cancel
Showing results for 
Search instead for 
Did you mean: 

Service downtime needed for certificate mapping in various vSZ services

syamantakomer
Community Admin
Community Admin

In this self help discussion, I will explain how much downtime required for specific application service, when a new certificate is mapped and applied to SmartZone services.

User/admin query?

How much time a service will take to come back, when a new certificate is mapped with SZ services?

Customer is renewing controller's wildcard CA cert as it is expiring soon (new cert has same domain name so just validity will change). They want to know below details to make sure there is no or minimum service impact:

syamantakomer_1-1647365258355.png

Customer general FAQ with answers

1. What will be the service impact for each service and end clients which are already connected or may connect during service cert change.

Answer:

Web: No client service impact but SZ UI may not be available while service restarts.
AP Portal: New captive portal clients may get certificate error or portal redirection may not work while service is restarting.
Hotspot (WISPr): Same impact as AP portal.
Ruckus Intra-device communication: No user service impact. 
Notes:
  • No impact to existing clients but client connecting during the service restart may face issues on captive portal/guest SSIDs.
  • Admins using the SZ GUI may get certificate error or may not at all able to access SZ UI during service restart (web is one of the services which will restart, post applying the new certificate).

2. How much time it will take for service to come to normal after changing all 4 certs to service mapping and hit OK?

Answer:

Certificate update/install will restart subscriber mgmt, NBI and Web services. Customer can upload all these certificate at once and you can assume roughly 15 minutes (max) of downtime for services to recover

3. Do we need downtime if there is possibility for client disconnection or service impact?

Answer:

Usually no downtime required for client connection but to avoid captive portal certificate errors, its better to update certificate during a maintenance window so that users will not wonder why they are getting certificate error.

4. How to check service status?

Answer:

Go to SZ CLI >> Enable mode >> run "show service"

 

Got additional questions or need help? Start the conversation!


Syamantak Omer
Sr.Staff TSE | CWNA | CCNA | RCWA | RASZA | RICXI
RUCKUS Networks, CommScope!
Follow me on LinkedIn
0 REPLIES 0