Chg: update image tag in helm values to v3.0.0-RC2

Merge pull request #92 from Telecominfraproject/main
https://telecominfraproject.atlassian.net/browse/WIFI-13200
2025-10-29 17:52:28 +00:00 · 2023-12-15 23:03:32 +00:00 · 2023-12-15 09:15:00 -08:00 · 2023-12-15 08:59:22 -08:00 · 2023-12-15 08:47:31 -08:00 · 2023-12-15 08:47:07 -08:00
89 changed files with 6089 additions and 1516 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,5 +1,5 @@
 cmake_minimum_required(VERSION 3.13)
-project(owprov VERSION 2.11.0)
+project(owprov VERSION 3.0.0)

 set(CMAKE_CXX_STANDARD 17)

@@ -37,7 +37,7 @@ if(GIT_FOUND AND EXISTS "${PROJECT_SOURCE_DIR}/.git")
    string(REGEX REPLACE "\n$" "" GIT_HASH "${GIT_HASH}")
 endif()

-add_definitions(-DAWS_CUSTOM_MEMORY_MANAGEMENT)
+add_definitions(-DAWS_CUSTOM_MEMORY_MANAGEMENT -DBOOST_NO_CXX98_FUNCTION_BASE=1)

 find_package(OpenSSL    REQUIRED)
 find_package(ZLIB       REQUIRED)
@@ -209,12 +209,37 @@ add_executable(owprov
        src/ProvWebSocketClient.cpp src/ProvWebSocketClient.h
        src/Tasks/VenueRebooter.h src/Tasks/VenueUpgrade.h
        src/sdks/SDK_fms.cpp src/sdks/SDK_fms.h
-        src/RESTAPI/RESTAPI_overrides_handler.cpp src/RESTAPI/RESTAPI_overrides_handler.h)
+        src/RESTAPI/RESTAPI_overrides_handler.cpp src/RESTAPI/RESTAPI_overrides_handler.h
+        src/storage/storage_glblraccounts.cpp src/storage/storage_glblraccounts.h
+        src/storage/storage_glblrcerts.cpp src/storage/storage_glblrcerts.h
+        src/RESTAPI/RESTAPI_openroaming_gr_list_acct_handler.cpp src/RESTAPI/RESTAPI_openroaming_gr_list_acct_handler.h
+        src/RESTAPI/RESTAPI_openroaming_gr_acct_handler.cpp src/RESTAPI/RESTAPI_openroaming_gr_acct_handler.h
+        src/RESTAPI/RESTAPI_openroaming_gr_list_certificates.cpp src/RESTAPI/RESTAPI_openroaming_gr_list_certificates.h
+        src/RESTAPI/RESTAPI_openroaming_gr_cert_handler.cpp src/RESTAPI/RESTAPI_openroaming_gr_cert_handler.h
+        src/RESTAPI/RESTAPI_openroaming_orion_list_acct_handler.cpp src/RESTAPI/RESTAPI_openroaming_orion_list_acct_handler.h
+        src/RESTAPI/RESTAPI_openroaming_orion_acct_handler.cpp src/RESTAPI/RESTAPI_openroaming_orion_acct_handler.h
+        src/storage/storage_orion_accounts.cpp src/storage/storage_orion_accounts.h
+        src/storage/storage_radius_endpoints.cpp
+        src/storage/storage_radius_endpoints.h
+        src/RESTAPI/RESTAPI_radiusendpoint_list_handler.cpp
+        src/RESTAPI/RESTAPI_radiusendpoint_list_handler.h
+        src/RESTAPI/RESTAPI_radius_endpoint_handler.cpp
+        src/RESTAPI/RESTAPI_radius_endpoint_handler.h
+        src/RadiusEndpointTypes/GlobalReach.cpp src/RadiusEndpointTypes/GlobalReach.h
+        src/RadiusEndpointTypes/OrionWifi.h
+        src/RadiusEndpointUpdater.cpp
+        src/RadiusEndpointUpdater.h
+        src/RadiusEndpointTypes/Radsec.cpp
+        src/RadiusEndpointTypes/Radsec.h
+        src/RadiusEndpointTypes/GenericRadius.cpp
+        src/RadiusEndpointTypes/GenericRadius.h
+)

 target_link_libraries(owprov PUBLIC
        ${Poco_LIBRARIES}
        ${MySQL_LIBRARIES}
        ${ZLIB_LIBRARIES}
        CppKafka::cppkafka
+        resolv
        fmt::fmt)

--- a/2
+++ b/2
@@ -1 +1 @@
-4
+10
--- a/config-samples/OpenRo.am
+++ b/config-samples/OpenRo.am
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>AutoJoin</key>
+			<true/>
+			<key>CaptiveBypass</key>
+			<false/>
+			<key>DisableAssociationMACRandomization</key>
+			<false/>
+			<key>DisplayedOperatorName</key>
+			<string>OpenRo.am</string>
+			<key>DomainName</key>
+			<string>openro.am</string>
+			<key>EAPClientConfiguration</key>
+			<dict>
+				<key>AcceptEAPTypes</key>
+				<array>
+					<integer>21</integer>
+				</array>
+				<key>OuterIdentity</key>
+				<string>anonymous@openro.am</string>
+				<key>TLSMaximumVersion</key>
+				<string>1.2</string>
+				<key>TLSMinimumVersion</key>
+				<string>1.2</string>
+				<key>TTLSInnerAuthentication</key>
+				<string>MSCHAPv2</string>
+				<key>UserName</key>
+				<string>420a5371-47d4-4d1d-b234-d17be4e54bb3@openro.am</string>
+				<key>UserPassword</key>
+				<string>XaHBCFhgGxi-mCK9XXdQ8</string>
+			</dict>
+			<key>EncryptionType</key>
+			<string>WPA2</string>
+			<key>HIDDEN_NETWORK</key>
+			<false/>
+			<key>IsHotspot</key>
+			<true/>
+			<key>NAIRealmNames</key>
+			<array>
+				<string>openro.am</string>
+			</array>
+			<key>PayloadDescription</key>
+			<string>Configures Wi-Fi settings</string>
+			<key>PayloadDisplayName</key>
+			<string>Wi-Fi</string>
+			<key>PayloadIdentifier</key>
+			<string>com.apple.wifi.managed.12788EED-2E0C-4370-9411-4EEFC8D9ABB0</string>
+			<key>PayloadType</key>
+			<string>com.apple.wifi.managed</string>
+			<key>PayloadUUID</key>
+			<string>12788EED-2E0C-4370-9411-4EEFC8D9ABB0</string>
+			<key>PayloadVersion</key>
+			<integer>1</integer>
+			<key>ProxyType</key>
+			<string>None</string>
+			<key>RoamingConsortiumOIs</key>
+			<array>
+				<string>5A03BA0000</string>
+			</array>
+			<key>ServiceProviderRoamingEnabled</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDisplayName</key>
+	<string>OpenRo.am Test</string>
+	<key>PayloadIdentifier</key>
+	<string>openroam.44A21054-2F3F-437F-822A-C2F6766A2A23</string>
+	<key>PayloadOrganization</key>
+	<string>OpenRo.am</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>1D460B0F-9311-4FD2-A75D-BADA866BC31C</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -9,7 +9,7 @@ fullnameOverride: ""
 images:
  owprov:
    repository: tip-tip-wlan-cloud-ucentral.jfrog.io/owprov
-    tag: main
+    tag: v3.0.0-RC2
    pullPolicy: Always
 #    regcred:
 #      registry: tip-tip-wlan-cloud-ucentral.jfrog.io
--- a/openapi/openroaming_globalreach.yaml
+++ b/openapi/openroaming_globalreach.yaml
@@ -0,0 +1,407 @@
+openapi: 3.0.1
+info:
+  title: OpenWiFi RadiusEndpointTypes Provisioning Model for Global Reach
+  description: Definitions and APIs to Open Roaming WiFi.
+  version: 2.5.0
+  license:
+    name: BSD3
+    url: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/LICENSE
+
+servers:
+  - url: 'https://localhost:16005/api/v1'
+
+security:
+  - bearerAuth: []
+  - ApiKeyAuth: []
+
+components:
+  securitySchemes:
+    ApiKeyAuth:
+      type: apiKey
+      in: header
+      name: X-API-KEY
+    bearerAuth:
+      type: http
+      scheme: bearer
+      bearerFormat: JWT
+
+  responses:
+    NotFound:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/NotFound'
+    Unauthorized:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/Unauthorized'
+    Success:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/Success'
+    BadRequest:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/BadRequest'
+
+  schemas:
+    GLBLRAccountInfo:
+      type: object
+      properties:
+        allOf:
+          $ref: 'https://github.com/Telecominfraproject/wlan-cloud-owprov/blob/main/openpapi/owprov.yaml#/components/schemas/ObjectInfo'
+        privateKey:
+          type: string
+        country:
+          type: string
+        province:
+          type: string
+        city:
+          type: string
+        organization:
+          type: string
+        commonName:
+          type: string
+        CSR:
+          type: string
+        CSRPrivateKey:
+          type: string
+        CSRPublicKey:
+          type: string
+        GlobalReachAcctId:
+          type: string
+
+    GLBLRCertificateInfo:
+      type: object
+      properties:
+        id:
+          type: string
+          format: uuid
+        name:
+          type: string
+        accountId:
+          type: string
+          format: uuid
+        csr:
+          type: string
+        certificate:
+          type: string
+        certificateChain:
+          type: string
+        certificateId:
+          type: string
+        expiresAt:
+          type: integer
+          format: int64
+        created:
+          type: integer
+          format: int64
+
+paths:
+  /openroaming/globalreach/accounts:
+    get:
+      tags:
+        - RadiusEndpointTypes-Global Reach
+      operationId: getOpenRoamingGlobalReachAccountList
+      summary: Retrieve account list.
+      parameters:
+        - in: query
+          description: Pagination start (starts at 1. If not specified, 1 is assumed)
+          name: offset
+          schema:
+            type: integer
+          required: false
+        - in: query
+          description: Maximum number of entries to return (if absent, no limit is assumed)
+          name: limit
+          schema:
+            type: integer
+          required: false
+        - in: query
+          description: return the number of accounts
+          name: countOnly
+          schema:
+            type: boolean
+          required: false
+
+      responses:
+        200:
+          description: The list of accounts
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/GLBLRAccountInfo'
+          $ref: '#/components/responses/Success'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+  /openroaming/globalreach/account/{name}:
+    get:
+      tags:
+        - RadiusEndpointTypes-Global Reach
+      operationId: getOpenRoamingGlobalReachAccount
+      summary: Retrieve account information.
+      parameters:
+        - in: path
+          description: The account name
+          name: name
+          schema:
+            type: string
+          required: true
+      responses:
+        200:
+          $ref: '#/components/schemas/GLBLRAccountInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    delete:
+      tags:
+        - RadiusEndpointTypes-Global Reach
+      operationId: deleteOpenRoamingGlobalReachAccount
+      summary: Delete account information.
+      parameters:
+        - in: path
+          description: The account name
+          name: name
+          schema:
+            type: string
+          required: true
+      responses:
+        200:
+          $ref: '#/components/responses/Success'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    post:
+      tags:
+        - RadiusEndpointTypes-Global Reach
+      operationId: createOpenRoamingGlobalReachAccount
+      summary: Create account information.
+      parameters:
+        - in: path
+          description: The account name
+          name: name
+          schema:
+            type: string
+          required: true
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/GLBLRAccountInfo'
+      responses:
+        200:
+          $ref: '#/components/schemas/GLBLRAccountInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    put:
+      tags:
+        - RadiusEndpointTypes-Global Reach
+      operationId: modifyOpenRoamingGlobalReachAccount
+      summary: Modify account information.
+      parameters:
+        - in: path
+          description: The account name
+          name: name
+          schema:
+            type: string
+          required: true
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/GLBLRAccountInfo'
+      responses:
+        200:
+          $ref: '#/components/schemas/GLBLRAccountInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+  /openroaming/globalreach/certificates/{account}:
+    get:
+      tags:
+        - RadiusEndpointTypes-Global Reach Certificate
+      operationId: getOpenRoamingGlobalReachCertificateList
+      summary: Retrieve certificate list.
+      parameters:
+        - in: path
+          description: The account name
+          name: account
+          schema:
+            type: string
+          required: true
+        - in: query
+          description: Pagination start (starts at 1. If not specified, 1 is assumed)
+          name: offset
+          schema:
+            type: integer
+          required: false
+        - in: query
+          description: Maximum number of entries to return (if absent, no limit is assumed)
+          name: limit
+          schema:
+            type: integer
+          required: false
+        - in: query
+          description: return the number of certificates
+          name: countOnly
+          schema:
+            type: boolean
+          required: false
+
+      responses:
+        200:
+          description: The list of certificates
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/GLBLRCertificateInfo'
+          $ref: '#/components/responses/Success'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+  /openroaming/globalreach/certificate/{account}/{id}:
+    get:
+      tags:
+        - RadiusEndpointTypes-Global Reach Certificate
+      operationId: getOpenRoamingGlobalReachCertificate
+      summary: Retrieve certificate information.
+      parameters:
+        - in: path
+          description: The account name - this is the provisioning ID for the account. Not the GlobalReach ID.
+          name: account
+          schema:
+            type: string
+          required: true
+        - in: path
+          description: The certificate id in provisioning - not the certificate_id from GlobalReach
+          name: id
+          schema:
+            type: string
+          required: true
+      responses:
+        200:
+          $ref: '#/components/schemas/GLBLRCertificateInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    delete:
+      tags:
+        - RadiusEndpointTypes-Global Reach Certificate
+      operationId: deleteOpenRoamingGlobalReachCertificate
+      summary: Delete certificate information.
+      parameters:
+        - in: path
+          description: The account name - this is the provisioning ID for the account. Not the GlobalReach ID.
+          name: account
+          schema:
+            type: string
+          required: true
+        - in: path
+          description: The certificate id in provisioning - not the certificate_id from GlobalReach
+          name: id
+          schema:
+            type: string
+          required: true
+      responses:
+        200:
+          $ref: '#/components/responses/Success'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    post:
+      tags:
+        - RadiusEndpointTypes-Global Reach Certificate
+      operationId: createOpenRoamingGlobalReachCertificate
+      summary: Create certificate information.
+      parameters:
+        - in: path
+          description: The account name - this is the provisioning ID for the account. Not the GlobalReach ID.
+          name: account
+          schema:
+            type: string
+          required: true
+        - in: path
+          description: Must be set to "0"
+          name: id
+          schema:
+            type: string
+          required: true
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/GLBLRCertificateInfo'
+      responses:
+        200:
+          $ref: '#/components/schemas/GLBLRCertificateInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    put:
+      tags:
+        - RadiusEndpointTypes-Global Reach Certificate
+      operationId: updateOpenRoamingGlobalReachCertificate
+      summary: Update certificate information.
+      parameters:
+        - in: path
+          description: The account name - this is the provisioning ID for the account. Not the GlobalReach ID.
+          name: account
+          schema:
+            type: string
+          required: true
+        - in: path
+          description: the UUID of the certificate
+          name: id
+          schema:
+            type: string
+          required: true
+        - in: query
+          description: Update an existing certificate
+          name: updateCertificate
+          schema:
+            type: boolean
+            default: false
+          required: false
+      responses:
+        200:
+          $ref: '#/components/schemas/GLBLRCertificateInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
--- a/openapi/openroaming_orion.yaml
+++ b/openapi/openroaming_orion.yaml
@@ -0,0 +1,199 @@
+openapi: 3.0.1
+info:
+  title: OpenWiFi RadiusEndpointTypes Provisioning Model for Google Orion
+  description: Definitions and APIs to Open Roaming WiFi.
+  version: 2.5.0
+  license:
+    name: BSD3
+    url: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/LICENSE
+
+servers:
+  - url: 'https://localhost:16005/api/v1'
+
+security:
+  - bearerAuth: []
+  - ApiKeyAuth: []
+
+components:
+  securitySchemes:
+    ApiKeyAuth:
+      type: apiKey
+      in: header
+      name: X-API-KEY
+    bearerAuth:
+      type: http
+      scheme: bearer
+      bearerFormat: JWT
+
+  responses:
+    NotFound:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/NotFound'
+    Unauthorized:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/Unauthorized'
+    Success:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/Success'
+    BadRequest:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/BadRequest'
+
+  schemas:
+    GooglOrionAccountInfo:
+      type: object
+      properties:
+        allOf:
+          $ref: 'https://github.com/Telecominfraproject/wlan-cloud-owprov/blob/main/openpapi/owprov.yaml#/components/schemas/ObjectInfo'
+        privateKey:
+          type: string
+        certificate:
+          type: string
+        cacerts:
+          type: array
+          items:
+            type: string
+
+paths:
+  /openroaming/orion/accounts:
+    get:
+      tags:
+        - RadiusEndpointTypes-Google Orion
+      operationId: getOpenRoamingGlobalReachAccountList
+      summary: Retrieve account list.
+      parameters:
+        - in: query
+          description: Pagination start (starts at 1. If not specified, 1 is assumed)
+          name: offset
+          schema:
+            type: integer
+          required: false
+        - in: query
+          description: Maximum number of entries to return (if absent, no limit is assumed)
+          name: limit
+          schema:
+            type: integer
+          required: false
+        - in: query
+          description: return the number of accounts
+          name: countOnly
+          schema:
+            type: boolean
+          required: false
+
+      responses:
+        200:
+          description: The list of accounts
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/GooglOrionAccountInfo'
+          $ref: '#/components/responses/Success'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+  /openroaming/orion/account/{id}:
+    get:
+      tags:
+        - RadiusEndpointTypes-Google Orion
+      operationId: getOpenRoamingGlobalReachAccount
+      summary: Retrieve account information.
+      parameters:
+        - in: path
+          description: The account ID
+          name: id
+          schema:
+            type: string
+            format: uuid
+          required: true
+      responses:
+        200:
+          $ref: '#/components/schemas/GooglOrionAccountInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    delete:
+      tags:
+        - RadiusEndpointTypes-Google Orion
+      operationId: deleteOpenRoamingGlobalReachAccount
+      summary: Delete account information.
+      parameters:
+        - in: path
+          description: The account ID
+          name: id
+          schema:
+            type: string
+            format: uuid
+          required: true
+      responses:
+        200:
+          $ref: '#/components/responses/Success'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    post:
+      tags:
+        - RadiusEndpointTypes-Google Orion
+      operationId: createOpenRoamingGlobalReachAccount
+      summary: Create account information.
+      parameters:
+        - in: path
+          description: The account ID
+          name: id
+          schema:
+            type: string
+            format: uuid
+          required: true
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/GooglOrionAccountInfo'
+      responses:
+        200:
+          $ref: '#/components/schemas/GooglOrionAccountInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    put:
+      tags:
+        - RadiusEndpointTypes-Google Orion
+      operationId: modifyOpenRoamingGlobalReachAccount
+      summary: Modify account information.
+      parameters:
+        - in: path
+          description: The account ID
+          name: id
+          schema:
+            type: string
+            format: uuid
+          required: true
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/GooglOrionAccountInfo'
+      responses:
+        200:
+          $ref: '#/components/schemas/GooglOrionAccountInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
--- a/openapi/ow_or_ameriband.yaml
+++ b/openapi/ow_or_ameriband.yaml
@@ -1,268 +0,0 @@
-openapi: 3.0.1
-info:
-  title: OpenWiFi Open roaming Ameriband Provisioning Model
-  description: Registration of an OpenRoaming profile with Ameriband for TIP OpenWifi.
-  version: 1.0.0
-  license:
-    name: BSD3
-    url: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/LICENSE
-
-servers:
-  - url: 'https://tip.regiatration.ameriband.com:8001/api/v1'
-
-security:
-  - bearerAuth: []
-
-components:
-  securitySchemes:
-    bearerAuth:
-      type: http
-      scheme: bearer
-
-  responses:
-    NotFound:
-      description: The specified resource was not found.
-      content:
-        application/json:
-          schema:
-            properties:
-              ErrorCode:
-                type: integer
-              ErrorDetails:
-                type: string
-              ErrorDescription:
-                type: string
-
-    Unauthorized:
-      description: The requested does not have sufficient rights to perform the operation.
-      content:
-        application/json:
-          schema:
-            properties:
-              ErrorCode:
-                type: integer
-                enum:
-                  - 0     # Success
-                  - 8     # INVALID_TOKEN
-                  - 9     # EXPIRED_TOKEN
-              ErrorDetails:
-                type: string
-              ErrorDescription:
-                type: string
-
-    Success:
-      description: The requested operation was performed.
-      content:
-        application/json:
-          schema:
-            properties:
-              Operation:
-                type: string
-              Details:
-                type: string
-              Code:
-                type: integer
-
-    BadRequest:
-      description: The requested operation failed.
-      content:
-        application/json:
-          schema:
-            properties:
-              ErrorCode:
-                type: integer
-              ErrorDetails:
-                type: string
-              ErrorDescription:
-                type: integer
-
-  schemas:
-    RegistrationRequest:
-      type: object
-      properties:
-        orgRequestId:
-          type: string
-          format: uuid
-          minLength: 36
-          maxLength: 36
-          example:
-            Client will generate a UUID that must be returned in the response.
-        orgAcceptedTermsAndConditions:
-          type: boolean
-          default: false
-        orgLegalName:
-          type: string
-          minLength: 1
-        orgWebSite:
-          type: string
-          format: url
-          minLength: 1
-        orgContact:
-          type: string
-          minLength: 1
-          example:
-            John Smith
-        orgEmail:
-          type: string
-          format: email
-          minLength: 1
-        orgPhone:
-          type: string
-          example:
-            (607)555-1234 or +1(223)555-1222
-        orgLocation:
-          type: string
-          example:
-            Boston, NH - LA, CA
-        orgCertificate:
-          type: string
-          minLength: 1
-          example:
-            This must be the entire PEM file content of the certificate, encoded using base64
-
-    RegistrationResponse:
-      type: object
-      properties:
-        orgRequestId:
-          type: string
-          format: uuid
-          minLength: 36
-          maxLength: 36
-          example:
-            This should be the same orgRequestId passed during registration.
-        orgNASID:
-          type: string
-          minLength: 10
-          description:
-            This is the NASID generated by Ameriband. It will be used by the operator as NASID when contacting Ameriband.
-        ameribandCertificate:
-          type: string
-          minLength: 1
-          example:
-            This must be the entire PEM file content of the certificate, encoded using base64
-
-    RegistrationInformationRequest:
-      type: object
-      properties:
-        link:
-          description: This should be the link where a potential registrant can read the terms and conditions of registering with Ameriband.
-          type: string
-          format: url
-          minLength: 1
-          example:
-            https://ameriband.com/romain-registration.html
-
-paths:
-  /termsAndConditions:
-    get:
-      summary: The registrant must be given a chance to view the terms and conditions of the relationship they are entering into
-      operationId: getTermsAndConditions
-      responses:
-        200:
-          description: Sucessfully retrieved Terms and Conditions
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RegistrationInformationRequest'
-        404:
-          $ref: '#/components/responses/Unauthorized'
-
-  /registration:
-    get:
-      tags:
-        - Registration
-      operationId: getRegistrationInformation
-      summary: This should return the information from a registration based on the NASID
-      parameters:
-        - in: query
-          name: orgNASID
-          schema:
-            type: string
-          required: true
-          example:
-            This is the orgNASID returned during registration.
-      responses:
-        200:
-          $ref: '#/components/schemas/RegistrationResponse'
-        403:
-          $ref: '#/components/responses/Unauthorized'
-        404:
-          $ref: '#/components/responses/NotFound'
-
-    post:
-      summary: Called when the registrant ahs read the T&Cs and iw willing to submit their information to enter in a partnership
-      tags:
-        - Registration
-      operationId: createRegistration
-      requestBody:
-        required: true
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/RegistrationRequest'
-      responses:
-        200:
-          description: Succesfully registered
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RegistrationResponse'
-        400:
-          description: Registration failed due to  missing or incomplete information
-          $ref: '#/components/responses/BadRequest'
-        403:
-          $ref: '#/components/responses/Unauthorized'
-
-    put:
-      summary: Called when the registrant needs to update its information with Ameriband. The does not generate a new NASID.
-      tags:
-        - Registration
-      operationId: updateRegistration
-      parameters:
-        - in: query
-          name: orgNASID
-          schema:
-            type: string
-          required: true
-          example:
-            This is the orgNASID returned during registration.
-      requestBody:
-        required: true
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/RegistrationRequest'
-      responses:
-        200:
-          description: Succesfully found the information based on the orgNASID
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RegistrationResponse'
-        400:
-          $ref: '#/components/responses/BadRequest'
-        403:
-          $ref: '#/components/responses/Unauthorized'
-        404:
-          $ref: '#/components/responses/NotFound'
-
-    delete:
-      tags:
-        - Registration
-      summary: When a registrant wants to terminate a relationship with Ameriband. Ameriband should also delete all information from the registrant
-      operationId: deleteRegistration
-      parameters:
-        - in: query
-          name: orgNASID
-          schema:
-            type: string
-          required: true
-          example:
-            This is the orgNASID returned during registration.
-      responses:
-        204:
-          $ref: '#/components/responses/Success'
-        403:
-          $ref: '#/components/responses/Unauthorized'
-        404:
-          $ref: '#/components/responses/NotFound'
--- a/openapi/radius_endpoints.yaml
+++ b/openapi/radius_endpoints.yaml
@@ -0,0 +1,342 @@
+openapi: 3.0.1
+info:
+  title: OpenWiFi RADIUS Resource Model
+  description: Definitions and APIs to manage RADIUS Resources.
+  version: 1.0.0
+  license:
+    name: BSD3
+    url: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/LICENSE
+
+servers:
+  - url: 'https://localhost:16005/api/v1'
+
+security:
+  - bearerAuth: []
+  - ApiKeyAuth: []
+
+components:
+  securitySchemes:
+    ApiKeyAuth:
+      type: apiKey
+      in: header
+      name: X-API-KEY
+    bearerAuth:
+      type: http
+      scheme: bearer
+      bearerFormat: JWT
+
+  responses:
+    NotFound:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/NotFound'
+    Unauthorized:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/Unauthorized'
+    Success:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/Success'
+    BadRequest:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/BadRequest'
+
+  schemas:
+
+    RADIUSServer:
+      type: object
+      properties:
+        Hostname:
+          type: string
+        IP:
+          type: string
+        Port:
+          type: integer
+          format: int32
+        Secret:
+          type: string
+
+    RADIUSEndPointRadiusType:
+      type: object
+      properties:
+        Authentication:
+          type: array
+          items:
+            $ref: '#/components/schemas/RADIUSServer'
+        Accounting:
+          type: array
+          items:
+            $ref: '#/components/schemas/RADIUSServer'
+        CoA:
+          type: array
+          items:
+            $ref: '#/components/schemas/RADIUSServer'
+        AccountingInterval:
+          type: integer
+          format: int32
+
+    RADIUSEndPointRadsecType:
+      type: object
+      properties:
+        Hostname:
+          type: string
+        IP:
+          type: string
+        Port:
+          type: integer
+        Secret:
+          type: string
+          default: radsec
+        UseOpenRoamingAccount:
+          type: string
+          format: uuid
+        Weight:
+          type: integer
+          format: int32
+        Certificate:
+          type: string
+        PrivateKey:
+          type: string
+        CaCerts:
+          type: array
+          items:
+            type: string
+        AllowSelfSigned:
+          type: boolean
+          default: false
+
+    RADIUSEndPoint:
+      type: object
+      properties:
+        allOf:
+          $ref: 'https://github.com/Telecominfraproject/wlan-cloud-owprov/blob/main/openpapi/owprov.yaml#/components/schemas/ObjectInfo'
+        Type:
+          type: string
+          enum:
+            - generic
+            - radsec
+            - globalreach
+            - orion
+          default: radius
+        RadsecServers:
+          type: array
+          items:
+            $ref: '#/components/schemas/RADIUSEndPointRadsecType'
+        RadiusServers:
+          type: array
+          items:
+            $ref: '#/components/schemas/RADIUSEndPointRadiusType'
+        PoolStrategy:
+          type: string
+          enum:
+            - round_robin
+            - weighted
+            - random
+          default: random
+        UseGWProxy:
+          type: boolean
+          default: true
+        Index:
+          type: string
+          example:
+            - 0.0.1.1: a ficticious IP address that should be between 0.0.1.1 and 0.0.2.254
+        UsedBy:
+          type: array
+          description: list of configuration using this endpoint
+          items:
+            type: string
+            format: uuid
+        NasIdentifier:
+          type: string
+        AccountingInterval:
+          type: integer
+          format: int64
+
+    RADIUSEndpointUpdateStatus:
+      type: object
+      properties:
+        lastUpdate:
+          type: integer
+          format: int64
+        lastConfigurationChange:
+          type: integer
+          format: int64
+
+
+
+paths:
+  /RADIUSEndPoints:
+    get:
+      tags:
+        - RADIUS Endpoints
+      operationId: getRADIUSEndPoints
+      summary: Retrieve the lists of RADIUSendPoints
+      parameters:
+        - in: query
+          description: Pagination start (starts at 1. If not specified, 1 is assumed)
+          name: offset
+          schema:
+            type: integer
+          required: false
+        - in: query
+          description: Maximum number of entries to return (if absent, no limit is assumed)
+          name: limit
+          schema:
+            type: integer
+          required: false
+        - in: query
+          description: return the number of certificates
+          name: countOnly
+          schema:
+            type: boolean
+          required: false
+        - in: query
+          description: return the last update time
+          name: currentStatus
+          schema:
+            type: boolean
+          required: false
+      responses:
+        200:
+          description: The list of endpoints
+          content:
+            application/json:
+              schema:
+                oneOf:
+                  - type: array
+                    items:
+                      $ref: '#/components/schemas/RADIUSEndPoint'
+                  - $ref: '#/components/schemas/RADIUSEndpointUpdateStatus'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    put:
+      tags:
+        - RADIUS Endpoints
+      operationId: updateRADIUSEndpoints
+      summary: Force an Update to teh RADIUSendPoints in the controller
+      parameters:
+        - in: query
+          name: updateEndpoints
+          schema:
+            type: boolean
+          required: false
+      responses:
+        200:
+          description: The list of endpoints
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  Error:
+                    type: string
+                  ErrorNum:
+                    type: integer
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+  /RADIUSEndPoint/{id}:
+    get:
+      tags:
+        - RADIUS Endpoints
+      operationId: getRADIUSEndPoint
+      summary: Retrieve a RADIUSendPoint
+      parameters:
+        - in: path
+          name: id
+          schema:
+            type: string
+            format: uuid
+          required: true
+      responses:
+        200:
+          description: The endpoint
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RADIUSEndPoint'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    delete:
+      tags:
+        - RADIUS Endpoints
+      operationId: deleteRADIUSEndPoint
+      summary: Delete a RADIUSendPoint
+      parameters:
+        - in: path
+          name: id
+          schema:
+            type: string
+            format: uuid
+          required: true
+      responses:
+        200:
+          $ref: '#/components/responses/Success'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    post:
+      tags:
+        - RADIUS Endpoints
+      operationId: createRADIUSEndPoint
+      summary: Create a RADIUSendPoint
+      parameters:
+        - in: path
+          name: id
+          schema:
+            type: string
+            format: uuid
+          required: true
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/RADIUSEndPoint'
+      responses:
+        200:
+          $ref: '#/components/schemas/RADIUSEndPoint'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    put:
+      tags:
+        - RADIUS Endpoints
+      operationId: modifyRADIUSEndPoint
+      summary: Modify a RADIUSendPoint
+      parameters:
+        - in: path
+          name: id
+          schema:
+            type: string
+            format: uuid
+          required: true
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/RADIUSEndPoint'
+      responses:
+        200:
+          $ref: '#/components/schemas/RADIUSEndPoint'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
--- a/openapi/rrm_provider.yaml
+++ b/openapi/rrm_provider.yaml
@@ -133,29 +133,32 @@ paths:
      summary: Run a specific or default RRM algorithm. The UI user or CLI user will have the ability to run an algorithm on demand.
      parameters:
        - in: query
-          description:
+          description: The venue this algorithm should be run on.
          name: venue
          schema:
            type: string
            format: uuid
          required: true
        - in: query
-          description: Perform RRM without updating anything. This may be used by an admin to see what RRM would do.
-          name: mock
+          description: Perform RRM asynchronously, synchronously or in mockRun mode (without updating anything, this may be used by an admin to see what RRM would do).
+          name: mode
          schema:
-            type: boolean
-            default: false
+            type: string
+            enum: [ async, sync, mockRun ]
          required: false
        - in: query
          description: Specify the RRM algorithm to use. If omitted, select the default algorithm.
+          name: algorithm
          schema:
            type: string
          required: false
        - in: query
-          description: Specify the parameters to use with the RRM algorithm to use. If omitted, select the default parameters.
+          description: Specify the comma separated name=value parameters to use with the RRM algorithm to use. If omitted, select the default parameters.
+          name: parameters
          schema:
            type: string
          required: false
+
      responses:
        200:
          description: Return the list of actions that were or would be performed.
--- a/src/APConfig.cpp
+++ b/src/APConfig.cpp
@@ -9,6 +9,11 @@
 #include "Poco/StringTokenizer.h"
 #include "fmt/format.h"

+#include <RadiusEndpointTypes/OrionWifi.h>
+#include <RadiusEndpointTypes/GlobalReach.h>
+#include <RadiusEndpointTypes/Radsec.h>
+#include <RadiusEndpointTypes/GenericRadius.h>
+
 namespace OpenWifi {

 	APConfig::APConfig(const std::string &SerialNumber, const std::string &DeviceType,
@@ -55,14 +60,33 @@ namespace OpenWifi {
 		 */
 	}

