ON THIS PAGE
FAQs: Juniper Support Insights
General
- What is Juniper® Support Insights?
- What are the key components of JSI?
- How does JSI handle Personally Identifiable Information?
- How much does Juniper Support Insights cost?
- What is the value of JSI? How much time will it save me?
- Is it easy to set up JSI?
- Does JSI require any pre-process steps from IT teams before deployment?
- How do I place an order?
- Why have a vendor-specific tool polling a subset of devices when we have cross-vendor tools that already poll/pull data from network elements?
- What will Juniper do with the gathered information?
- Who will have access to the customer's data?
- Does the Remote Connectivity Suite (RCS) feature give permanent access to customer devices?
What is Juniper® Support Insights?
Juniper Support Insights (JSI) is a cloud-based support solution that gives IT and network operations teams operational health insights into their networks. JSI transforms the customer support experience by providing Juniper and its customers with insights that help them improve their network performance and uptime. JSI extends AI-driven support services to the entire Juniper portfolio, including ACX, EX, MX, PTX, QFX, and SRX series.
For additional information, see Juniper Support Insights Data Sheet.
What are the key components of JSI?
The key components of JSI are as follows:
- Collector—A lightweight collector (LWC) or virtual lightweight collector (vLWC) that collects the device data.
- Juniper Cloud—A virtual private cloud that supports the collection, processing, and analysis of the collected data.
- Portal—A portal that enables users to onboard devices and view the operational data and insights through a set of standard dashboards and reports.
How does JSI handle Personally Identifiable Information?
JSI has the ability to apply filters to omit any sensitive information before the data reaches Juniper Cloud. For more information, refer to Juniper Support Insights Security and Privacy Overview.
How much does Juniper Support Insights cost?
Juniper Support Insights is available as part of an active Juniper Care service contract, with no license or subscription fees.
What is the value of JSI? How much time will it save me?
JSI will help with IB management, troubleshooting, and efficiency. Existing JSI users have:
-
Reduced up to 200 hours of effort managing their IB per year.
-
Saved up to 36 hours per year, and correlated a tailored 360° awareness for all Proactive Bug Notifications (PBNs) and security vulnerabilities threats.
-
Reduced the time for preparing for end-of-life (EOL) and end-of-service (EOS), and lifecycle management reports from up to two weeks down to a few minutes.
Is it easy to set up JSI?
Deploying the LWC or vLWC is simple and easy. It only requires 60 minutes to be deployed successfully.
For additional information, see JSI on JSP Quick Start guide (LWC) or JSI on JSP Quick Start guide (vLWC).
Does JSI require any pre-process steps from IT teams before deployment?
JSI requires some steps from the customer’s teams to set up, with some examples being optionally setting static IP addresses, opening the required firewall ports, and security approvals.
How do I place an order?
For the physical LWC, please reach out to your Juniper team.
For a virtual deployment of the LWC, you can request the vLWC via. the online vLWC request form in the Juniper Support Portal.
Why have a vendor-specific tool polling a subset of devices when we have cross-vendor tools that already poll/pull data from network elements?
JSI has access to Juniper-specific knowledge unlike cross-vendor tools, JSI's exposure reports help with planning around EOL, Proactive Bug Notifications (PBN), and security vulnerabilities.
For additional information, see Juniper Support Insights Demo.
What will Juniper do with the gathered information?
The information gathered by JSI is handled in accordance with Juniper's privacy policy.
For additional information, see JSI Security & Privacy Overview.
Who will have access to the customer's data?
Only relevant Juniper teams supporting the customer can access their data.
For additional information, see JSI Security & Privacy Overview.
Does the Remote Connectivity Suite (RCS) feature give permanent access to customer devices?
No. Access duration to customer devices can be customized, and can be per request approval.
For additional information, see Prepare for RCS request.
Application
- Do JSI users have access to the base data that can be loaded on to an external solution or system?
- Does JSI support a defined set of APIs?
- Can I export the JSI reports?
- What kind of data and reports will I get?
