Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The WiFiMon Analysis Station Server (WAS) is the core component of WiFiMon which gathers and processes all the measurement data. The WAS receives the following data:

...

The WAS mainly consists of two software components: (1) the WiFiMon Agent and (2) the WiFiMon GUI.

(1) WiFiMon Agent

The WiFiMon Agent is responsible for performing the following actions: 

...

WiFiMon Agent can operate in a non-secure manner (non-secure WiFiMon Agent) when the crowdsourced and deterministic measurements are streamed over HTTP or in a secure manner (Secure WiFiMon Agent) if measurements are streamed over HTTPS.

(2) WiFiMon GUI

The WiFiMon GUI provides a graphical representation of the measurement results and various anayses as described above.

WAS Installation and Configuration Guide

This guide given below presents the commands required to install the WAS in a Debian-based distribution (Debian, Ubuntu, etc.). Other distributions may also be considered by adjusting the included commands appropriately. Our installation was tested in Ubuntu 18.04 LTS.

Prerequisites for the WiFiMon Analysis Station (WAS) Installation

To install WiFiMon Analysis Station (WAS) successfully, the following software components are required:

  • WiFiMon Agent package (version 1.3.0)
  • PostgreSQL (tested on version 10.1216)
  • Java 11
  • Elasticsearch (tested on version 7.49.23)
  • Kibana (tested on version 7.49.23)
  • Logstash (required in case of correlation with RADIUS and DHCP Logs, tested on version 7.49.23)

The following ports must be available on the WAS. However, the ports may be changed manually depending on your needs:

  • 5044: for Logstash
  • 5432: for PostgreSQL
  • 5601: for Kibana
  • 8441: for WiFiMon GUI
  • 8443: for WiFiMon Secure Agent
  • 9000: for WiFiMon Non-secure Agent (optional)
  • 9200: for communication with Elasticsearch

1. Overview of the WiFiMon Analysis Station (WAS) Installation

A summary of the mandatory steps for the installation (detailed in the linked sections below):

There are also some optional steps:

Anchor
PostgreSQL
PostgreSQL
2. PostgreSQL

Installing PostgreSQL from a package manager requires using the following commands:

...

After the installation of PostgreSQL, the database and tables required by WiFiMon should be created.  Detailed instructions are included in the following subsections.

Anchor
database
database
2.1. Database and User Creation

The following code block includes the appropriate SQL commands required to create (i) a database that will store information related to Subnets and Access Points monitored by WiFiMon as well as accounts of users that can access the WiFiMon GUI and (ii) a user that will be able to access this database. The following commands create the (i) database "wifimon_database" and (ii) the user "wifimon_user" with password "wifimonpass". We strongly suggest that these example names are changed in production environments.

...

The following subsections include the commands that are necessary for the creation of the required tables.

2.2. Creation of "subnets" Table

WiFiMon measures the performance of WiFi networks by embedding JavaScript code in frequently visited websites. Performance tests are triggered when End Users visit these websites and, in particular, after a web page is loaded so that browsing experience is not impacted by WiFiMon. Notably, these websites are not only visited by End Users residing in the monitored Subnets, but also from End Users outside them. Thus, alleviating the WAS from processing excessive traffic requires that performance tests consider measurements originating only from the WiFi networks that are monitored. To that end, a list of the registered Subnets from which End User measurements are processed by the WAS are maintained in "subnets" table. The creation of this table is detailed in the following code block.

Code Block
languagesql
CREATE TABLE subnets (
subnet text,
subnet_id serial PRIMARY KEY );

2.3. Creation of "accesspoints" Table

Table "accesspoints" is used to store information related to the Access Points monitored by WiFiMon. This information includes the latitude and longitude of Access Points, the building and floor in which they are installed and additional notes about them. This information is later used to depict performance results of End User measurements per Access Point. The creation of the "accespoints" table is detailed in the following code block.

Code Block
languagesql
CREATE TABLE accesspoints (
apid serial PRIMARY KEY,
mac text NOT NULL,
latitude text,
longitude text,
building text,
floor text,
notes text);

2.4. Creation of "users" Table

Table "users" is used to store information related to WiFiMon Users. WiFiMon GUI can be accessed by two types of WiFiMon Users: ADMIN and USER. ADMIN has full privileges to the WiFiMon GUI. An ADMIN is capable of adding/removing registered Subnets and Access Points as well as adding/removing WiFiMon Users. In contrast, a USER can navigate through the WiFiMon GUI dashboards, but is incapable of performing administration actions. The creation of the "users" table is detailed in the following code block.

