Internal documentation only
This page has been marked as draft.
ITRS Analytics installation guide (Geneos configuration)
ITRS Analytics is an observability platform for data storage and analytics. You can configure Gateways and Netprobes to publish data so you can store and analyze metrics, logs, and events in the ITRS Analytics platform.
Geneos collects real-time monitoring data from various sources including servers, databases, networks, and applications using its extensive library of plugins and integrations. It can then feed these data to the ITRS Analytics platform to process and transform it into actionable insights through various apps, such as Entity Viewer, Dashboards, and Alerting, which are accessible through the Web Console.
This integration enables users to:
- Store and analyze historical monitoring data at scale.
- Access advanced analytics and visualization capabilities.
- Use web-based interfaces for monitoring and analysis.
This guide is intended for ITRS Analytics users who already have Geneos installed and want to configure their Gateways and Netprobes to publish data to the ITRS Analytics platform.
Installation prerequisites Copied
Before installing ITRS Analytics, you need to complete several prerequisite steps. These include obtaining a license, identifying the appropriate deployment option for your environment, determining the required server size based on your message rate, and setting up your system to meet the installation requirements.
Get the ITRS Analytics license Copied
You can request for ITRS Analytics license via Support or your Account Managers.
Note
ITRS Analytics comes with a bootstrap license which allows users to use the platform for five days for free.
Identify the deployment options Copied
Before installing ITRS Analytics, you need to identify the deployment option that your environment supports. This can be identified by your available Kubernetes resources and the type of internet access as shown in this matrix:
| Option | Kubernetes resources | Internet access |
|---|---|---|
| Bring-Your-Own-Cluster (online) | Available | Online |
| Bring-Your-Own-Cluster (air gapped) | Available | Intranet only |
| Embedded cluster (online) | Unavailable | Online |
| Embedded cluster (air gapped) | Unavailable | Intranet only |
Determine your server size and requirements Copied
Ensure that ITRS Analytics will run smoothly in your environment by using the required resources and hardware. Get the message rate then use the ITRS Analytics Sizer to determine these requirements.
Get the message rate Copied
The required size by ITRS Analytics depends mainly on the message rate it needs to handle.
| T-shirt sizing | Message rate | ITRS Analytics entities | Indicative server range |
|---|---|---|---|
| Large | 100,000 | 250,000 | 3,000-9,000 |
| Medium | 50,000 | 125,000 | 900-3,000 |
| Small | 10,000 | 25,000 | 300-900 |
For current Geneos customers, you can find the message rate generated by any Gateway (version 5.14.0 and later) by configuring ITRS Analytics publishing in statistics-only mode. To determine the total required message rate, add up the message rates from all Gateways that share an ITRS Analytics instance.
If you do not have these statistics, you can initially reference the sizing guidelines provided. The estimated range of the number of servers that ITRS Analytics can handle are based on certain assumptions (see below) and an analysis of existing customer Gateways.
| Indicative server range | Computation |
|---|---|
| Lower estimate | The following conservative assumptions were used:
|
| Upper estimate | Actual message rates from various customer Gateways were used. Most of these Gateways use 20-second sampling and a wide range of plugins. |
You may use these estimates as a starting point, but validate it with actual statistics from your Gateways as soon as possible, since message rates can vary significantly between different plugins.
For more information on t-shirt sizing, refer to Resource and hardware requirements.
Use the ITRS Analytics Sizer Copied
To quickly and conveniently estimate the resources needed to run ITRS Analytics, you can use the interactive ITRS Analytics Sizer tool.
To begin, select your cluster types and intended apps in the tool. Next, input your specific configuration details, and then click Calculate.
The results will display an overview of the expected resource usage, drawing data from the latest available version of ITRS Analytics.
Setup your system for embedded cluster installation Copied
Follow the instructions below to ensure that your system is properly configured and fully ready for the installation process for Embedded Cluster.
