Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Step 1: Begin

This guide walks you through the simple steps to install Juniper® Paragon Automation and use Juniper® Paragon Automation to onboard, manage, and monitor network devices.

Meet Paragon Automation

Paragon Automation provides end-to-end transport network automation and simplifies the adoption of network automation for device, network, and service life cycles from Day 0 to Day 2.

You can onboard ACX7000 Series, PTX Series, MX Series and Cisco Systems routers listed in Paragon Automation Supported Hardware to Paragon Automation and manage them.

Install Paragon Automation

Before you install the Paragon Automation application, ensure that your server(s) meet the requirements listed in this section. A Paragon Automation cluster should contain only four nodes [virtual machines (VMs)], with three nodes acting as both primary and worker nodes and one node acting as a worker-only node.

Requirements

Hardware Requirements

Each node VM must have the following minimum hardware resources:

  • 16-core vCPU

  • 32-GB RAM

  • 300-GB SSD (SSDs are mandatory)

Note:
  • These VMs do not need to be in the same server, but the nodes need to be able to communicate over an L2 network.

  • The hardware resources needed for each node VM depends on the size of the network that you want to onboard. To get a scale and size estimate of a production deployment and to discuss detailed dimensioning requirements, contact your Juniper Partner or Juniper Sales Representative.

Software Requirements

Use VMware ESXi 8.0 to deploy Paragon Automation.

Network Requirements

The four nodes must be able to communicate with each other through SSH. You need to have the following addresses available for the installation, all in the same IP network.

  • Four IP addresses, one for each of the four nodes

  • Network gateway IP address

  • A Virtual IP (VIP) address for generic ingress shared between gNMI, SSH ingress, and the Web UI.

  • A VIP address for Paragon Active Assurance Test Agent gateway.

  • (Recommended) A VIP address to establish Path Computational Element Protocol (PCEP) sessions between Paragon Automation and the devices for collecting label-switched path (LSP) information from the device.

Browser Requirements

Paragon Automation is supported on the latest version of Google Chrome, Mozilla Firefox, and Safari.

Create and Configure VMs

A system administrator can install Paragon Automation by downloading an OVA bundle and using the OVA bundle to deploy the node VMs on one or more VMware ESXi servers. Alternatively, you can also extract the OVF and VMDK files from the OVA bundle and use them to deploy the node VMs. Paragon Automation runs on a Kubernetes cluster with three primary/worker nodes and one worker-only node. The installation is air-gapped but you need Internet access to download the OVA bundle to your computer.

Figure shows the workflow for installing Paragon Automation.

Figure 1: Workflow for Installing Paragon Automation Workflow for Installing Paragon Automation

You use the OVA (or OVF and VMDK files) bundle to create your node VMs. The software download files come prepackaged with the OS and all packages required to create the VMs and deploy your Paragon Automation cluster. The VMs have a Linux base OS of Ubuntu 22.04.4 LTS (Jammy Jellyfish).

Once the VMs are created, you must configure each VM in the same way. When all the VMs are configured, you can deploy the Paragon Automation cluster from the first VM.

  1. Download the OVA bundle onto your computer.

    You can use the OVA as a whole to create the VMs or alternatively, extract and use the OVF and .vmdk files from the OVA to create your VMs.
  2. Log in to the VMware ESXi 8.0 server to install Paragon Automation.

  3. Create the node VMs.

    To create the node VMs:

    1. Right-click the Host icon and select Create/Register VM.

      The New virtual machine wizard appears.

    2. On the Select creation type page, select Deploy a virtual machine from an OVF or OVA file and click Next.
    3. On the Select OVF and VMDK files page, enter a name for the node VM.

      Click to upload or drag and drop the OVA file or the OVF file along with the .vmdk files. Review the list of files to be uploaded and click Next.

    4. On the Select storage page, select the datastore that can accommodate 300-GB SSD for the node VM.

      Click Next. The extraction of files begins and takes a few minutes.

    5. On the Deployment options page:

      • Select the virtual network to which the node VM will be connected.

      • Select the Thick disk provisioning option.

      • Enable the VM to power on automatically.

      Click Next.

