Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Paragon Insights Installation Requirements

 

For Paragon Insights (formerly HealthBot) to install successfully, the following hardware and software components are required on the host machine.

Paragon Insights Hardware Requirements

You can install Paragon Insights on either a physical or a virtual machine.

Proof-of-concept (POC) system—supports up to two device groups and three devices per device group:

  • RAM: 20 GB

  • Disk space: 100 GB available on the /var/ partition

  • Free disk space must be at least 20% of total disk space at all times.

  • CPU cores: 8

Production system (minimum system requirements):

  • RAM: 32 GB

  • Disk space: 250 GB SSD available on the /var/ partition

  • Free disk space must be at least 20% of total disk space at all times.

  • Recommended minimum IOPS for the disk(s): 1000

  • CPU cores: 16

Note

Paragon Insights is a cloud-native application that leverages a microservices-based architecture that allows scale-out and multinode deployment. Depending on your specific requirements and use case, you can add more nodes to the Kubernetes cluster.

See the scaling tool at https://apps.juniper.net/hb-sizing/ for more information on server configurations for a given use case.

Paragon Insights Software Requirements

Paragon Insights installs on Ubuntu, RedHat Enterprise Linux (RHEL), and CentOS versions of Linux.

For Ubuntu:

  • Ubuntu version 16.04.01 (Xenial Xerus) or 18.04.04 (Bionic Beaver)

  • For single and multinode installation, the kernel version must be 4.4.19 or greater.

  • We recommend installing Ubuntu as one large disk partition.

    If multiple partitions are used, Paragon Insights data is written to the /var/local/healthbot/ directory and Paragon Insights log files are written to /var/lib/docker/containers.

  • Disable the swap memory by running the swapoff -a command to bring up kubelet service.

    You must then remove swap memory entries from the /etc/fstab folder.

    Note

    Reboot of the server may be required to make this setting take effect.

For RHEL:

    • Online Installation

      For releases earlier than Paragon Insights Release 4.0.0: RHEL 7.5 or later

      For Paragon Insights Release 4.0.0 and later: RHEL 7.5 or later; RHEL 8.2 or later

    • Offline Installation

      For releases earlier than Paragon Insights Release 4.0.0: RHEL 7.5 or later

      For Paragon Insights Release 4.0.0 and later: RHEL 7.5 or later; RHEL 8.3 or later

    Note

    Paragon Insights releases 4.1.0 and 4.2.0 support both online and offline installations. However, Paragon Insights Release 4.0.0 only supports offline installation. Releases earlier than Paragon Insights 4.0.0 support both online and offline installations.

  • The following system utilities must be installed manually if they are not already present:

    tar, bash, ln, ssh-keygen, curl, vi, wget, openssl, openssh-server, and rsync

  • Enter the following configuration line in the file /etc/sysctl.conf: vm.max_map_count=262144.

  • Disable the swap memory by running the swapoff -a command to bring up kubelet service.

    You must then remove swap memory entries from the /etc/fstab folder.

    Note

    Reboot of the server may be required to make this setting take effect.

For CentOS:

    • Online Installation

      For releases earlier than Paragon Insights Release 4.0.0: CentOS 7.3 or later

      For Paragon Insights Release 4.0.0 and later: CentOS 7.3 or later; CentOS 8.2 or later

      Offline Installation

      For releases earlier than Paragon Insights Release 4.0.0: CentOS 7.3 or later

      For Paragon Insights Release 4.0.0 and later: CentOS 7.3 or later; CentOS 8.3 or later

    Note

    Paragon Insights releases 4.1.0 and 4.2.0 support both online and offline installations. However, Paragon Insights Release 4.0.0 only supports offline installation. Releases earlier than Paragon Insights 4.0.0 support both online and offline installations.

  • For single and multinode installation, the kernel version must be 4.4.19 or greater.

    With Paragon Insights Release 4.0.0, for CentOS 8 server and RHEL 8, kernel upgrade is not required.

  • The following system utilities must be installed manually if they are not already present:

    tar, bash, ln, ssh-keygen, curl, vi, wget, openssl, openssh-server, and rsync

  • Disable the swap memory by running the swapoff -a command to bring up kubelet service.

    You must then remove swap memory entries from the /etc/fstab folder.

    Note

    Reboot of the server may be required to make this setting take effect.

  • Enter the following configuration line in the file /etc/sysctl.conf: vm.max_map_count=262144.

  • On a scaled production server, we recommend that you configure the OS settings in the limits.conf and sysctl.conf files. These values set the soft and hard memory limits for influx DB memory requirements. If you do not set these limits, you might see errors such as “out of memory” or “too many open files” because of default system limits.

    • cat /etc/security/limits.conf
    • cat /etc/sysctl.conf
  • Run the sysctl -w net.bridge.bridge-nf-call-iptables=1 command on all nodes.

