Add Insights Nodes
Use Security Director Insights to automate security operations and take effective actions on security events logged by Juniper Networks Security products. It connects disparate security tools for seamless security operations and incident response. It ingests logs from SRX Series devices and other security vendors to correlate and provide automated enrichment to identify the threats.
Security Director Insights is a single virtual appliance (Service VM) that runs on the VMware vSphere infrastructure. You must configure Security Director Insights as nodes for Security Director to discover the Security Director Insights virtual machine (VM).
You can deploy Security Director Insights as a single node or two nodes (primary and secondary) with high availability (HA).
To configure a standalone or primary (active) node:
- Select Security Director > Administration >Insights Management > Insights Nodes.
The Insights Nodes page appears.
- Complete the configuration according to the guidelines provided in Table 1.
- Click Save.
If the details provided are valid, the Security Director Insights node is added successfully. Click Reset to remove the node.
Table 1: Add Insights Nodes
Enter the IP address of the Security Director Insights VM. (This is the IP address you configured during the Security Director Insights VM installation).
The username to access the VM is always admin. You cannot modify this field.
Enter the password to access the Security Director Insights VM. (This is the same password you use to log in to the VM CLI with your admin credentials).
To configure the secondary (standby) node details:
- Select the Enable HA option.
The HA Setup page appears.
- Complete the configuration according to the guidelines provided in Table 2.
- Click Save & Enable.
The Insights Nodes page appears. It shows the status of the secondary node activation.
- Click Refresh Data to check the status of the
secondary node configuration.
After the configuration is successful, you see the respective IP addresses appearing in the Data/Management Virtual IP and Monitoring Virtual IP columns.
Keep clicking the Refresh Data option until you see that the secondary node is configured successfully and all the other errors disappear, if any.
Table 2: Configure HA Setup
Secondary Node Details
Secondary system IP
Enter the IP address of the secondary (standby) node.
The username to access the virtual machine is always ‘admin’. You cannot modify this field.
Enter your SSH password to access the secondary node. (This is the same password you use to log in to the VM CLI with your admin credentials.)
Data Virtual IP/Netmask
Enter the virtual IP address for data traffic between primary (active) and secondary (standby) nodes.
HA monitor Virtual IP/Netmask
Enter the virtual IP address for HA monitoring traffic between active and standby nodes.
(Optional) Enter a list of IP addresses for ping tests.
To enable HA, the IP addresses on Security Director Insights must be static.
In the Node Status section, you can see the complete configuration details of the primary (active) and secondary (standby) nodes.
You can take the following actions:
Stop standby—In the Standby section, click Stop to temporarily stop HA service on a standby node to perform maintenance tasks.
Start standby—In the Standby section, click Start to restart the HA service, if it is stopped.
Rebuild standby—To rebuild out-of-sync data on the standby node, click Rebuild.
Failover—To manually shut down the HA service on the active node, so that the standby node becomes the active node, click Failover in the Active section. The virtual IP address will be reassigned to the new active node. You can use the Failover option to perform any maintenance tasks on the active node. You must click Start to restart the HA services.
Table 3 shows more details of each Security Director Insights node in the Insights Node page.
Table 3: Insights Node Details
Specifies the hostname of the node.
Data Traffic IP
Specifies the data traffic IP address of the node.
HA Monitor IP
Specifies the HA monitoring IP address of the node.
Specifies the CPU usage of the node.
Specifies the memory usage of the node.
Specifies whether the node is online or offline.
Specifies whether the node is primary (active) or secondary (standby).
Specifies the health of the node.