-	bool APConfig::ReplaceVariablesInObject(const Poco::JSON::Object::Ptr &Original,
-											Poco::JSON::Object::Ptr &Result) {
+    bool APConfig::InsertRadiusEndPoint(const ProvObjects::RADIUSEndPoint &RE, Poco::JSON::Object &Result) {
+        if(RE.UseGWProxy) {
+            Poco::JSON::Object  ServerSettings;
+            if (RE.Type == "orion") {
+                return OpenRoaming_Orion()->Render(RE, SerialNumber_, Result);
+            } else if (RE.Type == "globalreach") {
+                return OpenRoaming_GlobalReach()->Render(RE, SerialNumber_, Result);
+            } else if (RE.Type == "radsec") {
+                return OpenRoaming_Radsec()->Render(RE, SerialNumber_, Result);
+            } else if (RE.Type == "generic") {
+                return OpenRoaming_GenericRadius()->Render(RE, SerialNumber_, Result);
+            }
+            Result.set( "radius" , ServerSettings);
+        } else {
+            std::cout << "Radius proxy off" << RE.info.name << std::endl;
+        }
+        return false;
+    }
+
+    bool APConfig::ReplaceVariablesInObject(const Poco::JSON::Object &Original,
+											Poco::JSON::Object &Result) {
 		// get all the names and expand
-		auto Names = Original->getNames();
+		auto Names = Original.getNames();
 		for (const auto &i : Names) {
            if (i == "__variableBlock") {
-				if (Original->isArray(i)) {
-					auto UUIDs = Original->getArray(i);
+                if (Original.isArray(i)) {
+                    auto UUIDs = Original.getArray(i);
                    for (const auto &uuid: *UUIDs) {
                        ProvObjects::VariableBlock VB;
                        if (StorageService()->VariablesDB().GetRecord("id", uuid, VB)) {
@@ -72,58 +96,92 @@ namespace OpenWifi {
                                        P.parse(var.value).extract<Poco::JSON::Object::Ptr>();
                                auto VarNames = VariableBlockInfo->getNames();
                                for (const auto &j: VarNames) {
-									Result->set(j, VariableBlockInfo->get(j));
-								}
-							}
-						}
-					}
-				}
-			} else if (Original->isArray(i)) {
-				auto Arr = Poco::makeShared<Poco::JSON::Array>();
-				auto Obj = Original->getArray(i);
-				ReplaceVariablesInArray(Obj, Arr);
-				Result->set(i, Arr);
-			} else if (Original->isObject(i)) {
-				auto Expanded = Poco::makeShared<Poco::JSON::Object>();
-				auto Obj = Original->getObject(i);
-				ReplaceVariablesInObject(Obj, Expanded);
-				Result->set(i, Expanded);
+//                                    std::cout << "Name: " << j << std::endl;
+                                    if(VariableBlockInfo->isArray(j)) {
+                                        auto Elements = VariableBlockInfo->getArray(j);
+                                        if(Elements->size()>0) {
+                                            Poco::JSON::Array InnerArray;
+                                            ReplaceVariablesInArray(*Elements, InnerArray);
+                                            Result.set(j, InnerArray);
+//                                            std::cout << "Array!!!" << std::endl;
                                        } else {
-				Result->set(i, Original->get(i));
+//                                            std::cout << "Empty Array!!!" << std::endl;
+                                        }
+                                    } else if(VariableBlockInfo->isObject(j)) {
+                                        Poco::JSON::Object  InnerEval;
+//                                        std::cout << "Visiting object " << j << std::endl;
+                                        auto O = VariableBlockInfo->getObject(j);
+                                        ReplaceVariablesInObject(*O,InnerEval);
+                                        Result.set(j, InnerEval);
+                                    } else {
+                                        Result.set(j, VariableBlockInfo->get(j));
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            } else if (i == "__radiusEndpoint") {
+                auto EndPointId = Original.get(i).toString();
+                ProvObjects::RADIUSEndPoint RE;
+//                std::cout << "ID->" << EndPointId << std::endl;
+                if(StorageService()->RadiusEndpointDB().GetRecord("id",EndPointId,RE)) {
+                    InsertRadiusEndPoint(RE, Result);
+                } else {
+                    poco_error(Logger_, fmt::format("RADIUS Endpoint {} could not be found. Please delete this configuration and recreate it."));
+                    return false;
+                }
+			} else if (Original.isArray(i)) {
+                Poco::JSON::Array Arr;
+				auto Obj = Original.getArray(i);
+                if(Obj->size()>0) {
+                    ReplaceVariablesInArray(*Obj, Arr);
+                    Result.set(i, Arr);
+                }
+			} else if (Original.isObject(i)) {
+                Poco::JSON::Object Expanded;
+				auto Obj = Original.getObject(i);
+				ReplaceVariablesInObject(*Obj, Expanded);
+				Result.set(i, Expanded);
+			} else {
+				Result.set(i, Original.get(i));
 			}
 		}
 		return true;
 	}

-	bool APConfig::ReplaceVariablesInArray(const Poco::JSON::Array::Ptr &Original,
-										   Poco::JSON::Array::Ptr &ResultArray) {
-
-		for (const auto &element : *Original) {
+	bool APConfig::ReplaceVariablesInArray(const Poco::JSON::Array &Original,
+										   Poco::JSON::Array &ResultArray) {

+		for (const auto &element : Original) {
+//            std::cout << element.toString() << std::endl;
 			if (element.isArray()) {
-				auto Expanded = Poco::makeShared<Poco::JSON::Array>();
-				const auto &Object = element.extract<Poco::JSON::Array::Ptr>();
-				ReplaceVariablesInArray(Object, Expanded);
-				ResultArray->add(Expanded);
+                Poco::JSON::Array  Expanded;
+				const auto Object = element.extract<Poco::JSON::Array::Ptr>();
+                if(Object->size()>0) {
+                    ReplaceVariablesInArray(*Object, Expanded);
+                    ResultArray.add(Expanded);
+                }
 			} else if (element.isStruct()) {
-				auto Expanded = Poco::makeShared<Poco::JSON::Object>();
+                Poco::JSON::Object  Expanded;
 				const auto &Object = element.extract<Poco::JSON::Object::Ptr>();
-				ReplaceVariablesInObject(Object, Expanded);
-				ResultArray->add(Expanded);
+				ReplaceVariablesInObject(*Object, Expanded);
+				ResultArray.add(Expanded);
 			} else if (element.isString() || element.isNumeric() || element.isBoolean() ||
 					   element.isInteger() || element.isSigned()) {
-				ResultArray->add(element);
+				ResultArray.add(element);
 			} else {
-				auto Expanded = Poco::makeShared<Poco::JSON::Object>();
+                Poco::JSON::Object  Expanded;
 				const auto &Object = element.extract<Poco::JSON::Object::Ptr>();
-				ReplaceVariablesInObject(Object, Expanded);
-				ResultArray->add(Expanded);
+				ReplaceVariablesInObject(*Object, Expanded);
+				ResultArray.add(Expanded);
 			}
 		}
 		return true;
 	}

 	bool APConfig::Get(Poco::JSON::Object::Ptr &Configuration) {
+
 		if (Config_.empty()) {
 			Explanation_.clear();
 			try {
@@ -177,8 +235,8 @@ namespace OpenWifi {
 								ExObj.set("element", OriginalArray);
 								Explanation_.add(ExObj);
 							}
-							auto ExpandedArray = Poco::makeShared<Poco::JSON::Array>();
-							ReplaceVariablesInArray(OriginalArray, ExpandedArray);
+                            Poco::JSON::Array ExpandedArray;
+							ReplaceVariablesInArray(*OriginalArray, ExpandedArray);
 							Configuration->set(SectionName, ExpandedArray);
 						} else if (O->isObject(SectionName)) {
 							auto OriginalSection =
@@ -191,8 +249,8 @@ namespace OpenWifi {
 								ExObj.set("element", OriginalSection);
 								Explanation_.add(ExObj);
 							}
-							auto ExpandedSection = Poco::makeShared<Poco::JSON::Object>();
-							ReplaceVariablesInObject(OriginalSection, ExpandedSection);
+                            Poco::JSON::Object ExpandedSection;
+							ReplaceVariablesInObject(*OriginalSection, ExpandedSection);
 							Configuration->set(SectionName, ExpandedSection);
 						} else {
                            poco_warning(Logger(), fmt::format("Unknown config element type: {}",O->get(SectionName).toString()));
@@ -225,7 +283,7 @@ namespace OpenWifi {
 									RadioArray->get(RadioIndex).extract<Poco::JSON::Object::Ptr>();
 								if (Tokens[2] == "tx-power") {
 									IndexedRadio->set(
-										"rx-power",
+										"tx-power",
 										std::strtoull(col.parameterValue.c_str(), nullptr, 10));
 									if (Explain_) {
 										Poco::JSON::Object ExObj;
@@ -317,6 +375,7 @@ namespace OpenWifi {

 		ProvObjects::DeviceConfiguration Config;
 		if (StorageService()->ConfigurationDB().GetRecord("id", UUID, Config)) {
+//            std::cout << Config.info.name << ":" << Config.configuration.size() << std::endl;
 			if (!Config.configuration.empty()) {
 				if (DeviceTypeMatch(DeviceType_, Config.deviceTypes)) {
 					for (const auto &i : Config.configuration) {
--- a/src/APConfig.h
+++ b/src/APConfig.h
@@ -45,10 +45,10 @@ namespace OpenWifi {
 		bool Sub_ = false;
 		Poco::Logger &Logger() { return Logger_; }

-		bool ReplaceVariablesInArray(const Poco::JSON::Array::Ptr &O,
-									 Poco::JSON::Array::Ptr &Result);
-		bool ReplaceVariablesInObject(const Poco::JSON::Object::Ptr &Original,
-									  Poco::JSON::Object::Ptr &Result);
+		bool ReplaceVariablesInArray(const Poco::JSON::Array &O,
+									 Poco::JSON::Array &Result);
+		bool ReplaceVariablesInObject(const Poco::JSON::Object &Original,
+									  Poco::JSON::Object &Result);

 		bool FindRadio(const std::string &Band, const Poco::JSON::Array::Ptr &Arr,
 					   Poco::JSON::Object::Ptr &Radio);
@@ -58,5 +58,6 @@ namespace OpenWifi {
 				   Poco::JSON::Object::Ptr &C);
 		bool RemoveBand(const std::string &Band, const Poco::JSON::Array::Ptr &A_in,
 						Poco::JSON::Array::Ptr &A_Out);
+        bool InsertRadiusEndPoint(const ProvObjects::RADIUSEndPoint &EP, Poco::JSON::Object &Result);
 	};
 } // namespace OpenWifi
--- a/src/AutoDiscovery.cpp
+++ b/src/AutoDiscovery.cpp
@@ -31,6 +31,48 @@ namespace OpenWifi {
 		poco_information(Logger(), "Stopped...");
 	};

+    void AutoDiscovery::ProcessPing(const Poco::JSON::Object::Ptr & P, std::string &FW, std::string &SN,
+                                    std::string &Compat, std::string &Conn, std::string &locale) {
+        if (P->has(uCentralProtocol::CONNECTIONIP))
+            Conn = P->get(uCentralProtocol::CONNECTIONIP).toString();
+        if (P->has(uCentralProtocol::FIRMWARE))
+            FW = P->get(uCentralProtocol::FIRMWARE).toString();
+        if (P->has(uCentralProtocol::SERIALNUMBER))
+            SN = P->get(uCentralProtocol::SERIALNUMBER).toString();
+        if (P->has(uCentralProtocol::COMPATIBLE))
+            Compat = P->get(uCentralProtocol::COMPATIBLE).toString();
+        if (P->has("locale")) {
+            locale = P->get("locale").toString();
+        }
+    }
+
+    void AutoDiscovery::ProcessConnect(const Poco::JSON::Object::Ptr &P, std::string &FW, std::string &SN,
+                                       std::string &Compat, std::string &Conn, std::string &locale) {
+        if (P->has(uCentralProtocol::CONNECTIONIP))
+            Conn = P->get(uCentralProtocol::CONNECTIONIP).toString();
+        if (P->has(uCentralProtocol::FIRMWARE))
+            FW = P->get(uCentralProtocol::FIRMWARE).toString();
+        if (P->has(uCentralProtocol::SERIALNUMBER))
+            SN = P->get(uCentralProtocol::SERIALNUMBER).toString();
+        if (P->has("locale")) {
+            locale = P->get("locale").toString();
+        }
+        if(P->has(uCentralProtocol::CAPABILITIES)) {
+            auto CapObj = P->getObject(uCentralProtocol::CAPABILITIES);
+            if (CapObj->has(uCentralProtocol::COMPATIBLE))
+                Compat = CapObj->get(uCentralProtocol::COMPATIBLE).toString();
+        }
+    }
+
+    void AutoDiscovery::ProcessDisconnect(const Poco::JSON::Object::Ptr &P, [[maybe_unused]] std::string &FW,
+                                            std::string &SN,
+                                          [[maybe_unused]] std::string &Compat,
+                                          [[maybe_unused]] std::string &Conn,
+                                          [[maybe_unused]] std::string &locale) {
+        if (P->has(uCentralProtocol::SERIALNUMBER))
+            SN = P->get(uCentralProtocol::SERIALNUMBER).toString();
+    }
+
    void AutoDiscovery::run() {
 		Poco::AutoPtr<Poco::Notification> Note(Queue_.waitDequeueNotification());
 		Utils::SetThreadName("auto-discovery");
@@ -40,43 +82,31 @@ namespace OpenWifi {
 				try {
 					Poco::JSON::Parser Parser;
 					auto Object = Parser.parse(Msg->Payload()).extract<Poco::JSON::Object::Ptr>();
+                    bool    Connected=true;

 					if (Object->has(uCentralProtocol::PAYLOAD)) {
                        auto PayloadObj = Object->getObject(uCentralProtocol::PAYLOAD);
-						std::string ConnectedIP, SerialNumber, DeviceType;
-						if (PayloadObj->has(uCentralProtocol::CONNECTIONIP))
-							ConnectedIP =
-								PayloadObj->get(uCentralProtocol::CONNECTIONIP).toString();
-						if (PayloadObj->has(uCentralProtocol::CAPABILITIES)) {
-							auto CapObj = PayloadObj->getObject(uCentralProtocol::CAPABILITIES);
-							if (CapObj->has(uCentralProtocol::COMPATIBLE)) {
-								DeviceType = CapObj->get(uCentralProtocol::COMPATIBLE).toString();
-								SerialNumber = PayloadObj->get(uCentralProtocol::SERIAL).toString();
+                        std::string ConnectedIP, SerialNumber, Compatible, Firmware, Locale ;
+                        if (PayloadObj->has(uCentralProtocol::PING)) {
+                            auto PingObj = PayloadObj->getObject("ping");
+                            ProcessPing(PingObj, Firmware, SerialNumber, Compatible, ConnectedIP, Locale);
+                        } else if(PayloadObj->has("capabilities")) {
+                            ProcessConnect(PayloadObj, Firmware, SerialNumber, Compatible, ConnectedIP, Locale);
+                        } else if(PayloadObj->has("disconnection")) {
+                            //  we ignore disconnection in provisioning
+                            Connected=false;
+                            ProcessConnect(PayloadObj, Firmware, SerialNumber, Compatible, ConnectedIP, Locale);
+                        } else {
+                            poco_debug(Logger(),fmt::format("Unknown message on 'connection' topic: {}",Msg->Payload()));
                        }
-						} else if (PayloadObj->has(uCentralProtocol::PING)) {
-							auto PingMessage = PayloadObj->getObject(uCentralProtocol::PING);
-							if (PingMessage->has(uCentralProtocol::FIRMWARE) &&
-								PingMessage->has(uCentralProtocol::SERIALNUMBER) &&
-								PingMessage->has(uCentralProtocol::COMPATIBLE)) {
-								if (PingMessage->has(uCentralProtocol::CONNECTIONIP))
-									ConnectedIP =
-										PingMessage->get(uCentralProtocol::CONNECTIONIP).toString();
-								SerialNumber =
-									PingMessage->get(uCentralProtocol::SERIALNUMBER).toString();
-								DeviceType =
-									PingMessage->get(uCentralProtocol::COMPATIBLE).toString();
-							}
-						}
-						std::string Locale;
-						if (PayloadObj->has("locale"))
-							Locale = PayloadObj->get("locale").toString();

-						if (!SerialNumber.empty()) {
+                        if (!SerialNumber.empty() && Connected) {
                            StorageService()->InventoryDB().CreateFromConnection(
-								SerialNumber, ConnectedIP, DeviceType, Locale);
+                                    SerialNumber, ConnectedIP, Compatible, Locale);
                        }
                    }
 				} catch (const Poco::Exception &E) {
+                    std::cout << "EX:" << Msg->Payload() << std::endl;
 					Logger().log(E);
 				} catch (...) {
 				}
--- a/src/AutoDiscovery.h
+++ b/src/AutoDiscovery.h
@@ -9,6 +9,7 @@

 #include "Poco/Notification.h"
 #include "Poco/NotificationQueue.h"
+#include "Poco/JSON/Object.h"

 namespace OpenWifi {

@@ -46,6 +47,13 @@ namespace OpenWifi {
 		Poco::Thread Worker_;
 		std::atomic_bool Running_ = false;

+        void ProcessPing(const Poco::JSON::Object::Ptr & P, std::string &FW, std::string &SN,
+                                        std::string &Compat, std::string &Conn, std::string &locale) ;
+        void ProcessConnect(const Poco::JSON::Object::Ptr & P, std::string &FW, std::string &SN,
+                         std::string &Compat, std::string &Conn, std::string &locale) ;
+        void ProcessDisconnect(const Poco::JSON::Object::Ptr & P, std::string &FW, std::string &SN,
+                            std::string &Compat, std::string &Conn, std::string &locale) ;
+
        AutoDiscovery() noexcept
 			: SubSystemServer("AutoDiscovery", "AUTO-DISCOVERY", "discovery") {}
 	};
--- a/src/Daemon.cpp
+++ b/src/Daemon.cpp
@@ -23,6 +23,10 @@
 #include "UI_Prov_WebSocketNotifications.h"
 #include "framework/ConfigurationValidator.h"
 #include "framework/UI_WebSocketClientServer.h"
+#include <RadiusEndpointTypes/GlobalReach.h>
+#include <RadiusEndpointTypes/OrionWifi.h>
+#include <RadiusEndpointTypes/Radsec.h>
+#include <RadiusEndpointTypes/GenericRadius.h>

 namespace OpenWifi {
 	class Daemon *Daemon::instance_ = nullptr;
@@ -35,7 +39,11 @@ namespace OpenWifi {
 												ConfigurationValidator(), SerialNumberCache(),
 												AutoDiscovery(), JobController(),
 												UI_WebSocketClientServer(), FindCountryFromIP(),
-												Signup(), FileDownloader()});
+												Signup(), FileDownloader(),
+                                                OpenRoaming_GlobalReach(),
+                                                OpenRoaming_Orion(), OpenRoaming_Radsec(),
+                                                OpenRoaming_GenericRadius()
+            });
 		}
 		return instance_;
 	}
--- a/src/DeviceTypeCache.h
+++ b/src/DeviceTypeCache.h
@@ -63,17 +63,9 @@ namespace OpenWifi {
 			std::lock_guard G(Mutex_);

 			Initialized_ = true;
-			std::string DeviceTypes;
-			if (AppServiceRegistry().Get("deviceTypes", DeviceTypes)) {
-				Poco::JSON::Parser P;
-				try {
-					auto O = P.parse(DeviceTypes).extract<Poco::JSON::Array::Ptr>();
-					for (const auto &i : *O) {
-						DeviceTypes_.insert(i.toString());
-					}
-				} catch (...) {
-				}
-			}
+			std::vector<std::string> DeviceTypes;
+			AppServiceRegistry().Get("deviceTypes", DeviceTypes);
+            std::for_each(DeviceTypes.begin(),DeviceTypes.end(),[&](const std::string &s){ DeviceTypes_.insert(s);});
 		}

 		inline bool UpdateDeviceTypes() {
@@ -107,15 +99,9 @@ namespace OpenWifi {

 		inline void SaveCache() {
 			std::lock_guard G(Mutex_);
-
-			Poco::JSON::Array Arr;
-			for (auto const &i : DeviceTypes_)
-				Arr.add(i);
-
-			std::stringstream OS;
-			Arr.stringify(OS);
-
-			AppServiceRegistry().Set("deviceTypes", OS.str());
+            std::vector<std::string>    DeviceTypes;
+            std::for_each(DeviceTypes_.begin(),DeviceTypes_.end(),[&](const std::string &s){DeviceTypes.emplace_back(s);});
+			AppServiceRegistry().Set("deviceTypes", DeviceTypes);
 		}
 	};

--- a/src/FileDownloader.cpp
+++ b/src/FileDownloader.cpp
@@ -24,9 +24,15 @@ namespace OpenWifi {

 	void FileDownloader::onTimer([[maybe_unused]] Poco::Timer &timer) {
 		const static std::vector<std::pair<std::string, std::string>> Files{
-			{"https://raw.githubusercontent.com/blogic/ucentral-schema/main/ucentral.schema.json",
-			 "ucentral.schema.json"},
-			{"https://ucentral.io/ucentral.schema.pretty.json", "ucentral.schema.pretty.json"}};
+            {
+                "https://raw.githubusercontent.com/Telecominfraproject/wlan-ucentral-schema/main/ucentral.schema.pretty.json",
+                "ucentral.schema.pretty.json"
+            },
+            {
+                "https://raw.githubusercontent.com/Telecominfraproject/wlan-ucentral-schema/main/ucentral.schema.json",
+                "ucentral.schema.json"
+            }
+        };

 		Utils::SetThreadName("file-dmnldr");

--- a/src/Kafka_ProvUpdater.h
+++ b/src/Kafka_ProvUpdater.h
@@ -39,9 +39,7 @@ namespace OpenWifi {
 		Poco::JSON::Object Payload;
 		obj.to_json(Payload);
 		Payload.set("ObjectType", OT);
-		std::ostringstream OS;
-		Payload.stringify(OS);
-		KafkaManager()->PostMessage(KafkaTopics::PROVISIONING_CHANGE, Ops[op], std::make_shared<std::string>(OS.str()));
+		KafkaManager()->PostMessage(KafkaTopics::PROVISIONING_CHANGE, Ops[op], Payload);