    Add the net.bridge.bridge-nf-call-iptables=1 to the file /etc/sysctl.conf to ensure that it persists across reboots of the server.

Note

Reboot of the server may be required to make this setting take effect.

Web Browser Requirements

Paragon Insights is supported on the following 64-bit web browsers:

Table 1: Supported Web Browsers

Browser

Supported Version(s) (Macintosh)

Supported Version(s) (Windows)

Chrome

90 and later

90 and later

Firefox

83 and later

83 and later

Safari

14.0.3 and later

-

Network Requirements

  • For Kubernetes-based installations, including multinode installations:

    • All nodes must run NTP or other time-synchronization at all times.

    • An Internet connection is required for all nodes during the initial Ubuntu (.deb) or CentOS/RedHat (.rpm) software extraction process. This is not a requirement for the healthbot setup portion of the installation

    • One static IP address per node.

      (Optional) A hostname that resolves to the corresponding IP address.

    • Ensure that internet protocol version 6 (IPv6) is enabled.

    • An SSH server must be running on all nodes.

    • All nodes must be in the same subnet

    • For a multi-master installation:

      • You must always enter an odd number of master nodes.

      • You need a virtual IP address to configure high availability (HA) between the master nodes. This virtual IP address must be different from the virtual IP address that you specify to access various Paragon Insights services.

      • All master nodes must be in same subnet. Ensure that you place the master nodes on different racks so that there is no impact if there are power outages

      • You need to determine the number of master nodes before you start the installation process.

    • For a multinode installation, a virtual (unused) IP address in the same subnet as the nodes is needed. This is the address on which the Web GUI is accessed.

    • A common SSH user name and password is needed for all nodes. The healthbot setup command (discussed later) must be run as this user.

    • Docker version 18.09.3 or later is required

      Note

      Starting with Paragon Insights Release 4.0.0, Docker upgrade is not required.

      Run any one of the following commands to verify the Docker version installed:

      $ docker version

      or

      $ docker --version
      Note

      Verify the SELinux mode. If it is set to enforcing, change it to permissive. This is required to allow Docker commands to execute later in this procedure.

  • Open the following firewall ports, as appropriate:

    • JTI (native GPB), for telemetry collection - per your source and destination port settings

    • gRPC (OpenConfig), for telemetry collection - TCP port 32767

    • NETCONF/SSH, for telemetry collection - TCP port 830

    • SNMP, for telemetry collection - UDP port 161

    • Syslog messages - UDP port 514

    • NetFlow, for telemetry collection – UDP port of your choice.

      Must be different for each NetFlow host.

    Note

    Default ports are listed above; adjust as needed if you use non-default ports.

  • Enable these ports to allow intra-cluster and inter-cluster communication.

    This ensures that the cluster setup does not crash due to SSH timeout.

    See Table 2 for information and requirements on ports for single-master setups. You must enable these ports for single master setups.

    For more information on ports for multi-master setups, see Table 3. You must enable the ports listed in both Table 2 and Table 3 for multi master setups.

    Table 2: Ports for Single-Master and Multi-Master Setups

    Direction

    Ether Type

    Internet Protocol

    Port Range

    Remote IP Prefix

    Description

    Ingress

    IPv4

    TCP

    22

    0.0.0.0/0

    SSH

    Ingress

    IPv4

    ICMP

    any

    0.0.0.0/0

    ICMP probes

    Ingress

    IPv4

    TCP

    8080

    0.0.0.0/0

    Paragon Insights GUI and REST API server

    Ingress

    IPv4

    TCP

    6443

     

    Communicate with worker nodes in the cluster

    Ingress

    IPv4

    TCP

    179

     

    BGP used by calico for route discovery

    Ingress

    IPv4

    TCP

    10250

     

    Kubelet API communication

    Ingress

    IPv4

    TCP

    8443

     

    Kubernetes metrics server

    Ingress

    IPv4

    TCP

    7005

     

    Paragon Insights common services

    Ingress

    IPv4

    IPIP

    any

     

    Overlay network setup by calico

    Egress

    IPv4

    any

    any

    0.0.0.0/0

    Allow all IPv4 outbound traffic

    Egress

    IPv6

    any

    any

    ::/0

    Allow all IPv6 outbound traffic

    Table 3: Additional Ports for Multi-Master Setups

    Direction

    Ether Type

    Internet Protocol

    Port Range

    Remote IP Prefix

    Description

    Ingress

    IPv6

    TCP

    2379

     

    etcd client requests

    Ingress

    IPv4

    TCP

    2380

     

    etcd peer communication

Network Device Requirements

Junos Devices

Paragon Insights collects data from devices running Junos OS using multiple data collection methods, called sensors. Each sensor type requires a certain Junos OS version, and configuration added to the devices, to enable a connection to the Paragon Insights server.

