Purpose of this document
This document is intended to be used for deploying ATOM Cloud Agent in customer Data Center to communicate with Network Devices and ATOM Cloud servers.
Network administrators and operators
ATOM Cloud Overview
Anuta Networks ATOM Cloud is a Software-as-a-Service offering. It delivers Assurance, Telemetry, and Orchestration for Multi-Vendor Networks.
Anuta ATOM Cloud enables enterprises and service providers to rapidly design and provision network services, collect real-time telemetry, develop in-depth network analytics, ensure compliance and provide service assurance for multi-vendor physical and virtual infrastructure.
Anuta ATOM Cloud offering takes a cloud-first approach and is hosted within a Tier-1 cloud. The underlying infrastructure is validated and is governed by a quality assurance and regulatory compliance process. With Anuta ATOM Cloud, networking teams can deliver services faster, eliminate human errors, avoid security violations, reduce OpEx and meet SLAs with exceptional high availability.
Key Benefits of the Anuta ATOM Cloud offer include:
Hassle-free deployments and upgrades
Flexible & Secure connectivity to enterprise networks
Network Orchestration and Closed-Loop Assurance for 45+ vendors
Auto-Scale to satisfy fluctuations in demand
Real-time Analytics and Historical Reports
Flexible Pay as you Grow license model
SDK and other productivity tools for rapid customization.
ATOM Agent Overview
The ATOM Cloud Agent is an application that runs on a Linux server within your infrastructure as a docker container. ATOM agents have to be installed on each location of your infrastructure.
ATOM agents can be assigned with multiple CIDR blocks to manage the devices. It is used to communicate, collect and monitor the networking devices in your infrastructure using standard protocols. Once the agent collects the data, it gets encrypted and sent to Anuta ATOM Server over an outgoing SSL Connection.
One Agent can typically manage hundreds of devices. However, it depends on many other factors such as device type, data collection, size of the data, frequency etc. Checkout ATOM Agent Hardware requirements for further information.
Agent Requirements and Installation
ATOM Agent has to be deployed on the Customer corporate network and it needs the following hardware at the minimum.
1 Virtual Machine
Storage reserved in ESXi = 40 GB (SSD)
ATOM Agent needs to communicate with the network devices to collect and transfer the data to atom cloud.So, it requires certain ports to be opened in a secured network. Below is the sample network interaction diagram for agent communication.
Required Ports between Agent and Managed Network Devices
Below are the ports required by the Agent to communicate with targeted network infrastructure.
Data Transfer using FTP (Remote Agent <==> Device)
SSH Communication to the targeted Network Device
Telnet Communication to the targeted Network Device
Data Collection via SNMP through MIBs from the targeted Network Device
SNMP Traps receiver from the targeted Network Device
Syslog Message receiver from the targeted Network Device
NetConf Communication to the targeted Network Device
Required Ports between Agent and ATOM Cloud Infrastructure
Below are the ports required by the Agent to transfer the data collected from network devices to ATOM Cloud with TLS encryption.
Remote agent to ATOM Cloud Server (it is a proprietary port)
Note: Connection is always initiated by the ATOM Agent and which acts as client in server-client model
ATOM Agent Installation
The ATOM Agent manages your network infrastructure. You need to install an Agent for serving the devices.
Below is the procedure to install an ATOM agent on a customer corporate network.
Navigate to Agents Page from Navigation bar.
Click on the Download dropdown on top right side and choose ISO File. This will fetch the latest version of iso file from minio repository.
Once the ISO is downloaded, create a VM out of it.
User would be prompted to change the password on the first login.
Use default credentials : atom/secret@123
Once the password is updated and login is successful go through the README document to understand high level details of how to install the remote agent.
Run the node_setup.py which is present in the /agent/scripts path using sudo privileges as shown below:
Enter 3 when prompted for choice to provision the remote agent. Choose among the following:
Bootstrap Script: This script will initially help you set up basic Network Connectivity, Hostname configuration and NTP settings.
Remote-Agent Installation: This script will be used to bring up the remote agent software. Complete steps 4-8 before invoking this.
Enter 1 to proceed with the bootstrap function and select the complete fresh setup by again choosing 1 as shown below:
Provide the following inputs as requested by the script:
Interface Details to be provisioned along with relevant CIDR info.
DNS Server Information
NTP Server Information
Hostname of the VM along with the hostname-ip to bind.
Refer the screenshot below:
Network Configuration Details
NTP Server Configuration Details
Hostname Configuration Details
Once the bootstrap is complete proceed with the next steps. [Note: Hostname changes would be reflected on reboot only. Select yes to reboot if you wish to change the hostname]
You can manage devices assigning a range of IP addresses (belonging to the devices) to the Agent. Each Agent can be assigned a different IP range, which is used to determine the tasks that can be handled by the Agent:
Syslog and SNMP trap processing
To add an IP range to the Agent, do the following:
Navigate to Agents Page from left navigation bar
In the top navigation tab, click IP Range > Add
In the Create IP Range screen, enter the values as follows:
Range Name: Enter a name for the Agent
Start IP: Enter an IP address that should be the first IP address of the range
End IP: Enter an IP address that should be the last IP address of the range
Owner: Owner will be the tenant name.