 		return true;
 	}
--- a/src/RESTAPI/RESTAPI_openroaming_gr_acct_handler.cpp
+++ b/src/RESTAPI/RESTAPI_openroaming_gr_acct_handler.cpp
@@ -0,0 +1,125 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#include "RESTAPI_openroaming_gr_acct_handler.h"
+#include <RadiusEndpointTypes/GlobalReach.h>
+
+namespace OpenWifi {
+
+    void RESTAPI_openroaming_gr_acct_handler::DoGet() {
+        auto Account = GetBinding("id","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        RecordType   Record;
+        if(DB_.GetRecord("id",Account,Record)) {
+            return ReturnObject(Record);
+        }
+        return NotFound();
+    }
+
+    void RESTAPI_openroaming_gr_acct_handler::DoDelete() {
+        auto Account = GetBinding("id","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        RecordType   Record;
+        if(!DB_.GetRecord("id",Account,Record)) {
+            return NotFound();
+        }
+
+        StorageService()->GLBLRCertsDB().DeleteRecords(fmt::format(" accountId='{}' ", Account));
+        DB_.DeleteRecord("id", Account);
+
+        return OK();
+    }
+
+    void RESTAPI_openroaming_gr_acct_handler::DoPost() {
+        auto Account = GetBinding("id","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        const auto &RawObject = ParsedBody_;
+        RecordType    NewObject;
+        if( !NewObject.from_json(RawObject)) {
+            return BadRequest(OpenWifi::RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        if(NewObject.privateKey.empty() || NewObject.GlobalReachAcctId.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        if(!NewObject.privateKey.empty() && !Utils::VerifyECKey(NewObject.privateKey)) {
+            return BadRequest(RESTAPI::Errors::NotAValidECKey);
+        }
+
+        std::string GlobalReachName;
+        if(!OpenRoaming_GlobalReach()->VerifyAccount(NewObject.GlobalReachAcctId,NewObject.privateKey,GlobalReachName)) {
+            return BadRequest(RESTAPI::Errors::InvalidGlobalReachAccount);
+        }
+
+        if( NewObject.commonName.empty() || NewObject.organization.empty() ||
+            NewObject.city.empty() || NewObject.province.empty() || NewObject.country.empty() ) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        Utils::CSRCreationParameters    P;
+        P.Country = NewObject.country;
+        P.CommonName = NewObject.commonName;
+        P.Province = NewObject.province;
+        P.City = NewObject.city;
+        P.Organization = NewObject.organization;
+        Utils::CSRCreationResults       R;
+        if(!Utils::CreateX509CSR(P,R)) {
+            return BadRequest(RESTAPI::Errors::CannotCreateCSR);
+        }
+
+        NewObject.CSR = R.CSR;
+        NewObject.CSRPublicKey = R.PublicKey;
+        NewObject.CSRPrivateKey = R.PrivateKey;
+
+        ProvObjects::CreateObjectInfo(RawObject,UserInfo_.userinfo,NewObject.info);
+
+        if(DB_.CreateRecord(NewObject)) {
+            RecordType StoredObject;
+            DB_.GetRecord("id",NewObject.info.id,StoredObject);
+            return ReturnObject(StoredObject);
+        }
+
+        return BadRequest(RESTAPI::Errors::RecordNotCreated);
+    }
+
+    void RESTAPI_openroaming_gr_acct_handler::DoPut() {
+        auto Account = GetBinding("account","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        const auto &RawObject = ParsedBody_;
+        RecordType    Modify;
+        if(!Modify.from_json(RawObject)) {
+            return BadRequest(OpenWifi::RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        RecordType    Existing;
+        if(!DB_.GetRecord("id",Account,Existing)) {
+            return NotFound();
+        }
+
+        if(!ProvObjects::UpdateObjectInfo(RawObject,UserInfo_.userinfo,Existing.info)) {
+            return BadRequest(OpenWifi::RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        if(DB_.UpdateRecord("id",Existing.info.id,Existing)) {
+            RecordType StoredObject;
+            DB_.GetRecord("id",Existing.info.id,StoredObject);
+            return ReturnObject(StoredObject);
+        }
+        return BadRequest(RESTAPI::Errors::RecordNotUpdated);
+    }
+
+} // OpenWifi
--- a/src/RESTAPI/RESTAPI_openroaming_gr_acct_handler.h
+++ b/src/RESTAPI/RESTAPI_openroaming_gr_acct_handler.h
@@ -0,0 +1,32 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#pragma once
+#include "StorageService.h"
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_openroaming_gr_acct_handler : public RESTAPIHandler {
+    public:
+        RESTAPI_openroaming_gr_acct_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L,
+                                                 RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId,
+                                                 bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
+                                                          Poco::Net::HTTPRequest::HTTP_DELETE,
+                                                          Poco::Net::HTTPRequest::HTTP_PUT,
+                                                          Poco::Net::HTTPRequest::HTTP_POST,
+                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server, TransactionId, Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/openroaming/globalreach/account/{id}"}; };
+
+    private:
+        using RecordType = ProvObjects::GLBLRAccountInfo;
+        GLBLRAccountInfoDB &DB_ = StorageService()->GLBLRAccountInfoDB();
+        void DoGet() final;
+        void DoPost() final;
+        void DoPut() final;
+        void DoDelete() final;
+    };
+} // namespace OpenWifi
--- a/src/RESTAPI/RESTAPI_openroaming_gr_cert_handler.cpp
+++ b/src/RESTAPI/RESTAPI_openroaming_gr_cert_handler.cpp
@@ -0,0 +1,113 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#include "RESTAPI_openroaming_gr_cert_handler.h"
+#include <RadiusEndpointTypes/GlobalReach.h>
+
+namespace OpenWifi {
+
+    void RESTAPI_openroaming_gr_cert_handler::DoGet() {
+        auto Account = GetBinding("account","");
+        auto Id = GetBinding("id","");
+
+        if(Account.empty() || Id.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        if(!StorageService()->GLBLRAccountInfoDB().Exists("id",Account)) {
+            return NotFound();
+        }
+
+        std::vector<RecordType>  Certificates;
+        DB_.GetRecords(0,1,Certificates,fmt::format(" accountId='{}' and id='{}' ", Account, Id));
+        if(Certificates.empty()) {
+            return NotFound();
+        }
+        return ReturnObject(Certificates[0]);
+    }
+
+    void RESTAPI_openroaming_gr_cert_handler::DoDelete() {
+        auto Account = GetBinding("account","");
+        auto Id = GetBinding("id","");
+        if(Account.empty() || Id.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        if(!StorageService()->GLBLRAccountInfoDB().Exists("id",Account)) {
+            return NotFound();
+        }
+
+        DB_.DeleteRecords(fmt::format(" accountId='{}' and id='{}' ", Account, Id));
+        return OK();
+    }
+
+    void RESTAPI_openroaming_gr_cert_handler::DoPost() {
+        auto Account = GetBinding("account","");
+        auto Id = GetBinding("id","");
+
+        if(Account.empty() || Id.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        const auto &RawObject = ParsedBody_;
+        RecordType   NewObject;
+        if( !NewObject.from_json(RawObject)) {
+            return BadRequest(OpenWifi::RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        if(NewObject.name.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        ProvObjects::GLBLRAccountInfo   AccountInfo;
+        if(!StorageService()->GLBLRAccountInfoDB().GetRecord("id",Account, AccountInfo)) {
+            return BadRequest(RESTAPI::Errors::InvalidGlobalReachAccount);
+        }
+
+        if(OpenRoaming_GlobalReach()->CreateRADSECCertificate(AccountInfo.GlobalReachAcctId,NewObject.name,AccountInfo.CSR, NewObject)) {
+            NewObject.id = MicroServiceCreateUUID();
+            NewObject.accountId = Account;
+            NewObject.created = Utils::Now();
+            NewObject.csr = AccountInfo.CSR;
+            DB_.CreateRecord(NewObject);
+            RecordType   CreatedObject;
+            DB_.GetRecord("id",NewObject.id,CreatedObject);
+            return ReturnObject(CreatedObject);
+        }
+
+        return BadRequest(RESTAPI::Errors::RecordNotCreated);
+    }
+
+    void RESTAPI_openroaming_gr_cert_handler::DoPut() {
+        auto Account = GetBinding("account","");
+        auto Id = GetBinding("id","");
+        auto UpdateCertificate = GetBoolParameter("updateCertificate",false);
+
+        if(Account.empty() || Id.empty() || !UpdateCertificate){
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        ProvObjects::GLBLRAccountInfo   AccountInfo;
+        if(!StorageService()->GLBLRAccountInfoDB().GetRecord("id",Account, AccountInfo)) {
+            return BadRequest(RESTAPI::Errors::InvalidGlobalReachAccount);
+        }
+
+        ProvObjects::GLBLRCertificateInfo   Existing;
+        if(!DB_.GetRecord("id",Id,Existing)) {
+            return NotFound();
+        }
+
+        if(OpenRoaming_GlobalReach()->CreateRADSECCertificate(AccountInfo.GlobalReachAcctId,Existing.name,AccountInfo.CSR, Existing)) {
+            Existing.created = Utils::Now();
+            DB_.UpdateRecord("id",Existing.id,Existing);
+            RecordType   CreatedObject;
+            DB_.GetRecord("id",Existing.id,CreatedObject);
+            ProvObjects::RADIUSEndpointUpdateStatus Status;
+            Status.ChangeConfiguration();
+            return ReturnObject(CreatedObject);
+        }
+        return BadRequest(RESTAPI::Errors::RecordNotUpdated);
+    }
+
+} // OpenWifi
--- a/src/RESTAPI/RESTAPI_openroaming_gr_cert_handler.h
+++ b/src/RESTAPI/RESTAPI_openroaming_gr_cert_handler.h
@@ -0,0 +1,32 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#pragma once
+#include "StorageService.h"
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_openroaming_gr_cert_handler : public RESTAPIHandler {
+    public:
+        RESTAPI_openroaming_gr_cert_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L,
+                                            RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId,
+                                            bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
+                                                          Poco::Net::HTTPRequest::HTTP_DELETE,
+                                                          Poco::Net::HTTPRequest::HTTP_POST,
+                                                          Poco::Net::HTTPRequest::HTTP_PUT,
+                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server, TransactionId, Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/openroaming/globalreach/certificate/{account}/{id}"}; };
+
+    private:
+        using RecordType = ProvObjects::GLBLRCertificateInfo;
+        GLBLRCertsDB &DB_ = StorageService()->GLBLRCertsDB();
+        void DoGet() final;
+        void DoPost() final;
+        void DoPut() final ;
+        void DoDelete() final;
+    };
+} // namespace OpenWifi
--- a/src/RESTAPI/RESTAPI_openroaming_gr_list_acct_handler.cpp
+++ b/src/RESTAPI/RESTAPI_openroaming_gr_list_acct_handler.cpp
@@ -0,0 +1,20 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#include "RESTAPI_openroaming_gr_list_acct_handler.h"
+
+namespace OpenWifi {
+
+    void RESTAPI_openroaming_gr_list_acct_handler::DoGet() {
+
+        if(GetBoolParameter("countOnly")) {
+            return ReturnCountOnly(DB_.Count());
+        }
+
+        std::vector<RecordType>  Accounts;
+        DB_.GetRecords(QB_.Offset,QB_.Limit,Accounts);
+        return ReturnObject(Accounts);
+    }
+
+} // OpenWifi
--- a/src/RESTAPI/RESTAPI_openroaming_gr_list_acct_handler.h
+++ b/src/RESTAPI/RESTAPI_openroaming_gr_list_acct_handler.h
@@ -0,0 +1,30 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+
+#pragma once
+#include "StorageService.h"
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_openroaming_gr_list_acct_handler : public RESTAPIHandler {
+    public:
+        RESTAPI_openroaming_gr_list_acct_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L,
+                                                 RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId,
+                                                 bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
+                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server, TransactionId, Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/openroaming/globalreach/accounts"}; };
+
+    private:
+        using RecordType = ProvObjects::GLBLRAccountInfo;
+        GLBLRAccountInfoDB &DB_ = StorageService()->GLBLRAccountInfoDB();
+        void DoGet() final;
+        void DoPost() final{};
+        void DoPut() final{};
+        void DoDelete() final{};
+    };
+} // namespace OpenWifi
--- a/src/RESTAPI/RESTAPI_openroaming_gr_list_certificates.cpp
+++ b/src/RESTAPI/RESTAPI_openroaming_gr_list_certificates.cpp
@@ -0,0 +1,36 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#include "RESTAPI_openroaming_gr_list_certificates.h"
+
+namespace OpenWifi {
+
+    void RESTAPI_openroaming_gr_list_certificates::DoGet() {
+        auto Account = GetBinding("account");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        if(Account=="*") {
+            std::vector< ProvObjects::GLBLRCertificateInfo> Arr;
+            for(const auto &cert:QB_.Select) {
+                ProvObjects::GLBLRCertificateInfo CInfo;
+                if(StorageService()->GLBLRCertsDB().GetRecord("id",cert,CInfo)) {
+                    Arr.emplace_back(CInfo);
+                }
+            }
+            return ReturnObject(Arr);
+        }
+
+        auto Where = fmt::format(" accountId='{}'", Account);
+        if(GetBoolParameter("countOnly")) {
+            return ReturnCountOnly(DB_.Count(Where));
+        }
+
+        std::vector<RecordType>  Certificates;
+        DB_.GetRecords(QB_.Offset,QB_.Limit,Certificates, Where);
+        return ReturnObject(Certificates);
+    }
+
+} // OpenWifi
--- a/src/RESTAPI/RESTAPI_openroaming_gr_list_certificates.h
+++ b/src/RESTAPI/RESTAPI_openroaming_gr_list_certificates.h
@@ -0,0 +1,30 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#pragma once
+#include "StorageService.h"
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_openroaming_gr_list_certificates : public RESTAPIHandler {
+    public:
+        RESTAPI_openroaming_gr_list_certificates(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L,
+                                                 RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId,
+                                                 bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
+                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server, TransactionId, Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/openroaming/globalreach/certificates/{account}"}; };
+
+    private:
+        using RecordType = ProvObjects::GLBLRCertificateInfo;
+        GLBLRCertsDB &DB_ = StorageService()->GLBLRCertsDB();
+        void DoGet() final;
+        void DoPost() final{};
+        void DoPut() final{};
+        void DoDelete() final{};
+    };
+} // namespace OpenWifi
+
--- a/src/RESTAPI/RESTAPI_openroaming_orion_acct_handler.cpp
+++ b/src/RESTAPI/RESTAPI_openroaming_orion_acct_handler.cpp
@@ -0,0 +1,99 @@
+//
+// Created by stephane bourque on 2023-09-15.
+//
+
+#include "RESTAPI_openroaming_orion_acct_handler.h"
+
+namespace OpenWifi {
+
+    void RESTAPI_openroaming_orion_acct_handler::DoGet() {
+        auto Account = GetBinding("id","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        RecordType   Record;
+        if(DB_.GetRecord("id",Account,Record)) {
+            return ReturnObject(Record);
+        }
+        return NotFound();
+    }
+
+    void RESTAPI_openroaming_orion_acct_handler::DoDelete() {
+        auto Account = GetBinding("id","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        RecordType   Record;
+        if(!DB_.GetRecord("id",Account,Record)) {
+            return NotFound();
+        }
+        DB_.DeleteRecord("id", Account);
+        return OK();
+    }
+
+    void RESTAPI_openroaming_orion_acct_handler::DoPost() {
+        auto Account = GetBinding("id","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        const auto &RawObject = ParsedBody_;
+        RecordType    NewObject;
+        if( !NewObject.from_json(RawObject)) {
+            return BadRequest(OpenWifi::RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        if( NewObject.privateKey.empty()    ||
+            NewObject.certificate.empty()   ||
+            NewObject.cacerts.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        if( !Utils::VerifyECKey(NewObject.privateKey)           ||
+            !Utils::ValidX509Certificate(NewObject.certificate) ||
+            !Utils::ValidX509Certificate(NewObject.cacerts)) {
+            return BadRequest(RESTAPI::Errors::NotAValidECKey);
+        }
+
+        ProvObjects::CreateObjectInfo(RawObject,UserInfo_.userinfo,NewObject.info);
+
+        if(DB_.CreateRecord(NewObject)) {
+            RecordType StoredObject;
+            DB_.GetRecord("id",NewObject.info.id,StoredObject);
+            return ReturnObject(StoredObject);
+        }
+        return BadRequest(RESTAPI::Errors::RecordNotCreated);
+    }
+
+    void RESTAPI_openroaming_orion_acct_handler::DoPut() {
+        auto Account = GetBinding("id","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        const auto &RawObject = ParsedBody_;
+        RecordType    Modify;
+        if(!Modify.from_json(RawObject)) {
+            return BadRequest(OpenWifi::RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        RecordType    Existing;
+        if(!DB_.GetRecord("id",Account,Existing)) {
+            return NotFound();
+        }
+
+        if(!ProvObjects::UpdateObjectInfo(RawObject,UserInfo_.userinfo,Existing.info)) {
+            return BadRequest(OpenWifi::RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        if(DB_.UpdateRecord("id",Existing.info.id,Existing)) {
+            RecordType StoredObject;
+            DB_.GetRecord("id",Existing.info.id,StoredObject);
+            return ReturnObject(StoredObject);
+        }
+        return BadRequest(RESTAPI::Errors::RecordNotUpdated);
+    }
+
+} // OpenWifi
--- a/src/RESTAPI/RESTAPI_openroaming_orion_acct_handler.h
+++ b/src/RESTAPI/RESTAPI_openroaming_orion_acct_handler.h
@@ -0,0 +1,32 @@
+//
+// Created by stephane bourque on 2023-09-15.
+//
+
+#pragma once
+#include "StorageService.h"
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_openroaming_orion_acct_handler : public RESTAPIHandler {
+    public:
+        RESTAPI_openroaming_orion_acct_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L,
+                                                    RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId,
+                                                    bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
+                                                          Poco::Net::HTTPRequest::HTTP_DELETE,
+                                                          Poco::Net::HTTPRequest::HTTP_POST,
+                                                          Poco::Net::HTTPRequest::HTTP_PUT,
+                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server, TransactionId, Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/openroaming/orion/account/{id}"}; };
+
+    private:
+        using RecordType = ProvObjects::GooglOrionAccountInfo;
+        OrionAccountsDB &DB_ = StorageService()->OrionAccountsDB();
+        void DoGet() final;
+        void DoPost() final;
+        void DoPut() final;
+        void DoDelete() final;
+    };
+} // namespace OpenWifi
--- a/src/RESTAPI/RESTAPI_openroaming_orion_list_acct_handler.cpp
+++ b/src/RESTAPI/RESTAPI_openroaming_orion_list_acct_handler.cpp
@@ -0,0 +1,19 @@
+//
+// Created by stephane bourque on 2023-09-15.
+//
+
+#include "RESTAPI_openroaming_orion_list_acct_handler.h"
+
+
+namespace OpenWifi {
+
+    void RESTAPI_openroaming_orion_list_acct_handler::DoGet() {
+        if(GetBoolParameter("countOnly")) {
+            return ReturnCountOnly(DB_.Count());
+        }
+        std::vector<RecordType >  Accounts;
+        DB_.GetRecords(QB_.Offset,QB_.Limit,Accounts);
+        return ReturnObject(Accounts);
+    }
+
+} // OpenWifi
--- a/src/RESTAPI/RESTAPI_openroaming_orion_list_acct_handler.h
+++ b/src/RESTAPI/RESTAPI_openroaming_orion_list_acct_handler.h
@@ -0,0 +1,30 @@
+//
+// Created by stephane bourque on 2023-09-15.
+//
+
+#pragma once
+#include "StorageService.h"
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_openroaming_orion_list_acct_handler : public RESTAPIHandler {
+    public:
+        RESTAPI_openroaming_orion_list_acct_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L,
+                                                 RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId,
+                                                 bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
+                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server, TransactionId, Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/openroaming/orion/accounts"}; };
+
+    private:
+        using RecordType = ProvObjects::GooglOrionAccountInfo;
+        OrionAccountsDB &DB_ = StorageService()->OrionAccountsDB();
+        void DoGet() final;
+        void DoPost() final{};
+        void DoPut() final{};
+        void DoDelete() final{};
+    };
+} // namespace OpenWifi
+
--- a/src/RESTAPI/RESTAPI_radius_endpoint_handler.cpp
+++ b/src/RESTAPI/RESTAPI_radius_endpoint_handler.cpp
@@ -0,0 +1,202 @@
+//
+// Created by stephane bourque on 2023-09-27.
+//
+
+#include "RESTAPI_radius_endpoint_handler.h"
+#include <storage/storage_orion_accounts.h>
+#include <RESTObjects/RESTAPI_GWobjects.h>
+
+namespace OpenWifi {
+
+    void RESTAPI_radius_endpoint_handler::DoGet() {
+        auto id = GetBinding("id");
+        if(id.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingAuthenticationInformation);
+        }
+
+        RecordType Record;
+        if(DB_.GetRecord("id",id,Record)) {
+            return ReturnObject(Record);
+        }
+
+        return NotFound();
+    }
+
+    void RESTAPI_radius_endpoint_handler::DoDelete() {
+        auto id = GetBinding("id");
+        if(id.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingAuthenticationInformation);
+        }
+        RecordType Record;
+        if(DB_.GetRecord("id",id,Record)) {
+            DB_.DeleteRecord("id",id);
+            ProvObjects::RADIUSEndpointUpdateStatus Status;
+            Status.ChangeConfiguration();
+            return OK();
+        }
+        return NotFound();
+    }
+
+    static bool ValidPort(std::uint32_t P) {
+        return P>0 && P<65535;
+    }
+
+    static bool ValidRadiusServer(const ProvObjects::RADIUSServer &S) {
+        if(S.Hostname.empty() || !ValidPort(S.Port) || !Utils::ValidIP(S.IP) || S.Secret.empty()) {
+            return false;
+        }
+        return true;
+    }
+
+    static bool ValidRadiusServer(const std::vector<ProvObjects::RADIUSServer> &ServerList) {
+        return std::all_of(ServerList.begin(),ServerList.end(),[](const ProvObjects::RADIUSServer &Server)->bool { return ValidRadiusServer(Server); });
+    }
+
+    void RESTAPI_radius_endpoint_handler::DoPost() {
+        auto id = GetBinding("id");
+        if(id.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingAuthenticationInformation);
+        }
+
+        const auto &RawObject = ParsedBody_;
+        RecordType     NewRecord;
+        if(!NewRecord.from_json(RawObject)) {
+            return BadRequest(RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        if(GWObjects::RadiusEndpointType(NewRecord.Type)==GWObjects::RadiusEndpointType::unknown) {
+            return BadRequest(RESTAPI::Errors::InvalidRadiusTypeEndpoint);
+        }
+        if(GWObjects::RadiusPoolStrategy(NewRecord.PoolStrategy)==GWObjects::RadiusPoolStrategy::unknown) {
+            return BadRequest(RESTAPI::Errors::InvalidRadiusEndpointPoolStrategy);
+        }
+        if(!NewRecord.RadiusServers.empty() && !NewRecord.RadsecServers.empty()) {
+            return BadRequest(RESTAPI::Errors::EndpointMustHaveOneTypeOfServers);
+        }
+
+        auto EndPointType = GWObjects::RadiusEndpointType(NewRecord.Type);
+        switch(EndPointType) {
+            case GWObjects::RadiusEndpointType::radsec:
+            case GWObjects::RadiusEndpointType::orion:
+            case GWObjects::RadiusEndpointType::globalreach:
+            {
+                if(NewRecord.RadsecServers.empty()) {
+                    return BadRequest(RESTAPI::Errors::EndpointMustHaveOneTypeOfServers);
+                }
+            } break;
+            case GWObjects::RadiusEndpointType::generic: {
+                if(NewRecord.RadiusServers.empty()) {
+                    return BadRequest(RESTAPI::Errors::EndpointMustHaveOneTypeOfServers);
+                }
+            } break;
+            default:
+                return BadRequest(RESTAPI::Errors::EndpointMustHaveOneTypeOfServers);
+        }
+
+        if(NewRecord.Index.empty() || !RadiusEndpointDB::ValidIndex(NewRecord.Index)) {
+            return BadRequest(RESTAPI::Errors::RadiusEndpointIndexInvalid);
+        }
+
+        //  Make sure that nobody is using that index
+        auto where = fmt::format(" index='{}' ", NewRecord.Index);
+        if(DB_.Count(where)!=0) {
+            return BadRequest(RESTAPI::Errors::RadiusEndpointIndexInvalid);
+        }
+
+        if(EndPointType==GWObjects::RadiusEndpointType::generic) {
+            for(const auto &Server:NewRecord.RadiusServers) {
+                if(!ValidRadiusServer(Server.Authentication) ||
+                !ValidRadiusServer(Server.Accounting) ||
+                !ValidRadiusServer(Server.CoA)) {
+                    return BadRequest(RESTAPI::Errors::InvalidRadiusServer);
+                }
+            }
+        } else {
+            switch(EndPointType) {
+                case GWObjects::RadiusEndpointType::orion: {
+                    for(const auto &Server:NewRecord.RadsecServers) {
+                        if(!StorageService()->OrionAccountsDB().Exists("id",Server.UseOpenRoamingAccount)) {
+                            return BadRequest(RESTAPI::Errors::OrionAccountMustExist);
+                        }
+                    }
+                } break;
+                case GWObjects::RadiusEndpointType::globalreach: {
+                    for(const auto &Server:NewRecord.RadsecServers) {
+                        if(!StorageService()->GLBLRCertsDB().Exists("id",Server.UseOpenRoamingAccount)) {
+                            return BadRequest(RESTAPI::Errors::GlobalReachCertMustExist);
+                        }
+                    }
+                } break;
+                case GWObjects::RadiusEndpointType::radsec: {
+                    for(const auto &Server:NewRecord.RadsecServers) {
+                        if(Server.Certificate.empty() || !Utils::ValidX509Certificate(Server.Certificate)) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecMainCertificate);
+                        }
+                        if(Server.CaCerts.empty() || !Utils::ValidX509Certificate(Server.CaCerts)) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecCaCertificate);
+                        }
+                        if(Server.PrivateKey.empty() || !Utils::VerifyPrivateKey(Server.PrivateKey)) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecPrivteKey);
+                        }
+                        if(!Utils::ValidIP(Server.IP)) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecIPAddress);
+                        }
+                        if(!(Server.Port>0 && Server.Port<65535)) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecPort);
+                        }
+                        if(Server.Secret.empty()) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecSecret);
+                        }
+                    }
+
+                } break;
+                default: {
+
+                }
+            }
+        }
+
+        ProvObjects::CreateObjectInfo(RawObject,UserInfo_.userinfo,NewRecord.info);
+        if(DB_.CreateRecord(NewRecord)) {
+            RecordType  AddedRecord;
+            DB_.GetRecord("id", NewRecord.info.id, AddedRecord);
+            ProvObjects::RADIUSEndpointUpdateStatus Status;
+            Status.ChangeConfiguration();
+            return ReturnObject(AddedRecord);
+        }
+        return BadRequest(RESTAPI::Errors::RecordNotCreated);
+    }
+
+    void RESTAPI_radius_endpoint_handler::DoPut() {
+        auto id = GetBinding("id");
+        if(id.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingAuthenticationInformation);
+        }
+
+        const auto &RawObject = ParsedBody_;
+        RecordType     ModifiedRecord;
+        if(!ModifiedRecord.from_json(RawObject)) {
+            return BadRequest(RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        RecordType     Existing;
+        if(!DB_.GetRecord("id",id,Existing)) {
+            return NotFound();
+        }
+
+        AssignIfPresent(RawObject,"NasIdentifier", Existing.NasIdentifier);
+        AssignIfPresent(RawObject,"AccountingInterval", Existing.AccountingInterval);
+
+        ProvObjects::UpdateObjectInfo(RawObject, UserInfo_.userinfo, Existing.info);
+        if(DB_.UpdateRecord("id", Existing.info.id, Existing)) {
+            RecordType  AddedRecord;
+            DB_.GetRecord("id", Existing.info.id, AddedRecord);
+            ProvObjects::RADIUSEndpointUpdateStatus Status;
+            Status.ChangeConfiguration();
+            return ReturnObject(AddedRecord);
+        }
+
+        return BadRequest(RESTAPI::Errors::NotImplemented);
+    }
+
+} // OpenWifi
--- a/src/RESTAPI/RESTAPI_radius_endpoint_handler.h
+++ b/src/RESTAPI/RESTAPI_radius_endpoint_handler.h
@@ -0,0 +1,33 @@
+//
+// Created by stephane bourque on 2023-09-27.
+//
+
+#pragma once
+#include "StorageService.h"
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_radius_endpoint_handler : public RESTAPIHandler {
+    public:
+        RESTAPI_radius_endpoint_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L,
+                                            RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId,
+                                            bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
+                                                          Poco::Net::HTTPRequest::HTTP_PUT,
+                                                          Poco::Net::HTTPRequest::HTTP_POST,
+                                                          Poco::Net::HTTPRequest::HTTP_DELETE,
+                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server, TransactionId, Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/RADIUSEndPoint/{id}"}; };
+
+    private:
+        using RecordType = ProvObjects::RADIUSEndPoint;
+        RadiusEndpointDB &DB_ = StorageService()->RadiusEndpointDB();
+        void DoGet() final;
+        void DoPost() final;
+        void DoPut() final;
+        void DoDelete() final;
+    };
+} // namespace OpenWifi
+
--- a/src/RESTAPI/RESTAPI_radiusendpoint_list_handler.cpp
+++ b/src/RESTAPI/RESTAPI_radiusendpoint_list_handler.cpp
@@ -0,0 +1,49 @@
+//
+// Created by stephane bourque on 2023-09-27.
+//
+
+#include "RESTAPI_radiusendpoint_list_handler.h"
+#include "framework/AppServiceRegistry.h"
+#include "RadiusEndpointUpdater.h"
+
+namespace OpenWifi {
+
+    void RESTAPI_radiusendpoint_list_handler::DoGet() {
+
+        if(GetBoolParameter("currentStatus")) {
+            ProvObjects::RADIUSEndpointUpdateStatus Status;
+            Status.Read();
+            return ReturnObject(Status);
+        }
+
+        if(QB_.CountOnly) {
+            return ReturnCountOnly(DB_.Count());
+        }
+
+        std::vector<RecordType>    Records;
+        DB_.GetRecords(QB_.Offset,QB_.Limit,Records);
+        return ReturnObject(Records);
+    }
+
+    void RESTAPI_radiusendpoint_list_handler::DoPut() {
+        if( UserInfo_.userinfo.userRole!=SecurityObjects::ROOT &&
+            UserInfo_.userinfo.userRole!=SecurityObjects::ADMIN) {
+            return BadRequest(RESTAPI::Errors::ACCESS_DENIED);
+        }
+
+        if(GetBoolParameter("updateEndpoints")) {
+            RadiusEndpointUpdater R;
+
+            std::uint64_t ErrorCode;
+            std::string ErrorDetails;
+            std::string ErrorDescription;
+
+            if(!R.UpdateEndpoints(this, ErrorCode, ErrorDetails,ErrorDescription)) {
+                return InternalError(RESTAPI::Errors::msg{.err_num = ErrorCode, .err_txt = ErrorDetails + ":" + ErrorDescription});
+            }
+            return OK();
+        }
+        return BadRequest(RESTAPI::Errors::MissingAuthenticationInformation);
+    }
+
+} // OpenWifi
--- a/src/RESTAPI/RESTAPI_radiusendpoint_list_handler.h
+++ b/src/RESTAPI/RESTAPI_radiusendpoint_list_handler.h
@@ -0,0 +1,31 @@
+//
+// Created by stephane bourque on 2023-09-27.
+//
+
+#pragma once
+#include "StorageService.h"
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_radiusendpoint_list_handler : public RESTAPIHandler {
+    public:
+        RESTAPI_radiusendpoint_list_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L,
+                                                 RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId,
+                                                 bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
+                                                          Poco::Net::HTTPRequest::HTTP_PUT,
+                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server, TransactionId, Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/RADIUSEndPoints"}; };
+
+    private:
+        using RecordType = ProvObjects::RADIUSEndPoint;
+        RadiusEndpointDB &DB_ = StorageService()->RadiusEndpointDB();
+        void DoGet() final;
+        void DoPost() final{};
+        void DoPut() final;
+        void DoDelete() final{};
+    };
+} // namespace OpenWifi
+
--- a/src/RESTAPI/RESTAPI_routers.cpp
+++ b/src/RESTAPI/RESTAPI_routers.cpp
@@ -35,6 +35,14 @@
 #include "RESTAPI/RESTAPI_variables_list_handler.h"
 #include "RESTAPI/RESTAPI_venue_handler.h"
 #include "RESTAPI/RESTAPI_venue_list_handler.h"
+#include "RESTAPI/RESTAPI_openroaming_gr_acct_handler.h"
+#include "RESTAPI/RESTAPI_openroaming_gr_list_acct_handler.h"
+#include "RESTAPI/RESTAPI_openroaming_gr_cert_handler.h"
+#include "RESTAPI/RESTAPI_openroaming_gr_list_certificates.h"
+#include "RESTAPI/RESTAPI_openroaming_orion_acct_handler.h"
+#include "RESTAPI/RESTAPI_openroaming_orion_list_acct_handler.h"
+#include "RESTAPI/RESTAPI_radiusendpoint_list_handler.h"
+#include "RESTAPI/RESTAPI_radius_endpoint_handler.h"

 #include "framework/RESTAPI_SystemCommand.h"
 #include "framework/RESTAPI_WebSocketServer.h"
@@ -60,7 +68,11 @@ namespace OpenWifi {
 			RESTAPI_operators_list_handler, RESTAPI_service_class_handler,
 			RESTAPI_service_class_list_handler, RESTAPI_op_contact_handler,
 			RESTAPI_op_contact_list_handler, RESTAPI_op_location_handler,
-			RESTAPI_op_location_list_handler, RESTAPI_asset_server, RESTAPI_overrides_handler>(
+			RESTAPI_op_location_list_handler, RESTAPI_asset_server, RESTAPI_overrides_handler,
+            RESTAPI_openroaming_gr_acct_handler, RESTAPI_openroaming_gr_list_acct_handler,
+            RESTAPI_openroaming_gr_cert_handler, RESTAPI_openroaming_gr_list_certificates,
+            RESTAPI_openroaming_orion_acct_handler, RESTAPI_openroaming_orion_list_acct_handler,
+            RESTAPI_radiusendpoint_list_handler, RESTAPI_radius_endpoint_handler>(
 			Path, Bindings, L, S, TransactionId);
 	}

@@ -82,7 +94,11 @@ namespace OpenWifi {
 			RESTAPI_operators_list_handler, RESTAPI_service_class_handler,
 			RESTAPI_service_class_list_handler, RESTAPI_op_contact_handler,
 			RESTAPI_op_contact_list_handler, RESTAPI_op_location_handler,
-			RESTAPI_op_location_list_handler, RESTAPI_overrides_handler>(Path, Bindings, L, S,
-																		 TransactionId);
+			RESTAPI_op_location_list_handler, RESTAPI_overrides_handler,
+            RESTAPI_openroaming_gr_acct_handler, RESTAPI_openroaming_gr_list_acct_handler,
+            RESTAPI_openroaming_gr_cert_handler, RESTAPI_openroaming_gr_list_certificates,
+            RESTAPI_openroaming_orion_acct_handler, RESTAPI_openroaming_orion_list_acct_handler,
+            RESTAPI_radiusendpoint_list_handler, RESTAPI_radius_endpoint_handler>(
+                    Path, Bindings, L, S,TransactionId);
 	}
 } // namespace OpenWifi
--- a/src/RESTAPI/RESTAPI_venue_handler.cpp
+++ b/src/RESTAPI/RESTAPI_venue_handler.cpp
@@ -276,21 +276,19 @@ namespace OpenWifi {
 		auto testUpdateOnly = GetBoolParameter("testUpdateOnly");
 		if (testUpdateOnly) {
 			ProvObjects::SerialNumberList SNL;
-
+            StorageService()->InventoryDB().GetDevicesForVenue(UUID, SNL.serialNumbers);
 			Poco::JSON::Object Answer;
-			SNL.serialNumbers = Existing.devices;
 			SNL.to_json(Answer);
 			return ReturnObject(Answer);
 		}

 		if (GetBoolParameter("updateAllDevices")) {
 			ProvObjects::SerialNumberList SNL;
+            StorageService()->InventoryDB().GetDevicesForVenue(UUID, SNL.serialNumbers);

 			Poco::JSON::Object Answer;
-			SNL.serialNumbers = Existing.devices;
 			auto JobId = MicroServiceCreateUUID();
 			Types::StringVec Parameters{UUID};
-			;
 			auto NewJob = new VenueConfigUpdater(JobId, "VenueConfigurationUpdater", Parameters, 0,
 												 UserInfo_.userinfo, Logger());
 			JobController()->AddJob(dynamic_cast<Job *>(NewJob));
@@ -302,11 +300,10 @@ namespace OpenWifi {
 		if (GetBoolParameter("upgradeAllDevices")) {
 			if (GetBoolParameter("revisionsAvailable")) {
 				std::set<std::string> DeviceTypes;
-				for (const auto &serialNumber : Existing.devices) {
-					ProvObjects::InventoryTag Device;
-					if (StorageService()->InventoryDB().GetRecord("id", serialNumber, Device)) {
-						DeviceTypes.insert(Device.deviceType);
-					}
+                std::vector<ProvObjects::InventoryTag> ExistingDevices;
+                StorageService()->InventoryDB().GetDevicesForVenue(UUID, ExistingDevices);
+				for (const auto &device : ExistingDevices) {
+                    DeviceTypes.insert(device.deviceType);
 				}

 				//  Get all the revisions for all the device types
@@ -374,18 +371,17 @@ namespace OpenWifi {
 				return ReturnObject(Answer);
 			}

-			ProvObjects::SerialNumberList SNL;
-
 			auto Revision = GetParameter("revision", "");
 			if (Revision.empty()) {
 				return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
 			}

+            ProvObjects::SerialNumberList SNL;
+            StorageService()->InventoryDB().GetDevicesForVenue(UUID, SNL.serialNumbers);
+
 			Poco::JSON::Object Answer;
-			SNL.serialNumbers = Existing.devices;
 			auto JobId = MicroServiceCreateUUID();
 			Types::StringVec Parameters{UUID, Revision};
-			;
 			auto NewJob = new VenueUpgrade(JobId, "VenueFirmwareUpgrade", Parameters, 0,
 										   UserInfo_.userinfo, Logger());
 			JobController()->AddJob(dynamic_cast<Job *>(NewJob));
@@ -396,9 +392,9 @@ namespace OpenWifi {

 		if (GetBoolParameter("rebootAllDevices")) {
 			ProvObjects::SerialNumberList SNL;
+            StorageService()->InventoryDB().GetDevicesForVenue(UUID, SNL.serialNumbers);

 			Poco::JSON::Object Answer;
-			SNL.serialNumbers = Existing.devices;
 			auto JobId = MicroServiceCreateUUID();
 			Types::StringVec Parameters{UUID};
 			;
--- a/src/RESTObjects/RESTAPI_GWobjects.cpp
+++ b/src/RESTObjects/RESTAPI_GWobjects.cpp
@@ -171,6 +171,31 @@ namespace OpenWifi::GWObjects {
 		field_to_json(Obj, "lastModified", LastModified);
 	}

+	void DefaultFirmware::to_json(Poco::JSON::Object &Obj) const {
+		field_to_json(Obj, "deviceType", deviceType);
+		field_to_json(Obj, "description", Description);
+		field_to_json(Obj, "uri", uri);
+		field_to_json(Obj, "revision", revision);
+		field_to_json(Obj, "imageCreationDate", imageCreationDate);
+		field_to_json(Obj, "created", Created);
+		field_to_json(Obj, "lastModified", LastModified);
+	}
+
+	bool DefaultFirmware::from_json(const Poco::JSON::Object::Ptr &Obj) {
+		try {
+			field_from_json(Obj, "deviceType", deviceType);
+			field_from_json(Obj, "description", Description);
+			field_from_json(Obj, "uri", uri);
+			field_from_json(Obj, "revision", revision);
+			field_from_json(Obj, "imageCreationDate", imageCreationDate);
+			field_from_json(Obj, "created", Created);
+			field_from_json(Obj, "lastModified", LastModified);
+			return true;
+		} catch (const Poco::Exception &E) {
+		}
+		return false;
+	}
+
 	void CommandDetails::to_json(Poco::JSON::Object &Obj) const {
 		EmbedDocument("details", Obj, Details);
 		EmbedDocument("results", Obj, Results);
@@ -246,6 +271,8 @@ namespace OpenWifi::GWObjects {
 		field_to_json(Obj, "connectionCompletionTime", connectionCompletionTime);
 		field_to_json(Obj, "totalConnectionTime", Utils::Now() - started);
 		field_to_json(Obj, "certificateExpiryDate", certificateExpiryDate);
+		field_to_json(Obj, "connectReason", connectReason);
+
 #ifdef TIP_GATEWAY_SERVICE
 		hasRADIUSSessions = RADIUSSessionTracker()->HasSessions(SerialNumber);
 		AP_WS_Server()->ExtendedAttributes(SerialNumber, hasGPS, sanity,
@@ -403,6 +430,10 @@ namespace OpenWifi::GWObjects {
 		field_to_json(Obj, "acctConfig", acctConfig);
 		field_to_json(Obj, "coaConfig", coaConfig);
 		field_to_json(Obj, "useByDefault", useByDefault);
+		field_to_json(Obj, "radsecKeepAlive", radsecKeepAlive);
+		field_to_json(Obj, "poolProxyIp", poolProxyIp);
+		field_to_json(Obj, "radsecPoolType", radsecPoolType);
+		field_to_json(Obj, "enabled", enabled);
 	}

 	bool RadiusProxyPool::from_json(const Poco::JSON::Object::Ptr &Obj) {
@@ -413,6 +444,10 @@ namespace OpenWifi::GWObjects {
 			field_from_json(Obj, "acctConfig", acctConfig);
 			field_from_json(Obj, "coaConfig", coaConfig);
 			field_from_json(Obj, "useByDefault", useByDefault);
+			field_from_json(Obj, "radsecKeepAlive", radsecKeepAlive);
+			field_from_json(Obj, "poolProxyIp", poolProxyIp);
+			field_from_json(Obj, "radsecPoolType", radsecPoolType);
+			field_from_json(Obj, "enabled", enabled);
 			return true;
 		} catch (const Poco::Exception &E) {
 		}
@@ -630,18 +665,50 @@ namespace OpenWifi::GWObjects {
 		field_to_json(Obj, "chargeableUserIdentity", chargeableUserIdentity);
 		field_to_json(Obj, "interface", interface);
 		field_to_json(Obj, "secret", secret);
+		field_to_json(Obj, "nasId", nasId);
+		field_to_json(Obj, "calledStationId", calledStationId);
 	}

 	void RADIUSSessionList::to_json(Poco::JSON::Object &Obj) const {
 		field_to_json(Obj, "sessions", sessions);
 	}

+	void RadiusCoADMParameters::to_json(Poco::JSON::Object &Obj) const {
+		field_to_json(Obj, "accountingSessionId", accountingSessionId);
+		field_to_json(Obj, "accountingMultiSessionId", accountingMultiSessionId);
+		field_to_json(Obj, "callingStationId", callingStationId);
+		field_to_json(Obj, "chargeableUserIdentity", chargeableUserIdentity);
+		field_to_json(Obj, "userName", userName);
+	}
+
 	bool RadiusCoADMParameters::from_json(const Poco::JSON::Object::Ptr &Obj) {
 		try {
 			field_from_json(Obj, "accountingSessionId", accountingSessionId);
 			field_from_json(Obj, "accountingMultiSessionId", accountingMultiSessionId);
 			field_from_json(Obj, "callingStationId", callingStationId);
 			field_from_json(Obj, "chargeableUserIdentity", chargeableUserIdentity);
+			field_from_json(Obj, "userName", userName);
+			return true;
+		} catch (const Poco::Exception &E) {
+		}
+		return false;
+	}
+
+	bool DeviceTransferRequest::from_json(const Poco::JSON::Object::Ptr &Obj) {
+		try {
+			field_from_json(Obj, "serialNumber", serialNumber);
+			field_from_json(Obj, "server", server);
+			field_from_json(Obj, "port", port);
+			return true;
+		} catch (const Poco::Exception &E) {
+		}
+		return false;
+	}
+
+	bool DeviceCertificateUpdateRequest::from_json(const Poco::JSON::Object::Ptr &Obj) {
+		try {
+			field_from_json(Obj, "serialNumber", serialNumber);
+			field_from_json(Obj, "encodedCertificate", encodedCertificate);
 			return true;
 		} catch (const Poco::Exception &E) {
 		}
--- a/src/RESTObjects/RESTAPI_GWobjects.h
+++ b/src/RESTObjects/RESTAPI_GWobjects.h
@@ -42,12 +42,13 @@ namespace OpenWifi::GWObjects {
 		uint64_t sessionId = 0;
 		double connectionCompletionTime = 0.0;
 		std::uint64_t certificateExpiryDate = 0;
-		bool hasRADIUSSessions = false;
+		std::uint64_t hasRADIUSSessions = 0;
 		bool hasGPS = false;
 		std::uint64_t sanity=0;
 		std::double_t memoryUsed=0.0;
 		std::double_t load=0.0;
 		std::double_t temperature=0.0;
+		std::string 	connectReason;

 		void to_json(const std::string &SerialNumber, Poco::JSON::Object &Obj) ;
 	};
@@ -181,6 +182,26 @@ namespace OpenWifi::GWObjects {
 		bool from_json(const Poco::JSON::Object::Ptr &Obj);
 	};

+	struct DefaultFirmware {
+		std::string deviceType;
+		std::string Description;
+		std::string uri;
+		std::string revision;
+		uint64_t imageCreationDate;
+		uint64_t Created;
+		uint64_t LastModified;
+
+		void to_json(Poco::JSON::Object &Obj) const;
+		bool from_json(const Poco::JSON::Object::Ptr &Obj);
+	};
+
+	struct DefaultFirmwareList {
+		std::vector<DefaultFirmware>	firmwares;
+
+		void to_json(Poco::JSON::Object &Obj) const;
+		bool from_json(const Poco::JSON::Object::Ptr &Obj);
+	};
+
 	struct CommandDetails {
 		std::string UUID;
 		std::string SerialNumber;
@@ -339,6 +360,10 @@ namespace OpenWifi::GWObjects {
 		RadiusProxyServerConfig acctConfig;
 		RadiusProxyServerConfig coaConfig;
 		bool useByDefault = false;
+		std::string 	radsecPoolType;
+		std::string 	poolProxyIp;
+		std::uint64_t 	radsecKeepAlive=25;
+		bool			enabled=true;

 		void to_json(Poco::JSON::Object &Obj) const;
 		bool from_json(const Poco::JSON::Object::Ptr &Obj);
@@ -393,7 +418,8 @@ namespace OpenWifi::GWObjects {
 					 			callingStationId,
 								chargeableUserIdentity,
 								secret,
-								interface;
+								interface,
+								nasId;
 		std::uint64_t 			inputPackets = 0,
 								outputPackets = 0,
 								inputOctets = 0,
@@ -401,6 +427,7 @@ namespace OpenWifi::GWObjects {
 								inputGigaWords = 0,
 								outputGigaWords = 0;
 		std::uint32_t 			sessionTime = 0;
+		std::string 			calledStationId;

