What is Juniper® Support Insights?
What are the key components of JSI?
How does JSI collect, process, and manage data securely?
How does JSI handle Personally Identifiable Information?
Which products does JSI support?
Do JSI users have access to the base data that can be loaded on to an external solution or system?
Does JSI support a defined set of APIs?
Can I export the JSI reports?
Who owns the LWC device?
Is the LWC a Juniper NFX?
What protocols does the LWC use for collecting and encrypting data from Juniper devices?
What encryption is used between the LWC and Juniper Cloud?
Does LWC support data collection through SNMP, syslog, or other protocols?
Can I use any external or other data collection mechanism?
How does Juniper treat updates and security advisories for the LWC?
Who is responsible for monitoring the LWC device (through SNMP and syslog)?
Does the LWC discover devices in the network automatically?
How many devices can an LWC support from a collection perspective?
Does the LWC have any specific connection requirements?
Can I disable the extra services on the LWC to ensure that the device is as secure as possible?
Can I install an external agent (for example, Crowdstrike agent) or other software on the LWC?
Can I ping the LWC’s Ethernet interfaces from other IP addresses in the same network?
Which port does NETCONF use?
Which commands does the LWC use to collect data from Juniper devices?
At what intervals does the LWC run the data collection commands on Juniper devices?
Who manages the list of commands used for data collection?
Will Juniper inform users when they add or modify the data collection commands?
How can I view the commands executed by JSI on my device?
Can I choose the data to be collected?
Does Juniper have access to the LWC through an https connection?

FAQs: Juniper Support Insights

What is Juniper® Support Insights?

Juniper Support Insights (JSI) is a cloud-based support solution that gives IT and network operations teams operational health insights into their networks. JSI transforms the customer support experience by providing Juniper and its customers with insights that help them improve their network performance and uptime. JSI extends AI-driven support services to the entire Juniper portfolio, including ACX, EX, MX, PTX, QFX, and SRX series.

For additional information, see Juniper Support Insights Data Sheet.

What are the key components of JSI?

The key components of JSI are as follows:

Collector—A lightweight collector (LWC) that collects the device data.
Juniper Cloud—A virtual private cloud that supports the collection, processing, and analysis of the collected data.
Portal—A portal that enables users to onboard devices and view the operational data and insights through a set of standard dashboards and reports.

How does JSI collect, process, and manage data securely?

For more information, refer to Juniper Support Insights Security and Privacy Overview.

How does JSI handle Personally Identifiable Information?

JSI has the ability to apply filters to omit any sensitive information before the data reaches Juniper Cloud.

Which products does JSI support?

In the initial release, JSI supports a Device to Collector to Cloud (DCC) connection mode. In this mode, JSI supports Junos devices running Junos OS Release 9.3 or later.

Do JSI users have access to the base data that can be loaded on to an external solution or system?

No. Currently, JSI users can only export the data as reports.

Does JSI support a defined set of APIs?

No.

Can I export the JSI reports?

Yes. You can export and deliver the reports in PDF or CSV format. You can also schedule the reports to be delivered at regular intervals.

Who owns the LWC device?

Customers own the LWC. Customers can order the LWC as a SKU, which includes the lightweight collector device and two 1GbE copper SFP modules. Customers can also use their own preferred fiber optic or 10GbE SFPs.

Note:

The LWC SKU follows Juniper's standard RMA process.

Is the LWC a Juniper NFX?

No. The LWC and NFX share a common hardware platform. However, these devices run on different software and perform different functions. You cannot convert an existing NFX to an LWC, or vice versa.

What protocols does the LWC use for collecting and encrypting data from Juniper devices?

NETCONF over SSH leveraging SSH2.

What encryption is used between the LWC and Juniper Cloud?

TLS 1.2 certificates that rotate every two weeks.

Does LWC support data collection through SNMP, syslog, or other protocols?

No.

Can I use any external or other data collection mechanism?

No. The infrastructure, including the LWC, is a closed system. We keep it closed to ensure that the solution is completely secure and reliable.

How does Juniper treat updates and security advisories for the LWC?

We treat updates and security advisories as managed services.

Who is responsible for monitoring the LWC device (through SNMP and syslog)?

Juniper monitors the LWC device.

Does the LWC discover devices in the network automatically?

No. You need to onboard the devices manually through Juniper Support Portal. You can either add a set of target device IP addresses manually or upload the device IP addresses through a CSV file.

How many devices can an LWC support from a collection perspective?

A single LWC can support up to 20,000 devices.

Note:

If the deployment includes separate managed networks or domains that do not support routing from a single collector, you need additional collectors.

Does the LWC have any specific connection requirements?

The LWC Platform Hardware Guide provides details about the connection requirements. The external IP addresses assigned to the LWC must be able to reach the Internet. We do not recommend assigning public IP addresses to the LWC’s external interface. All connections are outbound from the LWC. No external connections are inbound to the LWC.

Can I disable the extra services on the LWC to ensure that the device is as secure as possible?

On the LWC, we have disabled all services that are not part of the solution.

Can I install an external agent (for example, Crowdstrike agent) or other software on the LWC?

No. In order to meet the strict security certification compliance requirements, we have limited direct user access to the on-box captive portal mechanism.

Can I ping the LWC’s Ethernet interfaces from other IP addresses in the same network?

Yes. The internal interface and one of the external interfaces will respond to pings.

Which port does NETCONF use?

Port 22.

Which commands does the LWC use to collect data from Juniper devices?

For data collection, the LWC uses the following commands:

file list detail
show bgp summary
show chassis alarms
show chassis fpc
show chassis hardware extensive
show chassis routing-engine
show interfaces descriptions
show interfaces terse
show isis adjacency
show ospf neighbor
show rsvp neighbor
show system buffers
show system commit
show system core-dumps
show system license
show system uptime
show version
show vrrp detail

For Remote Connectivity Suite (RCS), the LWC uses the following commands:

request support information
sftp

Note:
Starting in Junos OS Release 19.1R1, incoming SFTP connections are globally disabled by default. You can globally enable incoming SFTP connections by configuring the sftp-server statement at the [edit system services ssh] hierarchy level. Prior to Junos OS Release 19.1R1, incoming SFTP connections were globally enabled by default.

At what intervals does the LWC run the data collection commands on Juniper devices?

Once a day. This interval is not user configurable.

Who manages the list of commands used for data collection?

Juniper manages the list of commands.

Will Juniper inform users when they add or modify the data collection commands?

Yes.

How can I view the commands executed by JSI on my device?

You can run the show log interactive-commands operational command on your device to view a log of all the commands executed by JSI. The log output has the format:

timestamp
                device-name
                process[process-id]: UI_NETCONF_CMD: User
                    your-JSI-username used NETCONF client to run command
                    ‘command-name’.

Can I choose the data to be collected?

No. However, a JSI admin user can pause the data collection in case of emergency. On the Juniper Support Portal, use the Enable/Disable button on the following page to pause or start data collection:

Insights > Collectors > collector-name

Does Juniper have access to the LWC through an https connection?

For troubleshooting purposes, the Juniper escalation team handling JSI has access to the LWC through the outbound https connection established by the LWC.

ON THIS PAGE