 tree and right-clicked and Open SSH is selected.

The following issues were resolved in Release 5.1:

© 2017 SpiderCloud Wireless, Inc. NDA 8

 Tracking Problem Description

FL-2575 The events table displays the incorrect connectivity state when the EnableCWMP parameter is
SCNM-2945 set to false.
SCNM-2946
FL-2487 It is possible to steal or manipulate customer session and cookies, which might be used to
impersonate a legitimate user, allowing the malicious user to view or alter user records, and to
perform transactions as that user.
FL-2325 The remote web server does not set an X-Frame-Options response header in all content
SCNM-2856 responses.
FL-2224 In the Events tab, filtering by managed object does not work correctly.

FL-2225 The daily KPI reports mistakenly display empty cell measurement results.
SCNM-2805
FL-2137 The following inconsistencies between SCOS and SpiderNet MIB definitions and SNMP traps
have been fixed:
1. The alarmIdentifier in eranNotifOverTemperature object is populated incorrectly.
2. The value for the objects alarmRaisedTime and alarmChangedTime has the wrong
format.
3. The object “alarmIdentifier” is missing from spiderNetHeartBeat traps.
These changes are reflected in the following SpiderNet and SCOS proprietary MIBs:
• ERAN-NMS-ALARM-MIB.my
• ERAN-TRAP-MIB.mib
FL-1993 The ability to open an SSH session with a services node does not always invoke with the right-
SCNM-2703 click of the services node in the tree view.
FL-1795 The SpiderNet server supports the use of RC4 in one or more cipher suites. The RC4 cipher is
SCNM-2901 flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small
biases are introduced into the stream, decreasing its randomness.
FL-1719 The SpiderNet SSL certificate domain name has a mismatch.
SCNM-2900
FL-1707 The SpiderNet server supports the use of SSL ciphers that operate in Cipher Block Chaining
SCNM-2899 (CBC) mode.
FL-1703 The SpiderNet server is affected by a man-in-the-middle (MitM) information disclosure
vulnerability known as POODLE.
FL-1688 The SpiderNet server’s X.509 certificate chain for this service is not signed by a recognized
SCNM-2503 certificate authority.
FL-1687 The SpiderNet server’s X.509 certificate cannot be trusted.
SCNM-2502
FL-2919 Using the RESTful API, sometimes commits fail and produce the following error message:
SCNM-3112 An Authentication Object Was Not Found in the SecurityContext.
SCNM-2919 The Nessus scan for basic scan/advanced scan reports the vulnerability 83875.

SCNM-2916 Java has a CVE-2015-4852, Apache Commons (Java) security flaw that contains a
deserialization vulnerability involving Apache Commons and Oracle WebLogic Server. This is a
remote code execution vulnerability and is remotely exploitable without authentication. It may be
exploited over a network without the need for a username and password.

© 2017 SpiderCloud Wireless, Inc. NDA 9

 SCNM-2723 Running a task to reset statistics may display Success even if the task fails.

SCNM-2597 After applying a configuration template, the operational state may not reflect the changes until a
manual refresh.
SCNM-2504 SpiderNet supports the use of RC4 in one or more cipher suites. The RC4 cipher is flawed in its
generation of a pseudo-random stream of bytes so that a wide variety of small biases are
introduced into the stream, decreasing its randomness.
SCNM-984 Occasionally when saving the changes after configuring a DHCP server subnet the wrong data
model parameters display on the screen. The work-around is to refresh the SpiderNet screen.

5. Known Issues
The following table includes a list of known issues in Release 5.1 and where applicable a recommended
workaround:

Tracking Problem Description

FL-2954 When creating a new user profile in the Administration >> Access Control >> Users
SCNM-3123 tab, modifying a custom profile does not always apply the permissions properly.
FL-2922 With RADIUS authentication enabled, user entries are deleted from the internal database
SCNM-3117 after initial login and logout. This means that the user has no way to log in if there is a
RADIUS server failure.
FL-2898 When a view is associated with subnet in the tree view, a user that is not part of profile
SCNM-2580 associated to the view is also able to access the subnet.
FL-2779 At times a file download will prematurely terminate its TCP connection.
SCNM-3032
FL-2685 At times the performance graph will return an exception when selecting the duration of
SCNM-2984 system and cell performance data.
FL-2218 SpiderNet syslog event timestamps display the time that the SpiderNet server received
the event rather than the timestamp of the services node syslog event. Therefore, the
SpiderNet syslog event timestamps may differ from the timestamps of the same syslog
events from the services node.
SCNM-3480 Edits to a management domain profile while it is in use fail to apply.