 #ifdef TIP_GATEWAY_SERVICE
 		RADIUS::RadiusPacket	accountingPacket;
@@ -418,7 +445,68 @@ namespace OpenWifi::GWObjects {
 		std::string 			accountingSessionId,
 								accountingMultiSessionId,
 								callingStationId,
-								chargeableUserIdentity;
+								chargeableUserIdentity,
+								userName;
+
+		bool from_json(const Poco::JSON::Object::Ptr &Obj);
+		void to_json(Poco::JSON::Object &Obj) const;
+	};
+
+	enum class RadiusPoolStrategy {
+		round_robin, random, weighted, unknown
+	};
+
+	enum class RadiusEndpointType {
+		generic, radsec, globalreach, orion, unknown
+	};
+
+	static inline RadiusEndpointType RadiusEndpointType(const std::string &T) {
+		if(T=="generic") return RadiusEndpointType::generic;
+		if(T=="radsec") return RadiusEndpointType::radsec;
+		if(T=="globalreach") return RadiusEndpointType::globalreach;
+		if(T=="orion") return RadiusEndpointType::orion;
+		return RadiusEndpointType::unknown;
+	}
+
+	static inline RadiusPoolStrategy RadiusPoolStrategy(const std::string &T) {
+		if(T=="round_robin") return RadiusPoolStrategy::round_robin;
+		if(T=="random") return RadiusPoolStrategy::random;
+		if(T=="weighted") return RadiusPoolStrategy::weighted;
+		return RadiusPoolStrategy::unknown;
+	}
+
+	static inline std::string to_string(enum RadiusEndpointType T) {
+		switch(T) {
+		case RadiusEndpointType::generic: return "generic";
+		case RadiusEndpointType::radsec: return "radsec";
+		case RadiusEndpointType::globalreach: return "globalreach";
+		case RadiusEndpointType::orion: return "orion";
+		default:
+			return "unknown";
+		}
+	}
+
+	static inline std::string to_string(enum RadiusPoolStrategy T) {
+		switch(T) {
+		case RadiusPoolStrategy::round_robin: return "round_robin";
+		case RadiusPoolStrategy::random: return "random";
+		case RadiusPoolStrategy::weighted: return "weighted";
+		default:
+			return "unknown";
+		}
+	}
+
+	struct DeviceTransferRequest {
+		std::string 	serialNumber;
+		std::string 	server;
+		std::uint64_t 	port;
+
+		bool from_json(const Poco::JSON::Object::Ptr &Obj);
+	};
+
+	struct DeviceCertificateUpdateRequest {
+		std::string 	serialNumber;
+		std::string 	encodedCertificate;

 		bool from_json(const Poco::JSON::Object::Ptr &Obj);
 	};
--- a/src/RESTObjects/RESTAPI_OWLSobjects.cpp
+++ b/src/RESTObjects/RESTAPI_OWLSobjects.cpp
@@ -92,6 +92,7 @@ namespace OpenWifi::OWLSObjects {
        field_to_json(Obj, "endTime", endTime);
        field_to_json(Obj, "errorDevices", errorDevices);
        field_to_json(Obj, "owner", owner);
+        field_to_json(Obj, "expectedDevices", expectedDevices);
    }

 	void Dashboard::to_json([[maybe_unused]] Poco::JSON::Object &Obj) const {}
--- a/src/RESTObjects/RESTAPI_OWLSobjects.h
+++ b/src/RESTObjects/RESTAPI_OWLSobjects.h
@@ -57,6 +57,7 @@ namespace OpenWifi::OWLSObjects {
        uint64_t endTime;
        uint64_t errorDevices;
        std::string owner;
+        uint64_t expectedDevices;

        void to_json(Poco::JSON::Object &Obj) const;
    };
--- a/src/RESTObjects/RESTAPI_ProvObjects.cpp
+++ b/src/RESTObjects/RESTAPI_ProvObjects.cpp
@@ -1194,4 +1194,243 @@ namespace OpenWifi::ProvObjects {
 		return false;
 	}

+    void GLBLRAccountInfo::to_json(Poco::JSON::Object &Obj) const {
+        info.to_json(Obj);
+        field_to_json(Obj, "privateKey", privateKey);
+        field_to_json(Obj, "country", country);
+        field_to_json(Obj, "province", province);
+        field_to_json(Obj, "city", city);
+        field_to_json(Obj, "organization", organization);
+        field_to_json(Obj, "commonName", commonName);
+        field_to_json(Obj, "CSR", CSR);
+        field_to_json(Obj, "CSRPrivateKey", CSRPrivateKey);
+        field_to_json(Obj, "CSRPublicKey", CSRPublicKey);
+        field_to_json(Obj, "GlobalReachAcctId", GlobalReachAcctId);
+    }
+
+    bool GLBLRAccountInfo::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            info.from_json(Obj);
+            field_from_json(Obj, "privateKey", privateKey);
+            field_from_json(Obj, "country", country);
+            field_from_json(Obj, "province", province);
+            field_from_json(Obj, "city", city);
+            field_from_json(Obj, "organization", organization);
+            field_from_json(Obj, "commonName", commonName);
+            field_from_json(Obj, "CSR", CSR);
+            field_from_json(Obj, "CSRPrivateKey", CSRPrivateKey);
+            field_from_json(Obj, "CSRPublicKey", CSRPublicKey);
+            field_from_json(Obj, "GlobalReachAcctId", GlobalReachAcctId);
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    void GLBLRCertificateInfo::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj, "id", id);
+        field_to_json(Obj, "name", name);
+        field_to_json(Obj, "accountId", accountId);
+        field_to_json(Obj, "csr", csr);
+        field_to_json(Obj, "certificate", certificate);
+        field_to_json(Obj, "certificateChain", certificateChain);
+        field_to_json(Obj, "certificateId", certificateId);
+        field_to_json(Obj, "expiresAt", expiresAt);
+        field_to_json(Obj, "created", created);
+    }
+
+    bool GLBLRCertificateInfo::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            field_from_json(Obj, "id", id);
+            field_from_json(Obj, "name", name);
+            field_from_json(Obj, "accountId", accountId);
+            field_from_json(Obj, "csr", csr);
+            field_from_json(Obj, "certificate", certificate);
+            field_from_json(Obj, "certificateChain", certificateChain);
+            field_from_json(Obj, "certificateId", certificateId);
+            field_from_json(Obj, "expiresAt", expiresAt);
+            field_from_json(Obj, "created", created);
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    void GooglOrionAccountInfo::to_json(Poco::JSON::Object &Obj) const {
+        info.to_json(Obj);
+        field_to_json(Obj, "privateKey", privateKey);
+        field_to_json(Obj, "certificate", certificate);
+        field_to_json(Obj, "cacerts", cacerts);
+    }
+
+    bool GooglOrionAccountInfo::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            info.from_json(Obj);
+            field_from_json(Obj, "privateKey", privateKey);
+            field_from_json(Obj, "certificate", certificate);
+            field_from_json(Obj, "cacerts", cacerts);
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    void RADIUSServer::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj, "Hostname", Hostname);
+        field_to_json(Obj, "IP", IP);
+        field_to_json(Obj, "Port", Port);
+        field_to_json(Obj, "Secret", Secret);
+    }
+
+    bool RADIUSServer::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            field_from_json(Obj, "Hostname", Hostname);
+            field_from_json(Obj, "IP", IP);
+            field_from_json(Obj, "Port", Port);
+            field_from_json(Obj, "Secret", Secret);
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    void RADIUSEndPointRadiusType::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj, "Authentication", Authentication);
+        field_to_json(Obj, "Accounting", Accounting);
+        field_to_json(Obj, "CoA", CoA);
+        field_to_json(Obj, "AccountingInterval", AccountingInterval);
+    }
+
+    bool RADIUSEndPointRadiusType::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            field_from_json(Obj, "Authentication", Authentication);
+            field_from_json(Obj, "Accounting", Accounting);
+            field_from_json(Obj, "CoA", CoA);
+            field_from_json(Obj, "AccountingInterval", AccountingInterval);
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    void RADIUSEndPointRadsecType::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj, "Hostname", Hostname);
+        field_to_json(Obj, "IP", IP);
+        field_to_json(Obj, "Port", Port);
+        field_to_json(Obj, "Secret", Secret);
+        field_to_json(Obj, "OpenRoamingType", OpenRoamingType);
+        field_to_json(Obj, "UseOpenRoamingAccount", UseOpenRoamingAccount);
+        field_to_json(Obj, "Weight", Weight);
+        field_to_json(Obj, "Certificate", Certificate);
+        field_to_json(Obj, "PrivateKey", PrivateKey);
+        field_to_json(Obj, "CaCerts", CaCerts);
+        field_to_json(Obj, "AllowSelfSigned", AllowSelfSigned);
+    }
+
+    bool RADIUSEndPointRadsecType::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            field_from_json(Obj, "Hostname", Hostname);
+            field_from_json(Obj, "IP", IP);
+            field_from_json(Obj, "Port", Port);
+            field_from_json(Obj, "Secret", Secret);
+            field_from_json(Obj, "OpenRoamingType", OpenRoamingType);
+            field_from_json(Obj, "UseOpenRoamingAccount", UseOpenRoamingAccount);
+            field_from_json(Obj, "Weight", Weight);
+            field_from_json(Obj, "Certificate", Certificate);
+            field_from_json(Obj, "PrivateKey", PrivateKey);
+            field_from_json(Obj, "CaCerts", CaCerts);
+            field_from_json(Obj, "AllowSelfSigned", AllowSelfSigned);
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    void RADIUSEndPoint::to_json(Poco::JSON::Object &Obj) const {
+        info.to_json(Obj);
+        field_to_json(Obj, "Type", Type);
+        field_to_json(Obj, "RadsecServers", RadsecServers);
+        field_to_json(Obj, "RadiusServers", RadiusServers);
+        field_to_json(Obj, "PoolStrategy", PoolStrategy);
+        field_to_json(Obj, "Index", Index);
+        field_to_json(Obj, "UsedBy", UsedBy);
+        field_to_json(Obj, "UseGWProxy", UseGWProxy);
+        field_to_json(Obj, "NasIdentifier", NasIdentifier);
+        field_to_json(Obj, "AccountingInterval", AccountingInterval);
+    }
+
+    bool RADIUSEndPoint::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            info.from_json(Obj);
+            field_from_json(Obj, "Type", Type);
+            field_from_json(Obj, "RadsecServers", RadsecServers);
+            field_from_json(Obj, "RadiusServers", RadiusServers);
+            field_from_json(Obj, "PoolStrategy", PoolStrategy);
+            field_from_json(Obj, "Index", Index);
+            field_from_json(Obj, "UsedBy", UsedBy);
+            field_from_json(Obj, "UseGWProxy", UseGWProxy);
+            field_from_json(Obj, "NasIdentifier", NasIdentifier);
+            field_from_json(Obj, "AccountingInterval", AccountingInterval);
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    void RADIUSEndpointUpdateStatus::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj, "lastUpdate", lastUpdate);
+        field_to_json(Obj, "lastConfigurationChange", lastConfigurationChange);
+    }
+
+    bool RADIUSEndpointUpdateStatus::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            field_from_json(Obj, "lastUpdate", lastUpdate);
+            field_from_json(Obj, "lastConfigurationChange", lastConfigurationChange);
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    bool RADIUSEndpointUpdateStatus::Read() {
+        Poco::File  F(OpenWifi::MicroServiceDataDirectory()+"/RADIUSEndpointUpdateStatus.json");
+        try {
+            if (F.exists()) {
+                Poco::JSON::Parser P;
+                std::ifstream ifs(F.path(), std::ios_base::in | std::ios_base::binary);
+                auto Obj = P.parse(ifs);
+                return from_json(Obj.extract<Poco::JSON::Object::Ptr>());
+            }
+        } catch (...) {
+        }
+        return false;
+    }
+
+    bool RADIUSEndpointUpdateStatus::Save() {
+        Poco::File  F(OpenWifi::MicroServiceDataDirectory()+"/RADIUSEndpointUpdateStatus.json");
+        try {
+            Poco::JSON::Object Obj;
+            to_json(Obj);
+            std::ofstream O(F.path(), std::ios_base::out | std::ios_base::trunc | std::ios_base::binary);
+            Poco::JSON::Stringifier::stringify(Obj, O);
+            return true;
+        } catch (...) {
+        }
+        return false;
+    }
+
+    bool RADIUSEndpointUpdateStatus::ChangeConfiguration() {
+        Read();
+        lastConfigurationChange = Utils::Now();
+        return Save();
+    }
+
 } // namespace OpenWifi::ProvObjects
--- a/src/RESTObjects/RESTAPI_ProvObjects.h
+++ b/src/RESTObjects/RESTAPI_ProvObjects.h
@@ -29,6 +29,7 @@ namespace OpenWifi::ProvObjects {
        Types::TagList tags;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -36,6 +37,7 @@ namespace OpenWifi::ProvObjects {
        Types::UUIDvec_t serialNumbers;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -46,6 +48,7 @@ namespace OpenWifi::ProvObjects {
        std::string policy;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -57,14 +60,18 @@ namespace OpenWifi::ProvObjects {
        Types::UUID_t venue;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };
+
    typedef std::vector<ManagementPolicy> ManagementPolicyVec;

    struct RRMAlgorithmDetails {
        std::string name;
        std::string parameters;
+
        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -72,7 +79,9 @@ namespace OpenWifi::ProvObjects {
        std::string vendor;
        std::string schedule;
        std::vector<RRMAlgorithmDetails> algorithms;
+
        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -82,6 +91,7 @@ namespace OpenWifi::ProvObjects {
        std::string firmwareUpgrade{"inherit"};

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -104,8 +114,10 @@ namespace OpenWifi::ProvObjects {
        Types::UUIDvec_t configurations;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };
+
    typedef std::vector<Entity> EntityVec;

    struct DiGraphEntry {
@@ -113,6 +125,7 @@ namespace OpenWifi::ProvObjects {
        Types::UUID_t child;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -140,8 +153,10 @@ namespace OpenWifi::ProvObjects {
        Types::UUIDvec_t boards;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };
+
    typedef std::vector<Venue> VenueVec;

    struct UserInfoDigest {
@@ -150,6 +165,7 @@ namespace OpenWifi::ProvObjects {
        std::string userType;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -162,8 +178,10 @@ namespace OpenWifi::ProvObjects {
        Types::UUID_t venue;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };
+
    typedef std::vector<ManagementRole> ManagementRoleVec;

    enum LocationType {
@@ -232,8 +250,10 @@ namespace OpenWifi::ProvObjects {
        Types::UUID_t managementPolicy;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };
+
    typedef std::vector<Location> LocationVec;

    struct OperatorLocation {
@@ -253,8 +273,10 @@ namespace OpenWifi::ProvObjects {
        Types::UUID_t managementPolicy;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };
+
    typedef std::vector<Location> LocationVec;

    struct SubLocation {
@@ -270,6 +292,7 @@ namespace OpenWifi::ProvObjects {
        std::string geoCode;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -277,6 +300,7 @@ namespace OpenWifi::ProvObjects {
        std::vector<OperatorLocation> locations;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -356,8 +380,10 @@ namespace OpenWifi::ProvObjects {
        Types::UUID_t managementPolicy;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };
+
    typedef std::vector<Contact> ContactVec;

    struct OperatorContact {
@@ -379,6 +405,7 @@ namespace OpenWifi::ProvObjects {
        Types::UUID_t managementPolicy;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -397,6 +424,7 @@ namespace OpenWifi::ProvObjects {
        std::string accessPIN;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -404,6 +432,7 @@ namespace OpenWifi::ProvObjects {
        std::vector<OperatorContact> contacts;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -416,8 +445,10 @@ namespace OpenWifi::ProvObjects {
        std::string configuration;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };
+
    typedef std::vector<DeviceConfigurationElement> DeviceConfigurationElementVec;

    struct DeviceConfiguration {
@@ -434,8 +465,10 @@ namespace OpenWifi::ProvObjects {
        std::string subscriber;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };
+
    typedef std::vector<DeviceConfiguration> DeviceConfigurationVec;

    struct InventoryTag {
@@ -459,6 +492,7 @@ namespace OpenWifi::ProvObjects {
        bool doNotAllowOverrides = false;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -468,6 +502,7 @@ namespace OpenWifi::ProvObjects {
        InventoryTagVec taglist;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -478,6 +513,7 @@ namespace OpenWifi::ProvObjects {
        uint64_t errorCode;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -486,6 +522,7 @@ namespace OpenWifi::ProvObjects {
        Types::CountedMap tenants;

        void reset();
+
        void to_json(Poco::JSON::Object &Obj) const;
    };

@@ -495,6 +532,7 @@ namespace OpenWifi::ProvObjects {
        std::string description;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -503,6 +541,7 @@ namespace OpenWifi::ProvObjects {
        std::vector<ExpandedUseEntry> entries;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -510,6 +549,7 @@ namespace OpenWifi::ProvObjects {
        std::vector<ExpandedUseEntryList> entries;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -517,10 +557,13 @@ namespace OpenWifi::ProvObjects {
        Types::UUIDvec_t list;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

-	enum ACLACCESS { NONE = 0, READ = 1, MODIFY = 2, CREATE = 3, DELETE = 4 };
+    enum ACLACCESS {
+        NONE = 0, READ = 1, MODIFY = 2, CREATE = 3, DELETE = 4
+    };

    struct ObjectACL {
        UuidList users;
@@ -528,6 +571,7 @@ namespace OpenWifi::ProvObjects {
        uint64_t access = (uint64_t) NONE;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -535,6 +579,7 @@ namespace OpenWifi::ProvObjects {
        std::vector<ObjectACL> list;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -549,6 +594,7 @@ namespace OpenWifi::ProvObjects {
        std::string venue;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -556,6 +602,7 @@ namespace OpenWifi::ProvObjects {
        std::vector<Map> list;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -585,6 +632,7 @@ namespace OpenWifi::ProvObjects {
        std::string operatorId;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -595,6 +643,7 @@ namespace OpenWifi::ProvObjects {
        std::string value;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -602,6 +651,7 @@ namespace OpenWifi::ProvObjects {
        std::vector<Variable> variables;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -616,6 +666,7 @@ namespace OpenWifi::ProvObjects {
        Types::UUID_t managementPolicy;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -623,6 +674,7 @@ namespace OpenWifi::ProvObjects {
        std::vector<VariableBlock> variableBlocks;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -637,6 +689,7 @@ namespace OpenWifi::ProvObjects {
        std::string registrationId;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -644,6 +697,7 @@ namespace OpenWifi::ProvObjects {
        std::vector<Operator> operators;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -654,6 +708,7 @@ namespace OpenWifi::ProvObjects {
        Types::UUIDvec_t devices;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -669,6 +724,7 @@ namespace OpenWifi::ProvObjects {
        bool defaultService = false;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -676,6 +732,7 @@ namespace OpenWifi::ProvObjects {
        std::vector<ServiceClass> serviceClasses;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -686,6 +743,7 @@ namespace OpenWifi::ProvObjects {
        std::string firmwareRCOnly{"inherit"};

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -710,6 +768,7 @@ namespace OpenWifi::ProvObjects {
        std::string realMacAddress;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -717,6 +776,7 @@ namespace OpenWifi::ProvObjects {
        std::vector<SubscriberDevice> subscriberDevices;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -729,6 +789,7 @@ namespace OpenWifi::ProvObjects {
        std::uint64_t modified;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

@@ -738,12 +799,119 @@ namespace OpenWifi::ProvObjects {
        std::vector<ConfigurationOverride> overrides;

        void to_json(Poco::JSON::Object &Obj) const;
+
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