Native GPB

NetFlow (IPFIX)

The following samples are for an IPFIX configuration. Lines that start with “##” are comments and are used to point out details in the configuration.

IPFIX Template Configuration

set services flow-monitoring version-ipfix template IPv4-TEMPLATE ipv4-template

Apply IPFIX Template to Enable Traffic Sampling

set forwarding-options sampling instance IPFIX-IPv4-INSTANCE input rate 10 set forwarding-options sampling instance IPFIX-IPv4-INSTANCE family inet output flow-server 10.XX.XX.200 port 2055
set forwarding-options sampling instance IPFIX-IPv4-INSTANCE family inet output flow-server 10.XX.70.XX version-ipfix template IPv4-TEMPLATE
set forwarding-options sampling instance IPFIX-IPv4-INSTANCE family inet output inline-jflow source-address 198.XX.XX.1

## 10.XX.70.XX = Paragon Insights server

## port 2055; use this value in Paragon Insights GUI (device group config)

## inline-jflow = Enable inline flow monitoring for traffic from the designated address

## 198.XX.XX.1 = traffic interface that does the exporting; use this value in Paragon Insights GUI (device config)

Associate Sampling Instance with the FPC

set chassis fpc 0 sampling-instance IPFIX-IPv4-INSTANCE

Specify the Traffic Interface to Sample and Direction of Sampled Traffic

set interfaces ge-0/0/0 unit 0 family inet sampling input
set interfaces ge-0/0/0 unit 0 family inet sampling output

OpenConfig

  • Junos OS Version: 16.1 or later

    • The OpenConfig sensor requires that the Junos device have the OpenConfig and network agent packages installed. These packages are built into Junos OS Releases 18.2X75, 18.3, and later. For releases between 16.1 and 18.2X75 or 18.3, you must install the packages.

      To verify whether you have these packages, enter the following command:

      To verify whether you have these packages, enter the following command:

      user@host> show version | match "Junos:|openconfig|na telemetry"

      See Understanding OpenConfig and gRPC on Junos Telemetry Interface for more information.

    • Network agent is not supported on PPC platforms (MX104, MX80, and so on)

  • Refer to the following topics of the Junos Telemetry Interface User Guide if the OpenConfig and network agent packages are not installed.

  • After you have installed the packages, enable OpenConfig on the MX240 by running the following command:

    set system services extension-service request-response grpc clear-text port number

    Network agent is not supported on PPC platforms (MX104, MX80, and so on)

iAgent (NETCONF)

  • Junos OS Version: 11.4 or later

  • Required configuration:

    set system services netconf ssh

SNMP

  • Junos OS Version: Any release

  • Required configuration:

    set snmp community public

Syslog

  • Junos OS Version: Any release

  • Required configuration:

    set system syslog host 10.10.10.1 any any
    set system syslog host 10.10.10.1 allow-duplicates
    set system syslog host 10.10.10.1 structured-data

    ## 10.10.10.1 = Paragon Insights server

Best Practice

Structured syslog is highly recommended because it avoids text parsing by the Paragon Insights server.

Cisco Device Support

Paragon Insights can collect telemetry data from Cisco IOS XR devices. To use these devices with Paragon Insights, you must configure the grpc server and the openconfig-interfaces sensors. Paragon Insights does not automatically configure these for you.

The following example shows a sensor group sg1 created for gRPC dial-in configuration with the YANG model for interfaces. An hbot_interfaces subscription associates the sg1 sensor group with an interval of 10 seconds to stream data.

Note

The following reference configuration is loaded on a device running Cisco IOS XR software version 6.3.2.



Multinode Installation

Starting with release 3.0.0 Paragon Insights uses Kubernetes for all HA/multinode installations. In order to install Paragon Insights on more than one server, you must install using Kubernetes. All of the needed configuration for the clusters is performed by Kubernetes. During the setup phase of the installation process, you must identify the Kubernetes master node(s) and worker node(s).

Starting with Release 4.0.0, while installing Paragon Insights you can choose to have multiple master nodes. While running the healthbot setup command, you are prompted to specify hostnames or IP addresses of the master nodes. If you choose to have multiple master nodes, you must also specify the virtual IP address that is required for configuring high availability (HA) between the master nodes. If you are using the silent installer, in the configuration file you can specify the virtual IP address in the master_virtual_ip field.

Starting from Release 4.0.0, while installing Paragon Insights you can specify multiple virtual IP addresses (unused) so that you can connect to various services in Paragon Insights and thereby monitor devices that are in different subnets. If you are using the silent installer, in the configuration file you can specify multiple virtual IP addresses in the load_balancer_ip field.

The following example shows the installation command for an Ubuntu server.

$ sudo apt-get install -y /<path-to-deb-file>/healthbot-<version>.deb