SCNM-3479 Applying edits to a management profile when it is in use opens a pop-up message saying
that connected user with this profile will be logged out. The user is not logged out.
SCNM-3153 In redundant configurations with a mix of IPv4 and IPv6 addresses, using a single fully
qualified domain name using the browse button to locate a file directory on the SpiderNet
server can have unexpected consequences. Manually enter the file directory path.
SCNM-3147 Two SpiderNet servers in a redundant configuration pairing will not pass validation when
exclusive login is enabled and both servers use the same account for login as pairing.
SCNM-3135 The bulk provisioning CSV for the LocationType field requires a different file format for
LCI and SpiderNet. The LCI will not accept quotations marks inside the brackets:
[ HandIn ]. SpiderNet requires quotation marks inside the brackets: [ "HandIn" ].
SCNM-3134 The RESTful API does not return the expected results when filtering for alarms and
events when both the start time and end time are defined.
SCNM-3085 The on-demand task of running a REM scan on either UMTS or LTE incorrectly reports
SCNM-3083 success in both the audit trail and task status when an invalid zone is entered.

© 2017 SpiderCloud Wireless, Inc. NDA 10

 SCNM-3074 SpiderNet does not generate an audit entry when a services node is deleted through the
RESTful API.
SCNM-3069 Scheduled tasks changed their start times by an hour with daylight savings time.

SCNM-3055 SpiderNet can lose its SMTP configuration when upgrading from Release 4.1 to Release
5.1.1, causing no notification to email groups when a new task is scheduled.
SCNM-3047 In the Database Settings tab of the Administration tab does not display an error when
an invalid entry is applied to the number of days to retain task history text box.
SCNM-3043 In redundant configurations, the SpiderNet client displays an Initialization Error when
users log into the standby server.
SCNM-2730 Scheduled tasks that are run after completion of another scheduled task that requires a
services node reboot may run before the reboot.
SCNM-2695 Sorting an events table by Time Updated does not correctly order the AM and PM times.

SCNM-2693 The RESTful API command Get Version Information returns the date as DD/MM/YYYY,
where other SpiderNet interfaces uses the MM/DD/YYYY format.
SCNM-2686 With IPv6 the northbound interface heartbeat is sent from the virtual IP address rather
than the active or standby server IP address.
SCNM-2638 Custom KPIs do not always appear as an option when creating a service provisioning
profile (Administration >> Service Provisioning).
SCNM-2617 Sometimes manually refreshing the alarm table results in duplicate services node alarms
with different sequence numbers. If this occurs, open a new instance of the SpiderNet
client.
SCNM-2588 When SpiderNet detects a new services node and successfully applies a service
provisioning profile, filtering the event table by Service Provisioning then exporting a CSV
file, the files is not created.
SCNM-2570 When the services node and SpiderNet server are in different time zones, Device
Disconnect, Device Discovered, and Device Added events display Time Occurred and
Time Updated in different formats.
SCNM-2054 In redundant configurations with systems that use external authentication, users will not
be allowed to log in because the SpiderNet server virtual IP address is rejected. The
workaround is to configure all three of the IP addresses (active and standby servers and
the virtual IP address) in your firewall and authentication servers. At a minimum, configure
the two physical server IP addresses.
SCNM-2015 The SpiderNet server fails to create a custom directory for SpiderNet database backup
files, instead placing the backup files in the default directory (/opt/SpiderNet/backup).
SCNM-2008 In redundant configurations, issuing the Linux command service network restart on the
SpiderNet server deletes the virtual IP address and the system will not failover. Stop
(service spidernet_server stop all) and restart (service spidernet_server start) the
SpiderNet server process.
SCNM-1688 At times after creating an SNMP managers group the setting for the “Forward to SNMP”
option changes from “None” to “All” for the following events: Device Connected, Device
Disconnected, Device Entered Maintenance Mode, Device Exited Maintenance Mode,
Server Entered Maintenance Mode, and Server Exited Maintenance Mode.
SCNM-1686 If a performance management graph formula has an error, the user receives an error
message upon opening the Performance Configuration panel. However if another
SpiderNet client logs into the system, the system immediately displays the same error.