    bool UpdateObjectInfo(const Poco::JSON::Object::Ptr &O, const SecurityObjects::UserInfo &U,
                          ObjectInfo &I);
+
    bool CreateObjectInfo(const Poco::JSON::Object::Ptr &O, const SecurityObjects::UserInfo &U,
                          ObjectInfo &I);
+
    bool CreateObjectInfo(const SecurityObjects::UserInfo &U, ObjectInfo &I);
+
+    struct GLBLRAccountInfo {
+        ObjectInfo info;
+        std::string privateKey;
+        std::string country, province, city, organization, commonName;
+        std::string CSR, CSRPrivateKey, CSRPublicKey;
+        std::string GlobalReachAcctId;
+
+        void to_json(Poco::JSON::Object &Obj) const;
+
+        bool from_json(const Poco::JSON::Object::Ptr &Obj);
+    };
+
+    struct GLBLRCertificateInfo {
+        std::string id;
+        std::string name;
+        std::string accountId;
+        std::string csr;
+        std::string certificate;
+        std::string certificateChain;
+        std::string certificateId;
+        std::uint64_t expiresAt = 0;
+        std::uint64_t created = 0;
+
+        void to_json(Poco::JSON::Object &Obj) const;
+
+        bool from_json(const Poco::JSON::Object::Ptr &Obj);
+    };
+
+    struct GooglOrionAccountInfo {
+        ObjectInfo info;
+        std::string privateKey;
+        std::string certificate;
+        std::vector<std::string> cacerts;
+
+        void to_json(Poco::JSON::Object &Obj) const;
+        bool from_json(const Poco::JSON::Object::Ptr &Obj);
+    };
+
+    struct RADIUSServer {
+        std::string     Hostname;
+        std::string     IP;
+        std::uint64_t   Port=0;
+        std::string     Secret;
+
+        void to_json(Poco::JSON::Object &Obj) const;
+        bool from_json(const Poco::JSON::Object::Ptr &Obj);
+    };
+
+    struct RADIUSEndPointRadiusType {
+        std::vector<RADIUSServer>    Authentication;
+        std::vector<RADIUSServer>    Accounting;
+        std::vector<RADIUSServer>    CoA;
+        std::uint64_t AccountingInterval = 60;
+
+        void to_json(Poco::JSON::Object &Obj) const;
+        bool from_json(const Poco::JSON::Object::Ptr &Obj);
+    };
+
+    struct RADIUSEndPointRadsecType {
+        std::string     Hostname;
+        std::string     IP;
+        std::uint64_t   Port=2083;
+        std::string     Secret{"radsec"};
+        std::string     OpenRoamingType;
+        std::string     UseOpenRoamingAccount;
+        std::uint64_t   Weight=0;
+        std::string     Certificate;
+        std::string     PrivateKey;
+        std::vector<std::string>    CaCerts;
+        bool AllowSelfSigned=false;
+
+        void to_json(Poco::JSON::Object &Obj) const;
+        bool from_json(const Poco::JSON::Object::Ptr &Obj);
+    };
+
+    struct RADIUSEndPoint {
+        ObjectInfo                  info;
+        std::string                 Type{"radius"};
+        std::string                 PoolStrategy{"none"};
+        bool                        UseGWProxy=true;
+        std::string                 Index;
+        std::vector<std::string>    UsedBy;
+        std::vector<RADIUSEndPointRadiusType>   RadiusServers;
+        std::vector<RADIUSEndPointRadsecType>   RadsecServers;
+        std::string                 NasIdentifier;
+        std::uint64_t               AccountingInterval=600;
+
+        void to_json(Poco::JSON::Object &Obj) const;
+        bool from_json(const Poco::JSON::Object::Ptr &Obj);
+    };
+
+    struct RADIUSEndpointUpdateStatus {
+        std::uint64_t   lastUpdate=0;
+        std::uint64_t   lastConfigurationChange=0;
+
+        void to_json(Poco::JSON::Object &Obj) const;
+        bool from_json(const Poco::JSON::Object::Ptr &Obj);
+        bool Read();
+        bool Save();
+        bool ChangeConfiguration();
+    };
+
+
 }; // namespace OpenWifi::ProvObjects
--- a/src/RadiusEndpointTypes/GenericRadius.cpp
+++ b/src/RadiusEndpointTypes/GenericRadius.cpp
@@ -0,0 +1,8 @@
+//
+// Created by stephane bourque on 2023-10-18.
+//
+
+#include "GenericRadius.h"
+
+namespace OpenWifi {
+} // OpenWifi
--- a/src/RadiusEndpointTypes/GenericRadius.h
+++ b/src/RadiusEndpointTypes/GenericRadius.h
@@ -0,0 +1,67 @@
+//
+// Created by stephane bourque on 2023-10-18.
+//
+
+#pragma once
+
+#include <Poco/Net/IPAddress.h>
+#include <Poco/Net/SocketAddress.h>
+#include <framework/utils.h>
+#include <framework/SubSystemServer.h>
+#include <RESTObjects/RESTAPI_ProvObjects.h>
+
+namespace OpenWifi {
+
+    namespace GenericRadius {
+        class OpenRoaming : public SubSystemServer {
+        public:
+            static auto instance() {
+                static auto instance_ = new OpenRoaming;
+                return instance_;
+            }
+
+            inline int Start() override {
+                return 0;
+            }
+
+            inline void Stop() override {
+            }
+
+            inline bool Render(const OpenWifi::ProvObjects::RADIUSEndPoint &RE, const std::string &SerialNumber,
+                               Poco::JSON::Object &Result) {
+                if (RE.UseGWProxy) {
+                    Poco::JSON::Object Auth, Acct, CoA;
+
+                    Auth.set("host", RE.Index);
+                    Auth.set("port", RE.RadiusServers[0].Authentication[0].Port);
+                    Auth.set("secret", RE.RadiusServers[0].Authentication[0].Secret);
+
+                    Acct.set("host", RE.Index);
+                    Acct.set("port", RE.RadiusServers[0].Accounting[0].Port);
+                    Acct.set("secret", RE.RadiusServers[0].Accounting[0].Secret);
+                    Acct.set("interval", RE.AccountingInterval);
+
+                    CoA.set("host", RE.Index);
+                    CoA.set("port", RE.RadiusServers[0].CoA[0].Port);
+                    CoA.set("secret", RE.RadiusServers[0].CoA[0].Secret);
+
+                    Result.set("nas-identifier", RE.NasIdentifier.empty() ? SerialNumber : RE.NasIdentifier);
+                    Result.set("authentication", Auth);
+                    Result.set("accounting", Acct);
+                    Result.set("dynamic-authorization", CoA);
+                } else {
+
+                }
+                return false;
+            }
+
+        private:
+            OpenRoaming() noexcept
+                    : SubSystemServer("OpenRoaming_GenericRadius", "GENRAD", "genrad") {
+            }
+        };
+
+    }
+
+    inline auto OpenRoaming_GenericRadius() { return GenericRadius::OpenRoaming::instance(); }
+}
--- a/src/RadiusEndpointTypes/GlobalReach.cpp
+++ b/src/RadiusEndpointTypes/GlobalReach.cpp
@@ -0,0 +1,258 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#include "GlobalReach.h"
+#include <Poco/JWT/Token.h>
+#include <Poco/JWT/Signer.h>
+#include <Poco/Net/HTTPSClientSession.h>
+#include <Poco/Net/DNS.h>
+#include <Poco/URI.h>
+#include <Poco/TemporaryFile.h>
+#include <Poco/JSON/Object.h>
+#include <Poco/JSON/Parser.h>
+#include <framework/RESTAPI_Handler.h>
+#include <framework/MicroServiceFuncs.h>
+#include <StorageService.h>
+
+namespace OpenWifi {
+
+    namespace GlobalReach {
+        int OpenRoaming::Start() {
+            poco_information(Logger(), "Starting...");
+            InitCache();
+            return 0;
+        }
+
+        void OpenRoaming::Stop() {
+            poco_information(Logger(), "Stopping...");
+            poco_information(Logger(), "Stopped...");
+        }
+
+        void OpenRoaming::InitCache() {
+
+            auto F = [&](const ProvObjects::GLBLRAccountInfo &Info) {
+                poco_information(Logger(), fmt::format("Adding {} to cache.", Info.info.name));
+                if (!Info.privateKey.empty() && !Info.GlobalReachAcctId.empty()) {
+                    MakeToken(Info.GlobalReachAcctId, Info.privateKey);
+                }
+                return true;
+            };
+
+            StorageService()->GLBLRAccountInfoDB().Iterate(F);
+        }
+
+        bool OpenRoaming::Render(const OpenWifi::ProvObjects::RADIUSEndPoint &RE, const std::string &SerialNumber, Poco::JSON::Object &Result) {
+            if(RE.UseGWProxy) {
+                Poco::JSON::Object  Auth, Acct, CoA;
+
+                Auth.set("host", RE.Index);
+                Auth.set("port", 1812 );
+                Auth.set("secret", RE.RadsecServers[0].Secret);
+
+                Acct.set("host", RE.Index);
+                Acct.set("port", 1813);
+                Acct.set("secret", RE.RadsecServers[0].Secret);
+                Acct.set("interval", RE.AccountingInterval);
+
+                CoA.set("host", RE.Index);
+                CoA.set("port", 3799);
+                CoA.set("secret", RE.RadsecServers[0].Secret);
+
+                Result.set("nas-identifier", RE.NasIdentifier.empty() ? SerialNumber : RE.NasIdentifier );
+                Result.set("authentication", Auth);
+                Result.set("accounting", Acct);
+                Result.set("dynamic-authorization", CoA);
+            } else {
+
+            }
+            return false;
+        }
+
+        bool OpenRoaming::CreateRADSECCertificate(
+            const std::string &GlobalReachAccountId,
+            const std::string &Name,
+            const std::string &CSR,
+            ProvObjects::GLBLRCertificateInfo &NewCertificate) {
+
+            try {
+                auto BearerToken = MakeToken(GlobalReachAccountId);
+                Poco::URI URI{"https://config.openro.am/v1/radsec/issue"};
+                std::string Path(URI.getPathAndQuery());
+                Poco::Net::HTTPRequest Request(Poco::Net::HTTPRequest::HTTP_POST, Path,
+                                               Poco::Net::HTTPMessage::HTTP_1_1);
+                Request.add("Authorization", "Bearer " + BearerToken);
+
+                Poco::Net::HTTPSClientSession Session(URI.getHost(), URI.getPort());
+                Session.setTimeout(Poco::Timespan(10000, 10000));
+                Poco::JSON::Object CertRequestBody;
+                CertRequestBody.set("name", Name);
+                CertRequestBody.set("csr", CSR);
+
+                std::ostringstream os;
+                CertRequestBody.stringify(os);
+                Request.setContentType("application/json");
+                Request.setContentLength((long) os.str().size());
+
+                auto &Body = Session.sendRequest(Request);
+                Body << os.str();
+
+                Poco::Net::HTTPResponse Response;
+                std::istream &is = Session.receiveResponse(Response);
+                if (Response.getStatus() == Poco::Net::HTTPResponse::HTTP_OK) {
+                    Poco::JSON::Parser P;
+                    auto Result = P.parse(is).extract<Poco::JSON::Object::Ptr>();
+                    RESTAPIHandler::AssignIfPresent(Result, "certificate", NewCertificate.certificate);
+                    RESTAPIHandler::AssignIfPresent(Result, "certificate_chain", NewCertificate.certificateChain);
+                    RESTAPIHandler::AssignIfPresent(Result, "certificate_id", NewCertificate.certificateId);
+                    RESTAPIHandler::AssignIfPresent(Result, "expires_at", NewCertificate.expiresAt);
+                    return true;
+                }
+                Poco::JSON::Parser P;
+                std::ostringstream oos;
+                auto Result = P.parse(is).extract<Poco::JSON::Object::Ptr>();
+                Result->stringify(oos);
+            } catch (const Poco::Exception &E) {
+                poco_error(Logger(),
+                           fmt::format("Could not create a new RADSEC certificate: {},{}", E.name(), E.displayText()));
+            }
+            return false;
+        }
+
+        bool OpenRoaming::GetRADSECCertificate(
+                const std::string &GlobalReachAccountId,
+                std::string &CertificateId,
+                ProvObjects::GLBLRCertificateInfo &NewCertificate) {
+
+            try {
+                Poco::URI URI{fmt::format("https://config.openro.am/v1/radsec/cert/{}", CertificateId)};
+
+                std::string Path(URI.getPathAndQuery());
+
+                Poco::Net::HTTPRequest Request(Poco::Net::HTTPRequest::HTTP_GET, Path,
+                                               Poco::Net::HTTPMessage::HTTP_1_1);
+
+                auto BearerToken = MakeToken(GlobalReachAccountId);
+                Request.add("Authorization", "Bearer " + BearerToken);
+
+                Poco::Net::HTTPSClientSession Session(URI.getHost(), URI.getPort());
+                Session.setTimeout(Poco::Timespan(10000, 10000));
+
+                Session.sendRequest(Request);
+
+                Poco::Net::HTTPResponse Response;
+                std::istream &is = Session.receiveResponse(Response);
+                if (Response.getStatus() == Poco::Net::HTTPResponse::HTTP_OK) {
+                    Poco::JSON::Parser P;
+                    auto Result = P.parse(is).extract<Poco::JSON::Object::Ptr>();
+                    RESTAPIHandler::AssignIfPresent(Result, "certificate", NewCertificate.certificate);
+                    RESTAPIHandler::AssignIfPresent(Result, "certificate_chain", NewCertificate.certificateChain);
+                    RESTAPIHandler::AssignIfPresent(Result, "certificate_id", NewCertificate.certificateId);
+                    RESTAPIHandler::AssignIfPresent(Result, "expires_at", NewCertificate.expiresAt);
+                    return true;
+                }
+            } catch (const Poco::Exception &E) {
+                poco_error(Logger(), fmt::format("Could not retrieve the certificate from GlobalReach: {},{}", E.name(),
+                                                 E.displayText()));
+            }
+            return false;
+        }
+
+        std::string
+        OpenRoaming::MakeToken(const std::string &GlobalReachAccountId, const std::string &PrivateKey) {
+            try {
+                Poco::JWT::Token token;
+                token.setType("JWT");
+                token.setAlgorithm("ES256");
+                token.setIssuedAt(std::time(nullptr));
+
+                token.payload().set("iss", GlobalReachAccountId);
+                token.payload().set("iat", (unsigned long) std::time(nullptr));
+
+                Poco::SharedPtr<Poco::Crypto::ECKey> Key;
+                auto KeyHash = Utils::ComputeHash(PrivateKey);
+                auto KeyHint = PrivateKeys_.find(GlobalReachAccountId);
+                if (KeyHint != PrivateKeys_.end() && PrivateKey.empty()) {
+                    Key = KeyHint->second.second;
+                } else {
+                    if (PrivateKey.empty()) {
+                        return "";
+                    }
+                    Poco::TemporaryFile F;
+                    std::ofstream ofs(F.path().c_str(),
+                                      std::ios_base::trunc | std::ios_base::out | std::ios_base::binary);
+                    ofs << PrivateKey;
+                    ofs.close();
+                    auto NewKey = Poco::SharedPtr<Poco::Crypto::ECKey>(
+                            new Poco::Crypto::ECKey("", F.path(), ""));
+                    Key = NewKey;
+                    PrivateKeys_[GlobalReachAccountId] = std::make_pair(KeyHash, NewKey);
+                }
+
+                Poco::JWT::Signer Signer;
+                Signer.setECKey(Key);
+                Signer.addAllAlgorithms();
+                return Signer.sign(token, Poco::JWT::Signer::ALGO_ES256);
+            } catch (const Poco::Exception &E) {
+                poco_error(Logger(),
+                           fmt::format("Cannot create a Global Reach token: {},{}", E.name(), E.displayText()));
+            }
+            return "";
+        }
+
+        bool
+        OpenRoaming::VerifyAccount(const std::string &GlobalReachAccountId, const std::string &PrivateKey,
+                                               std::string &Name) {
+            auto BearerToken = MakeToken(GlobalReachAccountId, PrivateKey);
+
+            Poco::URI URI{"https://config.openro.am/v1/config"};
+            std::string Path(URI.getPathAndQuery());
+            Poco::Net::HTTPRequest Request(Poco::Net::HTTPRequest::HTTP_GET, Path,
+                                           Poco::Net::HTTPMessage::HTTP_1_1);
+            Request.add("Authorization", "Bearer " + BearerToken);
+
+            Poco::Net::HTTPSClientSession Session(URI.getHost(), URI.getPort());
+            Session.setTimeout(Poco::Timespan(10000, 10000));
+            Session.sendRequest(Request);
+            Poco::Net::HTTPResponse Response;
+            std::istream &is = Session.receiveResponse(Response);
+            if (Response.getStatus() == Poco::Net::HTTPResponse::HTTP_OK) {
+                Poco::JSON::Parser P;
+                auto Result = P.parse(is).extract<Poco::JSON::Object::Ptr>();
+                if (Result->has("name")) {
+                    Name = Result->get("name").toString();
+                }
+                return true;
+            }
+            return false;
+        }
+
+//        static std::string ServiceName{"\"aaa+auth:radius.tls.tcp\""};
+        static std::string ServiceName{"\"x-openroam:radius.tls.tcp\""};
+
+        std::vector<Utils::HostNameServerResult> OpenRoaming::GetServers() {
+            const std::string &domain = "openro.am";
+            auto Naptrs = Utils::getNAPTRRecords(domain);
+            std::vector<Utils::HostNameServerResult>   Results;
+
+            for(const auto &rec:Naptrs) {
+                if(rec.service==ServiceName) {
+                    auto Srvs = Utils::getSRVRecords(rec.replacement);
+                    for(const auto &srv:Srvs) {
+                        Utils::HostNameServerResult    R{srv.srvname,srv.port};
+                        if(!Utils::ValidIP(srv.srvname)) {
+                            auto Server = Poco::Net::DNS::hostByName(srv.srvname).addresses();
+                            if(!Server.empty()) {
+                                R.Hostname = Server[0].toString();
+                            }
+                        }
+                        Results.emplace_back(R);
+                    }
+                }
+            }
+            return Results;
+        }
+
+    }
+
+} // OpenWifi
--- a/src/RadiusEndpointTypes/GlobalReach.h
+++ b/src/RadiusEndpointTypes/GlobalReach.h
@@ -0,0 +1,57 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#pragma once
+
+#include "framework/SubSystemServer.h"
+#include "framework/utils.h"
+#include "Poco/JSON/Object.h"
+#include "RESTObjects/RESTAPI_ProvObjects.h"
+
+namespace OpenWifi {
+
+    namespace GlobalReach {
+        class OpenRoaming : public SubSystemServer {
+        public:
+            static auto instance() {
+                static auto instance_ = new OpenRoaming;
+                return instance_;
+            }
+
+            int Start() override;
+
+            void Stop() override;
+
+            bool CreateRADSECCertificate(const std::string &AccountName,
+                                         const std::string &Name,
+                                         const std::string &CSR,
+                                         ProvObjects::GLBLRCertificateInfo &NewCertificate);
+
+            bool GetRADSECCertificate(const std::string &AccountName, std::string &CertificateId,
+                                      ProvObjects::GLBLRCertificateInfo &NewCertificate);
+
+            bool
+            VerifyAccount(const std::string &GlobalReachAccountId, const std::string &PrivateKey, std::string &Name);
+
+            void InitCache();
+
+            bool Render(const OpenWifi::ProvObjects::RADIUSEndPoint &RE, const std::string & SerialNUmber, Poco::JSON::Object &Result);
+            std::vector<Utils::HostNameServerResult> GetServers();
+
+        private:
+            std::string MakeToken(const std::string &GlobalReachAccountId, const std::string &PrivateKey = "");
+
+            std::map<std::string, std::pair<std::string, Poco::SharedPtr<Poco::Crypto::ECKey>>> PrivateKeys_;
+
+            OpenRoaming() noexcept
+                    : SubSystemServer("OpenRoaming_GlobalReach", "GLBL-REACH", "globalreach") {
+            }
+        };
+
+    }
+
+    inline auto OpenRoaming_GlobalReach() { return GlobalReach::OpenRoaming::instance(); }
+
+} // OpenWifi
+
--- a/src/RadiusEndpointTypes/OrionWifi.h
+++ b/src/RadiusEndpointTypes/OrionWifi.h
@@ -0,0 +1,79 @@
+//
+// Created by stephane bourque on 2023-09-28.
+//
+
+#pragma once
+
+#include <Poco/Net/IPAddress.h>
+#include <Poco/Net/SocketAddress.h>
+#include <framework/utils.h>
+#include <framework/SubSystemServer.h>
+
+namespace OpenWifi {
+
+    namespace Orion {
+
+        class OpenRoaming : public SubSystemServer {
+        public:
+            static auto instance() {
+                static auto instance_ = new OpenRoaming;
+                return instance_;
+            }
+
+            inline int Start() override {
+
+                return 0;
+            }
+
+            inline void Stop() override {
+
+            }
+
+            static inline const std::vector<Utils::HostNameServerResult> OrionWifiServerAddresses = {
+                    {"216.239.32.91", 2083},
+                    {"216.239.34.91", 2083}
+            };
+
+            inline std::vector<Utils::HostNameServerResult> GetServers() {
+                return OrionWifiServerAddresses;
+            }
+
+            inline bool Render(const OpenWifi::ProvObjects::RADIUSEndPoint &RE, const std::string &SerialNumber, Poco::JSON::Object &Result) {
+                if(RE.UseGWProxy) {
+                    Poco::JSON::Object  Auth, Acct, CoA;
+
+                    Auth.set("host", RE.Index);
+                    Auth.set("port", 1812 );
+                    Auth.set("secret", RE.RadsecServers[0].Secret);
+
+                    Acct.set("host", RE.Index);
+                    Acct.set("port", 1813);
+                    Acct.set("secret", RE.RadsecServers[0].Secret);
+                    Acct.set("interval", RE.AccountingInterval);
+
+                    CoA.set("host", RE.Index);
+                    CoA.set("port", 3799);
+                    CoA.set("secret", RE.RadsecServers[0].Secret);
+
+                    Result.set("nas-identifier", RE.NasIdentifier.empty() ? SerialNumber : RE.NasIdentifier );
+                    Result.set("authentication", Auth);
+                    Result.set("accounting", Acct);
+                    Result.set("dynamic-authorization", CoA);
+
+                } else {
+
+                }
+                return false;
+            }
+
+        private:
+            OpenRoaming() noexcept
+                    : SubSystemServer("OpenRoaming_Orion", "ORION", "orion") {
+            }
+        };
+
+    }
+
+    inline auto OpenRoaming_Orion() { return Orion::OpenRoaming::instance(); }
+
+}
--- a/src/RadiusEndpointTypes/Radsec.cpp
+++ b/src/RadiusEndpointTypes/Radsec.cpp
@@ -0,0 +1,8 @@
+//
+// Created by stephane bourque on 2023-10-03.
+//
+
+#include "Radsec.h"
+
+namespace OpenWidi {
+} // OpenWidi
--- a/src/RadiusEndpointTypes/Radsec.h
+++ b/src/RadiusEndpointTypes/Radsec.h
@@ -0,0 +1,71 @@
+//
+// Created by stephane bourque on 2023-10-03.
+//
+
+#pragma once
+
+#include <Poco/Net/IPAddress.h>
+#include <Poco/Net/SocketAddress.h>
+#include <framework/utils.h>
+#include <framework/SubSystemServer.h>
+#include <RESTObjects/RESTAPI_ProvObjects.h>
+
+namespace OpenWifi {
+
+    namespace Radsec {
+
+        class OpenRoaming : public SubSystemServer {
+        public:
+            static auto instance() {
+                static auto instance_ = new OpenRoaming;
+                return instance_;
+            }
+
+            inline int Start() override {
+
+                return 0;
+            }
+
+            inline void Stop() override {
+
+            }
+
+            inline bool Render(const OpenWifi::ProvObjects::RADIUSEndPoint &RE, const std::string &SerialNumber, Poco::JSON::Object &Result) {
+                if(RE.UseGWProxy) {
+                    Poco::JSON::Object  Auth, Acct, CoA;
+
+                    Auth.set("host", RE.Index);
+                    Auth.set("port", 1812 );
+                    Auth.set("secret", RE.RadsecServers[0].Secret);
+
+                    Acct.set("host", RE.Index);
+                    Acct.set("port", 1813);
+                    Acct.set("secret", RE.RadsecServers[0].Secret);
+                    Acct.set("interval", RE.AccountingInterval);
+
+                    CoA.set("host", RE.Index);
+                    CoA.set("port", 3799);
+                    CoA.set("secret", RE.RadsecServers[0].Secret);
+
+                    Result.set("nas-identifier", RE.NasIdentifier.empty() ? SerialNumber : RE.NasIdentifier );
+                    Result.set("authentication", Auth);
+                    Result.set("accounting", Acct);
+                    Result.set("dynamic-authorization", CoA);
+
+                } else {
+
+                }
+                return false;
+            }
+
+        private:
+            OpenRoaming() noexcept
+                    : SubSystemServer("OpenRoaming_Raadsec", "RADSEC", "radsec") {
+            }
+        };
+
+    }
+
+    inline auto OpenRoaming_Radsec() { return Radsec::OpenRoaming::instance(); }
+
+}
--- a/src/RadiusEndpointUpdater.cpp
+++ b/src/RadiusEndpointUpdater.cpp
@@ -0,0 +1,5 @@
+//
+// Created by stephane bourque on 2023-10-02.
+//
+
+#include "RadiusEndpointUpdater.h"
--- a/src/RadiusEndpointUpdater.h
+++ b/src/RadiusEndpointUpdater.h
@@ -0,0 +1,225 @@
+//
+// Created by stephane bourque on 2023-10-02.
+//
+
+#pragma once
+#include <vector>
+#include <utility>
+#include <framework/AppServiceRegistry.h>
+#include <framework/utils.h>
+#include <StorageService.h>
+#include <RadiusEndpointTypes/OrionWifi.h>
+#include <RadiusEndpointTypes/GlobalReach.h>
+#include <sdks/SDK_gw.h>
+#include <RESTObjects/RESTAPI_GWobjects.h>
+
+namespace OpenWifi {
+    class RadiusEndpointUpdater {
+    public:
+
+        void ParseCertChain(const std::string &Chain, std::vector<std::string> &ChainVec) {
+            std::istringstream os(Chain);
+            std::string CurrentCert;
+            bool InCert = false;
+            std::string Line;
+            while(std::getline(os,Line)) {
+                if(Line=="-----BEGIN CERTIFICATE-----") {
+                    InCert = true;
+                    CurrentCert += Line;
+                    CurrentCert += "\n";
+                    continue;
+                }
+                if(Line=="-----END CERTIFICATE-----" && InCert) {
+                    InCert = false;
+                    CurrentCert += Line;
+                    CurrentCert += "\n";
+                    ChainVec.emplace_back(CurrentCert);
+                    continue;
+                }
+                if(InCert) {
+                    CurrentCert += Line;
+                    CurrentCert += "\n";
+                }
+            }
+        }
+
+        void UpdateRadiusServerEntry( GWObjects::RadiusProxyServerConfig &Config,
+                                      const ProvObjects::RADIUSEndPoint &Endpoint,
+                                      const std::vector<ProvObjects::RADIUSServer> &Servers) {
+            Config.monitor = false;
+            Config.strategy = Endpoint.PoolStrategy;
+            Config.monitorMethod = "none";
+            Config.strategy = "random";
+            for (const auto &Server: Servers) {
+                GWObjects::RadiusProxyServerEntry PE;
+                PE.radsec = false;
+                PE.name = Server.Hostname;
+                PE.ignore = false;
+                PE.ip = Server.IP;
+                PE.port = PE.radsecPort = Server.Port;
+                PE.allowSelfSigned = false;
+                PE.weight = 10;
+                PE.secret = PE.radsecSecret = "radsec";
+                Config.servers.emplace_back(PE);
+            }
+        }
+
+        inline bool UpdateEndpoints( RESTAPIHandler *Client, std::uint64_t & ErrorCode,
+                                     std::string & ErrorDetails,
+                                     std::string & ErrorDescription) {
+
+            std::vector<ProvObjects::RADIUSEndPoint>    Endpoints;
+            GWObjects::RadiusProxyPoolList  Pools;
+            StorageService()->RadiusEndpointDB().GetRecords(0,500,Endpoints);
+
+            for(const auto &Endpoint:Endpoints) {
+                GWObjects::RadiusProxyPool  PP;
+
+                PP.name = Endpoint.info.name;
+                PP.description = Endpoint.info.description;
+                PP.useByDefault = false;
+                PP.poolProxyIp = Endpoint.Index;
+                PP.radsecKeepAlive = 25;
+                PP.enabled = true;
+
+                if(Endpoint.Type=="orion" && !Endpoint.RadsecServers.empty()) {
+                    auto Svrs = OpenRoaming_Orion()->GetServers();
+                    PP.radsecPoolType="orion";
+                    ProvObjects::GooglOrionAccountInfo  OA;
+                    if(StorageService()->OrionAccountsDB().GetRecord("id", Endpoint.RadsecServers[0].UseOpenRoamingAccount, OA)) {
+                        for(auto *ServerType:{&PP.authConfig, &PP.acctConfig, &PP.coaConfig}) {
+                            ServerType->monitor = false;
+                            ServerType->strategy = Endpoint.PoolStrategy;
+                            ServerType->monitorMethod = "none";
+                            ServerType->strategy = "random";
+                            int i=1;
+                            for (const auto &Server: Svrs) {
+                                GWObjects::RadiusProxyServerEntry PE;
+                                PE.radsecCert = Utils::base64encode((const u_char *)OA.certificate.c_str(),OA.certificate.size());
+                                PE.radsecKey = Utils::base64encode((const u_char *)OA.privateKey.c_str(),OA.privateKey.size());
+                                for(const auto &cert:OA.cacerts) {
+                                    auto C = Utils::base64encode((const u_char *)cert.c_str(),cert.size());
+                                    PE.radsecCacerts.emplace_back(C);
+                                }
+                                PE.radsec = true;
+                                PE.name = fmt::format("Server {}",i++);
+                                PE.ignore = false;
+                                PE.ip = Server.Hostname;
+                                PE.port = PE.radsecPort = Server.Port;
+                                PE.allowSelfSigned = false;
+                                PE.weight = 10;
+                                PE.secret = PE.radsecSecret = "radsec";
+                                ServerType->servers.emplace_back(PE);
+                            }
+                        }
+                        Pools.pools.emplace_back(PP);
+                    }
+                } else if(Endpoint.Type=="globalreach" && !Endpoint.RadsecServers.empty()) {
+                    auto Svrs = OpenRoaming_GlobalReach()->GetServers();
+                    PP.radsecPoolType="globalreach";
+                    ProvObjects::GLBLRCertificateInfo   GRCertificate;
+                    ProvObjects::GLBLRAccountInfo       GRAccountInfo;
+                    if( StorageService()->GLBLRCertsDB().GetRecord("id",Endpoint.RadsecServers[0].UseOpenRoamingAccount,GRCertificate) &&
+                        StorageService()->GLBLRAccountInfoDB().GetRecord("id",GRCertificate.accountId,GRAccountInfo)) {
+                        for(auto *ServerType:{&PP.authConfig, &PP.acctConfig, &PP.coaConfig}) {
+                            ServerType->monitor = false;
+                            ServerType->monitorMethod = "none";
+                            ServerType->strategy = Endpoint.PoolStrategy;
+                            ServerType->strategy = "random";
+                            int i = 1;
+                            for (const auto &Server: Svrs) {
+                                GWObjects::RadiusProxyServerEntry PE;
+                                PE.radsecCert = Utils::base64encode((const u_char *)GRCertificate.certificate.c_str(),GRCertificate.certificate.size());
+                                PE.radsecKey = Utils::base64encode((const u_char *)GRAccountInfo.CSRPrivateKey.c_str(),GRAccountInfo.CSRPrivateKey.size());
+                                std::vector<std::string> Chain;
+                                ParseCertChain(GRCertificate.certificateChain,Chain);
+                                for(const auto &cert:Chain) {
+                                    PE.radsecCacerts.emplace_back( Utils::base64encode((const u_char *)cert.c_str(),cert.size()));
+                                }
+                                PE.radsec = true;
+                                PE.name = fmt::format("Server {}", i++);
+                                PE.ignore = false;
+                                PE.ip = Server.Hostname;
+                                PE.port = PE.radsecPort = Server.Port;
+                                PE.allowSelfSigned = false;
+                                PE.weight = 10;
+                                PE.secret = PE.radsecSecret = "radsec";
+                                ServerType->servers.emplace_back(PE);
+                            }
+                        }
+                        Pools.pools.emplace_back(PP);
+                    }
+                } else if(Endpoint.Type=="radsec"  && !Endpoint.RadsecServers.empty()) {
+                    PP.radsecPoolType="radsec";
+                    for(auto *ServerType:{&PP.authConfig, &PP.acctConfig, &PP.coaConfig}) {
+                        ServerType->monitor = false;
+                        ServerType->strategy = Endpoint.PoolStrategy;
+                        ServerType->monitorMethod = "none";
+                        ServerType->strategy = "random";
+                        for (const auto &Server: Endpoint.RadsecServers) {
+                            GWObjects::RadiusProxyServerEntry PE;
+                            PE.radsecCert = Utils::base64encode((const u_char *)Server.Certificate.c_str(), Server.Certificate.size());
+                            PE.radsecKey = Utils::base64encode((const u_char *)Server.PrivateKey.c_str(),Server.PrivateKey.size());
+                            for(const auto &C:Server.CaCerts) {
+                                PE.radsecCacerts.emplace_back(Utils::base64encode(
+                                        (const u_char *) C.c_str(),
+                                        C.size()));
+                            }
+                            PE.radsec = true;
+                            PE.name = Server.Hostname;
+                            PE.ignore = false;
+                            PE.ip = Server.IP;
+                            PE.port = PE.radsecPort = Server.Port;
+                            PE.allowSelfSigned = false;
+                            PE.weight = 10;
+                            PE.secret = PE.radsecSecret = "radsec";
+                            ServerType->servers.emplace_back(PE);
+                        }
+                    }
+                    Pools.pools.emplace_back(PP);
+                } else if(Endpoint.Type=="generic"  && !Endpoint.RadiusServers.empty()) {
+                    PP.radsecPoolType="generic";
+                    UpdateRadiusServerEntry(PP.authConfig, Endpoint, Endpoint.RadiusServers[0].Authentication);
+                    UpdateRadiusServerEntry(PP.acctConfig, Endpoint, Endpoint.RadiusServers[0].Accounting);
+                    UpdateRadiusServerEntry(PP.coaConfig, Endpoint, Endpoint.RadiusServers[0].CoA);
+                    Pools.pools.emplace_back(PP);
+                }
+            }
+
+/*
+            Poco::JSON::Object  oo;
+            Pools.to_json(oo);
+            oo.stringify(std::cout,2,2);
+*/
+            GWObjects::RadiusProxyPoolList  NewPools;
+            Poco::JSON::Object ErrorObj;
+            if(SDK::GW::RADIUS::SetConfiguration(Client, Pools, NewPools, ErrorObj)) {
+                ProvObjects::RADIUSEndpointUpdateStatus Status;
+                Status.Read();
+                Status.lastConfigurationChange = Status.lastUpdate = Utils::Now();
+                return Status.Save();
+            }
+/*
+            ErrorCode:
+            type: integer
+            ErrorDetails:
+            type: string
+            ErrorDescription:
+            type: string
+  */
+            if(ErrorObj.has("ErrorCode") && !ErrorObj.isNull("ErrorCode"))
+                ErrorCode = ErrorObj.get("ErrorCode");
+            if(ErrorObj.has("ErrorDescription") && !ErrorObj.isNull("ErrorDescription"))
+                ErrorDescription = ErrorObj.get("ErrorDescription").toString();
+            if(ErrorObj.has("ErrorDetails") && !ErrorObj.isNull("ErrorDetails"))
+                ErrorDetails += ErrorObj.get("ErrorDetails").toString();
+            return false;
+        }
+
+    private:
+
+    };
+
+
+
+} // OpenWifi
--- a/src/StorageService.cpp
+++ b/src/StorageService.cpp
@@ -39,6 +39,10 @@ namespace OpenWifi {
 		OpLocationDB_ = std::make_unique<OpenWifi::OpLocationDB>(dbType_, *Pool_, Logger());
 		OpContactDB_ = std::make_unique<OpenWifi::OpContactDB>(dbType_, *Pool_, Logger());
 		OverridesDB_ = std::make_unique<OpenWifi::OverridesDB>(dbType_, *Pool_, Logger());
+        GLBLRAccountInfoDB_ = std::make_unique<OpenWifi::GLBLRAccountInfoDB>(dbType_, *Pool_, Logger());
+        GLBLRCertsDB_ = std::make_unique<OpenWifi::GLBLRCertsDB>(dbType_, *Pool_, Logger());
+        OrionAccountsDB_ = std::make_unique<OpenWifi::OrionAccountsDB>(dbType_, *Pool_, Logger());
+        RadiusEndpointDB_ = std::make_unique<OpenWifi::RadiusEndpointDB>(dbType_, *Pool_, Logger());

 		EntityDB_->Create();
 		PolicyDB_->Create();
@@ -59,6 +63,10 @@ namespace OpenWifi {
 		OpLocationDB_->Create();
 		OpContactDB_->Create();
 		OverridesDB_->Create();
+        GLBLRAccountInfoDB_->Create();
+        GLBLRCertsDB_->Create();
+        OrionAccountsDB_->Create();
+        RadiusEndpointDB_->Create();

 		ExistFunc_[EntityDB_->Prefix()] = [=](const char *F, std::string &V) -> bool {
 			return EntityDB_->Exists(F, V);
@@ -117,6 +125,20 @@ namespace OpenWifi {
 		ExistFunc_[OverridesDB_->Prefix()] = [=](const char *F, std::string &V) -> bool {
 			return OverridesDB_->Exists(F, V);
 		};
+        ExistFunc_[GLBLRAccountInfoDB_->Prefix()] = [=](const char *F, std::string &V) -> bool {
+            return GLBLRAccountInfoDB_->Exists(F, V);
+        };
+        ExistFunc_[GLBLRCertsDB_->Prefix()] = [=](const char *F, std::string &V) -> bool {
+            return GLBLRCertsDB_->Exists(F, V);
+        };
+        ExistFunc_[OrionAccountsDB_->Prefix()] = [=](const char *F, std::string &V) -> bool {
+            return OrionAccountsDB_->Exists(F, V);
+        };
+        ExistFunc_[RadiusEndpointDB_->Prefix()] = [=](const char *F, std::string &V) -> bool {
+            return RadiusEndpointDB_->Exists(F, V);
+        };
+
+

        ExpandFunc_[EntityDB_->Prefix()] = [=](const char *F, std::string &V, std::string &Name,
 											   std::string &Description) -> bool {
@@ -206,9 +228,29 @@ namespace OpenWifi {
 			[=]([[maybe_unused]] const char *F, [[maybe_unused]] std::string &V,
 				[[maybe_unused]] std::string &Name,
 				[[maybe_unused]] std::string &Description) -> bool { return false; };
+        ExpandFunc_[GLBLRAccountInfoDB_->Prefix()] =
+                [=]([[maybe_unused]] const char *F, [[maybe_unused]] std::string &V,
+                    [[maybe_unused]] std::string &Name,
+                    [[maybe_unused]] std::string &Description) -> bool { return false; };
+        ExpandFunc_[OverridesDB_->Prefix()] =
+                [=]([[maybe_unused]] const char *F, [[maybe_unused]] std::string &V,
+                    [[maybe_unused]] std::string &Name,
+                    [[maybe_unused]] std::string &Description) -> bool { return false; };
+        ExpandFunc_[GLBLRCertsDB_->Prefix()] =
+                [=]([[maybe_unused]] const char *F, [[maybe_unused]] std::string &V,
+                    [[maybe_unused]] std::string &Name,
+                    [[maybe_unused]] std::string &Description) -> bool { return false; };
+        ExpandFunc_[OrionAccountsDB_->Prefix()] =
+                [=]([[maybe_unused]] const char *F, [[maybe_unused]] std::string &V,
+                    [[maybe_unused]] std::string &Name,
+                    [[maybe_unused]] std::string &Description) -> bool { return false; };
+
+        ExpandFunc_[RadiusEndpointDB_->Prefix()] =
+                [=]([[maybe_unused]] const char *F, [[maybe_unused]] std::string &V,
+                    [[maybe_unused]] std::string &Name,
+                    [[maybe_unused]] std::string &Description) -> bool { return false; };

        InventoryDB_->InitializeSerialCache();
-
 		ConsistencyCheck();
 		InitializeSystemDBs();

--- a/src/StorageService.h
+++ b/src/StorageService.h
@@ -28,6 +28,10 @@
 #include "storage/storage_tags.h"
 #include "storage/storage_variables.h"
 #include "storage/storage_venue.h"
+#include "storage/storage_glblraccounts.h"
+#include "storage/storage_glblrcerts.h"
+#include "storage/storage_orion_accounts.h"
+#include "storage/storage_radius_endpoints.h"

 #include "Poco/URI.h"
 #include "framework/ow_constants.h"
@@ -47,25 +51,29 @@ namespace OpenWifi {
 		typedef std::list<ProvObjects::ExpandedUseEntry> ExpandedInUseList;
 		typedef std::map<std::string, ProvObjects::ExpandedUseEntryList> ExpandedListMap;

-		OpenWifi::EntityDB &EntityDB() { return *EntityDB_; };
-		OpenWifi::PolicyDB &PolicyDB() { return *PolicyDB_; };
-		OpenWifi::VenueDB &VenueDB() { return *VenueDB_; };
-		OpenWifi::LocationDB &LocationDB() { return *LocationDB_; };
-		OpenWifi::ContactDB &ContactDB() { return *ContactDB_; };
-		OpenWifi::InventoryDB &InventoryDB() { return *InventoryDB_; };
-		OpenWifi::ManagementRoleDB &RolesDB() { return *RolesDB_; };
-		OpenWifi::ConfigurationDB &ConfigurationDB() { return *ConfigurationDB_; };
-		OpenWifi::TagsDictionaryDB &TagsDictionaryDB() { return *TagsDictionaryDB_; };
-		OpenWifi::TagsObjectDB &TagsObjectDB() { return *TagsObjectDB_; };
-		OpenWifi::MapDB &MapDB() { return *MapDB_; };
-		OpenWifi::SignupDB &SignupDB() { return *SignupDB_; };
-		OpenWifi::VariablesDB &VariablesDB() { return *VariablesDB_; };
-		OpenWifi::OperatorDB &OperatorDB() { return *OperatorDB_; };
-		OpenWifi::ServiceClassDB &ServiceClassDB() { return *ServiceClassDB_; };
-		OpenWifi::SubscriberDeviceDB &SubscriberDeviceDB() { return *SubscriberDeviceDB_; };
-		OpenWifi::OpLocationDB &OpLocationDB() { return *OpLocationDB_; };
-		OpenWifi::OpContactDB &OpContactDB() { return *OpContactDB_; };
-		OpenWifi::OverridesDB &OverridesDB() { return *OverridesDB_; };
+		inline OpenWifi::EntityDB &EntityDB() { return *EntityDB_; };
+        inline OpenWifi::PolicyDB &PolicyDB() { return *PolicyDB_; };
+        inline OpenWifi::VenueDB &VenueDB() { return *VenueDB_; };
+        inline OpenWifi::LocationDB &LocationDB() { return *LocationDB_; };
+        inline OpenWifi::ContactDB &ContactDB() { return *ContactDB_; };
+        inline OpenWifi::InventoryDB &InventoryDB() { return *InventoryDB_; };
+        inline OpenWifi::ManagementRoleDB &RolesDB() { return *RolesDB_; };
+        inline OpenWifi::ConfigurationDB &ConfigurationDB() { return *ConfigurationDB_; };
+        inline OpenWifi::TagsDictionaryDB &TagsDictionaryDB() { return *TagsDictionaryDB_; };
+        inline OpenWifi::TagsObjectDB &TagsObjectDB() { return *TagsObjectDB_; };
+        inline OpenWifi::MapDB &MapDB() { return *MapDB_; };
+        inline OpenWifi::SignupDB &SignupDB() { return *SignupDB_; };
+        inline OpenWifi::VariablesDB &VariablesDB() { return *VariablesDB_; };
+        inline OpenWifi::OperatorDB &OperatorDB() { return *OperatorDB_; };
+        inline OpenWifi::ServiceClassDB &ServiceClassDB() { return *ServiceClassDB_; };
+        inline OpenWifi::SubscriberDeviceDB &SubscriberDeviceDB() { return *SubscriberDeviceDB_; };
+        inline OpenWifi::OpLocationDB &OpLocationDB() { return *OpLocationDB_; };
+        inline OpenWifi::OpContactDB &OpContactDB() { return *OpContactDB_; };
+        inline OpenWifi::OverridesDB &OverridesDB() { return *OverridesDB_; };
+        inline OpenWifi::GLBLRAccountInfoDB &GLBLRAccountInfoDB() { return *GLBLRAccountInfoDB_; }
+        inline OpenWifi::GLBLRCertsDB &GLBLRCertsDB() { return *GLBLRCertsDB_; }
+        inline OpenWifi::OrionAccountsDB &OrionAccountsDB() { return *OrionAccountsDB_; }
+        inline OpenWifi::RadiusEndpointDB &RadiusEndpointDB() { return *RadiusEndpointDB_; }

 		bool Validate(const Poco::URI::QueryParameters &P, RESTAPI::Errors::msg &Error);
 		bool Validate(const Types::StringVec &P, std::string &Error);
@@ -125,6 +133,10 @@ namespace OpenWifi {
 		std::unique_ptr<OpenWifi::OpLocationDB> OpLocationDB_;
 		std::unique_ptr<OpenWifi::OpContactDB> OpContactDB_;
 		std::unique_ptr<OpenWifi::OverridesDB> OverridesDB_;
+        std::unique_ptr<OpenWifi::GLBLRAccountInfoDB> GLBLRAccountInfoDB_;
+        std::unique_ptr<OpenWifi::GLBLRCertsDB> GLBLRCertsDB_;
+        std::unique_ptr<OpenWifi::OrionAccountsDB> OrionAccountsDB_;
+        std::unique_ptr<OpenWifi::RadiusEndpointDB> RadiusEndpointDB_;
 		std::string DefaultOperator_;

 		typedef std::function<bool(const char *FieldName, std::string &Value)> exist_func;
--- a/src/Tasks/VenueConfigUpdater.h
+++ b/src/Tasks/VenueConfigUpdater.h
@@ -118,8 +118,9 @@ namespace OpenWifi {

 				Poco::ThreadPool Pool_;
 				std::list<VenueDeviceConfigUpdater *> JobList;
-
-				for (const auto &uuid : Venue.devices) {
+                std::vector<std::string> DeviceList;
+                StorageService()->InventoryDB().GetDevicesUUIDForVenue(Venue.info.id, DeviceList);
+				for (const auto &uuid : DeviceList) {
 					auto NewTask = new VenueDeviceConfigUpdater(uuid, Venue.info.name, Logger());
 					bool TaskAdded = false;
 					while (!TaskAdded) {
--- a/src/Tasks/VenueRebooter.h
+++ b/src/Tasks/VenueRebooter.h
@@ -68,8 +68,10 @@ namespace OpenWifi {

 				Poco::ThreadPool Pool_;
 				std::list<VenueDeviceRebooter *> JobList;
+                std::vector<std::string> DeviceList;
+                StorageService()->InventoryDB().GetDevicesUUIDForVenue(Venue.info.id, DeviceList);

-				for (const auto &uuid : Venue.devices) {
+				for (const auto &uuid : DeviceList) {
 					auto NewTask = new VenueDeviceRebooter(uuid, Venue.info.name, Logger());
 					bool TaskAdded = false;
 					while (!TaskAdded) {
--- a/src/Tasks/VenueUpgrade.h
+++ b/src/Tasks/VenueUpgrade.h
@@ -28,7 +28,7 @@ namespace OpenWifi {

 				Storage::ApplyRules(rules_, Device.deviceRules);
 				if (Device.deviceRules.firmwareUpgrade == "no") {
-					poco_debug(Logger(), fmt::format("Skipped Upgrade: {}", Device.serialNumber));
+					poco_debug(Logger(), fmt::format("Skipped Upgrade: {} : Venue rules prevent upgrading", Device.serialNumber));
 					skipped_++;
 					done_ = true;
 					return;
@@ -36,10 +36,15 @@ namespace OpenWifi {

 				FMSObjects::Firmware F;
 				if (SDK::FMS::Firmware::GetFirmware(Device.deviceType, revision_, F)) {
-					if (SDK::GW::Device::Upgrade(nullptr, Device.serialNumber, 0, F.uri)) {
-						Logger().debug(
-							fmt::format("{}: Upgraded to {}.", Device.serialNumber, revision_));
+                    std::string Status;
+					if (SDK::GW::Device::Upgrade(nullptr, Device.serialNumber, 0, F.uri, Status)) {
+                        if(Status=="pending") {
+                            pending_++;
+                            poco_debug(Logger(), fmt::format("Upgrade Pending: {} : {}", Device.serialNumber, Status));
+                        } else {
                            upgraded_++;
+                            poco_debug(Logger(), fmt::format("Upgrade Success: {} : {}", Device.serialNumber, Status));
+                        }
 					} else {
 						poco_information(Logger(), fmt::format("{}: Not Upgraded to {}.",
 															   Device.serialNumber, revision_));
@@ -53,10 +58,9 @@ namespace OpenWifi {
 				}
 			}
 			done_ = true;
-			// std::cout << "Done push for " << Device.serialNumber << std::endl;
 		}

-		std::uint64_t upgraded_ = 0, not_connected_ = 0, skipped_ = 0, no_firmware_ = 0;
+		std::uint64_t upgraded_ = 0, not_connected_ = 0, skipped_ = 0, no_firmware_ = 0, pending_ = 0;
 		bool started_ = false, done_ = false;
 		std::string SerialNumber;

@@ -85,7 +89,7 @@ namespace OpenWifi {
 			ProvWebSocketNotifications::VenueFWUpgradeList_t N;

 			ProvObjects::Venue Venue;
-			uint64_t upgraded_ = 0, not_connected_ = 0, skipped_ = 0, no_firmware_ = 0;
+			uint64_t upgraded_ = 0, not_connected_ = 0, skipped_ = 0, no_firmware_ = 0, pending_=0;
 			if (StorageService()->VenueDB().GetRecord("id", VenueUUID_, Venue)) {

 				N.content.title = fmt::format("Upgrading {} devices.", Venue.info.name);
@@ -96,8 +100,10 @@ namespace OpenWifi {
 				ProvObjects::DeviceRules Rules;

 				StorageService()->VenueDB().EvaluateDeviceRules(Venue.info.id, Rules);
+                std::vector<std::string> DeviceList;
+                StorageService()->InventoryDB().GetDevicesUUIDForVenue(Venue.info.id, DeviceList);

