| Table of Contents |
|---|
| Note |
|---|
To avoid investing a lot of effort into this only to realize that there’s a requirement that can’t be satisfied, make sure that all the below requirements are satisfied Important Notice: Be sure to review and meet all the requirements listed below early in the process . In particular we’ve had problems with customers not realizing that their setup and policies fails the to prevent any unexpected issues. We've seen some customers face challenges, particularly with the "no-NAT" requirement, described below. If you need assistance, don't hesitate to reach out to your Customer Support Manager for help. |
Use cases:
Positioning with DNA Cisco Spaces
FMF with DNA Spaces
This LIPI server is just a docker-based nginx server that adds some headers. It is designed to be very simple and require very few or no upgrades over time. It is started by an entrypoint that first downloads config files and ssl certificate from our servers.
Prerequisites:
Docker license if required.
Map editor configuration requirements
| Info |
|---|
Your customer success contact will help you fulfill these requirements. |
A mazepos.com subdomain DNS entry pointing to the local private IP of the server where the Proxy-LIPI will be running.
A network configuration set up that covers the public IP range(s) of the customer that intends to communicate with this LIPI, that points to the dns entry above (note: that also entails the public IP range from which the LIPI is going to be installed).
A position configuration with type “MM_POSITION_CONFIG_TYPE_CLOUD_POSITIONING”. Details are here /wiki/spaces/DPD/pages/776142882
A LIPI Config set up with position provider type “MazeMap Cloud Positioning”, pointing to the position config above and the dns entry above.
Server requirements
No specific requirements except that it should have docker installed. To install docker on various platforms see https://docs.docker.com/get-docker/.
The CPU and RAM requirements will vary on traffic, but in most cases will not have any specific requirements, as this is a simple nginx proxy. E.g. running a minimum of 1x CPU and 2 GB Ram should cover most use cases.
Local network and WiFi setup requirements
The local network topology needs to be such that the source IP address of the packets received by the Proxy-LIPI server corresponds with the local IP address of that same client in Cisco Spaces.
That means there should be no NAT or proxy between the clients and the Proxy-LIPI server.
| Note |
|---|
...
Ensure this requirement is |
...
reviewed by your IT department, specifically someone with expertise in network configuration, early in the process to avoid potential issues. |
Installation, running and basic usage
You need the API key associated with the LIPI config mentioned above. It's good practice to not expose secrets in the command line, so create a file to keep it in that is not readable to other users:
...
| Code Block |
|---|
curl https://<my-subdomain>.mazepos.com:443/health |
Running in production
Run the container in the background by adding -d or --detached (detached mode):
| Code Block |
|---|
sudo docker run -d --name proxy-lipi \
--env-file $LIPI_ENV_FILE \
-p 443:4343 \
gcr.io/mazemap-public-docker/proxy-lipi:latest |
...
| Code Block |
|---|
sudo docker ps -a sudo docker logs -f <container_id> |
Upgrading, Restarting, and
...
Maintenance
There can be many reasons why you want to restart the container. When it starts, it downloads a certificate and a configuration associated with your LIPI API key, and if any of those have changed, you need to restart in order to see the effects of those changes. Changes to these things require a restart to take effect:
...
If you want to minimize downtime, put these commands after each other in a script file that you can then run.
LIPI-Cisco
...
Spaces diagram
FAQ
| Info |
|---|
Q: Do we need a static NAT so that MAZEMAP can communicate with it ? Specifically this would be required if we require inbound access rules on the Firewall not just outbound. A: We do not need inbound access. |
...
| Info |
|---|
Q: Does the LIPI need to connect out or are things connecting into the server and if so on what port. A. Port 443. The lipi will log it's liveness to our database so that we can know if it is live or not. This is not required for the lipi to work though |
| Info |
|---|
Q: Why is the LIPI server needed for webapp? Our web application depends on on-prem lipi server to get position updates |
| Info |
|---|
Q: Do we need two LIPI servers if we have a separate visitor and staff network? What if it's just different SSID? Lipi server should run on network that has access to positioning data (access to Cisco positioning API) Baseline: User needing positioning need access to internal IP of the lipi server and lipi server need access to cisco positioning API. If you have two cisco positioning providers, you need two lipi servers (generally that is not the case that customers have more than one cisco positioning systems) |
| Info |
|---|
Q: What is available external to wifi network? Lipi is an on-prem server. It doesn't need to be available externally |
| Info |
|---|
Q: https://<my-subdomain>.mazepos.com:443/XXXX - is this subdomain supposed to map the LIPI server? This is a domain we own, and the subdomain could be whatever, but typically is the name of the customer/campus. It is used to make a url for making the IP of the Lipi-server available. IP can not be used directly as it would overlap with other IPs. |
| Info |
|---|
Q: Is the URL publicly available or just internally available on our relevant networks? This URL is publically available, but nothing will be got from it unless you have the key and the request is from the approved range of IPs. |
| Info |
|---|
Q: We need to install LIPI updates over time - how will we be notified that there are changes to apply? You will receive en email from CS in Mazemap with instructions on how to upgrade and why. Q: Is there a defined process regarding certificate renewal? Renewals are handled automatically by us. |