Code Block
languagesql
CREATE TABLE users (
id serial PRIMARY KEY,
email text NOT NULL,
password_hash text NOT NULL,
role text NOT NULL);

2.5. Creation of "options" Table

Table "options" stores information related to privacy settings, e.g. hiding/showing End User specific data in the WiFiMon GUI. Correlation options are also included in this table. The creation of the "options" table is detailed in the following code block.

...

Exiting the database is possible using the command "\q" within the terminal-based front-end of PostgreSQL.

Setting Privileges in PostgreSQL

Setting SELECT, INSERT, DELETE, UPDATE privileges for the database user, e.g. "wifimon_user" requires the following commands issued within the terminal-based front-end of PostgreSQL:

...

Exiting the database is possible using the command "\q" within the terminal-based front-end of PostgreSQL.

Create an admin account to login

An initial ADMIN WiFiMon User should be created for accessing the WiFiMon GUI. Within the terminal-based front-end of PostgreSQL, an ADMIN WiFiMon User is created using the commands in the following code block after connection to the WiFiMon database. Notably, passwords are stored hashed within the database.

...

This account can be later deleted from the WiFiMon GUI (after step 5). However, an ADMIN account should always be present in order to access the WiFiMon GUI and manage the WiFiMon Users, Access Points and Subnets. We strongly suggest that the password is changed from the WiFiMon GUI when the installation is complete (step 5).

Anchor
java
java
3. Java Installation

WiFiMon currently supports Java 11. The required commands are the following:

Code Block
sudo apt update
sudo apt install -y apt-get install -y openjdk-11-jdk openjdk-11-jre

...

Code Block
source /etc/environment

Anchor
elasticsearch
elasticsearch
4. Elasticsearch and Kibana

Installing Elasticsearch 7.49.2 and 3 and Kibana 7.49.23, requires executing the following commands:

  • Elasticsearch 7.49.23
Code Block
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.49.23-amd64.deb
sudo dpkg -i elasticsearch-7.49.23-amd64.deb
  • Kibana 7.49.23
    Anchor
    kibana
    kibana
Code Block
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.49.23-amd64.deb
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.4.2-amd64.deb.sha512
shasum -a 512 kibana-7.4.2-amd64.deb
sudo dpkg -i kibana-7.4.2-amd64.debsudo dpkg -i kibana-7.9.3-amd64.deb

Anchor
elasticsearch_configure
elasticsearch_configure
Elasticsearch Configuration

In the configuration file of Elasticsearch (/etc/elasticsearch/elasticsearch.yml), the following lines should be inserted/changed. Notably, bold parts must be adjusted to the particular configuration of the reader. In the following, we configure Elasticsearch to be publicly accessible:

cluster.name: elasticsearch
node.name: ${HOSTNAME}

node.master: true
node.voting_only: false
node.data: true
node.ingest: true
node.ml: false
cluster.remote.connect: false
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: INSERT the Fully Qualified Domain Name (WAS_FQDN) to which the server listens
discovery.seed_hosts: ["INSERT the WAS_FQDN to which the server listens"]
cluster.initial_master_nodes: INSERT the HOSTNAME (not WAS_FQDN) of the server
xpack.ml.enabled: false
xpack.security.enabled: false

...

Notably, "cluster.initial_master_nodes" must be commented out after the first initialization of the Elasticsearch cluster. The above configuration assumes that the setup includes a single Elasticsearch node. Configuration for more advanced setups is available in the following WiFiMon guide "Streaming Logs Into ELK Cluster".

Anchor
kibana_configure
kibana_configure
Kibana Configuration

After installing Kibana, the following configurations are required in the Kibana configuration file (/etc/kibana/kibana.yml). The following changes should be made in the corresponding sections/fields of the configuration file. Notably, bold parts must be adjusted to the particular configuration of the reader.

server.port: 5601
server.host: "INSERT the Fully Qualified Domain Name (WAS_FQDN) to which the server listens"
server.name: “wifimon"wifimon-kibana”kibana"
elasticsearch.hosts: [“http"http://WAS_FQDN:9200”9200"]

server.ssl.enabled: false

...

