F5 Agility Template > Class4 - Introduction to NGINX Instance Manager > Module 3: Securing NGINX Instance Manager Source | Edit on
Exercise 3.0: NGINX Instance Manager Architecture¶
Understand how NGINX Instance Manager handles network traffic and communications. Learn different options for securing traffic externally and for agent and server communication.
NGINX Instance Manager (NIM) uses an agent and server communication path for
managing NGINX Instances. The
nginx-agent communicates with the
nginx-manager over gRPC (TCP 443).
NIM uses ClickHouse as an analytics time-series database. ClicHouse can be installed with NIM in the same server, or can be accessed in an external installation.
Various Automation and CI/CD pipelines can use the NIM API to perform various actions.
NIM offers options to feed data and metrics to external platforms like Prometheus and visualization tools like Grafana.
Navigate to the
nginx-manager instance as
ubuntu and use the home directory.
Use the SSH menu option to beceome the ubuntu user. If you use the web-shell it defaults to the root user. To follow best practice, please use the ubuntu user.
If prompted, select yes for trusting the ssh connection in your terminal.
NOTE: If you haven't added SSH keys to UDF - Use the WebShell
Step 2: Review the ports used¶
Let’s use netstat (you may need to install this on your own system) on the
instance. We will list all ports and the processes, then use grep to filter the list.
sudo netstat -tulpn | grep nginx
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 726/nginx: master p::
Nginx Instance Manager ingests data from the agents and exposes the UI via TCP 443.
For documentation see: https://docs.nginx.com/nginx-instance-manager/about/technical-specifications/
Nginx Instance Manager also uses ClickHouse as an analytics time-series database.
For documentation on ClickHouse see here: https://docs.nginx.com/nginx-instance-manager/admin-guide/configure-clickhouse/