Skyline Techtalk.
More info about Skyline here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Slides are attached
Selected Q&A is listed below the video.
Does Skyline cost anything?
No, it's free of charge.
What solutions are supported?
Quantum Security Gateways and Quantum Security Management. This includes VSX, Multi-Domain, and Maestro. Data may vary according to the precise configuration. Quantum Spark appliances are not supported at the moment, but we are planning to do so in the future,
Does OpenTelemetry work with other vendors products?
OpenTelemetry is an open source protocol. While we can only answer regarding our specific implementation, it is generally used in the market and integrates with various products.
Have the performance impact been determined?
It is fairly minimal. We currently don't recommend using on VSX gateways with more than 10 VS as each VS currently runs its own daemon.
Will Skyline be integrated into Gaia?
Yes, it will be integrated into the latest JHF for R80.40 and above when the solution is GA. You will not need to explicitly install it as is required now during EA.
Are there any plans to create a container for this, so we can run it on Docker or kubernetes?
It is possible to install Prometheus and Grafana into a container. We don't provide one, though.
How is it different from SmartEvent?
SmartEvent is more related to Security statistics like logs. We are aiming more for device health statistics.
How much bandwidth is required?
Every 15 seconds, we send a burst of data from the gateway that is approximately 2mb.
Can we use Influx or Elastick Stack instead of Prometheus?
Check Point felt Prometheus suited the use case best and is what we officially support. You can change the OpenTelemetry settings to use Influx or another compatible solution, if you prefer.
Can we have logging rate and log indexing performance graphs for each CMA in Multi-Domain and Multi-Domain Log servers?
Logs metrics are currently not integrated to Skyline, we are planning to expand the exposed data as part of our roadmap.
Can we push data via OpenTelemetry at a different interval than 15 seconds?
Not currently.
Can this solution be run in the Infinity Portal?
Currently, no, but it is planned for the future.
When can we expect skyline to support all the metrics that are supported today via SNMP?
If you have requirements for specific rmetrics, please communicate those with us. We are adding metrics based on customer feedback.
Can this be implemented as an MSSP for multiple customers?
Yes
Are Maestro MHOs supported as well as Maestro Gateways?
Yes, and individual SGMs can be monitored as well.
Will it also have some finished templates dashboards?
We will have some pre-defined templates available in the Skyline sk.
This really seems like a great addition/upgrade to SmartView. Is the intent to make this it's own product?
This is independent from SmartEvent and leverages third party products (Grafana, Prometheus) that can be used for similar purposes on other vendors devices that can export via OpenTelemetry. This is expected to be something we offer via Infinity Portal in the future.
Can we have utilization of each interface? Top 10 interfaces?
Yes, the data is there, and you can customize your views and dashboard any way you like.
Should I expect to see a higher CPU and memory count for this data or is the grunt of the processing taking place off box via the Prometheus and/or Graphana services ?
The heavy lifting is done on the Prometheus/Grafana servers.
Are there any plans to add data regarding hardware status for physical appliances (such as PSU, fans, and so on)?
Yes
I think I saw ability to set up alerting?
Alerting can be set up in Grafana.
Do we have any plan to integrate this to Check Point Pro Support dashboard?
Yes, this is in the roadmap.
Do the monitored gateways need to be managed by a particular management station?
No, but the gateways do need to be a supported version (R80.40 and above)
Can this be integrated with ticketing tools like ServiceNow to generate tickets?
Can be done, yes, but the integration takes place with Grafana.
Is it possible to obtain additional information from the Harmony Endpoint Management server using Skyline e.g. about endpoints?
In the initial phase, we are focusing on Quantum products. We do plan to add OpenTelemetry support for various products in other product pillars.
Do you think there will be a future plan to integrate the Skyline/Prometheus/Grafana packages as a part of the major firmware/ISO release? For example, when installing/deploying a management server, would Skyline ever be bundled inside that image?
Skyline will be integrated into releases and JHFs starting from R80.40. There is currently no plan to include Grafana and/or Prometheus within the Gaia images, but will consider it based on feedback.
What happens if there is a connectivity issue between the gateways and the Prometheus server?
Currently, only live data is sent. If there is a connectivity issue, the data from that time period will be lost. However, once the connectivity issue is resolved, devices should resume sending data.
How does this compare to something like Indeni?
There is a very small overlap. We are focusing on providing the telemetry versus proactive monitoring.
Can we utilize the managed Prometheus and Grafana services in AWS?
While it hasn't been tested, we are not aware of any reason why you can't.
Is SkyLine monitor all critical process for mds/SMS ?
Not currently, but it is planned.
Can you send OpenTelemetry data to multiple Prometheus servers for redundancy?
Yes
Does this support counters from VPN or remote access like number of tunnels, number of connected users, and other data the SNMP provides today?
Not currently, but it is on the roadmap.
Spike Detection is already in the gateways it self, even the core dumps for example. Is it possible to send that kind of information to Skyline?
At the moment, no, but it is a use case we are looking at.
Is Skyline available for Quantum Spark (SMB) appliances?
Not at this point, but we are working on that already, and we expect to add Skyline capabilities to Spart in the upcoming months.
We have been using Grafana feed with SNMP data for quite some time now. Great to see the usage of Telemetry as an alternative. Is there a forum that shares Dashboards etc? Would be great to share what people have come up with to date.
We will include these shared dashboards on CheckMates Toolbox as they are contributed to the community.
Will this solution be updated dynamically by the autoupdater utility?
Yes.