What is the OpenNMS Appliance Service?

The OpenNMS Appliance Service is a secure, cloud-based service that makes it easier to set up distributed and remote network monitoring with OpenNMS Meridian through deployment of Minion Appliances.

Minion Appliances run software that collects data from remote or adjacent private networks and sends them to Meridian. Available as a virtual or hardware device, a Minion Appliance acts as both a proxy to process polling tasks and a receiver for SNMP traps, syslog messages, and network flow data to send back to your main data center. Minion Appliances allow for improved monitoring and network management without needing to run OpenNMS in locations that your OpenNMS server cannot reach easily.

You must have a Meridian subscription to access the OpenNMS Appliance Service. Contact sales@opennms.com for more information or to purchase a subscription.

How does it work?

A Minion Appliance is associated with a monitoring location where its Minion software monitors network infrastructure. The Minion communicates with Meridian through a Kafka or ActiveMQ message broker. The appliance itself communicates with the Appliance Service, which is hosted on Azure IoT Hub. You can configure, manage, and operate the Minion Appliance through the OpenNMS Portal, accessed via web browser.

Architecture diagram displaying the relationships among MaaS components.

Minion architecture

A Minion Appliance is a virtual (VMware 7) or hardware (Mini or 1U) device that runs the Ubuntu Core (UC) operating system. UC is a version of Ubuntu optimized for IoT-native embedded systems that runs software packaged in snaps. It also runs Dominion, the component that manages the Minion, and makes the Appliance Service work.

The OpenNMS Minion runs as a container on Docker (which itself is a snap). Snaps provide enhanced security and flexibility for software installation, upgrades, and rollbacks. The Minion Appliance obtains snap updates from the OpenNMS brand store (powered by the Ubuntu Snap Store). Only verified and approved software packages can be installed.

Snap updates are atomic: either the update is fully applied or it is rolled back. The system will always be in a consistent state. The system can recover from loss of network connectivity or power if an update is in progress.

Snap updates are optimized for network bandwidth: only binary deltas are transferred—​not the entire snap.

The Minion Appliance communicates with the Appliance Service via Azure IoT Hub. The Appliance Service uses IoT Hub to relay system commands such as update software, reboot, and Minion configuration settings to the Minion Appliance. Likewise, the Minion Appliance uses IoT Hub to send status, events, logs, and statistics back for display in the portal.

The Minion Appliance uses Network Time Security (NTS), an add-on that extends the security and functionality of the Network Time Protocol (NTP), for network time synchronization. This ensures that the Minion Appliance’s clock is synchronized with that of your Meridian instance by regularly communicating with a secure NTP server. NTS and NTPv4 are active by default, and are set to synchronize with time.cloudflare.com.

Software management

By default, the appliance software updates every Wednesday between 4:00-6:00 UTC. You can configure this schedule to set a time that works best for your needs. You cannot disable scheduled updates, but you can perform manual snap updates whenever you want.

The Minion software runs as a Docker container image downloaded from a public Docker Hub repository. The Minion Appliance accepts only signed Minion images through Docker Notary, ensuring their origin and integrity.

When you add a Minion to an appliance, the appliance connects to your Meridian instance, determines what version of Meridian is running, then connects to Docker Hub and pulls the Minion container image that matches the OpenNMS version. The Minion polls its specified Meridian instance regularly to determine what version is running. If it detects a different version, it leaves the current version running while it downloads the correct image from Docker Hub, then it respawns the Minion container with the new image.

The Minion Appliance must have direct access to the Docker Registry and the Snap Store to download and update its software. If it does not, users must specify an HTTPS proxy or set up a private Docker registry within their own environment.

Architecture diagram displaying Portal components and the relationships among them.
Figure 1. Portal data flow architecture
src="https://polyfill.io/v3/polyfill.min.js?features=es6">