Do JSI users have access to the base data that can be loaded on to an external solution or system?
No. Currently, JSI users can only export the data as reports.
Does JSI support a defined set of APIs?
No.
Can I export the JSI reports?
Yes. You can export and deliver the reports in PDF or CSV format. You can also schedule the reports to be delivered at regular intervals.
What kind of data and reports will I get?
JSI provides reports on inventory management, exposure, and health.
For additional information, see Juniper Support Insights Demo.
Platform
- Who owns the LWC device?
- Which products does JSI support?
- Is the LWC a Juniper NFX?
- What protocols does the LWC use for collecting and encrypting data from Juniper devices?
- What encryption is used between the LWC and Juniper Cloud?
- Does LWC support data collection through SNMP, syslog, or other protocols?
- Can I use any external or other data collection mechanism?
- How does Juniper treat updates and security advisories for the LWC?
- Who is responsible for monitoring the LWC device (through SNMP and syslog)?
- Does the LWC discover devices in the network automatically?
- How many devices can be supported on JSI?
- Does the LWC have any specific connection requirements?
- Can I disable the extra services on the LWC to ensure that the device is as secure as possible?
- Can I install an external agent (for example, Crowdstrike agent) or other software on the LWC?
- Can I ping the LWC’s Ethernet interfaces from other IP addresses in the same network?
- Which port does NETCONF use?
- What permissions does the JSI user need in Junos to operate JSI?
- Which commands does the LWC use to collect data from Juniper devices?
- At what intervals does the LWC run the data collection commands on Juniper devices?
- Who manages the list of commands used for data collection?
- Will Juniper inform users when they add or modify the data collection commands?
- How can I view the commands executed by JSI on my device?
- Can I choose the data to be collected?
- Does Juniper have access to the LWC through an https connection?
- What do I do if there is an issue?
- How does JSI work with other Juniper products like Juniper Mist or Juniper Cloud?
- How can JSI help plan for future needs and updates to technology?
Who owns the LWC device?
Customers own the LWC. Customers can order the LWC as a SKU, which includes the lightweight collector device and two 1GbE copper SFP modules. Customers can also use their own preferred fiber optic or 10GbE SFPs.
The LWC SKU follows Juniper's standard RMA process.
Which products does JSI support?
Leveraging the LWC for Device to Collector to Cloud (DCC) connection mode, JSI supports Junos devices running Junos OS Release 9.3 or later.
Is the LWC a Juniper NFX?
No. The LWC and NFX share a common hardware platform. However, these devices run on different software and perform different functions. You cannot convert an existing NFX to an LWC, or vice versa.
What protocols does the LWC use for collecting and encrypting data from Juniper devices?
NETCONF over SSH leveraging SSH2.
What encryption is used between the LWC and Juniper Cloud?
TLS 1.2 certificates that rotate every two weeks.
Does LWC support data collection through SNMP, syslog, or other protocols?
No.
Can I use any external or other data collection mechanism?
No. The infrastructure, including the LWC, is a closed system. We keep it closed to ensure that the solution is completely secure and reliable.
How does Juniper treat updates and security advisories for the LWC?
We treat updates and security advisories as managed services.
Who is responsible for monitoring the LWC device (through SNMP and syslog)?
Juniper monitors the LWC device.
Does the LWC discover devices in the network automatically?
No. You need to onboard the devices manually through Juniper Support Portal. You can either add a set of target device IP addresses manually or upload the device IP addresses through a CSV file.
How many devices can be supported on JSI?
A single physical LWC can support up to 20,000 devices. The vLWC comes in large and small configurations. The vLWC can support up to 20,000 devices in the large configuration, and up to 10,000 devices in the small configuration.
If the deployment includes separate managed networks or domains that do not support routing from a single collector, you need additional collectors.
For additional information, see Juniper Support Insights Data Sheet.
Does the LWC have any specific connection requirements?