System requirements summary Copied
| Requirement | Details |
|---|---|
| Operating system | Linux |
| Architecture | x86-64 |
| Init system | systemd |
| Memory | Refer to the Resources and hardware requirements |
| CPU cores | Refer to the Resources and hardware requirements |
| Disk write latency | Ensure the disk’s P99 write latency does not exceed 10 ms to support For detailed information on disk write latency requirements for |
| Data directory space | At least 40Gi of total space and should not exceed 80% usage For air-gapped, data storage should have at least three times the size of the airgap bundle and should not exceed 80% usage |
| Default data directory | By default, the data directory is set to /var/lib/embedded-cluster |
| Custom data directory | Use the --data-dir flag with the Embedded Cluster install command to change the default directory |
Directories created by Embedded Cluster Copied
The cluster and its components will automatically create files and directories in the following paths:
Directories and paths
- /etc/cni
- /etc/k0s
- /opt/cni
- /opt/containerd
- /run/calico
- /run/containerd
- /run/k0s
- /sys/fs/cgroup/kubepods
- /sys/fs/cgroup/system.slice/containerd.service
- /sys/fs/cgroup/system.slice/k0scontroller.service
- /usr/libexec/k0s
- /var/lib/calico
- /var/lib/cni
- /var/lib/containers
- /var/lib/kubelet
- /var/log/calico
- /var/log/containers
- /var/log/embedded-cluster
- /var/log/pods
- /usr/local/bin/k0s
Network access for online installations Copied
If you’re installing Embedded Cluster with an internet connection, make sure your system can connect to these websites or a custom domain provided by your company:
replicated.app— for the range of IP address, see IP list.proxy.replicated.com— for the range of IP address, see IP list.- Port 443 (TCP protocol with HTTPS service)
k0s compatibility Copied
Embedded Cluster is built on k0s, so it inherits all k0s system requirements and external runtime dependencies.
Data directory Copied
The data directory is a necessary component of the ITRS Analytics application, containing both application data and logs. The allocated disk space for this directory must correspond to the t-shirt size chosen during deployment (for example, small, medium, large). For more information, see Resources and hardware requirements.
Default data directory Copied
By default, the data directory is set to /var/lib/embedded-cluster. If the default is used, ITRS Analytics will share disk space to other non-ITRS applications using the /var/lib/ or /var partition.
Custom data directory Copied
To configure a custom data directory path during installation, use the --data-dir flag with the Embedded Cluster installation command.
Notes and limitations Copied
The following constraints apply when using or configuring the data directory:
- You cannot change the data directory of the Embedded Cluster after installation.
- In multi-node setups, all nodes must use the same data directory specified during the initial installation. A different data directory cannot be selected when joining additional nodes to the cluster using the Embedded Cluster
joincommand. - If you specify a different data directory during installation using the
--data-dirflag, you must use the same directory path when performing a disaster recovery restore. - Symlinks are not supported for the Embedded Cluster data directory.
Port requirements Copied
Correct port configuration is important for the operation of Embedded Cluster. These ports need to be accessible for both single-node and multi-node installations.
Ports for local processes Copied
These ports must be accessible to local processes on the same node. No firewall rules are required.
| Port | Protocol | Service |
|---|---|---|
| 2379 | TCP | etcd |
| 7443 | TCP | Kubernetes Metrics Server |
| 9099 | TCP | |
| 10248 | TCP | |
| 10257 | TCP | Kubernetes controller manager |
| 10259 | TCP | Kubernetes scheduler |
Ports for inter-node communication Copied
The ports listed below are used for two-way communication between nodes.
- In multi-node setups, you must open these ports in the firewall to allow traffic between nodes.
- In single-node setups, these ports must still be available, even though no inter-node communication occurs.
| Port | Protocol | Service |
|---|---|---|
| 2380 | TCP | etcd peer |
| 4789 | UDP | VXLAN |
| 6443 | TCP | Kubernetes API Server |
| 9091 | TCP | |
| 9443 | TCP | |
| 10249 | TCP | kube-proxy metrics |
| 10250 | TCP | |
| 10256 | TCP | kube-proxy health check |
Additional services Copied
| Port | Protocol | Service |
|---|---|---|
| 53 | UDP/TCP | DNS resolution |
| 9333 | TCP | SeaweedFS (HA mode) |
Port for Admin Console Copied
| Port | Protocol |
|---|---|
| 30000 | TCP |
Open port 30000/TCP in the firewall to allow end users to access the Admin Console. This port must also be reachable by any nodes joining the cluster.
