ATOM Remote Agent Deployment Guide
version 11.8
Table of Contents
Agent Requirements and Installation4
Required Ports between Agent and Managed Network Devices5
Required Ports between Agent and ATOM Cloud Infrastructure5
Agent Connection Verification14
Some Scenarios in Remote Agent14
Some Common Exception scenarios17
Debug/error logs in Remote Agent17
Purpose of this document
This document is intended to be used for deploying ATOM Cloud Agent in customer Data Center to communicate with Network Devices and ATOM Cloud servers.
Intended Audience
Network administrators and operators
ATOM Cloud Overview
Anuta Networks ATOM Cloud is a Software-as-a-Service offering. It delivers Assurance, Telemetry, and Orchestration for Multi-Vendor Networks.
Anuta ATOM Cloud enables enterprises and service providers to rapidly design and provision network services, collect real-time telemetry, develop in-depth network analytics, ensure compliance and provide service assurance for multi-vendor physical and virtual infrastructure.
Anuta ATOM Cloud offering takes a cloud-first approach and is hosted within a Tier-1 cloud. The underlying infrastructure is validated and is governed by a quality assurance and regulatory compliance process. With Anuta ATOM Cloud, networking teams can deliver services faster, eliminate human errors, avoid security violations, reduce OpEx and meet SLAs with exceptional high availability.
Key Benefits of the Anuta ATOM Cloud offer include:
- Hassle-free deployments and upgrades
- Flexible & Secure connectivity to enterprise networks
- Network Orchestration and Closed-Loop Assurance for 45+ vendors
- Auto-Scale to satisfy fluctuations in demand
- Real-time Analytics and Historical Reports
- Flexible Pay as you Grow license model
- SDK and other productivity tools for rapid customization.
ATOM Agent Overview
The ATOM Cloud Agent is an application that runs on a Linux server within your infrastructure as a docker container. ATOM agents have to be installed on each location of your infrastructure.
ATOM agents can be assigned with multiple CIDR blocks to manage the devices. It is used to communicate, collect and monitor the networking devices in your infrastructure using standard protocols. Once the agent collects the data, it gets encrypted and sent to Anuta ATOM Server over an outgoing SSL Connection.
One Agent can typically manage hundreds of devices. However, it depends on many other factors such as device type, data collection, size of the data, frequency etc. Checkout ATOM Agent Hardware requirements for further information.
Agent Requirements and Installation
Hardware Requirements:
ATOM Agent has to be deployed on the Customer corporate network and it needs the following hardware at the minimum.
Component | Requirements Description |
1 Virtual Machine | Storage reserved in ESXi = 50 GB (SSD)
|
Network Requirements
ATOM Agent needs to communicate with the network devices to collect and transfer the data to atom cloud.So, it requires certain ports to be opened in a secured network. Below is the sample network interaction diagram for agent communication.
-
Required Ports between Agent and Managed Network Devices
Below are the ports required by the Agent to communicate with targeted network infrastructure.
Port | Protocol | Type | Use Case |
21 | TCP | Both | Data Transfer using FTP (Remote Agent <==> Device) |
22 | TCP | Outbound | SSH Communication to the targeted Network Device |
23 | TCP | Outbound | Telnet Communication to the targeted Network Device |
69 | UDP | Inbound | TFTP to network devices (UDP) (IN) |
80 | HTTP | Both | Hypertext transfer protocol (HTTP) (IN/OUT) |
443 | HTTPS | Both | Hypertext transfer protocol secure (HTTPS) (IN/OUT) |
161 | UDP | Outbound | Data Collection via SNMP through MIBs from the targeted Network Device |
162 | UDP | Inbound | SNMP Traps receiver from the targeted Network Device |
514 | UDP | Inbound | Syslog Message receiver from the targeted Network Device |
830 | TCP | Outbound | NetConf Communication to the targeted Network Device |
12455 | TCP | Inbound | Telemetry Server for TCP Communication (IN) |
12456 | UDP | Inbound | Telemetry Server for UDP Communication (IN) |
12454 | GRPC | Inbound | Telemetry GRPC Server (IN) |
2055 | UDP | Inbound | Netflow UDP Server (IN) |
-
Required Ports between Agent and ATOM Cloud Infrastructure
Below are the ports required by the Agent to transfer the data collected from network devices to ATOM Cloud with TLS encryption.
ATOM Agent Installation
The ATOM Agent manages your network infrastructure. You need to install an Agent for serving the devices.
Below is the procedure to install an ATOM agent on a customer corporate network.
- Navigate to Agents Page from Navigation bar.
- Click on the Download dropdown on top right side and choose ISO File. This will fetch the latest version of iso file from the minio repository (In case the ISO is provided already as offline download link then you can skip this step).
- Once the ISO is downloaded, create a VM out of it.
- User would be prompted to change the password on the first login.
- Use default credentials : atom/secret@123
- Once the password is updated and login is successful go through the README document to understand high level details of how to install the remote agent.
- Run the node_setup.py which is present in the /agent/scripts path using sudo privileges as shown below:
- Enter 3 when prompted for choice to provision the remote agent. Choose among the following:
- User would be prompted to change the password on the first login.
- Bootstrap Script: This script will initially help you set up basic Network Connectivity, Hostname configuration and NTP settings.
- Remote-Agent Installation: This script will be used to bring up the remote agent software. Complete steps 4-8 before invoking this.
-
- Enter 1 to proceed with the bootstrap function and select the complete fresh setup by again choosing 1 as shown below:
-
- Provide the following inputs as requested by the script:
- Interface Details to be provisioned along with relevant CIDR info.