© 2017 SpiderCloud Wireless, Inc. NDA 11

 SCNM-1684 After creating a subnet in the network topology tree and adding services nodes to the
subnet, when the subnet is selected the alarms and events tables are not filtered for that
subnet. All system alarms and events display.
SCNM-1656 At times the SpiderNet client slows or freezes when a large number of services nodes are
selected and PM collection are enabled or disabled sequentially.
SCNM-1331 When executing the pairing wizard to break redundancy on pair of servers, SSH keys are
not automatically removed for the root user. Administrators need manually delete these
keys if needed.
SCNM-1179 Due to the method used to synchronize two SpiderNet servers in a redundant
configuration, the default Admin user may not be able to log in when the The login is
exclusive parameter is enabled in the Administration tab. The work around is to either
disable this parameter, or to create a separate username with administrative privileges
and specify that username/password in the redundancy pairing wizard configuration.
SCNM-956 Sometimes when the IPsec tunnel goes down and comes back up with a new security
gateway IP address, the event history replaces the IP address of previous event
messages from the security gateway with the new security gateway IP address.

SCNM-954 Scheduled task error messages sometimes display truncated text in the “Details” field.
The work-around is to manually resize the error message columns.

SCNM-866 When making changes to services node parameters that span multiple configuration tabs,
including the "Advanced" tab, some changes may not be properly applied to the device.
As a workaround to this issue, make sure you always click the Save button before moving
from any configuration tab to the Advanced tab or vice-versa.
SCNM-732 Override of the trap severity (in the Event Configuration menu) when forwarding a trap
through the NBI, does not work in this release for traps generated by services nodes.
SCNM-664 When the Event Table reaches 90% of its capacity, old events in the SpiderNet database
are automatically backed up and exported to a CSV file located under
"/usr/local/SpiderNet/backup". In the current Release there is an issue in the CSV file
format and we recommend manually exporting events to CSV before the table reaches
90% of its maximum capacity.
SCNM-659 The current SpiderNet Release supports forwarding of SNMPv2c traps or SNMPv3
informs over the southbound and northbound interfaces. SNMPv3 trap forwarding is not
supported.
SCNM-620 Internal SCP is not supported and shall not be enabled. As a workaround external SCP
should be used.
SCNM-581 In the Administration screen, the "Password Never Expires" field cannot be edited after
creating a new user profile. The workaround to this issue is to delete the user profile and
create it again.

6. SpiderNet Firewall Ports

The following table shows ports that must be opened when there is a firewall between the
services nodes and the SpiderNet server. Destination TCP port 22345 must be open in
redundant configurations.

© 2017 SpiderCloud Wireless, Inc. NDA 12

 Required Open Firewall Ports
From To Source Destination Protocol Usage
Services SpiderNet
Node Server Any 21 TCP FTP
Services SpiderNet
Node Server Any 22 TCP SCP
Services SpiderNet a
Node Server Any 162 UDP SNMP
Services SpiderNet a
Node Server Any 514 UDP Syslog
Services SpiderNet
Node Server Any 8080 TCP TR-069
Services SpiderNet a
Node Server Any 8443 TLS TR-069
SpiderNet SpiderNet
Client Server Any 443 TCP HTTPS
SpiderNet SpiderNet TCP proxy for services node CLI
Client Server 2223 2223 SSH connections
SpiderNet
Server DNS Server Any 53 UDP DNS
SpiderNet
Server NTP Server Any 123 UDP NTP
SpiderNet
Server Services Node Any 22 TCP SSH
SpiderNet a
Server Services Node Any 161 UDP SNMP Ping
SpiderNet
Server Services Node Any 7547 TCP TR-069
Multicast
SpiderNet SpiderNet b
Server Server 112 112 UDP SpiderNet Redundancy
SpiderNet SpiderNet
Server Server Any 12345 TCP SpiderNet Redundancy Keepalive
SpiderNet SpiderNet
Server Server Any 22345 TCP High-Availability Synchronization
SpiderNet SpiderNet SpiderNet Redundancy Database
Server Server Any 44532 TCP Fast Path
a
Default port is configurable
b
May require a special rule to allow multicast messages.

