A Minion is an instance of the Karaf OSGi runtime that enables Meridian to monitor devices and services in locations that it otherwise cannot reach. Minions communicate with these remote devices while Meridian performs coordination and task delegation. Minions can operate behind a firewall and network address translation (NAT), as long as they can communicate with Meridian via an ActiveMQ or Apache Kafka message broker.

The CAP_NET_RAW and CAP_NET_BIND_SERVICE capabilities are assigned out of the box, letting you bind Minions to privileged ports (less than 1024).

Minions provide the following benefits:

  • No need to set up and maintain a large set of firewall rules for multiple management protocols.

  • Avoid the difficulty of communicating with managed devices over unreliable networks, using UDP-based management protocols.

  • Enable monitoring of nodes with overlapping IPv4 address ranges at different locations.

  • Simplify network communication to the message broker.

How it works

A Minion monitors all managed nodes and IP services in the same location (for example, "Pittsboro office, building-3"). The Minion communicates with the message broker, which in turn communicates with the core Meridian instance.

Network diagram displaying an example Meridian instance with three Minions, each in a different location
Figure 1. Example Meridian instance with three Minions in different locations

By default, every node provisioned in Meridian is created in the default location. The Meridian core instance handles all nodes and services in the default location. To enable the Minion to handle all the nodes and services in a remote location, you define a location (for example, "Pittsboro office, building-3") in your core server, and configure the location property on the Minion to match. The Minion registers itself to the Meridian instance on start-up.

Meridian’s provisioning system lets you associate nodes with any location. Meridian delegates monitoring requests for nodes in a specified location to the Minions that are configured for that location, using the Minion as a proxy.

Network diagram displaying the communication channels between Meridian and a Minion
Figure 2. Minion communication with Meridian

By default, the Meridian instance automatically provisions the Minion as a node and monitors it with the Minion-Heartbeat and JMX-Minion services. The Minion sends heartbeat messages to show that it is functioning properly in the defined location, and provides metrics about its own performance.

The specific management protocol messages (for example, SNMP, ICMP) transit a message broker for execution by a Minion. The Minion forwards the responses via the same message broker to the central Meridian instance, which processes them accordingly.

A Minion proxy scenario supports the following monitoring capabilities:

  • Receive Syslog messages and SNMP traps, and forward them through the message broker to a central Meridian instance.

  • Act as a proxy for performance data collection.

  • Act as a proxy for service monitors to test availability and measure response times from applications.

  • Receive streaming telemetry and flow export messages, and forward them through the message broker for persistence by a Sentinel instance.