If port 30000 is already in use, you can specify a different port during installation by running the --admin-console-port flag with the Embedded Cluster install command. For example:
sudo ./itrs-analytics install --license license.yaml --admin-console-port=20000
Port for Local Artifact Mirror (LAM) Copied
| Port | Protocol |
|---|---|
| 50000 | TCP |
If port 50000 is already in use, you can choose a different port for the LAM during installation by running the --local-artifact-mirror-port flag with the Embedded Cluster install command. For example:
sudo ./itrs-analytics install --license license.yaml --local-artifact-mirror-port=40000
Summary of setup and requirements Copied
Ensure your system meets the hardware, OS, and disk performance specifications.
Set up directories, confirm system services (like systemd), and verify available disk space.
Consider important aspects of the data directory, including storage capacity and supported configurations.
Configure firewall rules or verify port availability for local and inter-node communication.
Make sure the system can reach necessary external domains like replicated.app.
Go through a final check to verify readiness for installation.
Execute the install command with optional flags for data directories and custom ports.
Install ITRS Analytics Copied
This section walks you through the installation process for ITRS Analytics. You will download the software, perform pre-flight checks to verify system readiness, run the installer, and then configure ITRS Analytics through the Admin Console.
Download the software Copied
Request the download link from Support or your Account Managers. The link will depend on your identified deployment option.
Perform the pre-flight checks Copied
-
Run this command to perform preflight checks. This step helps verify that your system and cluster meet the necessary requirements before proceeding with the installation.
sudo ./itrs-analytics install run-preflights --license license.yaml --airgap-bundle itrs-analytics.airgap
For detailed information on the pre-flight checks, refer to Additonal preflight checks before embedded cluster installation.
Run the installer Copied
-
Install ITRS Analytics with the
--airgap-bundleflag. For example:sudo ./itrs-analytics install --license license.yaml --airgap-bundle ./itrs-analytics.airgap -
Once the installation is finished, go to the URL from the installation output to access the Admin Console. If you see a security warning in the browser, click Advanced and proceed to the URL.
Configure ITRS Analytics in Admin Console Copied
After installation, you need to configure ITRS Analytics through the Admin Console. This process involves securing the Admin Console with certificates, optionally configuring cluster nodes, setting up ITRS Analytics with your preferred apps and settings, and then deploying the platform.
Secure the Admin Console Copied
-
When prompted, choose whether to use a self-signed certificate or your own custom certificate. If you choose to upload your own, you will need to provide a PEM file and a corresponding private TLS key.
-
Optionally, supply a hostname for accessing the ITRS Analytics UI. Click Continue.
-
Log in to the Admin Console using the password you set in the command output during installation.
Tip
For a visual walkthrough of the configuration process, please watch the demo. If you prefer, you can follow the detailed instructions below.
Configure the cluster (optional) Copied
- On the Nodes screen, optionally add nodes before deploying ITRS Anaytics and then click Continue. To create a multi-node cluster with Embedded Cluster, see Multi-node clusters with Embedded Cluster air-gapped.
Configure ITRS Analytics Copied
Prerequisites Copied
-
On the Configure ITRS Analytics screen, set your options and then click Continue.
-
On the Prerequisites section, verify that the required packages have been installed.
Cluster Settings Copied
- On the Cluster Settings section, select the appropriate cluster size based on your needs. For more information, see Sizing guidelines.
Host names Copied
-
On the Host names section, specify the paths to the apps and ingestion host names you will use.
Note
Starting in ITRS Analytics version 2.12.0+2, you are required to enter a fully qualified domain name (FQDN) for both the Apps external host name and Ingestion external host name where the application will be accessible.
ITRS Analytics Apps Copied
-
Navigate to the ITRS Analytics Apps section, where you’ll find all required and optional production apps, as well as beta apps. From this list, select the apps you want to install.
Note
Starting with ITRS Analytics version 2.12.0+6, the option to select between production and beta apps or only production apps during setup up has been removed. For more details, see Changes to App Installation Type selection.The following apps are listed as Required Apps in the KOTS Admin Console.