6.1 Required Open Firewall Ports in Deployments with IPv6 with Non-Root Users
In IPv6 only and mixed IPv4 and IPv6 deployments with non-root users, use the recommended
unprivileged ports below rather than the privileged ports listed in the table below. The unprivileged ports
are configurable; the numbers below are example port numbers. The services node must be configured
with these unprivileged ports appropriately so communication with SpiderNet can happen correctly.

© 2017 SpiderCloud Wireless, Inc. NDA 13

 When in the northbound or southbound interface in redundant configurations, the ports configured in this
section must be opened at the firewall. Also note that the Syslog and SNMP ports must be change on the
services node with the following CLI commands from the Configuration Mode:
set System EventManagement Target 1 SNMPTrap Port 8162
set System EventManagement Target 1 Syslog Port 50514
Required Open Firewall Ports in Deployments with IPv6 with Non-Root Users
From To Source Destination Protocol Usage
Services Node SpiderNet Server Any 8021 TCP FTP
Services Node SpiderNet Server Any 8162 UDP SNMP
Services Node SpiderNet Server Any 50514 UDP Syslog
SpiderNet Client SpiderNet Server Any 9443 TCP HTTPS
SpiderNet Server Services Node Any 8161 UDP SNMP Ping
SpiderNet Server SpiderNet Server 112 8112 Multicast UDP SpiderNet Redundancy

7. Oracle Java Runtime Version Notes

The SpiderNet server requires JRE 8.60 and above. New SpiderNet server installations and upgrades will
verify the JRE version at the beginning of the installation/upgrade process and fail the installation unless
JRE 8.60 or above is installed and configured on the SpiderNet server.
The SpiderNet server will accept connections from the stand-alone and browser-based SpiderNet clients
configured with JRE 7 and JRE 8. The 32-bit SpiderNet stand-alone client requires 32-bit JRE. The 64-bit
SpiderNet stand-alone client requires 64-bit JRE.

8. External Authentication Testing Software Versions

The external authentication feature was tested with the following open source authentication server
implementations:
• RADIUS: FreeRADIUS Version 2.2.5
• LDAP: OpenLDAP: slapd 2.4.23
• SAML: SAML Version 1.1

9. SpiderNet Server File System Partitioning Recommendations

Ensure that the SpiderNet server has the following minimum file system partitioning configuration based
upon a 1 TB hard drive:
Partition SpiderNet
Swap Disk 32,000 MB
Type ext4
/ 80,004 MB
/opt 100,000 MB
/var 40,002 MB
/backup 34,060 MB
/data 700,000 MB

© 2017 SpiderCloud Wireless, Inc. NDA 14

 Refer to the SpiderNet Management System Installation and Administration Guide for the complete
hardware and software requirements.

10. Installing the ndsend Utility

In dual-stacked IPv4 and IPv6 redundant configurations, SpiderNet requires the ndsend utility installed
after a SpiderNet installation or upgrade. The ndsend utility is used to send an unsolicited neighbor
advertisement ICMPv6 multicast packet announcing its IP address to all IPv6 nodes. SpiderCloud has
developed a script that downloads and configures ndsend.
• In sites with Internet connectivity, log into the SpiderNet server as the root user, navigate to the
/opt/spidernet folder and issue the following command:
install_ndsend.sh

• In sites without Internet connectivity SpiderCloud will provide the ndsend file. Log into the
SpiderNet server as the root user and copy the ndsend file into the /usr/sbin folder.

11. SpiderNet User Profile Permission Note

SpiderNet does not allow certain combinations of profile permissions. The system administrator must be
enabled to enable user management and profile creation. Attempts to enable the latter two permissions
without system administrator permissions will be rejected. The following table shows the valid permission
combinations:

Table 1: Valid Profile Permission Combinations

Permission Option 1 Option 2 Option 3 Option 4 Option 5

System Administration X X X X

User Management X X

Profile Management X X

12. Software Version, Upgrade Procedure, and Special Notes

12.1 Software Version and Upgrade Path
The software version qualified for this release is 5.1.4.37.
The qualified upgrade path is from releases 5.1.10, 5.1.3.12, 5.1.4.33, 5.1.4.34, and 5.1.4.35.
SpiderNet 5.1.4 can manage services nodes running SCOS versions 4.1.11, 4.1.12, 4.1.5, 5.1.3, 5.14,
and 5.1.5.
Note: Before upgrading to release 5.1.4 from versions prior to release 5.1.0 in redundant configurations,
you must:
1. break redundancy
2. upgrade the two servers
3. re-pair the two servers
Refer to the Redundancy section of the SpiderNet Management System Installation and Administration
Guide for information about redundancy pairing and breaking redundant server pairs.

