Multiple customers
Toussaint OTTAVI
t.ottavi at medi.fr
Mon Dec 22 11:04:15 CET 2008
Ronaldo A. Bueno Filho a écrit:
> Is there some way to differentiate those customers? I thought in NAT, but
> when configuring the hosts in the Nagios cfg files, I have to use the public
> IP (NAT), right? Is there some way to use the real IP address? I thought in
> DNS to solve this. What is the suggestions?
>
Hi,
As said before, this is not a Nagios problem, it's a network problem.
You will have the same issue if you want to do any other administrative
tasks on these machines, such as ssh, FTP, VNC, Citrix sessions, etc.
Using public IP is not a direct solution. Small businesses usually use a
private, internal network in 10.x.x.x, with different subnets for every
location, etc... Only a few public IP are available, for communication
with the "outside" world (web servers, smtp, etc...). These public IP
are usually protected by firewalls.
Hence, the first question to ask is : how will you get into the private
customer's network ?
It is nor advisable to open ports directly on the public IP addresses,
because the machines you want to monitor may not be located in DMZ, but
may be production servers on the customer'sLAN. Then, you will probably
have to build a VPN tunnel between your network and the customer's
network. In such a situation, if you have two customers using the same
IP range, you can configure NAT on your VPN gateway, so that the two
customers appear with two separate IP address ranges :
Example :
Your LAN network : 10.0.0.0/16. You decide customer's networks, seen by
you, will use 10.n.0.0/16, where n is the customer id.
- Customer 1 LAN : 10.1.0.0/16. Do not use NAT.
- Customer 2 LAN : 10.1.0.0/16. Use NAT to remap this range to 10.2.0.0/16
...
- Customer 17, using custom range of 40.22.0.0/16. Use NAT to remap this
range to 10.17.0.0/16
This allows fery flexible management from your side. And this does not
require any intrusive change on the customer's network (which may not be
allowed). We've been using this scheme for years, for general
administration and service purposes. We have a central VPN gateway
here. We build standard IPSEC tunnels with customers who already have
VPN gateways. And for small customers who don't already have VPN, we
install a small appliance which builds a tunnel with us.
Hope this helps. Kind regards,
--
*Toussaint OTTAVI*
*MEDI INFORMATIQUE*
*Mail:* t.ottavi at medi.fr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20081222/a49f4e8b/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list