    6. On the Ready to complete page, review the VM settings and click Finish to create the node VM.

    7. Power on the VM.

    8. Follow steps 3.a to 3.g to create three more nodes. Enter appropriate VM names when prompted.

      Alternatively, if you are using VMware vCenter, you can right-click the VM, and click the Clone > Clone to Virtual Machine option to clone the newly created VM.

      Clone the VM thrice to create the remaining node VMs. Enter appropriate VM names when prompted.

    9. After all the VMs are created, verify that the VMs have the correct specifications and are powered on.

  4. Configure the Nodes.

    To configure the nodes:

    1. Connect to the node VM console of the first VM node.

      You are logged in to the node as the root user automatically and prompted to change your password.

    2. Enter and re-enter the new password.

      You are automatically logged out of the VM.

      Note:

      We recommend that you enter the same password for all the VMs.

    3. When prompted, log in again as root user with the newly configured password.

    4. Configure the hostname and IP address of the VM, gateway, and DNS servers when prompted.

      For information, see Install Paragon Automation.

    5. When prompted, if you are sure to proceed, review the information displayed, type y, and press Enter.

    6. Repeat steps 4.c through 4.e for the other three VMs.

    7. Ping each node from the other three nodes to ensure that the nodes can reach each other.

You can now deploy the cluster.

Deploy the Cluster

Use the Paragon Shell CLI commands to deploy the Paragon Automation cluster.

To deploy a Paragon Automation cluster by using the Paragon Shell CLI commands:

  1. Go back to the first node VM. If you have been logged out, log in again as the root user with the previously configured password.

    You are placed in Paragon Shell operational mode.

  2. Enter the configuration mode in Paragon Shell.

  3. Configure the following cluster parameters.

    Where:

    • The IP addresses of kubernetes nodes with indexes 1 through 4 must match the static IP addresses configured on the node VMs. The Kubernetes nodes with indexes 1, 2, and 3 are the primary and worker nodes, the node with index 4 is the worker-only node.

    • ntp-servers is the NTP server for synchronizing.

    • web-admin-user and web-admin-password are the e-mail address and password that the first user can use to log in to the Web GUI.

    • ingress-vip is the VIP address for the generic ingress IP address.

    • test-agent-gateway-vip is the VIP address for the Paragon Active Assurance TAGW.

    The VIP addresses are added to the outbound SSH configuration that is required for a device to establish a connection with Paragon Automation.

  4. Configure hostnames for generic ingress and Paragon Active Assurance TAGW:

    Where:

    • system-hostname is the hostname for the generic ingress VIP address.

    • test-agent-gateway-hostname is the hostname for the Paragon Active Assurance TAGW VIP address.

    When you configure hostnames, the hostnames are added to the outbound SSH configuration instead of the VIP addresses.

  5. Configure the PCE server VIP address.

    Where, pce-server-vip is the VIP address used by the PCE server to establish Path Computational Element Protocol (PCEP) sessions between Paragon Automation and the devices managed by it.

  6. (Optional) Configure the following settings for SMTP-based user management.

    Where:

    • sender-domains are the e-mail domains from which Paragon Automation sends e-mails to users.

    • relayhost-hostname is the name of the SMTP server that relays messages.

    • relayhost-username (optional) is the username to access the SMTP (relay) server.

    • relayhost-password (optional) is the password for the SMTP (relay) server.

    • sender-e-mail-address is the e-mail address that appears as the sender's e-mail address to the e-mail recipient.

    • sender-name is the name that appears as the sender’s name in the e-mails sent to users from Paragon Automation.

    • papi-local-user-management false disables local authentication.

    Note:
    • SMTP configuration is optional at this point. SMTP settings can be configured after the cluster has been deployed also. For information about how to configure SMTP after cluster deployment, see Configure SMTP Settings in Paragon Shell.
    • For details about the behavior of Paragon Automation with different combinations of local authentication and SMTP configuration, see User Activation and Login.

  7. (Optional) Install custom user certificates.

    Note:

    Before you install user certificates, you must copy the custom certificate file and certificate key file to the /root/epic/config folder in the Linux root shell of the node from which you are deploying the cluster.

    Where:

    • certificate.cert.pem is the user certificate file name.

