Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Installation Requirements

Installation Overview

Before installing Juniper Apstra software, refer to the sections below and ensure that the server where you'll install it meets requirements. Then you can install and configure Apstra on one of the supported hypervisors. You already know that default passwords are not secure, so make sure to replace them with secure ones during configuration. We also recommend replacing the self-signed SSL certificate with a signed one from your own certificate authority so your environment is more secure. Keep reading for installation and configuration steps.

Supported Hypervisors and Versions

Table 1: Supported Hypervisors
Hypervisor Supported Versions
VMware ESXi 7.0, 6.7, 6.5, 6.0, 5.5
QEMU / KVM for Ubuntu 18.04 LTS
Microsoft Hyper-V Windows Server 2016 Datacenter Edition
Oracle VirtualBox / VMware Workstation For lab / evaluation purposes only

Required Server Resources

Apstra server VM resource requirements are based on the size of the network (blueprint), the scaling of offbox agents and the use of Intent Based Analytics (IBA). If one VM is insufficient for your needs, you can increase capacity with Apstra VM Clusters. For information about clustering VMs, see the Platform section of the Juniper Apstra User guide.


Although Apstra server VMs might run with fewer resources than recommended, depending on the size of the network, the CPU and RAM allocations may be insufficient. The system could encounter errors or a critical "segmentation fault" (core dump). If this happens, delete the VM and redeploy it with additional resources.

Table 2: Recommended VM Resources
Resource Recommendation
Memory 64 GB RAM + 300 MB per installed offbox agent*
Disk 80 GB
Network 1 network adapter, initially configured with DHCP

* Offbox agent container memory usage is dependent on the number of IBA collectors enabled. You can increase capacity by adding worker nodes with the Apstra VM Clusters feature. You can monitor usage from the Apstra web GUI as shown below.

Required Communication Ports

The table below lists open ports and services that run on the Apstra server. A running iptables instance ensures that network traffic to and from the Apstra server is restricted to the services listed.

Table 3: Apstra Server Network Protocol Requirements
Source Destination Protocol Description
User workstation Apstra Server tcp/22 (ssh) CLI access to Apstra server
User workstation Apstra Server tcp/80 (http) Redirects to tcp/443 (https)
User workstation Apstra Server tcp/443 (https) Web GUI and REST API
Network Device for device agents Apstra Server tcp/80 (http) Redirects to tcp/443 (https)
Network Device or Offbox Agent Apstra Server tcp/443 (https) Device agent installation and upgrade, Rest API
Network Device or Offbox Agent Apstra Server tcp/29730-29739 Agent binary protocol (Sysdb)
ZTP Server Apstra Server tcp/443 (https) Rest API for Device System Agent Install
Apstra Server Network Devices tcp/22 (ssh) Device agent installation and upgrade
Offbox Agent Network Devices tcp/443 (https) tcp/9443 (nxapi) tcp/830 (for Junos) Management from Offbox Agent

Additional Network Protocols

The network protocols in the table below are not required for Apstra server functionality, but they may be required for network device configuration and discovery, and for direct access to devices.

Table 4: Additional Network Protocols
Source Destination Protocol Description
Administrator Network Device tcp/22 (ssh) Device management from Administrator
Network Device DNS Server udp/53 (dns) DNS Discovery for Apstra server IP (if applicable)
Network Device DHCP Server udp/67-68 (dhcp) DHCP for automatic management IP (if applicable)
    (icmp type 0, type 8 for echo and response As necessary for network troubleshooting. Not required for the Apstra server.

Network Client Services

Use and configuration of the Apstra server determine the number of network client services that must be enabled.

Table 5: Apstra Server Network Client Services
Source Destination Protocol Description
Apstra Server DNS Server udp/53 (dns) Server DNS Client
Apstra Server LDAP Server tcp/389 (ldap) tcp/636 (ldaps) Apstra Server LDAP Client (if configured)
Apstra Server TACACS+ Server tcp/udp/49 (tacacs) Apstra Server TACACS+ Client (if configured)
Apstra Server RADIUS Server tcp/udp/1812 (radius) Apstra Server RADIUS Client (if configured)
Apstra Server Syslog Server udp/514 (syslog) Apstra Server Syslog Client (if configured)