Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

AppFormix gRPC Network Device Telemetry

 

AppFormix supports gRPC remote procedure calls (gRPC ) telemetry from network devices. For network devices, by installing the correct version of Junos network_agents and openconfig packages, AppFormix is able to subscribe to the device and stream data from the devices. These packages can be downloaded from the Juniper download Web site. For more information about device type and Junos device version and find the corresponding network agent and OpenConfig package, see Junos Telemetry Interface gRPC Sensors and gRPC Services Telemetry

While configuring gRPC devices, you can select to enable SSL on the gRPC subscription.

Figure 1: Configure gRPC Network Device Telemetry and Enable SSL
Configure gRPC Network Device Telemetry and Enable
SSL

Unsecured gRPC Configuration

Following is the configuration AppFormix adds on the device when you select SSLEnabled = False when configuring the device.

Secure Socket Layer (SSL) gRPC Configuration

In order for AppFormix to subscribe to devices over SSL technology, complete the following steps in advance of enabling SSL.

  1. Certificates for all devices need to be signed by one single certificate authority (CA).

  2. Common Name (CN) value specified for the certificate used by a particular device, should be that device's Domain Name System (DNS) name.

  3. Certificates need to be preloaded on the device as name appformix by running the following command:

  4. When configuring the devices in AppFormix, enter the device DNS name in the ManagementIp field.

    Example configuration AppFormix puts on the device:

Distribute gRPC Network Device CA Using Ansible

In order for AppFormix to have secure connections between collectors (AppFormix Agent and devices), the collector needs to have the CA, which signed all of the devices' certificates, in /opt/appformix/etc/cert/.

Then use Ansible to distribute the CA to all AppFormix Agents. Add the following in your group_vars/all file and then run the playbook.