...
Anuta ATOM

ATOM Remote Agent Management

Table of Contents

Purpose of this document

This document is intended to be used for deploying ATOM Cloud Agent in customer Data Center to communicate with Network Devices and ATOM Cloud servers.

Intended Audience

Network administrators and operators

ATOM Cloud Overview

Anuta Networks ATOM Cloud is a Software-as-a-Service offering. It delivers Assurance, Telemetry, and Orchestration for Multi-Vendor Networks.

Anuta ATOM Cloud enables enterprises and service providers to rapidly design and provision network services, collect real-time telemetry, develop in-depth network analytics, ensure compliance and provide service assurance for multi-vendor physical and virtual infrastructure.

Anuta ATOM Cloud offering takes a cloud-first approach and is hosted within a Tier-1 cloud. The underlying infrastructure is validated and is governed by a quality assurance and regulatory compliance process. With Anuta ATOM Cloud, networking teams can deliver services faster, eliminate human errors, avoid security violations, reduce OpEx and meet SLAs with exceptional high availability.

Key Benefits of the Anuta ATOM Cloud offer include:

  • Hassle-free deployments and upgrades

  • Flexible & Secure connectivity to enterprise networks

  • Network Orchestration and Closed-Loop Assurance for 45+ vendors

  • Auto-Scale to satisfy fluctuations in demand

  • Real-time Analytics and Historical Reports

  • Flexible Pay as you Grow license model

  • SDK and other productivity tools for rapid customization.

ATOM Agent Overview

The ATOM Cloud Agent is an application that runs on a Linux server within your infrastructure as a docker container. ATOM agents have to be installed on each location of your infrastructure.

ATOM agents can be assigned with multiple CIDR blocks to manage the devices. It is used to communicate, collect and monitor the networking devices in your infrastructure using standard protocols. Once the agent collects the data, it gets encrypted and sent to Anuta ATOM Server over an outgoing SSL Connection.

One Agent can typically manage hundreds of devices. However, it depends on many other factors such as device type, data collection, size of the data, frequency etc. Checkout ATOM Agent Hardware requirements for further information.

Agent Requirements and Installation

Hardware Requirements:

ATOM Agent has to be deployed on the Customer corporate network and it needs the following hardware at the minimum.

Component

Requirements Description

1 Virtual Machine

Storage reserved in ESXi = 40 GB (SSD)

  • CPU – 4 vCPU

  • Memory – 8GB

Network Requirements

ATOM Agent needs to communicate with the network devices to collect and transfer the data to atom cloud.So, it requires certain ports to be opened in a secured network. Below is the sample network interaction diagram for agent communication.

  • Required Ports between Agent and Managed Network Devices

Below are the ports required by the Agent to communicate with targeted network infrastructure.

Port

Protocol

Type

Use Case

21

TCP

Both

Data Transfer using FTP (Remote Agent <==> Device)

22

TCP

Outbound

SSH Communication to the targeted Network Device

23

TCP

Outbound

Telnet Communication to the targeted Network Device

161

UDP

Outbound

Data Collection via SNMP through MIBs from the targeted Network Device

162

UDP

Inbound

SNMP Traps receiver from the targeted Network Device

514

UDP

Inbound

Syslog Message receiver from the targeted Network Device

830

TCP

Outbound

NetConf Communication to the targeted Network Device

  • Required Ports between Agent and ATOM Cloud Infrastructure

Below are the ports required by the Agent to transfer the data collected from network devices to ATOM Cloud with TLS encryption.

Port

Protocol

Type

Use Case

7000

TCP

Outbound

Remote agent to ATOM Cloud Server (it is a proprietary port)

Note: Connection is always initiated by the ATOM Agent and which acts as client in server-client model

ATOM Agent Installation

The ATOM Agent manages your network infrastructure. You need to install an Agent for serving the devices.

Below is the procedure to install an ATOM agent on a customer corporate network.

  • Navigate to Agents Page from Navigation bar.

  • Click on the Download dropdown on top right side and choose ISO File. This will fetch the latest version of iso file from minio repository.

  • Once the ISO is downloaded, create a VM out of it.

  • User would be prompted to change the password on the first login.

    • Use default credentials : atom/secret@123

  • Once the password is updated and login is successful go through the README document to understand high level details of how to install the remote agent.

  • Run the node_setup.py which is present in the /agent/scripts path using sudo privileges as shown below:

  • Enter 3 when prompted for choice to provision the remote agent. Choose among the following:

  • Bootstrap Script: This script will initially help you set up basic Network Connectivity, Hostname configuration and NTP settings.

  • Remote-Agent Installation: This script will be used to bring up the remote agent software. Complete steps 4-8 before invoking this.

  • Enter 1 to proceed with the bootstrap function and select the complete fresh setup by again choosing 1 as shown below:

  • Provide the following inputs as requested by the script:

  • Interface Details to be provisioned along with relevant CIDR info.

  • DNS Server Information

  • NTP Server Information

  • Hostname of the VM along with the hostname-ip to bind.