SharedWith: If it’s not shared with the subtenants, only the tenant name will be there. Eg. acme. This range can be shared with the subtenants as well. Eg. acme.* ( In this case, this range will be shared with all the subtenants )
Navigate to the Agents tab and add a remote agent <agent_name>.
Select some device ip ranges (mandatory) and some description (optional).
Leave the checkbox In Cluster Deployment unchecked. (If checked, the agent will not be treated as remote and will get installed in the cluster itself).
Select a particular agent and download the agent configuration file from the toolbar.
Once again login to the remote agent VM and execute the node_setup.py file located under /agent/scripts folder using sudo privileges as shown below:
Enter 3 when prompted for choice to provision the remote agent.
Proceed with the remote agent installation.
Copy the content from the downloaded agent config.xml file and paste it when prompted to do so and enter the break sequence and proceed to enter the Atom URL where this agent needs to be onboarded. Refer screenshot below:
If a private local repo is used for agent image, enter the registry details, else leave it to the default to pull image from the repo maintained by Atom. Ensure you have connectivity to the repo to pull image and bring up the container.
Atom agent installation would be complete and the status of the agent would show online on Atom. Please proceed with a verification check on the Atom UI as per the next section.
Agent Connection Verification
To verify the agent container status on the virtual machine where it was deployed, use docker ps command. Below is the sample output. Make sure the status is UP.
Once the agent container is up on the agent VM instance, the status of the agent created on ATOM comes online by performing health checks. We can verify the status of the Agent on ATOM on Agents Page. The status should turn into green.
Some Scenarios in Remote Agent
Edit a particular IP Range
Go to IP Range tab and edit an Ip range.
Ex. Previous range ->
Range name : iprange3
Ranges : 172.16.3.1 – 172.16.3.255
New Range ->
Range name : iprange3
Range : 172.16.3.1 -> 172.16.3.50
Now the remote agent which has iprange3 will serve only the devices specified in that updated range.
Edit a remote agent and add/delete other ranges
Go to the Agents tab and edit a particular agent.
Ex. Previous ranges attached to the remote agent -> iprange1,iprange3
New ranges attached to the remote agent -> iprange1 (removed iprange3)
Now the remote agent will serve only the devices specified in the range iprange1.
‘Devices’ and ‘Services’ attached to the Agent.
By clicking on the agent name, it will redirect to another page which has
‘Devices’ and ‘Services’ tabs.
Devices tab will list all the devices attached to the agent.
Services tab will list all the services attached to the agent.
After selecting a particular agent, it can be restarted from the above toolbar.
Some important points
If we add a remote agent for a tenant, it will be visible to all the tenants/subtenants which are mentioned in the shared-with field of the agent.
A tenant can add multiple remote agents for scale needs. Any remote agent can be associated with only one tenant at a time.
Overlapping of ip ranges is not allowed.
A device can be served by only one remote agent for a particular tenant.
ATOM upgrade scenario
Once the ATOM system is upgraded, the remote agent will automatically upgrade after 2 minutes. To verify this step :
Login to the remote agent vm instance.ssh email@example.com.X.Y
Go to this path :cd /opt/atom/agent/configs/
See the config.yaml file. If the auto_upgrade flag is true ( by default it’s true), it will automatically upgrade itself and the image version will change.
As it’s by default in the auto upgrade mode, it will check after every 2 minutes whether there is a change in the ATOM version.
To see the upgrade logs –
Go to this path :cd /tmp
Some Common Exception scenarios
Agent and Atom Version mismatch
As remote agents will be deployed on a different machine, it is mandatory that the atom version and the agent version should match.
For Agent version : Agents -> Grid View -> Build Version
For Atom version : Administration -> About
If it is not the case, the remote agent will not come online.
Authentication failed due to invalid security token
If the security token of the agent is not copied correctly or there is some mismatch in the token ( in the config. File downloaded from UI and the agent.xml file deployed in the agent vm ), then this exception will be seen.
Debug/error logs in Remote Agent
Login to the IP address mentioned in the grid for a particular agent.
Refer below example.
After logging in :
Run command : docker ps
Check whether its up or not and no exception is there.If its UP and the status in UI is still not connected, check exception :Run command : docker logs <container-id>
Eg. docker logs 5bb11d1789f8
If the status of the agent is up but there is some unwanted exception coming from agents, go to the /opt/atom/agent/logs folder.
All the logs are visible in this directory.