Verifying that kibana is running is possible via: netstat -tlnpu (port 5601)

Anchor
wifimon
wifimon
5. WiFiMon Installation

Installing WiFiMonrequires the following commands:

Code Block
wget httpshttp://bitbucket83.software97.geant95.org167/projects/WFMON/repos/agent/raw/deb/wifimon-agent-0.1.1-SNAPSHOT.deb?at=refs%2Fheads%2Fmaster --output-document=wifimon-agent-0.1.1-SNAPSHOT3.0.deb
sudo apt-get update
sudo apt-get install -y gdebi
sudo gdebi wifimon-agent-01.13.1-SNAPSHOT0.deb

Afterwards, the following files will show up in /usr/lib/wifimon/ directory:

  • elasticsearch.sh: Script to create Elasticsearch indices

  • kibana-import.ndjson: JSON file to be imported in Kibana to create the necessary visualizations and dashboards

  • start.sh: Script for starting WiFiMon GUI and Agent

  • secure-processor-0.1.13.war0war: This incorporates both the WiFiMon Secure and Non-Secure Agent

  • ui-01.13.10.war: This incorporates the WiFiMon GUI

  • config: Directory with configuration files. Their parameters must be filled in.

  • keystore: Directory where the Java Keystore should be stored in order to run WiFiMon Agent and GUI on HTTPS

...

Before the execution of script elasticsearch.sh, "curl” must " must be installed. This is possible using the following commands:

...

In the sequel, Kibana index patterns should be configured from the Kibana User Interface. In Kibana, the "wifimon" index pattern can be created from Management/Stack Management/Index Patterns. The following details should be provided:

...

and the following details are required to create "radiuslogsprobes" index (for the correlation of RADIUS Logs with End User measurementsthe metrics collected from the WiFiMon Hardware Probes):

  • Index pattern: radiuslogsprobes

  • Time Filter field name: Timestamptimestamp
  • Index pattern ID: radiuslogsprobes_v0.1 (advanced options should be selected to see this field)

and the following details are required to create "probes" index (for the metrics collected from the WiFiMon Hardware Probes):

  • Index pattern: probes

  • Time Filter field name: timestamp
  • Index pattern ID: probes_v0.1 (advanced options should be selected to see this field)

and the following to create "dhcplogs" index (for the correlation of DHCP Logs with End User measurements):

  • Index pattern: dhcplogs

  • Time Filter field name: timestamp
  • Index pattern ID: dhcplogs_v0.1 (advanced options should be selected to see this field)

After the creation of index patterns, the necessary visualizations and dashboards should be imported. To that end, the kibana-import.ndjson file should be imported in the Management/Saved Objects tab.

After the creation of index patterns, the necessary visualizations and dashboards should be imported. To that end, the kibana-import.ndjson file should be imported in the Management/Stack Management/Saved Objects tab.

Finally, WiFiMon properties should be configured in the files (secure-processor.properties, ui.properties) of the WiFiMon config directory. Notably, WiFiMon uses HMAC SHA-512 encryption to encrypt sensitive data (End User IP addresses, End User MAC addresses) that are stored in the Elasticsearch cluster and visualized by Kibana. In secure-processor.properties, the key of this algorithm must be defined (property "sha.key"). This key is of type String and the reader could select any well-formatted string, preferably of big length. This string is defined only in the secure-processor.properties configuration file.

Apart from the "sha.key" property, the WiFiMon administrator is required to provide the port on which the WAS listens (property "server.port"), i.e. 9000 for the case of the WiFiMon Non-Secure Agent. Later, this documentation demonstrates how to install the WiFiMon Secure Agent; the WiFiMon Administrator is then required to change the value of the "server.port" property to 8443 from 9000.

Moreover, the WiFiMon Administrator should set the value of the PostgreSQL properties according to what was provided in the 2nd step of this documentation. Based on the example values of our documentation, "spring.datasource.url" can be defined as "jdbc:postgresql://localhost:5432/wifimon_database" and "spring.datasource.username", "spring.datasource.password" properties can be defined as "wifimon_user", "wifimonpass" respectively. Please, make sure that you change the aforementioned password to secure your PostgreSQL database setup.

Afterwards, the WiFiMon Administrator is required to provide the name of the Elasticsearch cluster ("elasticsearch.clustername" property) that was provided in step 4 of this documentation (e.g. "elasticsearch" in this guide) and the FQDN Elasticsearch listens on for the "elasticsearch.host" property.