Refer the screenshot below:

Network Configuration Details

NTP Server Configuration Details

Hostname Configuration Details

Once the bootstrap is complete proceed with the next steps. [Note: Hostname changes would be reflected on reboot only. Select yes to reboot if you wish to change the hostname]

  • You can manage devices assigning a range of IP addresses (belonging to the devices) to the Agent. Each Agent can be assigned a different IP range, which is used to determine the tasks that can be handled by the Agent:

  • Discovery Job

  • Inventory Job

  • Device monitoring

  • Configuration retrieval

  • Syslog and SNMP trap processing

  • Service provisioning

To add an IP range to the Agent, do the following:

  • Navigate to Agents Page from left navigation bar

  • In the top navigation tab, click IP Range > Add

  • In the Create IP Range screen, enter the values as follows:

  • Range Name: Enter a name for the Agent

  • Start IP: Enter an IP address that should be the first IP address of the range

  • End IP: Enter an IP address that should be the last IP address of the range

  • Owner: Owner will be the tenant name.

  • SharedWith: If it’s not shared with the subtenants, only the tenant name will be there. Eg. acme. This range can be shared with the subtenants as well. Eg. acme.* ( In this case, this range will be shared with all the subtenants )

  • Navigate to the Agents tab and add a remote agent <agent_name>.

  • Select some device ip ranges (mandatory) and some description (optional).

  • Leave the checkbox In Cluster Deployment unchecked. (If checked, the agent will not be treated as remote and will get installed in the cluster itself).

  • Select a particular agent and download the agent configuration file from the toolbar.

  • Once again login to the remote agent VM and execute the node_setup.py file located under /agent/scripts folder using sudo privileges as shown below:

  • Enter 3 when prompted for choice to provision the remote agent.

  • Proceed with the remote agent installation.

  • Copy the content from the downloaded agent config.xml file and paste it when prompted to do so and enter the break sequence and proceed to enter the Atom URL where this agent needs to be onboarded. Refer screenshot below:

  • If a private local repo is used for agent image, enter the registry details, else leave it to the default to pull image from the repo maintained by Atom. Ensure you have connectivity to the repo to pull image and bring up the container.

Atom agent installation would be complete and the status of the agent would show online on Atom. Please proceed with a verification check on the Atom UI as per the next section.

Agent Connection Verification

To verify the agent container status on the virtual machine where it was deployed, use docker ps command. Below is the sample output. Make sure the status is UP.

Once the agent container is up on the agent VM instance, the status of the agent created on ATOM comes online by performing health checks. We can verify the status of the Agent on ATOM on Agents Page. The status should turn into green.

Some Scenarios in Remote Agent

  • Edit a particular IP Range

Go to IP Range tab and edit an Ip range.

Ex. Previous range ->

Range name : iprange3

Ranges : 172.16.3.1 – 172.16.3.255

New Range ->

Range name : iprange3

Range : 172.16.3.1 -> 172.16.3.50

Now the remote agent which has iprange3 will serve only the devices specified in that updated range.

  • Edit a remote agent and add/delete other ranges

Go to the Agents tab and edit a particular agent.

Ex. Previous ranges attached to the remote agent -> iprange1,iprange3

New ranges attached to the remote agent -> iprange1 (removed iprange3)

Now the remote agent will serve only the devices specified in the range iprange1.

  • ‘Devices’ and ‘Services’ attached to the Agent.

By clicking on the agent name, it will redirect to another page which has

‘Devices’ and ‘Services’ tabs.

  • Devices tab will list all the devices attached to the agent.

  • Services tab will list all the services attached to the agent.

  • Restart Agent

After selecting a particular agent, it can be restarted from the above toolbar.

Some important points

  • If we add a remote agent for a tenant, it will be visible to all the tenants/subtenants which are mentioned in the shared-with field of the agent.

  • A tenant can add multiple remote agents for scale needs. Any remote agent can be associated with only one tenant at a time.

  • Overlapping of ip ranges is not allowed.

  • A device can be served by only one remote agent for a particular tenant.

ATOM upgrade scenario

Once the ATOM system is upgraded, the remote agent will automatically upgrade after 2 minutes. To verify this step :

  • Login to the remote agent vm instance.ssh atom@172.16.X.Y

  • Go to this path :cd /opt/atom/agent/configs/

  • See the config.yaml file. If the auto_upgrade flag is true ( by default it’s true), it will automatically upgrade itself and the image version will change.

As it’s by default in the auto upgrade mode, it will check after every 2 minutes whether there is a change in the ATOM version.

To see the upgrade logs –

  • Go to this path :cd /tmp

  • vi install.out

Some Common Exception scenarios

  • Agent and Atom Version mismatch

As remote agents will be deployed on a different machine, it is mandatory that the atom version and the agent version should match.

  • For Agent version : Agents -> Grid View -> Build Version

  • For Atom version : Administration -> About

If it is not the case, the remote agent will not come online.

  • Authentication failed due to invalid security token

If the security token of the agent is not copied correctly or there is some mismatch in the token ( in the config. File downloaded from UI and the agent.xml file deployed in the agent vm ), then this exception will be seen.

Troubleshooting

  • Debug/error logs in Remote Agent

Login to the IP address mentioned in the grid for a particular agent.

Refer below example.

After logging in :

  • Run command : docker ps

Check whether its up or not and no exception is there.If its UP and the status in UI is still not connected, check exception :Run command : docker logs <container-id>

Eg. docker logs 5bb11d1789f8

  • If the status of the agent is up but there is some unwanted exception coming from agents, go to the /opt/atom/agent/logs folder.

All the logs are visible in this directory.