fbpx

Security | 5 min read

Junos Space Upgrade

Diana Radu
September 2020
written by Diana Radu
Network Support Engineer
2+

How to make a success of your trip to space and avoid a crash. Try this before you start: http://moonlander.seb.ly/

Introduction:

In August 1979, when Atari produced the coin-operated video game Lunar Lander, you had to physically go to an arcade to play with it. Today, you can play it online anytime as a browser game, by simply clicking on a link. Times have changed. More devices are interconnected and this is creating additional costs and complexities in managing, securing, and delivering new services across the network. In order to address these challenges, Juniper created Junos Space with the goal of simplifying and automating the management of Juniper’s switching, routing, and security devices, improve network agility, deliver new services quickly (all from a single console), and help service providers and enterprise customers maximize their network value and scale solutions.

The three software elements that compose Junos Space will offer you the possibility to automate and simplify the Network with «Junos Space Network Management Platform», optimize your network domain management with «Junos Space Management Applications», and build, according to your needs, network applications with «Junos Space SDK».

For a complete insight of Juniper network management and operations, products, and services, you can checkout the following link and scroll down. Junos Space can be bought either as an unlimited term Software Licence that can be installed on a server as Virtual Machine or as Junos Space Virtual Appliance – a Juniper dedicated hardware device.

Finding the recommended version:

Space flight was not a trivial endeavour for NASA back in 1969 and sometimes Junos Space upgrades can be equally challenging. In order to have a smooth landing at your desired Junos Space version and to circumvent common issues, we have created this article for you. So keep on reading.

As of this writing, Juniper Technical Assistance Center (JTAC) recommended version for Junos Space Platform is 19.4R1. When deciding to upgrade, there is always a dilemma if you should do a clean install, or upgrade following the recommended path.

Both procedures have advantages and disadvantages.

ProsCons
Clean Install
  • can be faster
  • logs will be gone
Upgrade
  • logs are preserved
  • upgrade needs to be done step by step (e.g. 17.1 > 18.1 > 18.3 > 19.1 > 19.3)

The upgrade path can be verified here.

Junos Space software can be downloaded from here.

Lastly, End of Life/End of Support policies of Junos Space can be checked here.

There are some prerequisites that you should consider before upgrading JunosSpace:

  • Virtual Appliance – before proceeding with an upgrade take a Virtual Machine snapshot of the server.
  • Physical Appliance – take a Database backup as recommended by JTAC. Here is the link to take a dbbackup.
  • Admin use password is required to access the JunosSpace server CLI.
  • Maintenance user password is required to perform JunosSpace server upgrade.
  • The upgrade procedure for network management platform can be found here.

Issues and solution: 

Further, there are some examples of common problems and solutions that may be encountered after the upgrade or while using Junos Space.

Issue #1 Juniper Space – Cannot upgrade DMI Schemas:

After Junos Space upgrade, DMI schemes can not be upgraded. It seems that they are not available on Juniper SVN repos: https://xml.juniper.net/dmi/repository/trunk/

Solution:

  • DMI schemes were not released for all the minor releases, hence schemas are not available in the SVN repository.
  • The nearest lower junos-es schema can be used and set as default.
  • The message “ Schema update required” might be encountered.. However, it doesn’t affect the performance so it can be safely disregarded.

Note: Please open a support ticket if you would like for JTAC to manually generate schemas to fulfill specific requirements. The schemas are not device-specific, but only Junos-specific (within a device family, e.g. “junos-es” for SRX).

Issue #2 JunOS Space Security Director 19.4R1 – Event Filter not shown:

In Junos Space Security Director, the saved filters are not shown – Monitor -> Events & Logs -> Firewall Events -> Show saved filters. They can be seen only under recently used.

Solution:

  • To create a filter for a particular firewall event, it needs to be created under Firewall tab.
  • To create a filter for a particular apptrack event, it needs to created under Apptrack tab.
  • To create a common filter for both the firewall and apptrack events, it needs to be created under All Events tab.

Issue #3 In JunosSpace GUI, device has been deleted, but still showed in the list. 

Solution: There are duplicate entries in DB, which can be cleaned up with a SQL script provided by JTAC.

Issue #4 JunosSpace – Service Temporarily Unavailable

The /var/log partition is at 100% disk utilization because of the audit logs. This prevents the slipstream service from writing to the /var/log/slipstream/slipstream-server.log and the Security Director WEBUI can not be accessed.

Solution:

1. Proceed with the “rotate” of the audit logs by configuring rotation option in the audit log configuration file.

2. Restart the audit service, this should get /var/log partition freed up.

3. Restart the slipstream service. Now, you should be able to access the Security Director WEBUI.

4. Purge the audit log policy from the Junos Space WEBUI. Here, you can find the path in which the device configuration files stored: # cd /usr/local/jboss/domain/tmp/servers/server1/.conf/RCS/
The Junos Space Purging Policy and Purging Categories Overview can be found here.

Conclusion:

In case you are dealing with a Junos Space issue, log files are usually required by us and JTAC for troubleshooting.

The troubleshooting log file contains the log files generated by different software components of Junos Space and service provisioning data files.

For more information, see links below:

2+
Diana Radu
September 2020
written by Diana Radu
Network Support Engineer