Connecting Additional Axonius Collector Nodes
  • 02 May 2022
  • 6 Minutes to read
  • Dark
    Light
  • PDF

Connecting Additional Axonius Collector Nodes

  • Dark
    Light
  • PDF

You can create additional collector nodes that connect to the Core node. Collector nodes allow you to:

  • Fetch data from partially connected networks with limited connectivity or strict firewall rules.
  • Add load balancing to improve the overall performance of your Axonius deployment.

Axonius Architecture.png

To connect a collector node, the following are required:

  • The Axonius collector node must be installed on the partially connected network, with the same Axonius release version as the Axonius Core Node.
  • The following ports must be open from the Axonius Collector Node to the Axonius Core Node for OpenVPN:
    • TCP/6783
Source Destination Protocol Port
Collector Node Core Node TCP 6783
Note:

If you are using the Palo-Alto firewall you must use 'OpenVPN APP-ID' for destination port 6783 in order to connect the node.

Note:

If you are using an IDS or DPI on your system define the destination port protocol/profile as OpenVPN (and not HTTPS) in order to connect the node.

Node Sizing Recommendations

Number of Assets sent through Node RAM CPU Cores Disk*
< 30k 16 GB 4 virtual cores 500 GB
> 30k 32 GB 8 virtual cores 500 GB
> 100k 64 GB 8 virtual cores 500 GB

* SSD is not required for storage

Connecting an Additional Node

  1. Deploy an Axonius node into the additional network and start the machine
    a. Decrypt the system using the steps provided by Axonius
    b. Configure the IP address per the "Setting the IP address" section in Configuring the Axonius Platform
    c. IMPORTANT: Do NOT follow the steps for "Logging On and Signup"
  2. Log into the Axonius core node, and go to the Instances page. The Instances page opens, displaying the installed Axonius instances, that include tagged name, hostname, IP address, last seen and the status (activated/deactivated) of each instance.

image.png

  1. To connect an additional collector node, click Connect Node.
    You should see a message box that instructs you how to connect an additional node to the Core node. This involves logging into the node machine with ssh credentials 'node_maker:M@ke1tRain' and then typing a connection string that looks like this:
    [Axonius-Hostname] [Secret Token] [User-Nickname]

    • Axonius-Hostname - Specify the IP/hostname of the Core node, which is accessible from the additional node.
    • Secret Token - Copy and paste the secret token above, which was generated by the Core node.
    • User-Nickname - Specify a name for the additional node, e.g. 'node-1'.



    An example of a connection string could be:
    10.0.7.43 oBB9aaOTC2Sh88i0pDv5IE5x0LeOXFHH node-1
    image.png

  2. Once you paste the connection string, wait a few minutes until the node connects. You should see a success message, and an additional collector node is added in the Instances page with an Activated status.

As a result, you can now configure any adapter to utilize the newly added Axonius collector node.

Managing Nodes

Deactivating a Node

You can deactivate a node instance from the system using the Instance drawer. When you deactivate an instance, all adapter connections using this node are removed.
To deactivate a node:

  1. From the Instances page, click on an active node. The Instance drawer opens.

InstanceDrawer1.png

  1. Click the Actions button and choose Deactivate. The system asks you to confirm your action.

    Deactivatebutton.png

    Once you confirm the action:

    • All the adapter connections that use the selected Axonius node are removed.
    • The status of the instance is marked as Deactivated.

Reactivating a Node

You can reactivate a node using the Instance drawer.
To reactivate a deactivated node:

  1. From the Instances page, click on a node which is not currently active. The Instance drawer opens.
  2. Click the Actions button and choose Reactivate. The system asks you to confirm your action. Once confirmed, the status of the selected Axonius collector node(s) is updated as Activated.

Restarting an Instance

You can restart an Axonius node from the Instance drawer. When you restart an instance this logs off all users, and halts all pending system activities. In addition, you lose communication with the instance, until it is back online again.
To restart an Instance

  1. From the Instances page, click on a node. The Instance drawer opens.
  2. Click the Actions button and choose Restart. The system asks you to confirm your action. Once confirmed, the status of the selected Axonius collector node(s) is updated as Activated.
    Once you confirm the action:
    • All users connected to that instance are logged off.
    • All pending system activities are halted.
    • You cannot communicate with the instance until it is back online again.
    • The status of the instance is marked as 'Restarting'.

Shutting Down a Node

You can shut down a node on the system directly from the Instance drawer. When you shut down a node all users connected to that instance are logged off, and all pending system activities are halted. You will lose communication with this instance. When you shut down a node, you can only turn it on again by directly accessing the machine.

To shut down a node:

  1. From the Instances page, click on the node. The Instance drawer opens.

  2. Click the Actions button and choose Shutdown. The system asks you to confirm your action.

    Deactivatebutton.png

    Once you confirm the action:

    • All users connected to that instance are logged off.
    • All pending system activities are halted.
    • The status of the instance is marked as 'Shutdown'.

Renaming Instances and Hostnames

To allow you to manage your Instances better you can rename the Instances as well as the Hostnames
To rename an Instance:

  1. From the Instances page, click on an Instance.
  2. The instance drawer is displayed. You can rename the Instance Name or Hostname.
    The Hostname field should not include spaces or special characters.

InstancePAge.png

Adding Instance Indication

Use Show Indication on the Axonius Core node instances to easily distinguish between your different Axonius machines and show a banner with the name of the instance at the bottom of all system pages.

  1. From the Instances page, click on an Instance.
  2. The Instance drawer opens.
  3. Select Show Indication to display a banner with the Instance Name field value on all system pages for this Axonius Core node instance.

ShowINstanceNAme.png

The name now appears in the banner at the bottom of all pages in your instance.

Instance Performance Metrics

To view instance performance metrics:

  1. From the Instances page, click on an Instance.
  2. The instance drawer opens and displays instance performance metrics.
  3. The following performance metrics are displayed:
    • CPU Usage - CPU usage in percentages

    • Hard Drive: Free Size (GB) - The available disk space that is left on the Instance machine.

    • Hard Drive: Size (GB) - The total disk space that is configured on the Instance machine.

    • Free RAM (GB) - The available memory that is left on the Instance machine.

    • Total RAM (GB) - The total memory that is configured on the Instance machine.

    • Free Swap (GB) - The available Swap memory that is left on the Instance machine.

    • Total Swap (GB) - The total Swap memory that is configured on the Instance machine.

    • Total Physical Processors - Total number of physical processors on the instance machine.

    • CPUs: Cores - Number of CPU cores on the instance machine.

    • CPUs: Threads in core - Number of threads per core.

    • Last Historical Snapshot (GB) - The amount of storage taken up by the most recent historical snapshot.

    • Days Remaining for Historical Snapshots - The number of estimated days, historical snapshots will still be saved given available storage capacity. Note: This field will only be visible if 1) historical data retention is not configured OR 2) the number of days configured for historical data retention is higher than the estimated number of available snapshots.

      MetricsInstanceUpdated.png



First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.