Access as an application vendor from outside a firewall

Kevin Keane subscription at kkeane.com
Thu Apr 16 01:02:35 CEST 2009


I actually have a very similar problem, and wrote some software to solve 
it. I am a consultant, and want to proactively monitor my customer's 
systems for all kinds of performance problems. Like your situation, my 
monitoring requires access to private data that is not published outside 
the firewall.

What I did was write TNTMonitoring (for Windows) and a one-off script 
that does basically the same thing (for Linux). Check out 
http://www.tntmonitoring.com for more information on the Windows version.

It is an agent that installs on the server you want to monitor, runs the 
various checks, and then submits them via https (it also used to support 
SSH - if you prefer that, let me know, and I can easily put SSH support 
back in). These checks are always outbound, so you usually do not need 
to modify the firewall at all.

To Nagios, these checks are passive checks.

Now I have to caution you: if a client is reluctant to open their 
firewall, they probably would be just as reluctant to allow you to 
install software that sends internal data off site, no matter how secure 
I promise them that it would be.

The other option you have is to use an SSH tunnel to send active checks 
from your Nagios server. This will require that your client open the 
firewall for SSH, and that they set up an SSH daemon somewhere.

The existing VPN may also be an option if you can write a script that 
establishes the connection before running your checks.

Michael Arney wrote:
> I have been tasked by my company to compare system monitoring tools.  We are a small Java software development shop.  Our product runs on several servers (Windows or Unix) at each of our clients, and has a web front end, file system storage, and database (PostgreSQL, Oracle, or MS SQL Server).  We support our software remotely: the clients agree to provide VPN or Telnet access.  The VPN access may not be permanent (ie we may have to use a Cisco or Juniper vpn client each time we remote desktop to them).  At present we have fewer than 50 clients.  We want to monitor basic up/down and disk free type metrics, but also to issue a variety of custom queries against our database and application to check its status.
>
> So, my question is: How much network access would Nagios require for us to use it to monitor our application?  Our clients are sometimes reluctant to open their firewall to a vendor like us.  I'd like to know what's the minimum we need to ask of them so we can get good proactive monitoring of our installations.  Ideally we would not even need to ask for more than we have now, but that may not be realistic.  We have even toyed with the idea of buying a dual-NIC machine at each client to put inside their firewall just to communicate with our central monitoring server.  I don't know if that would help.
>
> We are currently evaluating Nagios.  But we are also looking into other products (OpenNMS, Zenoss, Hyperic).  So any comparisons with them in this regard would be helpful too.
>
> Thanks in advance,
> Mike
>   

-- 
Kevin Keane
Owner
The NetTech
Find the Uncommon: Expert Solutions for a Network You Never Have to Think About

Office: 866-642-7116
http://www.4nettech.com

This e-mail and attachments, if any, may contain confidential and/or proprietary information. Please be advised that the unauthorized use or disclosure of the information is strictly prohibited. The information herein is intended only for use by the intended recipient(s) named above. If you have received this transmission in error, please notify the sender immediately and permanently delete the e-mail and any copies, printouts or attachments thereof.


------------------------------------------------------------------------------
Stay on top of everything new and different, both inside and 
around Java (TM) technology - register by April 22, and save
$200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
300 plus technical and hands-on sessions. Register today. 
Use priority code J9JMT32. http://p.sf.net/sfu/p
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list