Telemetry Agent QuickStart Guide

Version 1.0 July 2020

TelemetrySales and Support Enablement

The Palo Alto Networks Telemetry Agent feeds data to the Customer eXperience Automation (CXA) data lake. This telemetry data enables Harmony (internal app) to deliver Account-focused dashboards and a suite of advanced analytics tools designed to enable Support and Sales to provide long term value to customers.

Cortext Data Lake (CDL) will receive streaming data from the CXA data lake, providing customers with the same Device Insights (customer app) experience, whether they are sending telemetry data from the Telemetry Agent or Sapporo (PAN-OS 10.0) firewalls.

Sales Benefits

Telemetry Agent

2 | © 2020 Palo Alto Networks, Inc. All rights reserved.

● Capacity analysis and planning tools to enable hardware refresh efforts

● Automated, in-line service intelligence enabling proactive support and faster problem resolution

● Telemetry powered tools enabling SEs to deepen relationships through insight into customer deployments

TelemetryEmpowerment through data driven insights

Palo Alto Networks telemetry empowers customers with proactive system health, performance, trending and configuration insights. These enable you to increase uptime, improve security posture, and address issues before they escalate or impact business continuity.

Services and support can deliver enhanced insights, custom guidance, and faster problem resolution when customers enable telemetry for their Palo Alto Networks devices.

The Palo Alto Networks Telemetry Agent is easy to deploy, zero maintenance, and works with all supported PAN-OS software releases.

Customer Benefits

Telemetry Agent

3 | © 2020 Palo Alto Networks, Inc. All rights reserved.

● Streaming data enables near real-time insights into deployment state

● Automated, in-line service intelligence enabling proactive support

● Capacity analysis and planning tools to ensure measured growth

Telemetry Agent Telemetry Agent

4 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Appliance

CentOS 7 VM with the Telemetry Agent software pre-installed and ready to deploy in your hypervisor of choice. Available for download from the Palo Alto Networks Customer Support Portal (CSP).

Current hypervisor support for:● VMWare● KVM● VirtualBox

Docker Installation

Allows for deployment of the Telemetry Agent software into any compute node capable for running Docker (a popular container technology). Installation guide starts on page (6).

Form Factors

Telemetry Agent System Requirements

Software

● Docker version 19.03.0 or above

● Docker Compose version 1.25.0 or above

OS (Operating Systems) supported● Please refer to Docker’s supported platforms and

system requirements: https://docs.docker.com/engine/install/#supported-platforms

Network Connectivity

● SSH and HTTPS connectivity to registered devices and HTTPS connectivity cloud receiver

Compute resources

● 4 Cores● 4GB Memory● 50GB Storage

Supports

● Up to 250 registered devices (This includes

Panorama and NGFWs)

● One Telemetry Agent per physical location is

recommended where possible to limit devices per

agent

● IPv4 only at this time

(Minimum)

5 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Telemetry Agent Docker Installation

Docker is a popular container technology used to develop, ship and deploy the Telemetry Agent in your existing compute environment. More information about Docker at www.docker.com.

Step 1

Register

https://telemetry.paloaltonetworks.com/telemetry-agent Complete the form and get access to the following:

● Credentials to the private container registry (Telemetry Agent software)

● Secure token for communication between the Telemetry Agent and receiver

● Docker Compose YAML file● Docker Compose .env file

Step 2

Install Docker and Docker Compose

Docker Install:: https://docs.docker.com/engine/install

Note: For supported Linux versions there is a convenience script available here: https://docs.docker.com/engine/install/centos/#install-using-the-convenience-script

Docker Compose: https://docs.docker.com/compose/install

Step 3

Check that installation was successful

From your CLI run the following two commands:

docker --versiondocker-compose --version

If the software version is displayed then you are ready to install the Telemetry Agent.

6 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Telemetry Agent Agent Installation (Docker)

Private Container Registry

quay.io is a secure, private container registry hosted by Red Hat®. The compute host you have prepared to run the Telemetry Agent software must have access to this repository - for installation and ongoing updates. The Telemetry Agent will auto update when updates are available.

Step 1.) Move the telemetry-agent.zip file you received during the Telemetry Agent registration to a preferred location in your prepared compute host and unzip it. Ensure that both the docker-compose.yaml and .env files are present.

Step 2.) Log into the private container registry from your compute host CLI with the following command (Username and Password were provided during Telemetry Agent Registration):

docker login -u=<USER> -p=<PASSWORD> quay.io

Step 3.) From your CLI, change directory into the telemetry-agent folder and run the following command:

docker-compose -p agent up -d

7 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Telemetry Agent Agent Installation (Appliance)

Private Container Registry

quay.io is a secure, private container registry hosted by Red Hat®. The compute host you have prepared to run the Telemetry Agent software must have access to this repository - for installation and ongoing updates. The Telemetry Agent will auto update when updates are available.

Step 1.) Login to the Telemetry Agent CLI using the default username and password (admin/admin) - you will be forced to change the admin password at first login.

Step 2.) Use the agent CLI to set the agent IP information (DHCP by default) and provide the contents of your issued .env file - using the following commands:

> set interface <option>> set envYou will copy-n-paste the contents of your .env file in the terminal after issuing the ‘set env’ command, hit <enter> the <ctrl+d> to return to the prompt.

Commands can be tab completed and CLI ‘help’ is available.

Step 3.) From your CLI, commit your changes with the following command:

> commit

8 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Private Container Registry

quay.io is a secure, private container registry hosted by Red Hat®. The compute host you have prepared to run the Telemetry Agent software must have access to this repository - for installation and ongoing updates. The Telemetry Agent will auto update when updates are available.Telemetry Agent utilities (CLI and other utils) are hosted on github.com - and will auto update as well.

Telemetry Agent Initial SetupYour Telemetry Agent installation should be complete. Point your web browser to the IP or FQDN you have configured on your compute host. e.g. https://192.168.0.100. If installation was successful, you will be prompted with the initial setup wizard after login (default username and password: admin/admin).

Privacy Agreement Change Telemetry Agent Admin Password

9 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Telemetry Agent Initial Setup ContinuedNOTE: An admin (service account) with superuser role is required to be created on each device you wish to register to the Telemetry Agent. These credentials are stored securely and encrypted in the Telemetry Agent database.

After configuring the Secure Token and clicking “Save & Continue”, the agent will attempt to validate the token with the receiver. If this validation is successful, the initial setup wizard will be complete and you will be prompted to register devices.

Service Account Secure Token

10 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Telemetry Agent Device Registration

Register New Panorama Device Register Panorama Connected Devices

Your Telemetry Agent installation should be complete. The Telemetry Agent will now download content from the receiver which drives what the agent collects from registered devices and at what frequency. Content will update automatically when there is an update available.

11 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Telemetry Agent Device Registration Continued

Register Individual Device Bulk Register Devices

12 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Telemetry Agent Get Help

For additional resources and FAQs please visit the LIVE Community Telemetry Page.

Support is provided through Palo Alto Networks Global Customer Support. If you have telemetry questions, unrelated to customer support, please send email to: telemetry@paloaltonetworks.com.

We hope your experience with the Telemetry Agent is great, but if there is anything we can do to make it better, please let us know.

Thank you for your interest in the Telemetry Agent!

13 | © 2020 Palo Alto Networks, Inc. All rights reserved.