Required apps Description Web Console ITRS Analytics Web Console lets you easily track critical monitoring data of your always-on enterprise from a web browser. Query Service ITRS Analytics Query Service app provides a materialized view of the objects for entities stored in the ITRS Analytics Platform. It also exposes additional query capabilities that are not directly supported by the ITRS Analytics Platform. Entity Viewer ITRS Analytics Entity Viewer app provides a web-based interface for real-time monitoring, investigation, and analysis of entities tracked in ITRS Analytics. Commands ITRS Analytics Commands app enables additional command functions in the Entity Viewer app. Public API ITRS Analytics Public API provides a publicly accessible REST API to interact with the ITRS Analytics Platform. The Optional Apps section includes recommended apps, as well as other apps you can install depending on your business requirements.
Beta apps are pre-release versions that are still in development and testing. They may offer new features that are not yet fully validated, which can introduce operational risks. Use beta apps only in non-production environments to avoid impacting business operations.
Credentials Copied
- The Credentials section contains default login information for different user and admin levels, intended for informational purposes.
Storage Settings Copied
- On the Storage Settings section, click a checkbox to display configuration options. Note that modifying these settings may require advanced configuration to adjust correctly. When configuring storage classes, make sure that upgrades are supported, since these are performed independently from ITRS Analytics installation.
Advanced Settings Copied
-
On the Advanced Settings section, select Show Advanced Configuration to view advanced configuration options.
-
Under Uptrends Configuration, you can toggle Enable RUM to activate the Uptrends Real User Monitoring (RUM) integration for ITRS Analytics.
Note
You can integrate Uptrends’ Real User Monitoring (RUM) with ITRS Analytics to gain detailed insights into how users interact with the platform in real-world conditions. You can monitor key pages and apps, such as Entity Viewer and Dynamic Thresholds, to better understand user experience, performance, and potential issues.
To get started with Uptrends RUM, follow the Uptrends documentation, and use this guide to find the Site ID (SID).
Enabling this option displays the RUM SID field, where you must enter the SID or Site ID to complete the monitoring setup.
-
Under Service Mesh, select to install
trust-managerfor Linkerd integration (only available iflinkerdinstallation is enabled). -
Under TLS Certificates, you can choose between using self-signed certificates or deploying your own custom, non-self-signed certificates. If linkerd is enabled, select Linkerd: custom linkerd certificates to use custom Linkerd certificates. You will need to provide a PEM file and a corresponding private TLS key.
-
To use custom ITRS Analytics certificates, select ITRS Analytics: custom certificates. You will need to provide a PEM file and a corresponding private TLS key.
-
Under Ingress Annotations, you must specify custom annotations for ingress resources. The required annotations will vary depending on the ingress controller installed. For example, if you’re using the default
ingress-nginxcontroller, standard annotations apply. However, if you install or use a different ingress controller, you must provide the corresponding annotations specific to that controller. -
Under Preflight and Support Bundle Settings, select to enable Run Disk I/O Performance Test or Include Disk I/O Test for Support Bundle.
-
Under Backup and Restore, select Enable IAX backup and restore to activate backup and restore support for ITRS Analytics using Velero.
-
Under Timescale Workload Scheduling, enable Enforce Timescale Node Selector to ensure Timescale workloads run only on nodes matching the defined selector. This option is enabled by default, and disabling it may result in performance or stability issues.
-
Under Helm Install/Upgrade Options, you can configure the ITRS Analytics Helm Chart Timeout setting to be used during installation or upgrade operations.
-
In the Helm Chart Values Override (formerly Parameters Override), input your desired configuration values to override the default Helm chart settings and then save your configuration.
-
Click Continue to proceed to the next configuration section.
Validate the environment & deploy ITRS Analytics Copied
- Once you have verified that your environment has met the prerequisites during the preflight checks, click Deploy. Once the status of all resources are confirmed ready, the install is completed.
