Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Add Insights Nodes

 

Use Security Director Insights to automate security operations and take effective actions on security events logged by Juniper Networks Security products. It connects disparate security tools for seamless security operations and incident response. It ingests logs from SRX Series devices and other security vendors to correlate and provide automated enrichment to identify the threats.

Security Director Insights is a single virtual appliance (Service VM) that runs on the VMware vSphere infrastructure. You must configure Security Director Insights as nodes for Security Director to discover the Security Director Insights virtual machine (VM).

You can deploy Security Director Insights as a single node or two nodes (primary and secondary) with high availability (HA).

To configure a standalone or primary (active) node:

  1. Select Security Director > Administration >Insights Management > Insights Nodes.

    The Insights Nodes page appears.

  2. Complete the configuration according to the guidelines provided in Table 1.
  3. Click Save.

    If the details provided are valid, the Security Director Insights node is added successfully. Click Reset to remove the node.

Table 1: Add Insights Nodes

Setting

Guidelines

IP Address

Enter the IP address of the Security Director Insights VM. (This is the IP address you configured during the Security Director Insights VM installation).

Username

The username to access the VM is always admin. You cannot modify this field.

Password

Enter the password to access the Security Director Insights VM. (This is the same password you use to log in to the VM CLI with your admin credentials).

To configure the secondary (standby) node details:

  1. Select the Enable HA option.

    The HA Setup page appears.

  2. Complete the configuration according to the guidelines provided in Table 2.
  3. Click Save & Enable.

    The Insights Nodes page appears. It shows the status of the secondary node activation.

  4. Click Refresh Data to check the status of the secondary node configuration.

    After the configuration is successful, you see the respective IP addresses appearing in the Data/Management Virtual IP and Monitoring Virtual IP columns.

    Note

    Keep clicking the Refresh Data option until you see that the secondary node is configured successfully and all the other errors disappear, if any.

Table 2: Configure HA Setup

Setting

Guidelines

Secondary Node Details

Secondary system IP

Enter the IP address of the secondary (standby) node.

Username

The username to access the virtual machine is always ‘admin’. You cannot modify this field.

Password

Enter your SSH password to access the secondary node. (This is the same password you use to log in to the VM CLI with your admin credentials.)

HA Settings

Data Virtual IP/Netmask

Enter the virtual IP address for data traffic between primary (active) and secondary (standby) nodes.

HA monitor Virtual IP/Netmask

Enter the virtual IP address for HA monitoring traffic between active and standby nodes.

Ping IPs

(Optional) Enter a list of IP addresses for ping tests.

Note

To enable HA, the IP addresses on Security Director Insights must be static.

In the Node Status section, you can see the complete configuration details of the primary (active) and secondary (standby) nodes.

You can take the following actions:

  • Stop standby—In the Standby section, click Stop to temporarily stop HA service on a standby node to perform maintenance tasks.

  • Start standby—In the Standby section, click Start to restart the HA service, if it is stopped.

  • Rebuild standby—To rebuild out-of-sync data on the standby node, click Rebuild.

  • Failover—To manually shut down the HA service on the active node, so that the standby node becomes the active node, click Failover in the Active section. The virtual IP address will be reassigned to the new active node. You can use the Failover option to perform any maintenance tasks on the active node. You must click Start to restart the HA services.

Table 3 shows more details of each Security Director Insights node in the Insights Node page.

Table 3: Insights Node Details

Field Name

Description

Hostname

Specifies the hostname of the node.

Data Traffic IP

Specifies the data traffic IP address of the node.

HA Monitor IP

Specifies the HA monitoring IP address of the node.

CPU Usage

Specifies the CPU usage of the node.

Memory Usage

Specifies the memory usage of the node.

Online

Specifies whether the node is online or offline.

Role

Specifies whether the node is primary (active) or secondary (standby).

Status

Specifies the health of the node.