-				for (const auto &uuid : Venue.devices) {
+				for (const auto &uuid : DeviceList) {
 					auto NewTask =
 						new VenueDeviceUpgrade(uuid, Venue.info.name, Revision_, Rules, Logger());
 					bool TaskAdded = false;
@@ -121,10 +127,13 @@ namespace OpenWifi {
 								N.content.not_connected.push_back(current_job->SerialNumber);
 							else if (current_job->no_firmware_)
 								N.content.no_firmware.push_back(current_job->SerialNumber);
+                            else if (current_job->pending_)
+                                N.content.pending.push_back(current_job->SerialNumber);
 							upgraded_ += current_job->upgraded_;
 							skipped_ += current_job->skipped_;
 							no_firmware_ += current_job->no_firmware_;
 							not_connected_ += current_job->not_connected_;
+                            pending_ += current_job->pending_;
 							job_it = JobList.erase(job_it);
 							delete current_job;
 						} else {
@@ -146,10 +155,13 @@ namespace OpenWifi {
 							N.content.not_connected.push_back(current_job->SerialNumber);
 						else if (current_job->no_firmware_)
 							N.content.no_firmware.push_back(current_job->SerialNumber);
+                        else if (current_job->pending_)
+                            N.content.pending.push_back(current_job->SerialNumber);
 						upgraded_ += current_job->upgraded_;
 						skipped_ += current_job->skipped_;
 						no_firmware_ += current_job->no_firmware_;
 						not_connected_ += current_job->not_connected_;
+                        pending_ += current_job->pending_;
 						job_it = JobList.erase(job_it);
 						delete current_job;
 					} else {
@@ -158,8 +170,8 @@ namespace OpenWifi {
 				}

 				N.content.details = fmt::format(
-					"Job {} Completed: {} upgraded, {} not connected, {} skipped, {} no firmware.",
-					JobId(), upgraded_, not_connected_, skipped_, no_firmware_);
+					"Job {} Completed: {} upgraded, {} not connected, {} skipped, {} no firmware, {} pending.",
+					JobId(), upgraded_, not_connected_, skipped_, no_firmware_, pending_);
 			} else {
 				N.content.details = fmt::format("Venue {} no longer exists.", VenueUUID_);
 				Logger().warning(N.content.details);
--- a/src/UI_Prov_WebSocketNotifications.cpp
+++ b/src/UI_Prov_WebSocketNotifications.cpp
@@ -60,6 +60,7 @@ namespace OpenWifi::ProvWebSocketNotifications {
 		RESTAPI_utils::field_to_json(Obj, "success", success);
 		RESTAPI_utils::field_to_json(Obj, "notConnected", not_connected);
 		RESTAPI_utils::field_to_json(Obj, "noFirmware", no_firmware);
+        RESTAPI_utils::field_to_json(Obj, "pending", pending);
 		RESTAPI_utils::field_to_json(Obj, "skipped", skipped);
 		RESTAPI_utils::field_to_json(Obj, "timeStamp", timeStamp);
 		RESTAPI_utils::field_to_json(Obj, "details", details);
@@ -71,6 +72,7 @@ namespace OpenWifi::ProvWebSocketNotifications {
 			RESTAPI_utils::field_from_json(Obj, "jobId", jobId);
 			RESTAPI_utils::field_from_json(Obj, "success", success);
 			RESTAPI_utils::field_from_json(Obj, "notConnected", not_connected);
+            RESTAPI_utils::field_from_json(Obj, "pending", pending);
 			RESTAPI_utils::field_from_json(Obj, "noFirmware", no_firmware);
 			RESTAPI_utils::field_from_json(Obj, "skipped", skipped);
 			RESTAPI_utils::field_from_json(Obj, "timeStamp", timeStamp);
--- a/src/UI_Prov_WebSocketNotifications.h
+++ b/src/UI_Prov_WebSocketNotifications.h
@@ -32,7 +32,7 @@ namespace OpenWifi::ProvWebSocketNotifications {

 	struct FWUpgradeList {
 		std::string title, details, jobId;
-		std::vector<std::string> success, skipped, no_firmware, not_connected;
+		std::vector<std::string> success, skipped, no_firmware, not_connected, pending;
 		uint64_t timeStamp = OpenWifi::Utils::Now();

 		void to_json(Poco::JSON::Object &Obj) const;
--- a/src/framework/AppServiceRegistry.h
+++ b/src/framework/AppServiceRegistry.h
@@ -11,10 +11,12 @@

 #include "Poco/File.h"
 #include "Poco/StreamCopier.h"
+#include "Poco/JSON/Object.h"
+#include "Poco/JSON/Parser.h"

 #include "framework/MicroServiceFuncs.h"

-#include "nlohmann/json.hpp"
+// #include "nlohmann/json.hpp"

 namespace OpenWifi {

@@ -28,11 +30,11 @@ namespace OpenWifi {
 				if (F.exists()) {
 					std::ostringstream OS;
 					std::ifstream IF(FileName);
-					Poco::StreamCopier::copyStream(IF, OS);
-					Registry_ = nlohmann::json::parse(OS.str());
+                    Poco::JSON::Parser  P;
+					Registry_ = P.parse(IF).extract<Poco::JSON::Object::Ptr>();
 				}
 			} catch (...) {
-				Registry_ = nlohmann::json::parse("{}");
+				Registry_ = Poco::makeShared<Poco::JSON::Object>();
 			}
 		}

@@ -44,46 +46,39 @@ namespace OpenWifi {
 		inline ~AppServiceRegistry() { Save(); }

 		inline void Save() {
-			std::istringstream IS(to_string(Registry_));
 			std::ofstream OF;
 			OF.open(FileName, std::ios::binary | std::ios::trunc);
-			Poco::StreamCopier::copyStream(IS, OF);
+            Registry_->stringify(OF);
 		}

-		inline void Set(const char *Key, uint64_t Value) {
-			Registry_[Key] = Value;
+        void Set(const char *key, const std::vector<std::string> &V) {
+            Poco::JSON::Array   Arr;
+            for(const auto &s:V) {
+                Arr.add(s);
+            }
+            Registry_->set(key,Arr);
            Save();
        }

-		inline void Set(const char *Key, const std::string &Value) {
-			Registry_[Key] = Value;
+        template<class T> void Set(const char *key, const T &Value) {
+            Registry_->set(key,Value);
 			Save();
 		}

-		inline void Set(const char *Key, bool Value) {
-			Registry_[Key] = Value;
-			Save();
+        bool Get(const char *key, std::vector<std::string> &Value) {
+            if(Registry_->has(key) && !Registry_->isNull(key) && Registry_->isArray(key)) {
+                auto Arr = Registry_->get(key);
+                for(const auto &v:Arr) {
+                    Value.emplace_back(v);
                }
-
-		inline bool Get(const char *Key, bool &Value) {
-			if (Registry_[Key].is_boolean()) {
-				Value = Registry_[Key].get<bool>();
                return true;
            }
            return false;
        }

-		inline bool Get(const char *Key, uint64_t &Value) {
-			if (Registry_[Key].is_number_unsigned()) {
-				Value = Registry_[Key].get<uint64_t>();
-				return true;
-			}
-			return false;
-		}
-
-		inline bool Get(const char *Key, std::string &Value) {
-			if (Registry_[Key].is_string()) {
-				Value = Registry_[Key].get<std::string>();
+        template<class T> bool Get(const char *key, T &Value) {
+            if(Registry_->has(key) && !Registry_->isNull(key)) {
+                Value = Registry_->getValue<T>(key);
                return true;
            }
            return false;
@@ -91,7 +86,7 @@ namespace OpenWifi {

 	  private:
 		std::string FileName;
-		nlohmann::json Registry_;
+		Poco::JSON::Object::Ptr Registry_;
 	};

 	inline auto AppServiceRegistry() { return AppServiceRegistry::instance(); }
--- a/src/framework/ConfigurationValidator.cpp
+++ b/src/framework/ConfigurationValidator.cpp
@@ -34,6 +34,10 @@ static std::string DefaultUCentralSchema = R"foo(
    "$schema": "http://json-schema.org/draft-07/schema#",
    "type": "object",
    "properties": {
+        "strict": {
+            "type": "boolean",
+            "default": false
+        },
        "uuid": {
            "type": "integer"
        },
@@ -114,6 +118,20 @@ static std::string DefaultUCentralSchema = R"foo(
                "random-password": {
                    "type": "boolean",
                    "default": false
+                },
+                "beacon-advertisement": {
+                    "type": "object",
+                    "properties": {
+                        "device-name": {
+                            "type": "boolean"
+                        },
+                        "device-serial": {
+                            "type": "boolean"
+                        },
+                        "network-id": {
+                            "type": "integer"
+                        }
+                    }
                }
            }
        },
@@ -222,6 +240,52 @@ static std::string DefaultUCentralSchema = R"foo(
                }
            }
        },
+        "interface.ssid.encryption": {
+            "type": "object",
+            "properties": {
+                "proto": {
+                    "type": "string",
+                    "enum": [
+                        "none",
+                        "owe",
+                        "owe-transition",
+                        "psk",
+                        "psk2",
+                        "psk-mixed",
+                        "psk2-radius",
+                        "wpa",
+                        "wpa2",
+                        "wpa-mixed",
+                        "sae",
+                        "sae-mixed",
+                        "wpa3",
+                        "wpa3-192",
+                        "wpa3-mixed"
+                    ],
+                    "examples": [
+                        "psk2"
+                    ]
+                },
+                "key": {
+                    "type": "string",
+                    "maxLength": 63,
+                    "minLength": 8
+                },
+                "ieee80211w": {
+                    "type": "string",
+                    "enum": [
+                        "disabled",
+                        "optional",
+                        "required"
+                    ],
+                    "default": "disabled"
+                },
+                "key-caching": {
+                    "type": "boolean",
+                    "default": true
+                }
+            }
+        },
        "definitions": {
            "type": "object",
            "properties": {
@@ -716,7 +780,8 @@ static std::string DefaultUCentralSchema = R"foo(
                    "type": "string",
                    "enum": [
                        "dynamic",
-                        "static"
+                        "static",
+                        "none"
                    ],
                    "examples": [
                        "static"
@@ -1006,52 +1071,6 @@ static std::string DefaultUCentralSchema = R"foo(
                }
            ]
        },
-        "interface.ssid.encryption": {
-            "type": "object",
-            "properties": {
-                "proto": {
-                    "type": "string",
-                    "enum": [
-                        "none",
-                        "owe",
-                        "owe-transition",
-                        "psk",
-                        "psk2",
-                        "psk-mixed",
-                        "psk2-radius",
-                        "wpa",
-                        "wpa2",
-                        "wpa-mixed",
-                        "sae",
-                        "sae-mixed",
-                        "wpa3",
-                        "wpa3-192",
-                        "wpa3-mixed"
-                    ],
-                    "examples": [
-                        "psk2"
-                    ]
-                },
-                "key": {
-                    "type": "string",
-                    "maxLength": 63,
-                    "minLength": 8
-                },
-                "ieee80211w": {
-                    "type": "string",
-                    "enum": [
-                        "disabled",
-                        "optional",
-                        "required"
-                    ],
-                    "default": "disabled"
-                },
-                "key-caching": {
-                    "type": "boolean",
-                    "default": true
-                }
-            }
-        },
        "interface.ssid.multi-psk": {
            "type": "object",
            "properties": {
@@ -2020,6 +2039,11 @@ static std::string DefaultUCentralSchema = R"foo(
                    "decription": "This option allows embedding custom vendor specific IEs inside the beacons of a BSS in AP mode.",
                    "type": "string"
                },
+                "tip-information-element": {
+                    "decription": "The device will broadcast the TIP vendor IE inside its beacons if this option is enabled.",
+                    "type": "boolean",
+                    "default": true
+                },
                "fils-discovery-interval": {
                    "type": "integer",
                    "default": 20,
@@ -2443,6 +2467,24 @@ static std::string DefaultUCentralSchema = R"foo(
                    "type": "boolean",
                    "default": false
                },
+                "mode": {
+                    "type": "string",
+                    "enum": [
+                        "radius",
+                        "user"
+                    ]
+                },
+                "port-filter": {
+                    "type": "array",
+                    "items": {
+                        "type": "string",
+                        "examples": [
+                            {
+                                "LAN1": null
+                            }
+                        ]
+                    }
+                },
                "server-certificate": {
                    "type": "string"
                },
@@ -2454,6 +2496,77 @@ static std::string DefaultUCentralSchema = R"foo(
                    "items": {
                        "$ref": "#/$defs/interface.ssid.radius.local-user"
                    }
+                },
+                "radius": {
+                    "type": "object",
+                    "properties": {
+                        "nas-identifier": {
+                            "type": "string"
+                        },
+                        "auth-server-addr": {
+                            "type": "string",
+                            "format": "uc-host",
+                            "examples": [
+                                "192.168.1.10"
+                            ]
+                        },
+                        "auth-server-port": {
+                            "type": "integer",
+                            "maximum": 65535,
+                            "minimum": 1024,
+                            "examples": [
+                                1812
+                            ]
+                        },
+                        "auth-server-secret": {
+                            "type": "string",
+                            "examples": [
+                                "secret"
+                            ]
+                        },
+                        "acct-server-addr": {
+                            "type": "string",
+                            "format": "uc-host",
+                            "examples": [
+                                "192.168.1.10"
+                            ]
+                        },
+                        "acct-server-port": {
+                            "type": "integer",
+                            "maximum": 65535,
+                            "minimum": 1024,
+                            "examples": [
+                                1813
+                            ]
+                        },
+                        "acct-server-secret": {
+                            "type": "string",
+                            "examples": [
+                                "secret"
+                            ]
+                        },
+                        "coa-server-addr": {
+                            "type": "string",
+                            "format": "uc-host",
+                            "examples": [
+                                "192.168.1.10"
+                            ]
+                        },
+                        "coa-server-port": {
+                            "type": "integer",
+                            "maximum": 65535,
+                            "minimum": 1024,
+                            "examples": [
+                                1814
+                            ]
+                        },
+                        "coa-server-secret": {
+                            "type": "string",
+                            "examples": [
+                                "secret"
+                            ]
+                        }
+                    }
                }
            }
        },
@@ -2777,6 +2890,12 @@ static std::string DefaultUCentralSchema = R"foo(
                        }
                    }
                },
+                "services": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    }
+                },
                "classifier": {
                    "type": "array",
                    "items": {
@@ -3019,6 +3138,24 @@ static std::string DefaultUCentralSchema = R"foo(
                            "relay-server": {
                                "type": "string",
                                "format": "uc-ip"
+                            },
+                            "circuit-id-format": {
+                                "type": "string",
+                                "enum": [
+                                    "vlan-id",
+                                    "ap-mac",
+                                    "ssid"
+                                ],
+                                "default": "vlan-id"
+                            },
+                            "remote-id-format": {
+                                "type": "string",
+                                "enum": [
+                                    "vlan-id",
+                                    "ap-mac",
+                                    "ssid"
+                                ],
+                                "default": "ap-mac"
                            }
                        }
                    }
--- a/src/framework/EventBusManager.cpp
+++ b/src/framework/EventBusManager.cpp
@@ -9,23 +9,21 @@

 namespace OpenWifi {

-	EventBusManager::EventBusManager(Poco::Logger &L) : Logger_(L) {}
-
 	void EventBusManager::run() {
 		Running_ = true;
 		Utils::SetThreadName("fmwk:EventMgr");
-		auto Msg = std::make_shared<std::string>(MicroServiceMakeSystemEventMessage(KafkaTopics::ServiceEvents::EVENT_JOIN));
+		auto Msg = (MicroServiceMakeSystemEventMessage(KafkaTopics::ServiceEvents::EVENT_JOIN));
 		KafkaManager()->PostMessage(KafkaTopics::SERVICE_EVENTS, MicroServicePrivateEndPoint(), Msg,
 									false);
 		while (Running_) {
 			Poco::Thread::trySleep((unsigned long)MicroServiceDaemonBusTimer());
 			if (!Running_)
 				break;
-			Msg = std::make_shared<std::string>(MicroServiceMakeSystemEventMessage(KafkaTopics::ServiceEvents::EVENT_KEEP_ALIVE));
+			Msg = (MicroServiceMakeSystemEventMessage(KafkaTopics::ServiceEvents::EVENT_KEEP_ALIVE));
 			KafkaManager()->PostMessage(KafkaTopics::SERVICE_EVENTS, MicroServicePrivateEndPoint(),
 										Msg, false);
 		}
-		Msg = std::make_shared<std::string>(MicroServiceMakeSystemEventMessage(KafkaTopics::ServiceEvents::EVENT_LEAVE));
+		Msg = (MicroServiceMakeSystemEventMessage(KafkaTopics::ServiceEvents::EVENT_LEAVE));
 		KafkaManager()->PostMessage(KafkaTopics::SERVICE_EVENTS, MicroServicePrivateEndPoint(), Msg,
 									false);
 	};
--- a/src/framework/EventBusManager.h
+++ b/src/framework/EventBusManager.h
@@ -12,6 +12,16 @@ namespace OpenWifi {

 	class EventBusManager : public Poco::Runnable {
 	  public:
+		EventBusManager() :
+			Logger_(Poco::Logger::create(
+				"EventBusManager", Poco::Logger::root().getChannel(), Poco::Logger::root().getLevel())) {
+		}
+
+		static auto instance() {
+			static auto instance_ = new EventBusManager;
+			return instance_;
+		}
+
 		explicit EventBusManager(Poco::Logger &L);
 		void run() final;
 		void Start();
@@ -24,4 +34,6 @@ namespace OpenWifi {
 		Poco::Logger &Logger_;
 	};

+	inline auto EventBusManager() { return EventBusManager::instance(); }
+
 } // namespace OpenWifi
--- a/src/framework/KafkaManager.cpp
+++ b/src/framework/KafkaManager.cpp
@@ -6,6 +6,7 @@

 #include "fmt/format.h"
 #include "framework/MicroServiceFuncs.h"
+#include "cppkafka/utils/consumer_dispatcher.h"

 namespace OpenWifi {

@@ -99,9 +100,12 @@ namespace OpenWifi {
 			try {
 				auto Msg = dynamic_cast<KafkaMessage *>(Note.get());
 				if (Msg != nullptr) {
-					Producer.produce(cppkafka::MessageBuilder(Msg->Topic())
-										 .key(Msg->Key())
-										 .payload(Msg->Payload()));
+					auto NewMessage = cppkafka::MessageBuilder(Msg->Topic());
+					NewMessage.key(Msg->Key());
+					NewMessage.partition(0);
+					NewMessage.payload(Msg->Payload());
+					Producer.produce(NewMessage);
+					Producer.flush();
 				}
 			} catch (const cppkafka::HandleException &E) {
 				poco_warning(Logger_,
@@ -156,43 +160,49 @@ namespace OpenWifi {
 			}
 		});

-		bool AutoCommit = MicroServiceConfigGetBool("openwifi.kafka.auto.commit", false);
-		auto BatchSize = MicroServiceConfigGetInt("openwifi.kafka.consumer.batchsize", 20);
+		// bool AutoCommit = MicroServiceConfigGetBool("openwifi.kafka.auto.commit", false);
+		// auto BatchSize = MicroServiceConfigGetInt("openwifi.kafka.consumer.batchsize", 100);

 		Types::StringVec Topics;
-		KafkaManager()->Topics(Topics);
+		std::for_each(Topics_.begin(),Topics_.end(),
+					  [&](const std::string & T) { Topics.emplace_back(T); });
 		Consumer.subscribe(Topics);

 		Running_ = true;
-		while (Running_) {
+		std::vector<cppkafka::Message> MsgVec;
+
+		Dispatcher_ = std::make_unique<cppkafka::ConsumerDispatcher>(Consumer);
+
+		Dispatcher_->run(
+			// Callback executed whenever a new message is consumed
+			[&](cppkafka::Message msg) {
+				// Print the key (if any)
+				std::lock_guard G(ConsumerMutex_);
+				auto It = Notifiers_.find(msg.get_topic());
+				if (It != Notifiers_.end()) {
+					const auto &FL = It->second;
+					for (const auto &[CallbackFunc, _] : FL) {
 						try {
-				std::vector<cppkafka::Message> MsgVec =
-					Consumer.poll_batch(BatchSize, std::chrono::milliseconds(100));
-				for (auto const &Msg : MsgVec) {
-					if (!Msg)
-						continue;
-					if (Msg.get_error()) {
-						if (!Msg.is_eof()) {
-							poco_error(Logger_,
-									   fmt::format("Error: {}", Msg.get_error().to_string()));
-						}
-						if (!AutoCommit)
-							Consumer.async_commit(Msg);
-						continue;
-					}
-					KafkaManager()->Dispatch(Msg.get_topic().c_str(), Msg.get_key(), std::make_shared<std::string>(Msg.get_payload()));
-					if (!AutoCommit)
-						Consumer.async_commit(Msg);
-				}
-			} catch (const cppkafka::HandleException &E) {
-				poco_warning(Logger_,
-							 fmt::format("Caught a Kafka exception (consumer): {}", E.what()));
+							CallbackFunc(msg.get_key(), msg.get_payload());
 						} catch(const Poco::Exception &E) {
-				Logger_.log(E);
+
 						} catch(...) {
-				poco_error(Logger_, "std::exception");
+
 						}
 					}
+				}
+				Consumer.commit(msg);
+			},
+			// Whenever there's an error (other than the EOF soft error)
+			[&Logger_](cppkafka::Error error) {
+				poco_warning(Logger_,fmt::format("Error: {}", error.to_string()));
+			},
+			// Whenever EOF is reached on a partition, print this
+			[&Logger_](cppkafka::ConsumerDispatcher::EndOfFile, const cppkafka::TopicPartition& topic_partition) {
+				poco_debug(Logger_,fmt::format("Partition {} EOF", topic_partition.get_partition()));
+			}
+		);
+
 		Consumer.unsubscribe();
 		poco_information(Logger_, "Stopped...");
 	}
@@ -213,14 +223,13 @@ namespace OpenWifi {
 	}

 	void KafkaProducer::Produce(const char *Topic, const std::string &Key,
-								std::shared_ptr<std::string> Payload) {
+								const std::string &Payload) {
 		std::lock_guard G(Mutex_);
 		Queue_.enqueueNotification(new KafkaMessage(Topic, Key, Payload));
 	}

 	void KafkaConsumer::Start() {
 		if (!Running_) {
-			Running_ = true;
 			Worker_.start(*this);
 		}
 	}
@@ -228,29 +237,16 @@ namespace OpenWifi {
 	void KafkaConsumer::Stop() {
 		if (Running_) {
 			Running_ = false;
-			Worker_.wakeUp();
+			if(Dispatcher_) {
+				Dispatcher_->stop();
+			}
 			Worker_.join();
 		}
 	}

-	void KafkaDispatcher::Start() {
-		if (!Running_) {
-			Running_ = true;
-			Worker_.start(*this);
-		}
-	}
-
-	void KafkaDispatcher::Stop() {
-		if (Running_) {
-			Running_ = false;
-			Queue_.wakeUpAll();
-			Worker_.join();
-		}
-	}
-
-	auto KafkaDispatcher::RegisterTopicWatcher(const std::string &Topic,
+	std::uint64_t KafkaConsumer::RegisterTopicWatcher(const std::string &Topic,
 											   Types::TopicNotifyFunction &F) {
-		std::lock_guard G(Mutex_);
+		std::lock_guard G(ConsumerMutex_);
 		auto It = Notifiers_.find(Topic);
 		if (It == Notifiers_.end()) {
 			Types::TopicNotifyFunctionList L;
@@ -259,11 +255,12 @@ namespace OpenWifi {
 		} else {
 			It->second.emplace(It->second.end(), std::make_pair(F, FunctionId_));
 		}
+		Topics_.insert(Topic);
 		return FunctionId_++;
 	}

-	void KafkaDispatcher::UnregisterTopicWatcher(const std::string &Topic, int Id) {
-		std::lock_guard G(Mutex_);
+	void KafkaConsumer::UnregisterTopicWatcher(const std::string &Topic, int Id) {
+		std::lock_guard G(ConsumerMutex_);
 		auto It = Notifiers_.find(Topic);
 		if (It != Notifiers_.end()) {
 			Types::TopicNotifyFunctionList &L = It->second;
@@ -275,56 +272,17 @@ namespace OpenWifi {
 		}
 	}

-	void KafkaDispatcher::Dispatch(const char *Topic, const std::string &Key,
-								   const std::shared_ptr<std::string> Payload) {
-		std::lock_guard G(Mutex_);
-		auto It = Notifiers_.find(Topic);
-		if (It != Notifiers_.end()) {
-			Queue_.enqueueNotification(new KafkaMessage(Topic, Key, Payload));
-		}
-	}
-
-	void KafkaDispatcher::run() {
-		Poco::Logger &Logger_ =
-			Poco::Logger::create("KAFKA-DISPATCHER", KafkaManager()->Logger().getChannel());
-		poco_information(Logger_, "Starting...");
-		Poco::AutoPtr<Poco::Notification> Note(Queue_.waitDequeueNotification());
-		Utils::SetThreadName("kafka:dispatch");
-		while (Note && Running_) {
-			auto Msg = dynamic_cast<KafkaMessage *>(Note.get());
-			if (Msg != nullptr) {
-				auto It = Notifiers_.find(Msg->Topic());
-				if (It != Notifiers_.end()) {
-					const auto &FL = It->second;
-					for (const auto &[CallbackFunc, _] : FL) {
-						CallbackFunc(Msg->Key(), Msg->Payload());
-					}
-				}
-			}
-			Note = Queue_.waitDequeueNotification();
-		}
-		poco_information(Logger_, "Stopped...");
-	}
-
-	void KafkaDispatcher::Topics(std::vector<std::string> &T) {
-		T.clear();
-		for (const auto &[TopicName, _] : Notifiers_)
-			T.push_back(TopicName);
-	}
-
 	int KafkaManager::Start() {
 		if (!KafkaEnabled_)
 			return 0;
 		ConsumerThr_.Start();
 		ProducerThr_.Start();
-		Dispatcher_.Start();
 		return 0;
 	}

 	void KafkaManager::Stop() {
 		if (KafkaEnabled_) {
 			poco_information(Logger(), "Stopping...");
-			Dispatcher_.Stop();
 			ProducerThr_.Stop();
 			ConsumerThr_.Stop();
 			poco_information(Logger(), "Stopped...");
@@ -333,38 +291,25 @@ namespace OpenWifi {
 	}

 	void KafkaManager::PostMessage(const char *topic, const std::string &key,
-								   const std::shared_ptr<std::string> PayLoad, bool WrapMessage) {
+								   const std::string & PayLoad, bool WrapMessage) {
 		if (KafkaEnabled_) {
 			ProducerThr_.Produce(topic, key, WrapMessage ? WrapSystemId(PayLoad) : PayLoad);
 		}
 	}

-	void KafkaManager::Dispatch(const char *Topic, const std::string &Key,
-								const std::shared_ptr<std::string> Payload) {
-		Dispatcher_.Dispatch(Topic, Key, Payload);
-	}
-
-	[[nodiscard]] const std::shared_ptr<std::string> KafkaManager::WrapSystemId(const std::shared_ptr<std::string> PayLoad) {
-		*PayLoad = SystemInfoWrapper_ + *PayLoad + "}";
-		return PayLoad;
-	}
-
-	uint64_t KafkaManager::RegisterTopicWatcher(const std::string &Topic,
-												Types::TopicNotifyFunction &F) {
+	void KafkaManager::PostMessage(const char *topic, const std::string &key,
+					 const Poco::JSON::Object &Object, bool WrapMessage) {
 		if (KafkaEnabled_) {
-			return Dispatcher_.RegisterTopicWatcher(Topic, F);
-		} else {
-			return 0;
+			std::ostringstream ObjectStr;
+			Object.stringify(ObjectStr);
+			ProducerThr_.Produce(topic, key, WrapMessage ? WrapSystemId(ObjectStr.str()) : ObjectStr.str());
 		}
 	}

-	void KafkaManager::UnregisterTopicWatcher(const std::string &Topic, uint64_t Id) {
-		if (KafkaEnabled_) {
-			Dispatcher_.UnregisterTopicWatcher(Topic, Id);
+	[[nodiscard]] std::string KafkaManager::WrapSystemId(const std::string & PayLoad) {
+		return fmt::format(	R"lit({{ "system" : {{ "id" : {}, "host" : "{}" }}, "payload" : {} }})lit",
+						   MicroServiceID(), MicroServicePrivateEndPoint(), PayLoad ) ;
 	}
-	}
-
-	void KafkaManager::Topics(std::vector<std::string> &T) { Dispatcher_.Topics(T); }

 	void KafkaManager::PartitionAssignment(const cppkafka::TopicPartitionList &partitions) {
 		poco_information(
--- a/src/framework/KafkaManager.h
+++ b/src/framework/KafkaManager.h
@@ -6,7 +6,7 @@

 #include "Poco/Notification.h"
 #include "Poco/NotificationQueue.h"
-
+#include "Poco/JSON/Object.h"
 #include "framework/KafkaTopics.h"
 #include "framework/OpenWifiTypes.h"
 #include "framework/SubSystemServer.h"
@@ -18,17 +18,17 @@ namespace OpenWifi {

 	class KafkaMessage : public Poco::Notification {
 	  public:
-		KafkaMessage(const char * Topic, const std::string &Key, std::shared_ptr<std::string> Payload)
+		KafkaMessage(const char * Topic, const std::string &Key, const std::string &Payload)
 			: Topic_(Topic), Key_(Key), Payload_(Payload) {}

 		inline const char * Topic() { return Topic_; }
 		inline const std::string &Key() { return Key_; }
-		inline const std::string &Payload() { return *Payload_; }
+		inline const std::string &Payload() { return Payload_; }

 	  private:
 		const char *Topic_;
 		std::string Key_;
-		std::shared_ptr<std::string> Payload_;
+		std::string Payload_;
 	};

 	class KafkaProducer : public Poco::Runnable {
@@ -36,10 +36,10 @@ namespace OpenWifi {
 		void run() override;
 		void Start();
 		void Stop();
-		void Produce(const char *Topic, const std::string &Key, std::shared_ptr<std::string> Payload);
+		void Produce(const char *Topic, const std::string &Key, const std::string & Payload);

 	  private:
-		std::recursive_mutex Mutex_;
+		std::mutex Mutex_;
 		Poco::Thread Worker_;
 		mutable std::atomic_bool Running_ = false;
 		Poco::NotificationQueue Queue_;
@@ -47,33 +47,22 @@ namespace OpenWifi {

 	class KafkaConsumer : public Poco::Runnable {
 	  public:
-		void run() override;
 		void Start();
 		void Stop();

 	  private:
-		std::recursive_mutex Mutex_;
-		Poco::Thread Worker_;
-		mutable std::atomic_bool Running_ = false;
-	};
-
-	class KafkaDispatcher : public Poco::Runnable {
-	  public:
-		void Start();
-		void Stop();
-		auto RegisterTopicWatcher(const std::string &Topic, Types::TopicNotifyFunction &F);
-		void UnregisterTopicWatcher(const std::string &Topic, int Id);
-		void Dispatch(const char *Topic, const std::string &Key, const std::shared_ptr<std::string> Payload);
-		void run() override;
-		void Topics(std::vector<std::string> &T);
-
-	  private:
-		std::recursive_mutex Mutex_;
+		std::mutex 				ConsumerMutex_;
 		Types::NotifyTable 		Notifiers_;
 		Poco::Thread 			Worker_;
 		mutable std::atomic_bool Running_ = false;
 		uint64_t 				FunctionId_ = 1;
-		Poco::NotificationQueue Queue_;
+		std::unique_ptr<cppkafka::ConsumerDispatcher> 	Dispatcher_;
+		std::set<std::string>	Topics_;
+
+		void run() override;
+		friend class KafkaManager;
+		std::uint64_t RegisterTopicWatcher(const std::string &Topic, Types::TopicNotifyFunction &F);
+		void UnregisterTopicWatcher(const std::string &Topic, int Id);
 	};

 	class KafkaManager : public SubSystemServer {
@@ -92,20 +81,24 @@ namespace OpenWifi {
 		void Stop() override;

 		void PostMessage(const char *topic, const std::string &key,
-						 std::shared_ptr<std::string> PayLoad, bool WrapMessage = true);
-		void Dispatch(const char *Topic, const std::string &Key, std::shared_ptr<std::string> Payload);
-		[[nodiscard]] const std::shared_ptr<std::string> WrapSystemId(std::shared_ptr<std::string> PayLoad);
+						 const std::string &PayLoad, bool WrapMessage = true);
+		void PostMessage(const char *topic, const std::string &key,
+						 const Poco::JSON::Object &Object, bool WrapMessage = true);
+
+		[[nodiscard]] std::string WrapSystemId(const std::string & PayLoad);
 		[[nodiscard]] inline bool Enabled() const { return KafkaEnabled_; }
-		uint64_t RegisterTopicWatcher(const std::string &Topic, Types::TopicNotifyFunction &F);
-		void UnregisterTopicWatcher(const std::string &Topic, uint64_t Id);
-		void Topics(std::vector<std::string> &T);
+		inline std::uint64_t RegisterTopicWatcher(const std::string &Topic, Types::TopicNotifyFunction &F) {
+			return ConsumerThr_.RegisterTopicWatcher(Topic,F);
+		}
+		inline void UnregisterTopicWatcher(const std::string &Topic, uint64_t Id) {
+			return ConsumerThr_.UnregisterTopicWatcher(Topic,Id);
+		}

 	  private:
 		bool KafkaEnabled_ = false;
 		std::string SystemInfoWrapper_;
 		KafkaProducer ProducerThr_;
 		KafkaConsumer ConsumerThr_;
-		KafkaDispatcher Dispatcher_;

 		void PartitionAssignment(const cppkafka::TopicPartitionList &partitions);
 		void PartitionRevocation(const cppkafka::TopicPartitionList &partitions);
--- a/src/framework/KafkaTopics.h
+++ b/src/framework/KafkaTopics.h
@@ -20,6 +20,7 @@ namespace OpenWifi::KafkaTopics {
 	inline const char * DEVICE_EVENT_QUEUE = "device_event_queue";
 	inline const char * DEVICE_TELEMETRY = "device_telemetry";
 	inline const char * PROVISIONING_CHANGE = "provisioning_change";
+	inline const char * RRM = "rrm";

 	namespace ServiceEvents {
 		inline const char * EVENT_JOIN = "join";
--- a/src/framework/MicroService.cpp
+++ b/src/framework/MicroService.cpp
@@ -33,9 +33,23 @@ namespace OpenWifi {

 	void MicroService::Exit(int Reason) { std::exit(Reason); }

+    static std::string MakeServiceListString(const Types::MicroServiceMetaMap &Services) {
+        std::string SvcList;
+        for (const auto &Svc : Services) {
+            if (SvcList.empty())
+                SvcList = Svc.second.Type;
+            else
+                SvcList += ", " + Svc.second.Type;
+        }
+        return SvcList;
+    }
+
 	void MicroService::BusMessageReceived([[maybe_unused]] const std::string &Key,
 										  const std::string &Payload) {
 		std::lock_guard G(InfraMutex_);
+
+		Poco::Logger &BusLogger = EventBusManager()->Logger();
+
 		try {
 			Poco::JSON::Parser P;
 			auto Object = P.parse(Payload).extract<Poco::JSON::Object::Ptr>();
@@ -55,13 +69,10 @@ namespace OpenWifi {
 							Object->has(KafkaTopics::ServiceEvents::Fields::KEY)) {
 							auto PrivateEndPoint =
 								Object->get(KafkaTopics::ServiceEvents::Fields::PRIVATE).toString();
-							if (Event == KafkaTopics::ServiceEvents::EVENT_KEEP_ALIVE &&
-								Services_.find(PrivateEndPoint) != Services_.end()) {
-								Services_[PrivateEndPoint].LastUpdate = Utils::Now();
-							} else if (Event == KafkaTopics::ServiceEvents::EVENT_LEAVE) {
+							if (Event == KafkaTopics::ServiceEvents::EVENT_LEAVE) {
 								Services_.erase(PrivateEndPoint);
-								poco_debug(
-									logger(),
+								poco_information(
+									BusLogger,
 									fmt::format(
 										"Service {} ID={} leaving system.",
 										Object->get(KafkaTopics::ServiceEvents::Fields::PRIVATE)
@@ -69,14 +80,7 @@ namespace OpenWifi {
 										ID));
 							} else if (Event == KafkaTopics::ServiceEvents::EVENT_JOIN ||
 									   Event == KafkaTopics::ServiceEvents::EVENT_KEEP_ALIVE) {
-								poco_debug(
-									logger(),
-									fmt::format(
-										"Service {} ID={} joining system.",
-										Object->get(KafkaTopics::ServiceEvents::Fields::PRIVATE)
-											.toString(),
-										ID));
-								Services_[PrivateEndPoint] = Types::MicroServiceMeta{
+								auto ServiceInfo = Types::MicroServiceMeta{
 									.Id = ID,
 									.Type = Poco::toLower(
 										Object->get(KafkaTopics::ServiceEvents::Fields::TYPE)
@@ -94,6 +98,22 @@ namespace OpenWifi {
 												   .toString(),
 									.LastUpdate = Utils::Now()};

