Minion

A Minion is an instance of the Karaf OSGi runtime that enables Horizon to monitor devices and services in locations that it otherwise cannot reach. Minions communicate with these remote devices while Horizon performs coordination and task delegation. Minions can operate behind a firewall and network address translation (NAT), as long as they can communicate with Horizon via an ActiveMQ or Apache Kafka message broker.

The CAP_NET_RAW and CAP_NET_BIND_SERVICE capabilities are assigned out of the box, letting you bind Minions to privileged ports (less than 1024).

Minions provide the following benefits:

  • No need to set up and maintain a large set of firewall rules for multiple management protocols.

  • Avoid the difficulty of communicating with managed devices over unreliable networks, using UDP-based management protocols.

  • Enable monitoring of nodes with overlapping IPv4 address ranges at different locations.

  • Simplify network communication to the message broker.

How it works

A Minion monitors all managed nodes and IP services in the same location (for example, "Pittsboro office, building-3"). The Minion communicates with the message broker, which in turn communicates with the core Horizon instance.

Network diagram displaying an example Horizon instance with three Minions, each in a different location
Figure 1. Example Horizon instance with three Minions in different locations

By default, every node provisioned in Horizon is created in the default location. The Horizon core instance handles all nodes and services in the default location. To enable the Minion to handle all the nodes and services in a remote location, you define a location (for example, "Pittsboro office, building-3") in your core server, and configure the location property on the Minion to match. The Minion registers itself to the Horizon instance on start-up.

Horizon’s provisioning system lets you associate nodes with any location. Horizon delegates monitoring requests for nodes in a specified location to the Minions that are configured for that location, using the Minion as a proxy.

Network diagram displaying the communication channels between Horizon and a Minion
Figure 2. Minion communication with Horizon

By default, the Horizon instance automatically provisions the Minion as a node and monitors it with the Minion-Heartbeat and JMX-Minion services. The Minion sends heartbeat messages to show that it is functioning properly in the defined location, and provides metrics about its own performance.

The specific management protocol messages (for example, SNMP, ICMP) transit a message broker for execution by a Minion. The Minion forwards the responses via the same message broker to the central Horizon instance, which processes them accordingly.

A Minion proxy scenario supports the following monitoring capabilities:

  • Receive Syslog messages and SNMP traps, and forward them through the message broker to a central Horizon instance.

  • Act as a proxy for performance data collection.

  • Act as a proxy for service monitors to test availability and measure response times from applications.

  • Receive streaming telemetry and flow export messages, and forward them through the message broker for persistence by a Sentinel instance.