© 2017 SpiderCloud Wireless, Inc. NDA 15

 12.2 Supported MIB Versions
SpiderNet Release 5.1.4 uses the following proprietary SpiderNet MIB versions:
ERAN-NMS-ALARM-MIB.my 201611130000Z
ERAN-NMS-SMI-MIB.my 201211060000Z
ERAN-NMS-SYSTEM-MIB.my 201405130000Z
ERAN-NMS-TC.my 201408280000Z

It uses the following E-RAN MIB versions to support the services nodes:
ERAN-CONFIG-MIB.mib 201407300000Z
ERAN-MIB.mib 201405130000Z
ERAN-SMI-MIB.mib 201405130000
ERAN-STATS-MIB.mib 201412030000Z
ERAN-SYSTEM-MIB.mib 201405130000Z
ERAN-TC.mib 201412030000Z
ERAN-TRAP-MIB.mib 201701020000Z

12.3 Upgrade Notes

During a SpiderNet server upgrade an installation script verifies that the server has the supported Oracle
Java and MySQL database applications installed. If it does not find the proper software installed and
configured on the server, the upgrade fails.
• For incompatible Java installations, a message displays prompting for an upgrade to the proper
Oracle Java version.
• For database incompatibility, a message displays prompting for an upgrade to the approved MySQL
version which can be downloaded from the SpiderCloud customer support portal
(support.spidercloud.com).
12.4 Java Upgrade Procedure
Use the following procedure to upgrade your Java software.
To Upgrade Oracle Java Software on the Server
1. Download 64-bit Oracle Java Runtime Environment version 1.8 from the Oracle web site. Ensure
that the rpm.bin or tar.gz file version matches your SpiderNet server software architecture.
2. Follow the Oracle instructions for installation of the software.
12.5 Configuring Linux Server Parameters
After configuring the MySQL database, configure the Linux server parameters.
1. Log onto the Linux server as root user and issue the following command to open the imits.conf
file in a text editor:
vi /etc/security/limits.conf
2. Locate the lines that contain the maximum soft and hard number of open files and edit the values
of both lines to 65000. If those lines are not present, add them to the file.
* soft nofile 65000
* hard nofile 65000
3. Open the Security-Enhanced Linux (SELinux) kernel security module configuration file with the
following command:
vi /etc/selinux/config
4. Disable the SELinux module with the following command:

© 2017 SpiderCloud Wireless, Inc. NDA 16

 SELINUX=disabled
SELINUXTYPE=targeted
5. Stop the IPv4 tables with the following command:
service iptables stop
6. Ensure the IPv4 tables are off upon future reboots:
/sbin/chkconfig --level 123456 iptables off
7. Stop the IPv6 tables with the following command:
service ip6tables stop
8. Ensure the IPv6 tables are off upon future reboots:
/sbin/chkconfig --level 123456 ip6tables off
9. Stop the libvirtd with the following command:
service libvirtd stop
10. Ensure that the libvirtd is off upon future reboots.
/sbin/chkconfig --levels 123456 libvirtd off
11. Reboot the SpiderNet server machine. This is mandatory for SELinux change to take effect.