+                                auto s1 = MakeServiceListString(Services_);
+								auto PreviousSize = Services_.size();
+								Services_[PrivateEndPoint] = ServiceInfo;
+								auto CurrentSize = Services_.size();
+								if(Event == KafkaTopics::ServiceEvents::EVENT_JOIN) {
+									if(!s1.empty()) {
+										poco_information(
+											BusLogger,
+											fmt::format(
+												"Service {} ID={} is joining the system.",
+												Object
+													->get(
+														KafkaTopics::ServiceEvents::Fields::PRIVATE)
+													.toString(),
+												ID));
+									}
 									std::string SvcList;
 									for (const auto &Svc : Services_) {
 										if (SvcList.empty())
@@ -102,12 +122,22 @@ namespace OpenWifi {
 											SvcList += ", " + Svc.second.Type;
 									}
 									poco_information(
-									logger(),
+										BusLogger,
 										fmt::format("Current list of microservices: {}", SvcList));
+								} else if(CurrentSize!=PreviousSize) {
+									poco_information(
+										BusLogger,
+										fmt::format(
+											"Service {} ID={} is being added back in.",
+											Object
+												->get(KafkaTopics::ServiceEvents::Fields::PRIVATE)
+												.toString(),
+											ID));
+								}
 							}
 						} else {
-							poco_error(
-								logger(),
+							poco_information(
+								BusLogger,
 								fmt::format("KAFKA-MSG: invalid event '{}', missing a field.",
 											Event));
 						}
@@ -118,32 +148,39 @@ namespace OpenWifi {
 								Object->get(KafkaTopics::ServiceEvents::Fields::TOKEN).toString());
 #endif
 						} else {
-							poco_error(
-								logger(),
+							poco_information(
+								BusLogger,
 								fmt::format("KAFKA-MSG: invalid event '{}', missing token", Event));
 						}
 					} else {
-						poco_error(logger(),
+						poco_information(BusLogger,
 								   fmt::format("Unknown Event: {} Source: {}", Event, ID));
 					}
 				}
 			} else {
-				poco_error(logger(), "Bad bus message.");
 				std::ostringstream os;
 				Object->stringify(std::cout);
+				poco_error(BusLogger, fmt::format("Bad bus message: {}", os.str()));
 			}

-			auto i = Services_.begin();
+			auto ServiceHint = Services_.begin();
 			auto now = Utils::Now();
-			for (; i != Services_.end();) {
-				if ((now - i->second.LastUpdate) > 60) {
-					i = Services_.erase(i);
+            auto si1 = Services_.size();
+            auto ss1 = MakeServiceListString(Services_);
+			while(ServiceHint!=Services_.end()) {
+				if ((now - ServiceHint->second.LastUpdate) > 120) {
+					poco_information(BusLogger, fmt::format("ZombieService: Removing service {}, ", ServiceHint->second.PublicEndPoint));
+					ServiceHint = Services_.erase(ServiceHint);
 				} else
-					++i;
+					++ServiceHint;
+			}
+            if(Services_.size() != si1) {
+                auto ss2 = MakeServiceListString(Services_);
+                poco_information(BusLogger, fmt::format("Current list of microservices: {} -> {}", ss1, ss2));
            }

 		} catch (const Poco::Exception &E) {
-			logger().log(E);
+			BusLogger.log(E);
 		}
 	}

@@ -412,7 +449,7 @@ namespace OpenWifi {
 			try {
 				DataDir.createDirectory();
 			} catch (const Poco::Exception &E) {
-				logger().log(E);
+				Logger_.log(E);
 			}
 		}
 		WWWAssetsDir_ = ConfigPath("openwifi.restapi.wwwassets", "");
@@ -530,14 +567,12 @@ namespace OpenWifi {
 		for (auto i : SubSystems_) {
 			i->Start();
 		}
-		EventBusManager_ = std::make_unique<EventBusManager>(Poco::Logger::create(
-			"EventBusManager", Poco::Logger::root().getChannel(), Poco::Logger::root().getLevel()));
-		EventBusManager_->Start();
+		EventBusManager()->Start();
 	}

 	void MicroService::StopSubSystemServers() {
 		AddActivity("Stopping");
-		EventBusManager_->Stop();
+		EventBusManager()->Stop();
 		for (auto i = SubSystems_.rbegin(); i != SubSystems_.rend(); ++i) {
 			(*i)->Stop();
 		}
@@ -697,7 +732,7 @@ namespace OpenWifi {
 			auto APIKEY = Request.get("X-API-KEY");
 			return APIKEY == MyHash_;
 		} catch (const Poco::Exception &E) {
-			logger().log(E);
+			Logger_.log(E);
 		}
 		return false;
 	}
--- a/src/framework/MicroService.h
+++ b/src/framework/MicroService.h
@@ -201,7 +201,6 @@ namespace OpenWifi {
 		Poco::JWT::Signer Signer_;
 		Poco::Logger &Logger_;
 		Poco::ThreadPool TimerPool_{"timer:pool", 2, 32};
-		std::unique_ptr<EventBusManager> EventBusManager_;
 	};

 	inline MicroService *MicroService::instance_ = nullptr;
--- a/src/framework/MicroServiceFuncs.cpp
+++ b/src/framework/MicroServiceFuncs.cpp
@@ -129,4 +129,8 @@ namespace OpenWifi {
 		return ALBHealthCheckServer()->RegisterExtendedHealthMessage(Callback);
 	}

+	std::string MicroServiceAccessKey() {
+		return MicroService::instance().Hash();
+	}
+
 } // namespace OpenWifi
--- a/src/framework/MicroServiceFuncs.h
+++ b/src/framework/MicroServiceFuncs.h
@@ -22,6 +22,7 @@ namespace OpenWifi {
 	std::string MicroServicePublicEndPoint();
 	std::string MicroServiceConfigGetString(const std::string &Key,
 											const std::string &DefaultValue);
+	std::string MicroServiceAccessKey();
 	bool MicroServiceConfigGetBool(const std::string &Key, bool DefaultValue);
 	std::uint64_t MicroServiceConfigGetInt(const std::string &Key, std::uint64_t DefaultValue);
 	std::string MicroServicePrivateEndPoint();
--- a/src/framework/RESTAPI_Handler.h
+++ b/src/framework/RESTAPI_Handler.h
@@ -574,6 +574,36 @@ namespace OpenWifi {
 			Poco::JSON::Stringifier::stringify(Object, Answer);
 		}

+        inline void ReturnObject(const std::vector<std::string> &Strings) {
+            Poco::JSON::Array   Arr;
+            for(const auto &String:Strings) {
+                Arr.add(String);
+            }
+            std::ostringstream os;
+            Arr.stringify(os);
+            return ReturnRawJSON(os.str());
+        }
+
+        template<class T> void ReturnObject(const std::vector<T> &Objects) {
+            Poco::JSON::Array   Arr;
+            for(const auto &Object:Objects) {
+                Poco::JSON::Object O;
+                Object.to_json(O);
+                Arr.add(O);
+            }
+            std::ostringstream os;
+            Arr.stringify(os);
+            return ReturnRawJSON(os.str());
+        }
+
+        template<class T> void ReturnObject(const T &Object) {
+            Poco::JSON::Object  O;
+            Object.to_json(O);
+            std::ostringstream os;
+            O.stringify(os);
+            return ReturnRawJSON(os.str());
+        }
+
        inline void ReturnRawJSON(const std::string &json_doc) {
 			PrepareResponse();
 			if (Request != nullptr) {
--- a/src/framework/StorageClass.h
+++ b/src/framework/StorageClass.h
@@ -47,6 +47,8 @@ namespace OpenWifi {

        }

+		Poco::Data::SessionPool &Pool() { return *Pool_; }
+
 	  private:
 		inline int Setup_SQLite();
 		inline int Setup_MySQL();
--- a/src/framework/SubSystemServer.cpp
+++ b/src/framework/SubSystemServer.cpp
@@ -37,6 +37,7 @@ namespace OpenWifi {
 		P.cipherList = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH";
 		P.dhUse2048Bits = true;
 		P.caLocation = cas_;
+        // P.securityLevel =

 		auto Context = Poco::AutoPtr<Poco::Net::Context>(
 			new Poco::Net::Context(Poco::Net::Context::TLS_SERVER_USE, P));
@@ -53,7 +54,6 @@ namespace OpenWifi {

 			Context->useCertificate(Cert);
 			Context->addChainCertificate(Root);
-
 			Context->addCertificateAuthority(Root);

 			if (level_ == Poco::Net::Context::VERIFY_STRICT) {
@@ -76,18 +76,18 @@ namespace OpenWifi {
 				L.fatal(fmt::format("Wrong Certificate({}) for Key({})", cert_file_, key_file_));
 			}

-			SSL_CTX_set_verify(SSLCtx, SSL_VERIFY_PEER, nullptr);
+            SSL_CTX_set_verify(SSLCtx, level_==Poco::Net::Context::VERIFY_NONE ? SSL_VERIFY_NONE : SSL_VERIFY_PEER, nullptr);

 			if (level_ == Poco::Net::Context::VERIFY_STRICT) {
 				SSL_CTX_set_client_CA_list(SSLCtx, SSL_load_client_CA_file(client_cas_.c_str()));
-			}
                SSL_CTX_enable_ct(SSLCtx, SSL_CT_VALIDATION_STRICT);
+			}
 			SSL_CTX_dane_enable(SSLCtx);

 			Context->enableSessionCache();
 			Context->setSessionCacheSize(0);
 			Context->setSessionTimeout(60);
-			Context->enableExtendedCertificateVerification(true);
+			Context->enableExtendedCertificateVerification( level_!= Poco::Net::Context::VERIFY_NONE );
 			Context->disableStatelessSessionResumption();
 		}

--- a/src/framework/orm.h
+++ b/src/framework/orm.h
@@ -576,8 +576,8 @@ namespace ORM {
 		bool UpdateRecord(field_name_t FieldName, const T &Value, const RecordType &R) {
 			try {
 				assert(ValidFieldName(FieldName));
-
 				Poco::Data::Session Session = Pool_.get();
+                Session.begin();
 				Poco::Data::Statement Update(Session);

 				RecordTuple RT;
@@ -593,6 +593,7 @@ namespace ORM {
 				Update.execute();
 				if (Cache_)
 					Cache_->UpdateCache(R);
+                Session.commit();
 				return true;
 			} catch (const Poco::Exception &E) {
 				Logger_.log(E);
@@ -662,6 +663,7 @@ namespace ORM {
 				assert(ValidFieldName(FieldName));

 				Poco::Data::Session Session = Pool_.get();
+                Session.begin();
 				Poco::Data::Statement Delete(Session);

 				std::string St = "delete from " + TableName_ + " where " + FieldName + "=?";
@@ -671,6 +673,7 @@ namespace ORM {
 				Delete.execute();
 				if (Cache_)
 					Cache_->Delete(FieldName, Value);
+                Session.commit();
 				return true;
 			} catch (const Poco::Exception &E) {
 				Logger_.log(E);
@@ -682,11 +685,13 @@ namespace ORM {
 			try {
 				assert(!WhereClause.empty());
 				Poco::Data::Session Session = Pool_.get();
+                Session.begin();
 				Poco::Data::Statement Delete(Session);

 				std::string St = "delete from " + TableName_ + " where " + WhereClause;
 				Delete << St;
 				Delete.execute();
+                Session.commit();
 				return true;
 			} catch (const Poco::Exception &E) {
 				Logger_.log(E);
--- a/src/framework/ow_constants.h
+++ b/src/framework/ow_constants.h
@@ -40,6 +40,7 @@ namespace OpenWifi {
 	};
 }

+#define DBGLINE     std::cout << __LINE__ << ":" << __FILE__ << ", " << __func__ << std::endl;
 namespace OpenWifi::RESTAPI::Errors {
 	struct msg {
 		uint64_t err_num;
@@ -405,7 +406,32 @@ namespace OpenWifi::RESTAPI::Errors {
            1172, "The venue name already exists."
    };

-    static const struct msg DefFirmwareNameExists { 1172, "Firmware name already exists." };
+    static const struct msg InvalidGlobalReachAccount {
+            1173, "Invalid Global Reach account information."
+    };
+    static const struct msg CannotCreateCSR {
+            1174, "Cannot create a CSR certificate."
+    };
+
+    static const struct msg DefFirmwareNameExists { 1175, "Firmware name already exists." };
+    static const struct msg NotAValidECKey { 1176, "Not a valid Signing Key." };
+	static const struct msg NotAValidRadiusPoolType { 1177, "Not a valid RADIUS pool type." };
+    static const struct msg InvalidRadiusTypeEndpoint { 1178, "Invalid RADIUS Server Endpoint type." };
+    static const struct msg InvalidRadiusEndpointPoolStrategy { 1179, "Invalid RADIUS Server Endpoint Pool strategy." };
+    static const struct msg EndpointMustHaveOneTypeOfServers { 1180, "All servers must be either RADIUS or RADSEC." };
+    static const struct msg RadiusEndpointIndexInvalid { 1181, "Index must be an address between 0.0.1.1 and 0.0.2.254" };
+    static const struct msg RadiusEndpointIndexMustBeUnique { 1182, "Index must be unique." };
+    static const struct msg OrionAccountMustExist { 1183, "Orion account must exist." };
+    static const struct msg GlobalReachCertMustExist { 1184, "Global Reach certificate must exist." };
+    static const struct msg InvalidRadsecMainCertificate { 1185, "Invalid Radsec main certificate." };
+    static const struct msg InvalidRadsecCaCertificate { 1186, "Invalid Radsec CA certificates." };
+    static const struct msg InvalidRadsecPrivteKey { 1187, "Invalid Radsec Private key." };
+    static const struct msg InvalidRadsecIPAddress { 1188, "Invalid Radsec IP Address." };
+    static const struct msg InvalidRadsecPort { 1189, "Invalid Radsec Port." };
+    static const struct msg InvalidRadsecSecret { 1190, "Invalid Radsec Secret." };
+    static const struct msg InvalidRadiusServer { 1191, "Invalid Radius Server." };
+
+	static const struct msg InvalidRRMAction { 1192, "Invalid RRM Action." };

    static const struct msg SimulationDoesNotExist {
        7000, "Simulation Instance ID does not exist."
@@ -537,6 +563,10 @@ namespace OpenWifi::RESTAPI::Protocol {
 	static const char *CONTENTDISPOSITION = "Content-Disposition";
 	static const char *CONTENTTYPE = "Content-Type";

+	static const char *TRANSFER = "transfer";
+	static const char *CERTUPDATE = "certupdate";
+	static const char *RRM = "rrm";
+
 	static const char *REQUIREMENTS = "requirements";
 	static const char *PASSWORDPATTERN = "passwordPattern";
 	static const char *ACCESSPOLICY = "accessPolicy";
@@ -654,6 +684,12 @@ namespace OpenWifi::uCentralProtocol {
 	static const char *RADIUSCOA = "coa";
 	static const char *RADIUSDST = "dst";
 	static const char *IES = "ies";
+
+	static const char *TRANSFER = "transfer";
+	static const char *CERTUPDATE = "certupdate";
+	static const char *RRM = "rrm";
+	static const char *ACTIONS = "actions";
+
 } // namespace OpenWifi::uCentralProtocol

 namespace OpenWifi::uCentralProtocol::Events {
@@ -746,6 +782,9 @@ namespace OpenWifi::APCommands {
 		telemetry,
 		ping,
 		script,
+		rrm,
+		certupdate,
+		transfer,
 		unknown
 	};

@@ -758,7 +797,10 @@ namespace OpenWifi::APCommands {
 		RESTAPI::Protocol::LEDS,		 RESTAPI::Protocol::TRACE,
 		RESTAPI::Protocol::REQUEST,		 RESTAPI::Protocol::WIFISCAN,
 		RESTAPI::Protocol::EVENTQUEUE,	 RESTAPI::Protocol::TELEMETRY,
-		RESTAPI::Protocol::PING,		 RESTAPI::Protocol::SCRIPT};
+		RESTAPI::Protocol::PING,		 RESTAPI::Protocol::SCRIPT,
+		RESTAPI::Protocol::RRM,		 	 RESTAPI::Protocol::CERTUPDATE,
+		RESTAPI::Protocol::TRANSFER
+	};

 	inline const char *to_string(Commands Cmd) { return uCentralAPCommands[(uint8_t)Cmd]; }

--- a/src/framework/utils.cpp
+++ b/src/framework/utils.cpp
@@ -3,10 +3,19 @@
 //

 #include "Poco/Path.h"
-
+#include "Poco/TemporaryFile.h"
+#include "Poco/Crypto/ECKey.h"
 #include "framework/AppServiceRegistry.h"
 #include "framework/utils.h"

+#include <iostream>
+#include <cstdlib>
+#include <ctime>
+#include <string>
+#include <algorithm>
+
+#include <resolv.h>
+
 namespace OpenWifi::Utils {

 	bool NormalizeMac(std::string &Mac) {
@@ -608,4 +617,329 @@ namespace OpenWifi::Utils {
 		return DT.timestamp().epochTime();
 	}

+    static std::string FileToString(const std::string &Filename) {
+        std::ifstream   ifs(Filename.c_str(),std::ios_base::in|std::ios_base::binary);
+        std::ostringstream os;
+        Poco::StreamCopier::copyStream(ifs,os);
+        return os.str();
+    }
+
+    bool CreateX509CSR(const CSRCreationParameters & Parameters, CSRCreationResults & Results) {
+        int             ret = 0;
+        RSA             *r = nullptr;
+        BIGNUM          *bne = nullptr;
+
+        int             nVersion = 0;
+        unsigned long   e = RSA_F4;
+
+        X509_REQ        *x509_req = nullptr;
+        X509_NAME       *x509_name = nullptr;
+        EVP_PKEY        *pKey = nullptr;
+//        RSA             *tem = nullptr;
+//        BIO             *bio_err = nullptr;
+
+        const char      *szCountry = Parameters.Country.c_str();
+        const char      *szProvince = Parameters.Province.c_str();
+        const char      *szCity = Parameters.City.c_str();
+        const char      *szOrganization = Parameters.Organization.c_str();
+        const char      *szCommon = Parameters.CommonName.c_str();
+
+        Poco::TemporaryFile     CsrPath, PubKey, PrivateKey;
+        std::string             Result;
+        std::ifstream           ifs;
+        std::ostringstream      ss;
+        BIO                     *bp_public = nullptr,
+                *bp_private = nullptr,
+                *bp_csr = nullptr;
+
+        // 1. generate rsa key
+        bne = BN_new();
+        ret = BN_set_word(bne,e);
+        if(ret != 1){
+            goto free_all;
+        }
+
+        r = RSA_new();
+        ret = RSA_generate_key_ex(r, Parameters.bits, bne, nullptr);
+        if(ret != 1){
+            goto free_all;
+        }
+
+        bp_public = BIO_new_file(PubKey.path().c_str(), "w+");
+        ret = PEM_write_bio_RSAPublicKey(bp_public, r);
+        if(ret != 1) {
+            goto free_all;
+        }
+
+        bp_private = BIO_new_file(PrivateKey.path().c_str(), "w+");
+        ret = PEM_write_bio_RSAPrivateKey(bp_private, r, NULL, NULL, 0, NULL, NULL);
+        if(ret != 1) {
+            goto free_all;
+        }
+
+// 2. set version of x509 req
+        x509_req = X509_REQ_new();
+        ret = X509_REQ_set_version(x509_req, nVersion);
+        if (ret != 1){
+            goto free_all;
+        }
+
+// 3. set subject of x509 req
+        x509_name = X509_REQ_get_subject_name(x509_req);
+
+        ret = X509_NAME_add_entry_by_txt(x509_name,"C", MBSTRING_ASC, (const unsigned char*)szCountry, -1, -1, 0);
+        if (ret != 1){
+            goto free_all;
+        }
+
+        ret = X509_NAME_add_entry_by_txt(x509_name,"ST", MBSTRING_ASC, (const unsigned char*)szProvince, -1, -1, 0);
+        if (ret != 1){
+            goto free_all;
+        }
+
+        ret = X509_NAME_add_entry_by_txt(x509_name,"L", MBSTRING_ASC, (const unsigned char*)szCity, -1, -1, 0);
+        if (ret != 1){
+            goto free_all;
+        }
+
+        ret = X509_NAME_add_entry_by_txt(x509_name,"O", MBSTRING_ASC, (const unsigned char*)szOrganization, -1, -1, 0);
+        if (ret != 1){
+            goto free_all;
+        }
+
+        ret = X509_NAME_add_entry_by_txt(x509_name,"CN", MBSTRING_ASC, (const unsigned char*)szCommon, -1, -1, 0);
+        if (ret != 1){
+            goto free_all;
+        }
+
+// 4. set public key of x509 req
+        pKey = EVP_PKEY_new();
+        EVP_PKEY_assign_RSA(pKey, r);
+        r = nullptr;   // will be free rsa when EVP_PKEY_free(pKey)
+
+        ret = X509_REQ_set_pubkey(x509_req, pKey);
+        if (ret != 1){
+            goto free_all;
+        }
+
+// 5. set sign key of x509 req
+        ret = X509_REQ_sign(x509_req, pKey, EVP_sha1());    // return x509_req->signature->length
+        if (ret <= 0){
+            goto free_all;
+        }
+
+        bp_csr = BIO_new_file(CsrPath.path().c_str(),"w");
+        ret = PEM_write_bio_X509_REQ(bp_csr, x509_req);
+
+// 6. free
+        free_all:
+        X509_REQ_free(x509_req);
+        BIO_free_all(bp_csr);
+        BIO_free_all(bp_public);
+        BIO_free_all(bp_private);
+
+        EVP_PKEY_free(pKey);
+        BN_free(bne);
+        if(ret==1) {
+            Results.CSR = FileToString(CsrPath.path());
+            Results.PrivateKey = FileToString(PrivateKey.path());
+            Results.PublicKey = FileToString(PubKey.path());
+        }
+
+        return ret;
+    }
+
+    bool VerifyECKey(const std::string &key) {
+        try {
+            Poco::TemporaryFile F;
+
+            std::ofstream of(F.path().c_str(), std::ios_base::trunc | std::ios_base::out | std::ios_base::binary);
+            of << key;
+            of.close();
+
+            auto Key = Poco::SharedPtr<Poco::Crypto::ECKey>(
+                    new Poco::Crypto::ECKey("", F.path(),""));
+
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    bool VerifyRSAKey([[
+    maybe_unused]] const std::string &key) {
+        try {
+            Poco::TemporaryFile F;
+
+            std::ofstream of(F.path().c_str(), std::ios_base::trunc | std::ios_base::out | std::ios_base::binary);
+            of << key;
+            of.close();
+
+            auto Key = Poco::SharedPtr<Poco::Crypto::RSAKey>(
+                    new Poco::Crypto::RSAKey("", F.path(),""));
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    bool VerifyPrivateKey(const std::string &key) {
+        return VerifyECKey(key) || VerifyRSAKey(key);
+    }
+
+    bool ValidX509Certificate([[
+                              maybe_unused]] const std::string &Cert) {
+        try {
+            Poco::TemporaryFile F;
+            std::ofstream of(F.path().c_str(), std::ios_base::trunc | std::ios_base::out | std::ios_base::binary);
+            of << Cert;
+            of.close();
+
+            auto Key = Poco::SharedPtr<Poco::Crypto::X509Certificate>(
+                    new Poco::Crypto::X509Certificate(F.path()));
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    bool ValidX509Certificate([[
+                              maybe_unused]] const std::vector<std::string> &Certs) {
+        auto F = [](const std::string &C) -> bool { return ValidX509Certificate(C); };
+        return std::all_of(Certs.begin(),Certs.end(), F);
+    }
+
+    std::string generateStrongPassword(int minLength, int maxLength, int numDigits, int minLowercase, int minSpecial, int minUppercase) {
+        // Define character sets for each category
+        const std::string lowercaseChars = "abcdefghijklmnopqrstuvwxyz";
+        const std::string uppercaseChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+        const std::string digitChars = "0123456789";
+        const std::string specialChars = "!@#$%^&*()_+[]{}|;:,.<>?";
+
+        // Check if parameters are valid
+        if (minLength < 1 || minLength > maxLength || minLowercase + minUppercase + numDigits + minSpecial > maxLength) {
+            return "Invalid parameters";
+        }
+
+        // Initialize random seed
+        std::random_device rd;
+        std::mt19937 g(rd());
+
+        // Initialize the password string
+        std::string password;
+
+        // Generate the required number of each character type
+        for (int i = 0; i < minLowercase; ++i) {
+            password += lowercaseChars[g() % lowercaseChars.length()];
+        }
+        for (int i = 0; i < minUppercase; ++i) {
+            password += uppercaseChars[g() % uppercaseChars.length()];
+        }
+        for (int i = 0; i < numDigits; ++i) {
+            password += digitChars[g() % digitChars.length()];
+        }
+        for (int i = 0; i < minSpecial; ++i) {
+            password += specialChars[g() % specialChars.length()];
+        }
+
+        // Calculate how many more characters are needed
+        int remainingLength = maxLength - (int)password.length();
+
+        // Generate random characters to fill the remaining length
+        for (int i = 0; i < remainingLength; ++i) {
+            int category = g() % 4; // Randomly select a category
+            if (category == 0) {
+                password += lowercaseChars[g() % lowercaseChars.length()];
+            } else if (category == 1) {
+                password += uppercaseChars[g() % uppercaseChars.length()];
+            } else if (category == 2) {
+                password += digitChars[g() % digitChars.length()];
+            } else {
+                password += specialChars[g() % specialChars.length()];
+            }
+        }
+
+        // Shuffle the password to randomize the character order
+        std::shuffle(password.begin(), password.end(),g);
+
+        return password;
+    }
+
+// Function to query NAPTR records for a domain and return them in a vector
+    std::vector<NAPTRRecord> getNAPTRRecords(const std::string& domain) {
+        std::vector<NAPTRRecord> naptrRecords;
+
+        unsigned char buf[4096];
+        ns_msg handle;
+        ns_initparse(buf, NS_PACKETSZ, &handle);
+
+        // Query NAPTR records for the given domain
+        int response = res_query(domain.c_str(), ns_c_in, ns_t_naptr, buf, sizeof(buf));
+        if (response < 0) {
+            return naptrRecords;
+        }
+
+        if(ns_initparse(buf, response, &handle) < 0) {
+            return naptrRecords;
+        }
+
+        // Iterate through the DNS response and extract NAPTR records
+        int count = ns_msg_count(handle, ns_s_an);
+        for (int i = 0; i < count; ++i) {
+            ns_rr rr;
+            if (ns_parserr(&handle, ns_s_an, i, &rr) == 0) {
+                char rdata[256];
+                ns_sprintrr(&handle, &rr, nullptr, nullptr, rdata, sizeof(rdata));
+                NAPTRRecord record;
+                std::istringstream os(rdata);
+                os  >> record.name >> record.ttl >> record.rclass >> record.rtype >> record.order >> record.preference >> record.flags
+                    >> record.service >> record.regexp >>  record.replacement;
+                naptrRecords.push_back(record);
+            }
+        }
+
+        return naptrRecords;
+    }
+
+    std::vector<SrvRecord> getSRVRecords(const std::string& domain) {
+        std::vector<SrvRecord> srvRecords;
+
+        // Buffer to hold the DNS response
+        unsigned char buf[4096];
+        ns_msg handle;
+        ns_initparse(buf, NS_PACKETSZ, &handle);
+
+        // Query NAPTR records for the given domain
+        int response = res_query(domain.c_str(), ns_c_in, ns_t_srv, buf, sizeof(buf));
+        if (response < 0) {
+            std::cerr << "DNS query failed for " << domain << ": " << hstrerror(h_errno) << std::endl;
+            return srvRecords;
+        }
+
+        if(ns_initparse(buf, response, &handle) < 0) {
+            return srvRecords;
+        }
+
+        // Iterate through the DNS response and extract NAPTR records
+        int count = ns_msg_count(handle, ns_s_an);
+        for (int i = 0; i < count; ++i) {
+            ns_rr rr;
+            if (ns_parserr(&handle, ns_s_an, i, &rr) == 0) {
+                char rdata[256];
+                ns_sprintrr(&handle, &rr, nullptr, nullptr, rdata, sizeof(rdata));
+                SrvRecord record;
+                std::istringstream os(rdata);
+                os  >>  record.name >> record.ttl >> record.rclass >> record.rtype >> record.pref >> record.weight >>
+                    record.port >> record.srvname ;
+                srvRecords.push_back(record);
+            }
+        }
+
+        return srvRecords;
+    }
+
+
 } // namespace OpenWifi::Utils
--- a/src/framework/utils.h
+++ b/src/framework/utils.h
@@ -247,4 +247,159 @@ namespace OpenWifi::Utils {
 		return count;
 	}

+    inline std::uint32_t IPtoInt(const std::string &A) {
+        Poco::Net::IPAddress    IP;
+        std::uint32_t Result=0;
+
+        if(Poco::Net::IPAddress::tryParse(A,IP)) {
+            for(const auto i:IP.toBytes()) {
+                Result <<= 8;
+                Result += i;
+            }
+        }
+        return Result;
+    }
+
+    inline bool ValidIP(const std::string &IPstr) {
+        Poco::Net::IPAddress    IP;
+        return Poco::Net::IPAddress::tryParse(IPstr,IP);
+    }
+
+    struct CSRCreationParameters {
+        std::string Country, Province, City,
+                    Organization, CommonName;
+        int         bits=2048;
+    };
+
+    struct CSRCreationResults {
+        std::string     CSR, PublicKey, PrivateKey;
+    };
+
+    bool CreateX509CSR(const CSRCreationParameters & Parameters, CSRCreationResults & Results);
+    std::string generateStrongPassword(int minLength, int maxLength, int numDigits, int minLowercase, int minSpecial, int minUppercase);
+    bool VerifyECKey(const std::string &key);
+    bool VerifyRSAKey(const std::string &key);
+    bool VerifyPrivateKey(const std::string &key);
+    bool ValidX509Certificate(const std::string &Cert);
+    bool ValidX509Certificate(const std::vector<std::string> &Certs);
+
+    struct NAPTRRecord {
+        std::string     name;
+        std::string     ttl;
+        std::string     rclass;
+        std::string     rtype;
+        uint32_t        order=0;
+        uint32_t        preference=0;
+        std::string     flags;
+        std::string     service;
+        std::string     regexp;
+        std::string     replacement;
+    };
+
+// Function to query NAPTR records for a domain and return them in a vector
+    std::vector<NAPTRRecord> getNAPTRRecords(const std::string& domain);
+    struct SrvRecord {
+        std::string     name;
+        std::string     ttl;
+        std::string     rclass;
+        std::string     rtype;
+        uint32_t        pref = 0;
+        uint32_t        weight = 0;
+        uint32_t        port = 0;
+        std::string     srvname;
+    };
+
+    std::vector<SrvRecord> getSRVRecords(const std::string& domain);
+
+    struct HostNameServerResult{
+        std::string     Hostname;
+        uint32_t        Port;
+    };
+
+	class CompressedString {
+	  public:
+		CompressedString() {
+			DecompressedSize_ = 0;
+		};
+
+		explicit CompressedString(const std::string &Data) : DecompressedSize_(Data.size()) {
+			CompressIt(Data);
+		}
+
+		CompressedString(const CompressedString &Data) {
+			this->DecompressedSize_ = Data.DecompressedSize_;
+			this->CompressedData_ = Data.CompressedData_;
+		}
+
+		CompressedString& operator=(const CompressedString& rhs) {
+			if (this != &rhs) {
+				this->DecompressedSize_ = rhs.DecompressedSize_;
+				this->CompressedData_ = rhs.CompressedData_;
+			}
+			return *this;
+		}
+
+		CompressedString& operator=(CompressedString&& rhs) {
+			if (this != &rhs) {
+				this->DecompressedSize_ = rhs.DecompressedSize_;
+				this->CompressedData_ = rhs.CompressedData_;
+			}
+			return *this;
+		}
+
+		~CompressedString() = default;
+
+		operator std::string() const {
+			return DecompressIt();
+		}
+
+		CompressedString &operator=(const std::string &Data) {
+			DecompressedSize_ = Data.size();
+			CompressIt(Data);
+			return *this;
+		}
+
+		auto CompressedSize() const { return CompressedData_.size(); }
+		auto DecompressedSize() const { return DecompressedSize_; }
+
+	  private:
+		std::string     CompressedData_;
+		std::size_t     DecompressedSize_;
+
+		inline void CompressIt(const std::string &Data) {
+			z_stream strm; // = {0};
+			CompressedData_.resize(Data.size());
+			strm.next_in = (Bytef *)Data.data();
+			strm.avail_in = Data.size();
+			strm.next_out = (Bytef *)CompressedData_.data();
+			strm.avail_out = Data.size();
+			strm.zalloc = Z_NULL;
+			strm.zfree = Z_NULL;
+			strm.opaque = Z_NULL;
+			deflateInit2(&strm, Z_DEFAULT_COMPRESSION, Z_DEFLATED, 15 + 16, 8, Z_DEFAULT_STRATEGY);
+			deflate(&strm, Z_FINISH);
+			deflateEnd(&strm);
+			CompressedData_.resize(strm.total_out);
+		}
+
+		[[nodiscard]] std::string DecompressIt() const {
+			std::string Result;
+			if(DecompressedSize_!=0) {
+				Result.resize(DecompressedSize_);
+				z_stream strm ; //= {0};
+				strm.next_in = (Bytef *)CompressedData_.data();
+				strm.avail_in = CompressedData_.size();
+				strm.next_out = (Bytef *)Result.data();
+				strm.avail_out = Result.size();
+				strm.zalloc = Z_NULL;
+				strm.zfree = Z_NULL;
+				strm.opaque = Z_NULL;
+				inflateInit2(&strm, 15 + 32);
+				inflate(&strm, Z_FINISH);
+				inflateEnd(&strm);
+			}
+			return Result;
+		}
+	};
+
 } // namespace OpenWifi::Utils
--- a/src/sdks/SDK_fms.cpp
+++ b/src/sdks/SDK_fms.cpp
@@ -36,15 +36,18 @@ namespace OpenWifi::SDK::FMS {
 			static const std::string EndPoint{"/api/v1/firmwares"};

