Working With Additional Axonius Collector Nodes
  • 02 Jan 2024
  • 5 Minutes to read
  • Dark
    Light
  • PDF

Working With Additional Axonius Collector Nodes

  • Dark
    Light
  • PDF

Article Summary

You can create additional collector nodes that connect to the Core node. Collector nodes allow you to:

  • Fetch data from partially connected networks with limited connectivity or strict firewall rules.
  • Add load balancing to improve the overall performance of your Axonius deployment.

Axonius Architecture.png

To connect a collector node, the following are required:

  • The Axonius collector node must be installed on the partially connected network, with the same Axonius release version as the Axonius Core Node.
  • The following ports must be open from the Axonius Collector Node to the Axonius Core Node for OpenVPN:
    • TCP/6783:
SourceDestinationProtocolPort
Collector NodeCore NodeTCP6783
Note:

If you are using the PaloAlto firewall you must use 'OpenVPN APP-ID' for destination port 6783 in order to connect the node.

Note:

If you are using an IDS or DPI on your system, define the destination port protocol/profile as OpenVPN (and not HTTPS) in order to connect the node.

Node Sizing Recommendations

Number of Assets sent through NodeRAMCPU CoresDisk*
< 30k16 GB4 virtual cores500 GB
> 30k32 GB8 virtual cores500 GB
> 100k64 GB8 virtual cores500 GB

* SSD is not required for storage

Connecting an Additional Node

  1. Deploy an Axonius node into the additional network and start the machine
  2. Decrypt the system using the steps provided by Axonius.
  3. Configure the IP address per the "Setting the IP address" section in Configuring the Axonius Platform
  4. Install the license as described in Logging on and Signing Up. However, do not fill in signup details or configure an Admin user.

Once the decryption and installation process is complete, the Axonius Machine opens:

AxoniusCollctor

To connect your Collector Axonius Node

  1. From the Node Type select Collector Node.
  2. Log into the Axonius core node, and go to the Instances page. The Instances page opens, displaying the installed Axonius instances, that include tagged name, hostname, IP address, last seen, installed version, and the status (activated/deactivated) of each instance.

InstancesPAge

  1. To connect an additional collector node, click Connect Node. From the message box that opens Click Generate and Copy to generate and copy the connection string that contains the node name.
Note:

* From version 6.0.12 it is possible to use the same connection string to connect more than one node.
* However, it is also possible to generate a separate different connection string for each node, if you require this.

  1. Paste it into the Connection string pane

  2. Make sure any prerequisites listed above are met.

NewCollectorNode

  1. Click Continue.
  2. Some systems may have issues with IP address of the primary node, in which case the following is displayed. Go back to the Instances page and copy the IP address of the Primary node into the Primary node field and click Retry.

IPAddressNodes1

  1. The system begins to install, this might take a few minutes.
    You should see a success message. An additional collector node is now added in the Instances page with an Activated status. You will not be able to access the Axonius User Interface on this machine any more

You can now configure any adapter to use the newly added Axonius collector node.

Managing Nodes

Deactivating a Node

You can deactivate a node instance from the system using the Instance drawer. When you deactivate an instance, all adapter connections using this node are removed.
To deactivate a node:

  1. From the Instances page, click on an active node. The Instance drawer opens.

InstanceDRawer1N3

  1. Click the Actions button and choose Deactivate. The system asks you to confirm your action.

    Deactivatebutton.png

    Once you confirm the action:

    • All the adapter connections that use the selected Axonius node are removed.
    • The status of the instance is marked as Deactivated.

Reactivating a Node

You can reactivate a node using the Instance drawer.
To reactivate a deactivated node:

  1. From the Instances page, click on a node which is not currently active. The Instance drawer opens.
  2. Click the Actions button and choose Reactivate. The system asks you to confirm your action. Once confirmed, the status of the selected Axonius collector node(s) is updated as Activated.

Deleting a Node

You can delete a node from the Instance page.
You can only delete a node if it has not been used for two days. Once you delete a node it is completely removed from the system and will have to be installed again if you want to use it again.
To delete a node

  1. First you have to Deactivate the node. It is now possible to delete the node.
  2. From the Instances page, click on a node (not the primary node). The Instance drawer opens.
  3. Click the Actions button and choose Delete. The system informs you that this completely deletes the node, and asks you to confirm the action. Once confirmed, the selected Axonius collector node is deleted from the systems.

Renaming Instances and Hostnames

To allow you to manage your Instances better you can rename the Instances as well as the Hostnames
To rename an Instance:

  1. From the Instances page, click on an Instance.
  2. The instance drawer is displayed. You can rename the Instance Name or Hostname.
    The Hostname field should not include spaces or special characters.

InstanceChangeNAme

Instance Performance Metrics

To view instance performance metrics:

  1. From the Instances page, click on an Instance.
  2. The instance drawer opens and displays instance performance metrics.
  3. The following performance metrics are displayed:
    • CPU Usage - CPU usage in percentages
    • Hard Drive: Free Size (GB) - The available disk space that is left on the Instance machine.
    • Hard Drive: Size (GB) - The total disk space that is configured on the Instance machine.
    • Free RAM (GB) - The available memory that is left on the Instance machine.
    • Total RAM (GB) - The total memory that is configured on the Instance machine.
    • Free Swap (GB) - The available Swap memory that is left on the Instance machine.
    • Total Swap (GB) - The total Swap memory that is configured on the Instance machine.
    • Total Physical Processors - Total number of physical processors on the instance machine.
    • CPUs: Cores - Number of CPU cores on the instance machine.
    • CPUs: Threads in core - Number of threads per core.
    • Last Historical Snapshot (GB) - The amount of storage taken up by the most recent historical snapshot.
    • Days Remaining for Historical Snapshots - The number of estimated days, historical snapshots will still be saved given available storage capacity. Note: This field will only be visible if 1) historical data retention is not configured OR 2) the number of days configured for historical data retention is higher than the estimated number of available snapshots.

performanceMetrics4



Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.