- DNS Server Information
- NTP Server Information
- Hostname of the VM along with the hostname-ip to bind. Refer the screenshot below:
Network Configuration Details
NTP Server Configuration Details
Hostname Configuration Details
Once the bootstrap is complete proceed with the next steps. [Note: Hostname changes would be reflected on reboot only. Select yes to reboot if you wish to change the hostname]
- You can manage devices assigning a range of IP addresses (belonging to the devices) to the Agent. Each Agent can be assigned a different IP range, which is used to determine the tasks that can be handled by the Agent:
- Discovery Job
- Inventory Job
-
- Device monitoring
- Configuration retrieval
- Syslog and SNMP trap processing
- Service provisioning
To add an IP range to the Agent, do the following:
- Navigate to Agents Page from left navigation bar
- In the top navigation tab, click IP Range > Add
- In the Create IP Range screen, enter the values as follows:
- Range Name: Enter a name for the Agent
- Start IP: Enter an IP address that should be the first IP address of the range
- End IP: Enter an IP address that should be the last IP address of the range
- Owner: Owner will be the tenant name.
- SharedWith: If it’s not shared with the subtenants, only the tenant name will be there. Eg. acme. This range can be shared with the subtenants as well. Eg. acme.* ( In this case, this range will be shared with all the subtenants )
- Navigate to the Agents tab and add a remote agent <agent_name>.
- Select some device ip ranges (mandatory) and some description (optional).
- Leave the checkbox In Cluster Deployment unchecked. (If checked, the agent will not be treated as remote and will get installed in the cluster itself).
- Select a particular agent and download the agent configuration file from the toolbar.
- Once again login to the remote agent VM and execute the node_setup.py file located under /agent/scripts folder using sudo privileges as shown below:
- Enter 3 when prompted for choice to provision the remote agent.
-
- Proceed with the remote agent installation.
- Copy the content from the downloaded agent config.xml file and paste it when prompted to do so and enter the break sequence and proceed to enter the Atom URL where this agent needs to be onboarded. Refer screenshot below:
In above provide Glowroot-LB URL as well for AWS ATOM setup case which can be fetched by executing command “kubectl get svc -natom | grep glowroot-lb”
-
- If a private local repo is used for agent image, enter the registry details, else leave it to the default to pull image from the repo maintained by Atom. Ensure you have connectivity to the quay public repo to pull image and bring up the container.
Atom agent installation would be complete and the status of the agent would show online on Atom. Please proceed with a verification check on the Atom UI as per the next section.
Agent Connection Verification
To verify the agent container status on the virtual machine where it was deployed, use docker ps command. Below is the sample output. Make sure the status is UP.
Once the agent container is up on the agent VM instance, the status of the agent created on ATOM comes online by performing health checks. We can verify the status of the Agent on ATOM on Agents Page. The status should turn into green.
Some Scenarios in Remote Agent
-
Edit a particular IP Range
Go to IP Range tab and edit an Ip range. Ex.
Previous range ->
Range name : iprange3
Ranges : 172.16.3.1 – 172.16.3.255
New Range ->
Range name : iprange3
Range : 172.16.3.1 -> 172.16.3.50
Now the remote agent which has iprange3 will serve only the devices specified in that updated range.
-
Edit a remote agent and add/delete other ranges
Go to the Agents tab and edit a particular agent. Ex.
Previous ranges attached to the remote agent -> iprange1,iprange3
New ranges attached to the remote agent -> iprange1 (removed iprange3)
Now the remote agent will serve only the devices specified in the range iprange1.
-
‘Devices’ and ‘Services’ attached to the Agent.
By clicking on the agent name, it will redirect to another page which has
‘Devices’ and ‘Services’ tabs.
-
- Devices tab will list all the devices attached to the agent.
-
- Services tab will list all the services attached to the agent.
-
Restart Agent
After selecting a particular agent, it can be restarted from the above toolbar.
Some important points
- If we add a remote agent for a tenant, it will be visible to all the tenants/subtenants which are mentioned in the shared-with field of the agent.
- A tenant can add multiple remote agents for scale needs. Any remote agent can be associated with only one tenant at a time.
- Overlapping of ip ranges is not allowed.
- A device can be served by only one remote agent for a particular tenant.
ATOM upgrade scenario
Once the ATOM system is upgraded, the remote agent will automatically upgrade after 2 minutes. To verify this step :
- Login to the remote agent vm instance. ssh atom@172.16.X.Y
- Go to this path :
cd /opt/atom/agent/configs/
- See the config.yaml file. If the auto_upgrade flag is true ( by default it’s true), it will automatically upgrade itself and the image version will change.
As it’s by default in the auto upgrade mode, it will check after every 2 minutes whether there is a change in the ATOM version.
To see the upgrade logs –
- Go to this path : cd /tmp
- vi install.out
Some Common Exception scenarios
-
Agent and Atom Version mismatch
As remote agents will be deployed on a different machine, it is mandatory that the atom version and the agent version should match.
-
- For Agent version : Agents -> Grid View -> Build Version
- For Atom version : Administration -> About
If it is not the case, the remote agent will not come online.
-
Authentication failed due to invalid security token
If the security token of the agent is not copied correctly or there is some mismatch in the token ( in the config. File downloaded from UI and the agent.xml file deployed in the agent vm ), then this exception will be seen.
Troubleshooting
-
Debug/error logs in Remote Agent
Login to the IP address mentioned in the grid for a particular agent. Refer below example.
After logging in :
-
- Run command : docker ps
Check whether its up or not and no exception is there.
If its UP and the status in UI is still not connected, check exception : Run command : docker logs <container-id>
Eg. docker logs 5bb11d1789f8
-
- If the status of the agent is up but there is some unwanted exception coming from agents, go to the /opt/atom/agent/logs folder.
All the logs are visible in this directory.