    • certificate.key.pem is the user certificate key file name.

    Note:

    Installing certificates is optional at this point. You can configure Paragon Automation to use custom user certificates after cluster deployment also. For information about how to install user certificates after cluster deployment, see Install User Certificates.

  8. Commit the configuration and exit configuration mode.

  9. Generate the configuration files.

    The inventory file contains the IP addresses of the VMs. The config.yml file contains minimum Paragon Automation cluster parameters required to deploy a cluster.

    The request paragon config command also generates a config.cmgd file in the config directory. The config.cmgd file contains all the set commands that you executed in step 3. If the config.yml file is inadvertently edited or corrupted, you can redeploy your cluster using the load set config/config.cmgd command in the configuration mode.

  10. Generate SSH keys on the cluster nodes.

    When prompted, enter the SSH password for the VMs. Enter the same password that you configured to log in to the VMs.

    Note:

    If you have configured different passwords for the VMs, ensure that you enter corresponding passwords when prompted.

  11. Deploy the cluster.

    The cluster deployment begins and takes over an hour to complete.

  12. (Optional) Monitor the progress of the deployment onscreen.

    The progress of the deployment is displayed. Deployment is complete when you see an output similar to this onscreen.

    Alternatively, if you did not choose to monitor the progress of the deployment onscreen using the monitor command, you can view the contents of the log file using the file show /epic/config/log command. The last few lines of the log file must look similar to Sample Output. We recommend that you check the log file periodically to monitor the progress of the deployment.

    Upon successful completion of the deployment, the Paragon Automation cluster is created.

    The console output displays the Paragon Shell welcome message and the IP addresses of the four nodes (called Controller-1 through Controller-4), the Paragon Active Assurance TAGW VIP address, the Web admin user e-mail address, and Web GUI IP address.

    The CLI command prompt displays your login username and the node hostname that you configured previously. For example, if you entered Primary1 as the hostname of your primary node, the command prompt is root@Primary1 >.

You can now log in to the Paragon Automation GUI by using the Web admin user ID and password.

Log in to Paragon Automation

To log in to the Paragon Automation Web GUI:

  1. Enter https://web-ui-ip-address in a Web browser to open the Paragon Automation login page.

  2. Enter the Web admin user e-mail address and password that you configured while deploying Paragon Automation.

    The New Account page appears. You are now logged into Paragon Automation. You can now create organizations, sites, and users.

Add an Organization, a Site, and Users

Add an Organization

After you log in to the Paragon Automation GUI for the first time after installation, you must create an organization. After you create the organization, you are the Super User for the organization.

Note:

You can add only one organization in this release. Adding more than one organization can lead to performance issues and constrain the disk space in the Paragon Automation cluster.

To create an organization:

  1. Click Create Organization on the New Account page that appears after you log in to Paragon Automation.
    The Create Organization page appears.
  2. Enter a name for the organization in Organization Name.
  3. Click Create.
    The organization is created. You are logged into the organization and the Troubleshoot Devices page appears.

After you create an organization, you can add sites and users to the organization.

Create a Site

A site represents the location where devices are installed. You must be a Super User to add a site.

  1. Click Inventory > Common Resources > Sites in the navigation menu.
  2. On the Sites page, click + (Add) icon.
  3. On the Create Site page, enter values for the fields Name, Location, Timezone, and Site Group.
  4. Click Save.
    The site is created and appears on the Sites page. For more information about sites, see Add Sites.

Add Users

The Super User can add users and define roles for the users.

To add a user to the organization:

  1. On the banner, click Settings Menu > Users.
    The Users page appears.
  2. Click the + (Invite User) icon.
    The New User page appears.
  3. Enter the first name, surname, e-mail ID, and specify the role of the user in the Organization.

    For the list of roles and their permissions in Paragon Automation, see Predefined User Roles Overview.

    The first name and surname can be upto 64 characters long.

  4. Click Save.

    If SMTP is configured in Paragon Automation, an invite is sent to the user through an e-mail.

    If SMTP is not configured, the New User Creation page appears displaying the system-generated password for the user. You must share the password with the user manually.

  5. (Optional) Follow Steps 1 through 4 to add users with the Installer, Network Admin, and Observer roles.