In ui.properties, the WiFiMon Administrator is expected to provide the values for the PostgreSQL properties (the same as in the secure-processor.properties file) as well as the Kibana properties. Specifically, the WiFiMon Administrator should insert the FQDN Kibana listens on ("server.host.name" property), the protocol used by Kibana ("kibana.protocol" property), which is "http" for the WiFiMon Non-Secure Agent (this step) or "https" for the WiFiMon Secure Agent (step 7 of this documentation) as well as the port Kibana listens to ("kibana.port" property), which is usually 5601. Finally, WiFiMon provides methods for checking if a new software version is available. To that end, the running version of the WiFiMon software is compared with the most recent version that is stored within a VM provided by GEANT. Moreover, this VM keeps some statistics of WiFiMon end users involving their IP address and running version. The purpose of this is to track how many users are currently utilizing WiFiMon and what versions. If the WiFiMon end user wants to be excluded from this process, "user.tracking" should be changed to "no"Finally, WiFiMon properties should be configured in the files (secure-processor.properties, ui.properties) of the WiFiMon config directory. Notably, WiFiMon uses HMAC SHA-512 encryption to encrypt sensitive data (End User IP addresses, End User MAC addresses) that are stored in the Elasticsearch cluster and visualized by Kibana. In secure-processor.properties, the key of this algorithm must be defined. This key is of type String and the reader could select any well-formatted string, preferably of big length. This string is defined only in the secure-processor.properties configuration file.

Starting the WiFiMon Secure Agent and WiFiMon GUI requires the following command:

Code Block
./start.sh

Anchor
compile
compile
6. WiFiMon Code Compilation

Note: This step is only required if the WiFiMon Code is modified by the reader to include new features.

...

Afterwards, WiFiMon war files should be copied in the /usr/lib/wifimon directory:

Code Block
cp /agent/wifimon-assembly/target/wifimon-agent-bin/secure-processor-01.13.1-SNAPSHOT0.war /usr/lib/wifimon/secure-processor-01.13.1-SNAPSHOT0.war
cp /agent/wifimon-assembly/target/wifimon-agent-bin/ui-01.13.1-SNAPSHOT0.war /usr/lib/wifimon/ui-01.13.1-SNAPSHOT0.war

Anchor
letsencrypt
letsencrypt
7. Configuration of the WiFiMon Secure Agent

Configuration of the WiFiMon Secure Agent will be demonstrated using a Let’s encrypt certificate. Readers are free to use whatever certificate they prefer.

...

WiFiMon is now configured to use HTTPS for WiFiMon GUI and Agent.

Anchor
xpack
xpack
8. Configuring ELK Stack Security (X-Pack)

In the sequel, we will secure the ELK stack using a self-signed certificate. First, the file “/usr/share/elasticsearch/instances.yml” should be created with the following contents:

...

Important Note: In case of correlation with RADIUS and DHCP Logs, Logstash is also required. In this case, instances.yml requires additional information. More information is available in the following WiFiMon guide "Streaming Logs Into ELK Cluster". The WAS guide mainly focuses on the integration of the previous guide with the WiFiMon code setup.

...

Adding certificate key passphrase for HTTP communication protocol requires using the following command and entering the elasticsearch certificate key passphrase when prompted:

...

Adding certificate key for transport communication protocol and entering the elasticsearch certificate key passphrase when prompted is possible via the following command:

...

xpack.security.enabled=true
ssl.certificate.type=keystore
ssl.http.user.username=elastic
ssl.http.user.password=[elastic built-in user password]
ssl.http.keystore.filepath=/usr/lib/wifimon/keystore/keystore.jks
ssl.http.keystore.password=[keystore.jks password]
ssl.http.truststore.filepath=/usr/lib/wifimon/keystore/truststore.jks
ssl.http.truststore.password=[truststore password]
ssl.http.key.password=[elasticsearch.key password]

Anchor
links
links
9. The WiFiMon GUI

The installation is now complete. The WiFiMon GUI can be accessed at: https://WAS_FQDN:8441/login (see Figure 1)

...

  • Maps:

    • Clients Maps, map withthe measurement count from clients location in current day, automatically updated every 30 seconds

    • APs Maps, map withthe measurement count from APs location in current day, automatically updated every 30 seconds

  • Configuration:

    • Subnets: Add/remove Subnets that are allowed to perform measurements

    • Access Points: Add remove information (MAC, latitude, longitude, etc.) about Access Points (necessary to depict measurements in APs Maps page)

    • Users: Add/remove users to login to the WiFiMon GUI (role "USER" does not have access "Configuration" and "Guide" tabs)

    • Privacy / Correlation: Hide/show user-related data, select the method to allow the correlation between measurements, client IP and AP MAC

  • Guide: Instruction on how to embed scripts (to perform measurements) to websites and locally install the available performance tests (NetTest, boomerang, speedtest/HTML5)

  • Help: Instruction on how to get help

  • Check for updates: Check for newer versions of WiFiMon software.

As a first step you should add the Subnet of your WiFi network to allow measurements.

...