FAQs: Juniper Support Insights

What is Juniper® Support Insights?

Juniper Support Insights (JSI) is a cloud-based support solution that gives IT and network operations teams operational health insights into their networks. JSI transforms the customer support experience by providing Juniper and its customers with insights that help them improve their network performance and uptime. JSI extends AI-driven support services to the entire Juniper portfolio, including ACX, EX, MX, PTX, QFX, and SRX series.

For additional information, see Juniper Support Insights Data Sheet.

What are the key components of JSI?

The key components of JSI are as follows:

• Collector—A lightweight collector (LWC) that collects the device data.
• Juniper Cloud—A virtual private cloud that supports the collection, processing, and analysis of the collected data.
• Portal—A portal that enables users to onboard devices and view the operational data and insights through a set of standard dashboards and reports.

How does JSI collect, process, and manage data securely?

For more information, refer to Juniper Support Insights Security and Privacy Overview.

How does JSI handle Personally Identifiable Information?

JSI has the ability to apply filters to omit any sensitive information before the data reaches Juniper Cloud.

Which products does JSI support?

In the initial release, JSI supports a Device to Collector to Cloud (DCC) connection mode. In this mode, JSI supports Junos devices running Junos OS Release 9.3 or later.

Do JSI users have access to the base data that can be loaded on to an external solution or system?

No. Currently, JSI users can only export the data as reports.

Does JSI support a defined set of APIs?

No.

Can I export the JSI reports?

Yes. You can export and deliver the reports in PDF or CSV format. You can also schedule the reports to be delivered at regular intervals.

Can I create custom reports?

Custom reports are available through Juniper Advanced Services. If you have a Juniper Resident Engineer assigned, ask the engineer to help you with the custom reports. Or, contact your Juniper representative.

Who owns the LWC device?

Customers own the LWC. Customers can order the LWC as a SKU, which includes the lightweight collector device and two security function policy (SFP) modules.

Is the LWC a Juniper NFX?

No. The LWC and NFX share a common hardware platform. However, these devices run on different software and perform different functions. You cannot convert an existing NFX to an LWC, or vice versa.

What protocols does the LWC use for collecting data from Junos devices?

NETCONF over SSH.

Does LWC support data collection through SNMP, syslog, or other protocols?

No.

Can I use any external or other data collection mechanism?

No. The infrastructure, including the LWC, is a closed system. We keep it closed to ensure that the solution is completely secure and reliable.

How does Juniper treat updates and security advisories for the LWC?

We treat updates and security advisories as managed services.

Who is responsible for monitoring the LWC device (through SNMP and syslog)?

Juniper monitors the LWC device.

Does the LWC discover devices in the network automatically?

No. You need to onboard the devices manually through Juniper Support Portal. You can add either a set of target device IP addresses or an IP address range. Alternatively, you can upload the device IP addresses through a CSV file.

How many devices can an LWC support from a collection perspective?

A single LWC can support up to 20,000 devices.

Does the LWC have any specific connection requirements?

The LWC Platform Hardware Guide provides details about the connection requirements. The external IP addresses assigned to the LWC must be able to reach the Internet. We do not recommend assigning public IP addresses to the LWC’s external interface. All connections are outbound from the LWC. No external connections are inbound to the LWC.

Can I disable the extra services on the LWC to ensure that the device is as secure as possible?

On the LWC, we have disabled all services that are not part of the solution.

Can I install an external agent (for example, Crowdstrike agent) or other software on the LWC?

No. In order to meet the strict security certification compliance requirements, we have limited direct user access to the on-box captive portal mechanism.

Can I ping the LWC’s Ethernet interfaces from other IP addresses in the same network?

Yes. The internal interface and one of the external interfaces will respond to pings.

Which port does NETCONF use?

Port 22.

Which commands does the LWC use to collect data from Juniper devices?

The LWC uses the following commands for data collection:

• show system uptime
• show chassis alarms
• show interfaces descriptions
• show system commit
• show chassis routing-engine
• show chassis hardware extensive
• show interfaces terse
• show version
• show system core-dumps
• show bgp summary
• show chassis fpc
• show isis adjacency
• show ospf neighbor
• show rsvp neighbor
• show vrrp detail
• show route

At what intervals does the LWC run the data collection commands on Juniper devices?

Once a day. This interval is not user configurable.

Who manages the list of commands used for data collection?

Juniper manages the list of commands.

Will Juniper inform users when they add or modify the data collection commands?

Yes.

Can I choose the data to be collected?

No. However, a JSI admin user can pause the data collection in case of emergency. On the Juniper Support Portal, use the Enable/Disable button on the following page to pause or start data collection:

Insights > Collectors > collector-name

Does Juniper have access to the LWC through an https connection?

For troubleshooting purposes, the Juniper escalation team handling JSI has access to the LWC through the outbound https connection established by the LWC.