12.6 Installing MySQL Server Software

To install the MySQL server
1. Issue the following command to remove any previous version of MySQL from the SpiderNet
server:
rpm –e mysql-server --nodeps

2. Issue the following command to remove the MySQL libraries:

rpm –e mysql-libs --nodeps

3. Issue the following command to remove any other vestiges of the previous MySQL installation:
rm –rf /var/lib/mysql

4. Download the MySQL server software from the SpiderCloud customer server portal
(support.spidercloud.com).
5. Untar the file using one of the following commands:
a. RedHat Enterprise 6.3:
tar xvfz MySQL_SpiderNet_5.6.14_el6_x86_64.tgz
b. Linux CentOS 5.8 server:
tar xzvf MySQL_SpiderNet_5.6.14_el5_x86_64.tgz
6. Install the server RPM file using the following command:
a. RedHat Enterprise 6.3:
rpm -ivh MySQL-server-advanced-5.6.14-1.el6.x86_64.rpm
b. Linux CentOS 5.8:
rpm -ivh MySQL-server-advanced-5.6.14-1.el5.x86_64.rpm
7. Install the client RPM file using the following command:
a. RedHat Enterprise 6.3:
rpm -ivh MySQL-client-advanced-5.6.14-1.el6.x86_64.rpm
b. Linux CentOS 5.8:
rpm -ivh MySQL-client-advanced-5.6.14-1.el5.x86_64.rpm
8. Start the MySQL server with the following command:
mysql_install_db
9. Determine the random password Oracle assigned to the MySQL database during installation with
the following command:
cat /root/.mysql_secret

© 2017 SpiderCloud Wireless, Inc. NDA 17

 # The random password set for the root user at Thu Nov 7 10:29:12 2013 (local time):
<password>
10. Start the MySQL database service with the following command:
service mysql start
11. Change the MySQL administrative password by issuing the following command:
/usr/bin/mysqladmin -u root -p<password> password 'new-password'
12. Configure the MySQL server daemon to start on server boot with the following command:
/sbin/chkconfig --level 35 mysql on
13. Edit the MySQL configuration file using the following command:
/usr/my.cnf
14. Add the following text after the [mysqld] line such that the final lines read:
vi /usr/my.cnf
# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.6/en/server-configuration-defaults.html

[mysqld]

max_connections=500
key_buffer_size = 256M
max_allowed_packet = 100M
sort_buffer_size = 1M
read_buffer_size = 1M
read_rnd_buffer_size = 4M
myisam_sort_buffer_size = 64M
thread_cache_size = 8
query_cache_size= 16M
# Try number of CPU's*2 for thread_concurrency
thread_concurrency = 8

# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M

# Remove leading # to turn on a very important data integrity option: logging

# changes to the binary log between backups.
# log_bin

# These are commonly set, remove the # and set as required.

# basedir = .....
# datadir = .....
# port = .....
# server_id = .....
# socket = .....

# Remove leading # to set options mainly useful for reporting servers.

# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M

sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES

15. Restart the MySQL process with the following command and log back into the MySQL server:
service mysql restart
16. Log onto the MySQL server.
mysql -u root -p<password>
17. Verify the configuration by entering the following command:
show variables like '%version%';
18. Validate that the response matches the following:
mysql> show variables like '%version%';
+-------------------------+---------------------------------------------------------+
| Variable_name | Value |
+-------------------------+---------------------------------------------------------+
| innodb_version | 5.6.14 |

© 2017 SpiderCloud Wireless, Inc. NDA 18

 | protocol_version | 10 |
| slave_type_conversions | |
| version | 5.6.14-enterprise-commercial-advanced |
| version_comment | MySQL Enterprise Server - Advanced Edition (Commercial) |
| version_compile_machine | x86_64 |
| version_compile_os | Linux |
+-------------------------+---------------------------------------------------------+
7 rows in set (0.00 sec)
mysql>

12.7 High-Level First-Time Installation Procedure

Use the following high-level steps for installing Java and MySQL software for the first time. Follow the
detailed instructions in Chapter 2 of the SpiderNet Management System Installation and Administration
Guide, Release 5.1 when installing SpiderNet software.
To Install Oracle Java Software on the Server
1. Ensure that no version of the Oracle Java Runtime Environment (JRE) other than version eight is
installed on the server. If needed, remove any other version.
2. Download 64-bit Oracle Java Runtime Environment version 1.8 from the Oracle web site. Ensure
that the rpm.bin version matches your SpiderNet server software architecture.
3. Change permissions of the bin file to be executable and writable with the following command:
chmod +x <java_file_1.8>
4. If the rpm did not install correctly, verify that there is no conflicting rpm installed with the following
command:
rpm –qa |grep jre
5. If the returned list is not empty, and it displays a different version of JRE, uninstall the rpm file
using the following command:
rpm –e <rpm from list>
6. Install the jre8 rpm using the following command:
rpm –ivh <rpm>
7. Change symlink to point to the correct java version:
a. Delete the old symlink with the following command:
unlink /usr/bin/java
b. Create a new directory “latest” under /usr/java/ and place this rpm.bin file in the new
folder.
c. Create new symlink with the following command:
ln –s /usr/java/latest/bin/java /usr/bin/java
d. Verify the Java version using the following command:
java –version
java version "1.8.x.x"
Java(TM) SE Runtime Environment (build 1.8 .x.x -b06)
Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01, mixed mode)