Post Installation Copied
Upload the ITRS Analytics user license Copied
After installation, you must upload your ITRS Analytics user license to activate the platform. While ITRS Analytics comes with a bootstrap license that allows you to use the platform for five days, you need to upload the requested ITRS Analytics license file to continue using the platform beyond this period.
For detailed instructions on uploading the license through the Web Console, see Upload the ITRS Analytics license.
Note
When the license expires, data ingestion will continue but ITRS Analytics will stop serving data.
Check the Roles in IAM app Copied
After uploading the license file to the Web Console, verify the roles configured in the IAM app, particularly the user role and its associated permissions. By default, the user role is granted full read access to all entities, which may need to be restricted in production environments.
For comprehensive information about managing roles and permissions in the IAM app, see Identity and Access Management (IAM) app.
Connect to a Geneos Gateway Copied
After installing and configuring ITRS Analytics, you need to connect your Geneos Gateway to the platform. This enables Gateways and Netprobes to publish monitoring data to ITRS Analytics, allowing you to store and analyze metrics, logs, and events.
For comprehensive information about connecting Geneos to ITRS Analytics, see Connect Geneos to ITRS Analytics.
Configure ITRS Analytics Connection in the Gateway Setup Editor Copied
To start publishing data from Gateway to ITRS Analytics, you must configure the ITRS Analytics Connection in the Gateway Setup Editor (GSE).
The ITRS Analytics Connection section of the GSE provides the following options:
| Setting | Description | Default |
|---|---|---|
| Enabled | Enables or disables publishing to ITRS Analytics. | Enabled |
| Mode | Specify the publishing mode, choose from:
|
connection |
If the Mode is set to connection, then you can set up:
- Publishing — configure publishing from this Gateway to ITRS Analytics.
- Data Access — allow an Active Console connected to this Gateway to access ITRS Analytics data.
| Section | Setting | Description |
|---|---|---|
| Connection | Verify server certificate | Enables or disables the server certificate verification. This setting is applied in both the connection for publishing data to ITRS Analytics and for accessing data from ITRS Analytics. If this parameter is set to Default: True
|
| Connection | Root certificates | Specify the root CA certificate used to sign the certificates for both ingestion service and data access. You can provide:
|
| Connection > Publishing | Service address | Specify the ITRS Analytics ingestion service hostname with the http:// prefix. For example: https://ingestion.my-iax.com.
|
| Connection > Publishing | Credentials | Specify the ITRS Analytics user credentials to access the ITRS Analytics ingestion service. An ingestion user must be created via Keycloak. |
| Connection > Publishing | Proxy | Specify the Publishing proxy settings. |
| Connection > Data access | Service address | Specify the ITRS Analytics Web Console hostname. For example: https://my-iax.com. |
| Connection > Data access | Credentials | Specify the ITRS Analytics user credentials to access data from ITRS Analytics. A data access user must be created via Keycloak. This user must be mapped to a user role and added to a user group. |
| Connection > Data access | Realm | Specify the realm name for connecting to ITRS Analytics. ITRS Analytics uses the obcerv realm by default. Use the default value unless your organization has configured a custom realm name.
|
| Connection > Data access | Proxy | Specify the Data access proxy settings. |
Set the Mode to statisticsOnly to enable ITRS Analytics statistics. Statistics are recorded to the self-monitoring dataviews and to the Gateway log file.
Refer to the basic configuration on ITRS Analytics Connection for detailed information.
Configure Geneos commands Copied
To enable Gateway commands to work with ITRS Analytics, you must configure the Authentication section in the GSE. This allows users in ITRS Analytics to execute commands through the Entity Viewer app.
To configure the Geneos commands:
-
Navigate to the Authentication section of the GSE.
-
Create a Role that has permissions to execute all available commands.
-
Add the user role created in ITRS Analytics in the Role properties setting.
Note
- The user role created in ITRS Analytics can be added to an existing Gateway role that has permissions to execute commands.
- The example above gives ITRS Analytics access to all available Gateway commands. You can limit this access to specific Gateway commands by configuring Role > Permissions > Options > Command. See Command permissions - Gateway Authentication Technical Reference.
For comprehensive information about configuring Geneos commands and data for ITRS Analytics, see Configure Geneos commands and data for ITRS Analytics.