 			OpenWifi::OpenAPIRequestGet API(uSERVICE_FIRMWARE, EndPoint,
-											{{"deviceType", device_type}}, 50000);
+											{{"deviceType", device_type},
+                                             {"offset","0"},
+                                             {"limit","1000"}}, 50000);

 			auto CallResponse = Poco::makeShared<Poco::JSON::Object>();
 			auto StatusCode = API.Do(CallResponse);
 			if (StatusCode == Poco::Net::HTTPResponse::HTTP_OK) {
 				Poco::JSON::Array::Ptr FirmwareArr = CallResponse->getArray("firmwares");
-				for (uint64_t i = 0; i < FirmwareArr->size(); i++) {
+                for(const auto &firmware:*FirmwareArr) {
+                    auto Object = firmware.extract<Poco::JSON::Object::Ptr>();
 					FMSObjects::Firmware F;
-					F.from_json(FirmwareArr->getObject(i));
+					F.from_json(Object);
 					FirmWares.emplace_back(F);
 				}
 				return true;
--- a/src/sdks/SDK_gw.cpp
+++ b/src/sdks/SDK_gw.cpp
@@ -79,7 +79,7 @@ namespace OpenWifi::SDK::GW {
 		}

 		bool Upgrade(RESTAPIHandler *client, const std::string &SerialNumber, uint64_t When,
-					 const std::string &ImageName) {
+					 const std::string &ImageName, std::string &status) {
 			Poco::JSON::Object Body;

 			Body.set(RESTAPI::Protocol::SERIALNUMBER, SerialNumber);
@@ -92,6 +92,7 @@ namespace OpenWifi::SDK::GW {
 			auto ResponseStatus =
 				API.Do(CallResponse, client ? client->UserInfo_.webtoken.access_token_ : "");
 			if (ResponseStatus == Poco::Net::HTTPResponse::HTTP_OK) {
+                status = CallResponse->get("status").toString();
 				return true;
 			}
 			return false;
@@ -238,4 +239,44 @@ namespace OpenWifi::SDK::GW {
 			return false;
 		}
 	} // namespace Device
+
+    namespace RADIUS {
+
+        bool GetConfiguration(RESTAPIHandler *client, GWObjects::RadiusProxyPoolList &Pools) {
+            OpenWifi::OpenAPIRequestGet R(OpenWifi::uSERVICE_GATEWAY,
+                                           "/api/v1/radiusProxyConfig", {},
+                                           60000);
+            auto CallResponse = Poco::makeShared<Poco::JSON::Object>();
+            auto ResponseStatus =
+                    R.Do(CallResponse, client ? client->UserInfo_.webtoken.access_token_ : "");
+            if(ResponseStatus == Poco::Net::HTTPResponse::HTTP_OK) {
+                return Pools.from_json(CallResponse);
+            }
+            return false;
+        }
+
+        bool SetConfiguration(RESTAPIHandler *client, const Poco::JSON::Object &Configuration,
+                              GWObjects::RadiusProxyPoolList &NewPools, Poco::JSON::Object &ErrorObj) {
+            OpenWifi::OpenAPIRequestPut R(OpenWifi::uSERVICE_GATEWAY,
+                                          "/api/v1/radiusProxyConfig", {}, Configuration,
+                                          60000);
+            auto CallResponse = Poco::makeShared<Poco::JSON::Object>();
+            auto ResponseStatus =
+                    R.Do(CallResponse, client ? client->UserInfo_.webtoken.access_token_ : "");
+            ErrorObj = *CallResponse;
+            if(ResponseStatus == Poco::Net::HTTPResponse::HTTP_OK) {
+                return NewPools.from_json(CallResponse);
+            }
+            return false;
+        }
+
+        bool SetConfiguration(RESTAPIHandler *client, const GWObjects::RadiusProxyPoolList &Pools,
+                              GWObjects::RadiusProxyPoolList &NewPools, Poco::JSON::Object &ErrorObj) {
+            Poco::JSON::Object  Body;
+            Pools.to_json(Body);
+            return SetConfiguration(client,Body,NewPools, ErrorObj);
+        }
+
+    }
+
 } // namespace OpenWifi::SDK::GW
--- a/src/sdks/SDK_gw.h
+++ b/src/sdks/SDK_gw.h
@@ -23,7 +23,7 @@ namespace OpenWifi::SDK::GW {
 		bool Configure(RESTAPIHandler *client, const std::string &Mac,
 					   Poco::JSON::Object::Ptr &Configuration, Poco::JSON::Object::Ptr &Response);
 		bool Upgrade(RESTAPIHandler *client, const std::string &Mac, uint64_t When,
-					 const std::string &ImageName);
+					 const std::string &ImageName, std::string &status);

 		bool SetVenue(RESTAPIHandler *client, const std::string &SerialNumber,
 					  const std::string &uuid);
@@ -38,4 +38,11 @@ namespace OpenWifi::SDK::GW {
 						  const std::string &entity, const std::string &venue,
 						  const std::string &subscriber);
 	} // namespace Device
+    namespace RADIUS {
+        bool GetConfiguration(RESTAPIHandler *client, GWObjects::RadiusProxyPoolList &Pools);
+        bool SetConfiguration(RESTAPIHandler *client, const GWObjects::RadiusProxyPoolList &Pools,
+                              GWObjects::RadiusProxyPoolList &NewPools, Poco::JSON::Object &ErrorObj);
+        bool SetConfiguration(RESTAPIHandler *client, const Poco::JSON::Object &Configuration,
+                              GWObjects::RadiusProxyPoolList &NewPools, Poco::JSON::Object &ErrorObj);
+    }
 } // namespace OpenWifi::SDK::GW
--- a/src/storage/storage_glblraccounts.cpp
+++ b/src/storage/storage_glblraccounts.cpp
@@ -0,0 +1,97 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#include "storage_glblraccounts.h"
+#include <framework/orm.h>
+#include "framework/OpenWifiTypes.h"
+#include "framework/RESTAPI_utils.h"
+
+#include "RESTObjects/RESTAPI_SecurityObjects.h"
+
+namespace OpenWifi {
+
+    static ORM::FieldVec GLBLRAccountInfoDB_Fields{
+            ORM::Field{"id", 64, true},
+            ORM::Field{"name", ORM::FieldType::FT_TEXT},
+            ORM::Field{"description", ORM::FieldType::FT_TEXT},
+            ORM::Field{"notes", ORM::FieldType::FT_TEXT},
+            ORM::Field{"created", ORM::FieldType::FT_BIGINT},
+            ORM::Field{"modified", ORM::FieldType::FT_BIGINT},
+            ORM::Field{"privateKey", ORM::FieldType::FT_TEXT},
+            ORM::Field{"country", ORM::FieldType::FT_TEXT},
+            ORM::Field{"province", ORM::FieldType::FT_TEXT},
+            ORM::Field{"city", ORM::FieldType::FT_TEXT},
+            ORM::Field{"organization", ORM::FieldType::FT_TEXT},
+            ORM::Field{"commonName", ORM::FieldType::FT_TEXT},
+            ORM::Field{"CSR", ORM::FieldType::FT_TEXT},
+            ORM::Field{"CSRPrivateKey", ORM::FieldType::FT_TEXT},
+            ORM::Field{"CSRPublicKey", ORM::FieldType::FT_TEXT},
+            ORM::Field{"GlobalReachAcctId", ORM::FieldType::FT_TEXT}
+    };
+
+    static ORM::IndexVec GLBLRAccountInfoDB_Indexes{
+            {std::string("glblr_name_index"),
+             ORM::IndexEntryVec{{std::string("name"), ORM::Indextype::ASC}}}};
+
+    GLBLRAccountInfoDB::GLBLRAccountInfoDB(OpenWifi::DBType T, Poco::Data::SessionPool &P, Poco::Logger &L)
+            : DB(T, "glblr_accts", GLBLRAccountInfoDB_Fields, GLBLRAccountInfoDB_Indexes, P, L, "glr") {}
+
+    bool GLBLRAccountInfoDB::Upgrade([[maybe_unused]] uint32_t from, uint32_t &to) {
+        to = Version();
+        std::vector<std::string> Script{};
+
+        for (const auto &i : Script) {
+            try {
+                auto Session = Pool_.get();
+                Session << i, Poco::Data::Keywords::now;
+            } catch (...) {
+            }
+        }
+        return true;
+    }
+
+} // namespace OpenWifi
+
+template <>
+void ORM::DB<OpenWifi::GLBLRAccountsDBRecordType, OpenWifi::ProvObjects::GLBLRAccountInfo>::Convert(
+        const OpenWifi::GLBLRAccountsDBRecordType &In, OpenWifi::ProvObjects::GLBLRAccountInfo &Out) {
+    Out.info.id = In.get<0>();
+    Out.info.name = In.get<1>();
+    Out.info.description = In.get<2>();
+    Out.info.notes =
+            OpenWifi::RESTAPI_utils::to_object_array<OpenWifi::SecurityObjects::NoteInfo>(In.get<3>());
+    Out.info.created = In.get<4>();
+    Out.info.modified = In.get<5>();
+    Out.privateKey =In.get<6>();
+    Out.country = In.get<7>();
+    Out.province = In.get<8>();
+    Out.city = In.get<9>();
+    Out.organization = In.get<10>();
+    Out.commonName = In.get<11>();
+    Out.CSR = In.get<12>();
+    Out.CSRPrivateKey = In.get<13>();
+    Out.CSRPublicKey = In.get<14>();
+    Out.GlobalReachAcctId = In.get<15>();
+}
+
+template <>
+void ORM::DB<OpenWifi::GLBLRAccountsDBRecordType, OpenWifi::ProvObjects::GLBLRAccountInfo>::Convert(
+        const OpenWifi::ProvObjects::GLBLRAccountInfo &In, OpenWifi::GLBLRAccountsDBRecordType &Out) {
+    Out.set<0>(In.info.id);
+    Out.set<1>(In.info.name);
+    Out.set<2>(In.info.description);
+    Out.set<3>(OpenWifi::RESTAPI_utils::to_string(In.info.notes));
+    Out.set<4>(In.info.created);
+    Out.set<5>(In.info.modified);
+    Out.set<6>(In.privateKey);
+    Out.set<7>(In.country);
+    Out.set<8>(In.province);
+    Out.set<9>(In.city);
+    Out.set<10>(In.organization);
+    Out.set<11>(In.commonName);
+    Out.set<12>(In.CSR);
+    Out.set<13>(In.CSRPrivateKey);
+    Out.set<14>(In.CSRPublicKey);
+    Out.set<15>(In.GlobalReachAcctId);
+}
--- a/src/storage/storage_glblraccounts.h
+++ b/src/storage/storage_glblraccounts.h
@@ -0,0 +1,35 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+
+#pragma once
+
+#include "RESTObjects/RESTAPI_ProvObjects.h"
+#include "framework/orm.h"
+
+namespace OpenWifi {
+
+    typedef Poco::Tuple<std::string,
+            std::string, std::string, std::string, uint64_t, uint64_t,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string>
+        GLBLRAccountsDBRecordType;
+
+    class GLBLRAccountInfoDB : public ORM::DB<GLBLRAccountsDBRecordType, ProvObjects::GLBLRAccountInfo> {
+    public:
+        GLBLRAccountInfoDB(OpenWifi::DBType T, Poco::Data::SessionPool &P, Poco::Logger &L);
+        virtual ~GLBLRAccountInfoDB(){};
+        bool Upgrade(uint32_t from, uint32_t &to) override;
+    private:
+
+    };
+} // namespace OpenWifi
--- a/src/storage/storage_glblrcerts.cpp
+++ b/src/storage/storage_glblrcerts.cpp
@@ -0,0 +1,76 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#include "storage_glblrcerts.h"
+
+#include <framework/orm.h>
+#include "framework/OpenWifiTypes.h"
+#include "framework/RESTAPI_utils.h"
+
+#include "RESTObjects/RESTAPI_SecurityObjects.h"
+
+namespace OpenWifi {
+
+    static ORM::FieldVec GLBLRCertsDB_Fields{// object info
+            ORM::Field{"id", 64, true},
+            ORM::Field{"name", ORM::FieldType::FT_TEXT},
+            ORM::Field{"accountId", ORM::FieldType::FT_TEXT},
+            ORM::Field{"csr", ORM::FieldType::FT_TEXT},
+            ORM::Field{"certificate", ORM::FieldType::FT_TEXT},
+            ORM::Field{"certificateChain", ORM::FieldType::FT_TEXT},
+            ORM::Field{"certificateId", ORM::FieldType::FT_TEXT},
+            ORM::Field{"expiresAt", ORM::FieldType::FT_BIGINT},
+            ORM::Field{"created", ORM::FieldType::FT_BIGINT}
+    };
+
+    static ORM::IndexVec GLBLRCertsDB_Indexes{
+            {std::string("glblr_cert_id_index"),
+             ORM::IndexEntryVec{{std::string("name"), ORM::Indextype::ASC}}}};
+
+    GLBLRCertsDB::GLBLRCertsDB(OpenWifi::DBType T, Poco::Data::SessionPool &P, Poco::Logger &L)
+            : DB(T, "glblr_certs", GLBLRCertsDB_Fields, GLBLRCertsDB_Indexes, P, L, "glc") {}
+
+    bool GLBLRCertsDB::Upgrade([[maybe_unused]] uint32_t from, uint32_t &to) {
+        to = Version();
+        std::vector<std::string> Script{};
+
+        for (const auto &i : Script) {
+            try {
+                auto Session = Pool_.get();
+                Session << i, Poco::Data::Keywords::now;
+            } catch (...) {
+            }
+        }
+        return true;
+    }
+
+} // namespace OpenWifi
+
+template <>
+void ORM::DB<OpenWifi::GLBLRCertsDBRecordType, OpenWifi::ProvObjects::GLBLRCertificateInfo>::Convert(
+        const OpenWifi::GLBLRCertsDBRecordType &In, OpenWifi::ProvObjects::GLBLRCertificateInfo &Out) {
+    Out.id = In.get<0>();
+    Out.name = In.get<1>();
+    Out.accountId = In.get<2>();
+    Out.csr = In.get<3>();
+    Out.certificate = In.get<4>();
+    Out.certificateChain = In.get<5>();
+    Out.certificateId = In.get<6>();
+    Out.expiresAt = In.get<7>();
+    Out.created = In.get<8>();
+}
+
+template <>
+void ORM::DB<OpenWifi::GLBLRCertsDBRecordType, OpenWifi::ProvObjects::GLBLRCertificateInfo>::Convert(
+        const OpenWifi::ProvObjects::GLBLRCertificateInfo &In, OpenWifi::GLBLRCertsDBRecordType &Out) {
+    Out.set<0>(In.id);
+    Out.set<1>(In.name);
+    Out.set<2>(In.accountId);
+    Out.set<3>(In.csr);
+    Out.set<4>(In.certificate);
+    Out.set<5>(In.certificateChain);
+    Out.set<6>(In.certificateId);
+    Out.set<7>(In.expiresAt);
+    Out.set<8>(In.created);
+}
--- a/src/storage/storage_glblrcerts.h
+++ b/src/storage/storage_glblrcerts.h
@@ -0,0 +1,37 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+
+#pragma once
+
+#include "RESTObjects/RESTAPI_ProvObjects.h"
+#include "framework/orm.h"
+
+namespace OpenWifi {
+
+    typedef Poco::Tuple<
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            uint64_t,
+            uint64_t>
+            GLBLRCertsDBRecordType;
+
+    class GLBLRCertsDB : public ORM::DB<GLBLRCertsDBRecordType, ProvObjects::GLBLRCertificateInfo> {
+    public:
+        GLBLRCertsDB(OpenWifi::DBType T, Poco::Data::SessionPool &P, Poco::Logger &L);
+        virtual ~GLBLRCertsDB(){};
+        bool Upgrade(uint32_t from, uint32_t &to) override;
+    private:
+
+    };
+} // namespace OpenWifi
--- a/src/storage/storage_inventory.cpp
+++ b/src/storage/storage_inventory.cpp
@@ -232,6 +232,69 @@ namespace OpenWifi {
 		}
 		return true;
 	}
+
+    bool InventoryDB::GetDevicesForVenue(const std::string &venue_uuid, std::vector<std::string> &devices) {
+        try {
+            std::vector<ProvObjects::InventoryTag> device_list;
+            if(GetRecords(0, 1000, device_list, fmt::format(" venue='{}' ", venue_uuid))) {
+                for(auto &i:device_list) {
+                    devices.push_back(i.serialNumber);
+                }
+                return true;
+            }
+        } catch(const Poco::Exception &E) {
+            Logger().log(E);
+            return false;
+        } catch(const std::exception &E) {
+            Logger().error(fmt::format("std::exception: {}",E.what()));
+            return false;
+        } catch(...) {
+            Logger().error("Unknown exception");
+            return false;
+        }
+        return false;
+    }
+
+    bool InventoryDB::GetDevicesUUIDForVenue(const std::string &venue_uuid, std::vector<std::string> &devices) {
+        try {
+            std::vector<ProvObjects::InventoryTag> device_list;
+            if(GetRecords(0, 1000, device_list, fmt::format(" venue='{}' ", venue_uuid))) {
+                for(auto &i:device_list) {
+                    devices.push_back(i.info.id);
+                }
+                return true;
+            }
+        } catch(const Poco::Exception &E) {
+            Logger().log(E);
+            return false;
+        } catch(const std::exception &E) {
+            Logger().error(fmt::format("std::exception: {}",E.what()));
+            return false;
+        } catch(...) {
+            Logger().error("Unknown exception");
+            return false;
+        }
+        return false;
+    }
+
+    bool InventoryDB::GetDevicesForVenue(const std::string &venue_uuid, std::vector<ProvObjects::InventoryTag> &devices) {
+        try {
+            return GetRecords(0, 1000, devices, fmt::format(" venue='{}' ", venue_uuid));
+        } catch(const Poco::Exception &E) {
+            Logger().log(E);
+            return false;
+        } catch(const std::exception &E) {
+            Logger().error(fmt::format("std::exception: {}",E.what()));
+            return false;
+        } catch(...) {
+            Logger().error("Unknown exception");
+            return false;
+        }
+
+        return false;
+    }
+
+
 } // namespace OpenWifi

 template <>
--- a/src/storage/storage_inventory.h
+++ b/src/storage/storage_inventory.h
@@ -38,6 +38,10 @@ namespace OpenWifi {

 		bool Upgrade(uint32_t from, uint32_t &to) override;

+        bool GetDevicesForVenue(const std::string &uuid, std::vector<std::string> &devices);
+        bool GetDevicesUUIDForVenue(const std::string &uuid, std::vector<std::string> &devices);
+        bool GetDevicesForVenue(const std::string &uuid, std::vector<ProvObjects::InventoryTag> &devices);
+
 	  private:
 		bool EvaluateDeviceRules(const ProvObjects::InventoryTag &T,
 								 ProvObjects::DeviceRules &Rules);
--- a/src/storage/storage_orion_accounts.cpp
+++ b/src/storage/storage_orion_accounts.cpp
@@ -0,0 +1,76 @@
+//
+// Created by stephane bourque on 2023-09-17.
+//
+
+#include "storage_orion_accounts.h"
+#include <framework/orm.h>
+#include "framework/OpenWifiTypes.h"
+#include "framework/RESTAPI_utils.h"
+
+#include "RESTObjects/RESTAPI_SecurityObjects.h"
+
+namespace OpenWifi {
+
+    static ORM::FieldVec OrionAccountsDB_Fields{
+            ORM::Field{"id", 64, true},
+            ORM::Field{"name", ORM::FieldType::FT_TEXT},
+            ORM::Field{"description", ORM::FieldType::FT_TEXT},
+            ORM::Field{"notes", ORM::FieldType::FT_TEXT},
+            ORM::Field{"created", ORM::FieldType::FT_BIGINT},
+            ORM::Field{"modified", ORM::FieldType::FT_BIGINT},
+            ORM::Field{"privateKey", ORM::FieldType::FT_TEXT},
+            ORM::Field{"certificate", ORM::FieldType::FT_TEXT},
+            ORM::Field{"cacerts", ORM::FieldType::FT_TEXT}
+    };
+
+    static ORM::IndexVec OrionAccountsDB_Indexes{
+            {std::string("orion_name_index"),
+             ORM::IndexEntryVec{{std::string("name"), ORM::Indextype::ASC}}}};
+
+    OrionAccountsDB::OrionAccountsDB(OpenWifi::DBType T, Poco::Data::SessionPool &P, Poco::Logger &L)
+            : DB(T, "orion_accts", OrionAccountsDB_Fields, OrionAccountsDB_Indexes, P, L, "oat") {}
+
+    bool OrionAccountsDB::Upgrade([[maybe_unused]] uint32_t from, uint32_t &to) {
+        to = Version();
+        std::vector<std::string> Script{};
+
+        for (const auto &i : Script) {
+            try {
+                auto Session = Pool_.get();
+                Session << i, Poco::Data::Keywords::now;
+            } catch (...) {
+            }
+        }
+        return true;
+    }
+
+} // namespace OpenWifi
+
+template <>
+void ORM::DB<OpenWifi::OrionAccountsDBRecordType, OpenWifi::ProvObjects::GooglOrionAccountInfo>::Convert(
+        const OpenWifi::OrionAccountsDBRecordType &In, OpenWifi::ProvObjects::GooglOrionAccountInfo &Out) {
+    Out.info.id = In.get<0>();
+    Out.info.name = In.get<1>();
+    Out.info.description = In.get<2>();
+    Out.info.notes =
+            OpenWifi::RESTAPI_utils::to_object_array<OpenWifi::SecurityObjects::NoteInfo>(In.get<3>());
+    Out.info.created = In.get<4>();
+    Out.info.modified = In.get<5>();
+    Out.privateKey =In.get<6>();
+    Out.certificate = In.get<7>();
+    Out.cacerts = OpenWifi::RESTAPI_utils::to_object_array(In.get<8>());
+}
+
+template <>
+void ORM::DB<OpenWifi::OrionAccountsDBRecordType, OpenWifi::ProvObjects::GooglOrionAccountInfo>::Convert(
+        const OpenWifi::ProvObjects::GooglOrionAccountInfo &In, OpenWifi::OrionAccountsDBRecordType &Out) {
+    Out.set<0>(In.info.id);
+    Out.set<1>(In.info.name);
+    Out.set<2>(In.info.description);
+    Out.set<3>(OpenWifi::RESTAPI_utils::to_string(In.info.notes));
+    Out.set<4>(In.info.created);
+    Out.set<5>(In.info.modified);
+    Out.set<6>(In.privateKey);
+    Out.set<7>(In.certificate);
+    Out.set<8>(OpenWifi::RESTAPI_utils::to_string(In.cacerts));
+}
--- a/src/storage/storage_orion_accounts.h
+++ b/src/storage/storage_orion_accounts.h
@@ -0,0 +1,32 @@
+//
+// Created by stephane bourque on 2023-09-17.
+//
+
+#pragma once
+
+#include "RESTObjects/RESTAPI_ProvObjects.h"
+#include "framework/orm.h"
+
+namespace OpenWifi {
+
+    typedef Poco::Tuple<std::string,
+            std::string,
+            std::string,
+            std::string,
+            uint64_t,
+            uint64_t,
+            std::string,
+            std::string,
+            std::string>
+            OrionAccountsDBRecordType;
+
+    class OrionAccountsDB : public ORM::DB<OrionAccountsDBRecordType, ProvObjects::GooglOrionAccountInfo> {
+    public:
+        OrionAccountsDB(OpenWifi::DBType T, Poco::Data::SessionPool &P, Poco::Logger &L);
+        virtual ~OrionAccountsDB(){};
+        bool Upgrade(uint32_t from, uint32_t &to) override;
+    private:
+
+    };
+
+} // namespace OpenWifi
--- a/src/storage/storage_radius_endpoints.cpp
+++ b/src/storage/storage_radius_endpoints.cpp
@@ -0,0 +1,92 @@
+//
+// Created by stephane bourque on 2023-09-27.
+//
+
+#include "storage_radius_endpoints.h"
+#include <framework/RESTAPI_utils.h>
+namespace OpenWifi {
+
+    static ORM::FieldVec RadiusEndpointDB_Fields{// object info
+            ORM::Field{"id", 64, true},
+            ORM::Field{"name", ORM::FieldType::FT_TEXT},
+            ORM::Field{"description", ORM::FieldType::FT_TEXT},
+            ORM::Field{"notes", ORM::FieldType::FT_TEXT},
+            ORM::Field{"created", ORM::FieldType::FT_BIGINT},
+            ORM::Field{"modified", ORM::FieldType::FT_BIGINT},
+            ORM::Field{"Type", ORM::FieldType::FT_TEXT},
+            ORM::Field{"RadsecServers", ORM::FieldType::FT_TEXT},
+            ORM::Field{"RadiusServers", ORM::FieldType::FT_TEXT},
+            ORM::Field{"PoolStrategy", ORM::FieldType::FT_TEXT},
+            ORM::Field{"Index", ORM::FieldType::FT_TEXT},
+            ORM::Field{"UsedBy", ORM::FieldType::FT_TEXT},
+            ORM::Field{"UseGWProxy", ORM::FieldType::FT_BOOLEAN},
+            ORM::Field{"NasIdentifier", ORM::FieldType::FT_TEXT},
+            ORM::Field{"AccountingInterval", ORM::FieldType::FT_BIGINT}
+    };
+
+    static ORM::IndexVec RadiusEndpointDB_Indexes{
+            {std::string("radius_ep_name_index"),
+             ORM::IndexEntryVec{{std::string("name"), ORM::Indextype::ASC}}}};
+
+    RadiusEndpointDB::RadiusEndpointDB(OpenWifi::DBType T, Poco::Data::SessionPool &P, Poco::Logger &L)
+            : DB(T, "radius_endpoints", RadiusEndpointDB_Fields, RadiusEndpointDB_Indexes, P, L, "rep") {}
+
+    bool RadiusEndpointDB::Upgrade([[maybe_unused]] uint32_t from, uint32_t &to) {
+        to = Version();
+        std::vector<std::string> Script{
+            "alter table " + TableName_ + " add column NasIdentifier TEXT;",
+            "alter table " + TableName_ + " add column AccountingInterval BIGINT;"
+        };
+
+        for (const auto &i : Script) {
+            try {
+                auto Session = Pool_.get();
+                Session << i, Poco::Data::Keywords::now;
+            } catch (...) {
+            }
+        }
+        return true;
+    }
+
+} // namespace OpenWifi
+
+template <>
+void ORM::DB<OpenWifi::RadiusEndpointDbRecordType, OpenWifi::ProvObjects::RADIUSEndPoint>::Convert(
+        const OpenWifi::RadiusEndpointDbRecordType &In, OpenWifi::ProvObjects::RADIUSEndPoint &Out) {
+    Out.info.id = In.get<0>();
+    Out.info.name = In.get<1>();
+    Out.info.description = In.get<2>();
+    Out.info.notes =
+            OpenWifi::RESTAPI_utils::to_object_array<OpenWifi::SecurityObjects::NoteInfo>(In.get<3>());
+    Out.info.created = In.get<4>();
+    Out.info.modified = In.get<5>();
+    Out.Type = In.get<6>();
+    Out.RadsecServers = OpenWifi::RESTAPI_utils::to_object_array<OpenWifi::ProvObjects::RADIUSEndPointRadsecType>(In.get<7>());
+    Out.RadiusServers = OpenWifi::RESTAPI_utils::to_object_array<OpenWifi::ProvObjects::RADIUSEndPointRadiusType>(In.get<8>());
+    Out.PoolStrategy = In.get<9>();
+    Out.Index = In.get<10>();
+    Out.UsedBy = OpenWifi::RESTAPI_utils::to_object_array(In.get<11>());
+    Out.UseGWProxy = In.get<12>();
+    Out.NasIdentifier = In.get<13>();
+    Out.AccountingInterval = In.get<14>();
+}
+
+template <>
+void ORM::DB<OpenWifi::RadiusEndpointDbRecordType, OpenWifi::ProvObjects::RADIUSEndPoint>::Convert(
+        const OpenWifi::ProvObjects::RADIUSEndPoint &In, OpenWifi::RadiusEndpointDbRecordType &Out) {
+    Out.set<0>(In.info.id);
+    Out.set<1>(In.info.name);
+    Out.set<2>(In.info.description);
+    Out.set<3>(OpenWifi::RESTAPI_utils::to_string(In.info.notes));
+    Out.set<4>(In.info.created);
+    Out.set<5>(In.info.modified);
+    Out.set<6>(In.Type);
+    Out.set<7>(OpenWifi::RESTAPI_utils::to_string(In.RadsecServers));
+    Out.set<8>(OpenWifi::RESTAPI_utils::to_string(In.RadiusServers));
+    Out.set<9>(In.PoolStrategy);
+    Out.set<10>(In.Index);
+    Out.set<11>(OpenWifi::RESTAPI_utils::to_string(In.UsedBy));
+    Out.set<12>(In.UseGWProxy);
+    Out.set<13>(In.NasIdentifier);
+    Out.set<14>(In.AccountingInterval);
+}
--- a/src/storage/storage_radius_endpoints.h
+++ b/src/storage/storage_radius_endpoints.h
@@ -0,0 +1,46 @@
+//
+// Created by stephane bourque on 2023-09-27.
+//
+
+#pragma once
+
+#include "RESTObjects/RESTAPI_ProvObjects.h"
+#include "framework/orm.h"
+
+namespace OpenWifi {
+
+    typedef Poco::Tuple<
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            uint64_t,
+            uint64_t,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            bool,
+            std::string,
+            std::uint64_t
+    >   RadiusEndpointDbRecordType;
+
+    class RadiusEndpointDB : public ORM::DB<RadiusEndpointDbRecordType, ProvObjects::RADIUSEndPoint> {
+    public:
+        RadiusEndpointDB(OpenWifi::DBType T, Poco::Data::SessionPool &P, Poco::Logger &L);
+        virtual ~RadiusEndpointDB(){};
+        bool Upgrade(uint32_t from, uint32_t &to) override;
+
+        static inline bool ValidIndex(const std::string &I) {
+            static uint32_t Low = Utils::IPtoInt("0.0.1.1");
+            static uint32_t High = Utils::IPtoInt("0.0.2.254");
+            auto IP = Utils::IPtoInt(I);
+            return (IP>=Low) && (IP<=High);
+        }
+
+    private:
+
+    };
+} // namespace OpenWifi
--- a/test_scripts/curl/cli
+++ b/test_scripts/curl/cli
@@ -617,6 +617,51 @@ getsystemconfiguration() {
    jq < ${result_file}
 }

+creategraccount() {
+    payload="{ \"name\" : \"Test account\" , \"country\" : \"CA\", \"province\" : \"BC\" , \"city\" : \"Vancouver\", \"organization\" : \"Arilia Wireless Inc.\", \"commonName\" : \"arilia.com\", \"GlobalReachAcctId\" : \"bd63aaa7-b14d-4cdb-85ae-8de6cf2cfa31\", \"privateKey\" : \"-----BEGIN PRIVATE KEY-----\nMIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgl1FpARtuOtw1F9sR2DD82jh6sZFGRn619IY0rmNIFEuhRANCAATB7ji6OF/+heGRCocgVNhw4QGvaL9Kp8F6ZqqZ3aMewRMOfzi3TQaXN12FNBsvXnptx5vk8GAzZk6UAzzvMBVK\n-----END PRIVATE KEY-----\" }"
+    curl    ${FLAGS} -X POST "https://${OWPROV}/api/v1/openroaming/globalreach/account/0" \
+        -H "Content-Type: application/json" \
+        -H "Authorization: Bearer ${token}" \
+        -H "Accept: application/json" \
+        -d "$payload"  > ${result_file}
+    jq < ${result_file}
+}
+
+getgraccount() {
+    curl    ${FLAGS} -X GET "https://${OWPROV}/api/v1/openroaming/globalreach/account/$1" \
+        -H "Content-Type: application/json" \
+        -H "Authorization: Bearer ${token}" \
+        -H "Accept: application/json" > ${result_file}
+    jq < ${result_file}
+}
+
+deletegraccount() {
+    curl    ${FLAGS} -X DELETE "https://${OWPROV}/api/v1/openroaming/globalreach/account/$1" \
+        -H "Content-Type: application/json" \
+        -H "Authorization: Bearer ${token}" \
+        -H "Accept: application/json" > ${result_file}
+    jq < ${result_file}
+}
+
+getgraccounts() {
+    curl    ${FLAGS} -X GET "https://${OWPROV}/api/v1/openroaming/globalreach/accounts" \
+        -H "Content-Type: application/json" \
+        -H "Authorization: Bearer ${token}" \
+        -H "Accept: application/json" > ${result_file}
+    jq < ${result_file}
+}
+
+creategrcert() {
+    payload="{ \"name\" : \"$2\" }"
+    curl    ${FLAGS} -X POST "https://${OWPROV}/api/v1/openroaming/globalreach/certificate/$1/0" \
+        -H "Content-Type: application/json" \
+        -H "Authorization: Bearer ${token}" \
+        -H "Accept: application/json" \
+        -d "$payload"  > ${result_file}
+    jq < ${result_file}
+
+}
+
 shopt -s nocasematch
 case "$1" in
    "login") login; echo "You are logged in..."  ; logout ;;
@@ -673,6 +718,11 @@ case "$1" in
    "deleteoverride") login; deleteoverride "$2"; logout;;
    "venueupgraderevisions") login; venueupgraderevisions "$2"; logout;;
    "getsystemconfiguration") login; getsystemconfiguration "$2"; logout;;
+    "creategraccount") login; creategraccount ; logout;;
+    "getgraccount") login; getgraccount "$2"; logout;;
+    "getgraccounts") login; getgraccounts ; logout;;
+    "creategrcert") login; creategrcert "$2" "$3"; logout;;
+    "deletegraccount") login; deletegraccount "$2"; logout;;
    "getvenuesperrrm") login; getvenuesperrrm "$2"; logout;;
    *) help ;;
 esac