08-04-2011 09:09 AM
The best thing would be to upgrade to NSM 2011.1 with the latest schema and see where things stand for you. It's not going to introduce major functional changes like object management (bulk deletes etc) but it is now managing JunOS devices almost as well as ScreenOS based devices. There are still a quirks but they are minor annoyances rather than major problems that we saw with the NSM releases 2009-2010.
For performance, higher spec hardware does help - especially as logging and device counts increase. If you are on the appliance, it could help by moving the logging onto a mounted external storage array. If you are on the software version, move logging onto an external storage array and allocate 4-8 processor cores to NSM. (hyperthreading should be off).
08-06-2011 02:16 AM
So with the last couple of NSM/SRX integrations I found out that NSM would not recognize if a SRX had changed (e.g. changed config through Junos CLI or device being shut down). So I checked with JTAC and they told me this is normal. Say what? MY device monitoring feature doesn't actually monitor the devices? I can have a major breakdown in my datacenter that causes my SRXs to disappear from the network and NSM wouldn't even see that, and instead tell me the devices are up and in sync?
JTAC say it's normal. NSM can't detect device changes on SRX. Yes folks, that's right.
What's with all this Junos automation power? Why not simply poll the device status at regular intervals?
Are you serious?
08-06-2011 07:39 AM
We will validate whether that is WAD (working as designed). I'm not sure it is since it appears JTAC was unable to reproduce the issue you reported. If it is the case then clearly we need to caveat the documentation better to indicate this.
08-07-2011 11:45 AM
08-12-2011 06:35 AM
08-15-2011 11:25 PM
08-16-2011 12:25 PM - edited 08-16-2011 12:25 PM
Patience is a virtue...
The product team is working on an update I'll post here detailing the "get well" plan for the issues described here and elsewhere. Should have something in a week or so.
08-17-2011 04:08 PM
Here's the update from the product team.
"We acknowledge that NSM management for Junos devices has had some challenges. Juniper is committed to delivering quality products to our customers, and we are working on two focused programs to alleviate these concerns. The first program includes a significant engineering investment to improve the quality of NSM. To that end, there will be two NSM releases this year, one targeting NSM 2010.x customers and one for 2011.x customers. These releases will contain bug fixes, targeted improvements for improving stability and performance, as well as extensive testing. The second program will deliver a security management solution called Security Design that runs on our Junos Space platform. This will provide a transition path for NSM customers and will serve as Juniper’s long-term security management platform."
08-21-2011 09:37 AM
Thank you Keith.
Is there any information available for Space's "Security Design" yet? Is that an existing product?
As for the NSM updates that are supposed to significantly improve stability and performance, are there any ETA dates on when to expect these releases?