The LWC Platform Hardware Guide provides details about the connection requirements. The external IP addresses assigned to the LWC must be able to reach the Internet. We do not recommend assigning public IP addresses to the LWC’s external interface. All connections are outbound from the LWC. No external connections are inbound to the LWC.
Can I disable the extra services on the LWC to ensure that the device is as secure as possible?
On the LWC, we have disabled all services that are not part of the solution.
Can I install an external agent (for example, Crowdstrike agent) or other software on the LWC?
No. In order to meet the strict security certification compliance requirements, we have limited direct user access to the on-box captive portal mechanism.
Can I ping the LWC’s Ethernet interfaces from other IP addresses in the same network?
Yes. The internal interface and one of the external interfaces will respond to pings.
Which port does NETCONF use?
Port 22.
What permissions does the JSI user need in Junos to operate JSI?
Feature |
Permissions and Commands to Enable |
---|---|
Standard JSI (reports and dashboards) |
|
RCS file copy |
|
RSI |
|
Log and core files |
Note:
Some log or core files require root privileges, and cannot be accessed by the JSI user. These files can be accessed in one of the following ways:
|
Which commands does the LWC use to collect data from Juniper devices?
For data collection, the LWC uses the following commands:
-
file list detail
-
show bgp summary
-
show chassis alarms
-
show chassis fpc
-
show chassis hardware extensive
-
show chassis routing-engine
-
show interfaces descriptions
-
show interfaces terse
-
show isis adjacency
-
show ospf neighbor
-
show rsvp neighbor
-
show system buffers
-
show system commit
-
show system core-dumps
-
show system license
-
show system uptime
-
show version
-
show vrrp detail
For Remote Connectivity Suite (RCS), the LWC uses the following commands:
-
request support information
-
sftp
Note:Starting in Junos OS Release 19.1R1, incoming SFTP connections are globally disabled by default. You can globally enable incoming SFTP connections by configuring the
sftp-server
statement at the[edit system services ssh]
hierarchy level. Prior to Junos OS Release 19.1R1, incoming SFTP connections were globally enabled by default.
At what intervals does the LWC run the data collection commands on Juniper devices?
Once a day at 2:00 AM local device time. This interval is not user configurable.
Who manages the list of commands used for data collection?
Juniper manages the list of commands.
Will Juniper inform users when they add or modify the data collection commands?
Yes.
How can I view the commands executed by JSI on my device?
You can run the show log interactive-commands operational command on your device to view a log of all the commands executed by JSI. The log output has the format:
timestamp
device-name
process[process-id]: UI_NETCONF_CMD: User
your-JSI-username used NETCONF client to run command
‘command-name’.
Can I choose the data to be collected?
No. However, a JSI admin user can pause the data collection in case of emergency. On the Juniper Support Portal, use the Enable/Disable button on the following page to pause or start data collection:
Insights > Collectors > collector-name
Does Juniper have access to the LWC through an https connection?
For troubleshooting purposes, the Juniper escalation team handling JSI has access to the LWC through the outbound https connection established by the LWC.
What do I do if there is an issue?
On the first instance, check the supporting documentation on the Juniper Support Insights TechLibrary page.
If you're still unable to resolve the issue, open a ticket with Juniper Support. While opening a ticket, use the following options to reach the correct team supporting JSI:
Field |
Option |
---|---|
Case Type |
Tech |
Product Series |
Juniper Support Insights |
Platform |
Juniper Support Insights |
Serial #/Software Support Reference # |
Leave blank unless an RMA is needed for the physical LWC (in which case provide the serial number of the LWC appliance). |
How does JSI work with other Juniper products like Juniper Mist or Juniper Cloud?
JSI is also available on Juniper Mist and Juniper Cloud to suit each customer’s needs. If you're already leveraging the Juniper Mist or Juniper Cloud, we recommend that you continue to onboard your devices there.
How can JSI help plan for future needs and updates to technology?
JSI's exposure reports help with planning around EOL, Proactive Bug Notifications (PBN), and security vulnerabilities.
For additional information, see the Juniper Support Insights Demo.