12.8 Special Notes

SpiderCloud Wireless strongly recommends backing up the SpiderNet database before upgrading to
Release 5.1.3. After a successful upgrade, immediately backup the Release 5.1.3 database.
SpiderNet clients accessing the SpiderNet server through web browsers running Java Runtime
Environment (JRE) version 1.7 or 1.8 may fail to open with an error message saying that your JRE
security settings do not permit running self-signed applications. To run the SpiderNet client in this
situation, change your Java security settings from High to Medium.

© 2017 SpiderCloud Wireless, Inc. NDA 19

 13. Related Documentation
The SpiderCloud documentation set includes:
• The SpiderCloud System Description provides an overview of how the SpiderCloud system fits within
an operator’s network and in an enterprise, describes key features of the system, and provides
specifications for the services and radio nodes.
• The SpiderCloud Feature Description provides high-level descriptions of the E-RAN system features,
their impact on the product components (services nodes and radio nodes), manageability
considerations, and feature benefits.
• The SpiderCloud OS (SCOS) Administrator Guide provides procedures for configuring the software
environment and internetworking between the services node and radio node devices.
• The SpiderCloud Services Node Hardware Installation Guide provides hardware specifications and
installation instructions.
• The SpiderCloud Radio Node Hardware Installation Guide provides hardware specifications and
installation instructions.
• The E-RAN Deployment Planning Guide provides information about planning and dimensioning E-
RAN systems.
• The SpiderCloud OS (SCOS) CLI User Guide provides an introduction to the key features and
functionalities of the SpiderCloud Command Line Interface (CLI).
• The SCOS NB Data Model Reference Guide provides details about the objects and parameters that
comprise the system configuration and operational state.
• The SpiderCloud OS Faults, Conditions, and Events Reference Guide provides details about all
alarms, conditions, and events in the system.
• The SpiderCloud System Commissioning Guide provides information about turning up a SpiderCloud
E-RAN with the Local Configuration Interface (LCI) graphical user interface.
• The Performance Measurements for Small-Cell E-RANs provides a reference guide to Key
Performance Indicators (KPI) that monitor the health and state of the E-RAN system.
• The E-RAN Troubleshooting Guide provides information about diagnosing and correcting problems
with installing, provisioning, administering, and maintaining SpiderCloud equipment and services.
• The Troubleshooting E-RAN Systems with SpiderNet provides information about diagnosing and
correcting problems in the SpiderCloud system with the SpiderNet network management system.
• The SpiderNet Management System Installation and Administration Guide provides information about
installing the SpiderNet network management server and client and using it to remotely manage E-
RAN deployments.
• The SpiderCloud Time Zone Reference Guide provides the information required to configure the time
zone for SpiderCloud services nodes.
• The SpiderCloud Call Performance Event Reporting Guide provides detailed information about call
performance events files including the file format, reported events, and event parameters.

© 2017 SpiderCloud Wireless, Inc. NDA 20

 • The SpiderNet NBI Integration Guide provides information about integrating the SpiderNet network
management system into operator’s Northbound Interface (NBI) Operations Support Systems (OSSs)
to surveil SpiderCloud networks.

SpiderCloud Wireless is based in Milpitas, California and is backed by investors Charles River Ventures, Matrix Partners, Opus Capital and Shasta
Ventures. For more information, follow the company on twitter at www.twitter.com/spidercloud_inc or visit www.spidercloud.com

SpiderCloud Wireless is a registered trademark and SmartCloud a trademark of SpiderCloud Wireless, Inc.
©2017 SpiderCloud Wireless, Inc. 20170406

© 2017 SpiderCloud Wireless, Inc. NDA 21