Multiple customers

Toussaint OTTAVI t.ottavi at medi.fr
Mon Dec 22 11:04:15 CET 2008


Ronaldo A. Bueno Filho a écrit:
> Is there some way to differentiate those customers? I thought in NAT, but
> when configuring the hosts in the Nagios cfg files, I have to use the public
> IP (NAT), right? Is there some way to use the real IP address? I thought in
> DNS to solve this. What is the suggestions?
>   

Hi,

As said before, this is not a Nagios problem, it's a network problem. 
You will have the same issue if you want to do any other administrative 
tasks on these machines, such as ssh, FTP, VNC, Citrix sessions, etc.

Using public IP is not a direct solution. Small businesses usually use a 
private, internal network in 10.x.x.x, with different subnets for every 
location, etc... Only a few public IP are available, for communication 
with the "outside" world (web servers, smtp, etc...). These public IP 
are usually protected by firewalls.

Hence, the first question to ask is : how will you get into the private 
customer's network ?

It is nor advisable to open ports directly on the public IP addresses, 
because the machines you want to monitor may not be located in  DMZ, but 
may be production servers on the customer'sLAN. Then, you will probably 
have to build a VPN tunnel between your network and the customer's 
network. In such a situation, if you have two customers using the same 
IP range, you can configure NAT on your VPN gateway, so that the two 
customers appear with two separate IP address ranges :

Example :
Your LAN network : 10.0.0.0/16. You decide customer's networks, seen by 
you, will use 10.n.0.0/16, where n is the customer id.
- Customer 1 LAN : 10.1.0.0/16. Do not use NAT.
- Customer 2 LAN : 10.1.0.0/16. Use NAT to remap this range to 10.2.0.0/16
...
- Customer 17, using custom range of 40.22.0.0/16. Use NAT to remap this 
range to 10.17.0.0/16

This allows fery flexible management from your side. And this does not 
require any intrusive change on the customer's network (which may not be 
allowed). We've been using this scheme for years, for general 
administration and service purposes. We have a central VPN gateway 
here.  We build standard IPSEC tunnels with customers who already have 
VPN gateways. And for small customers who don't already have VPN, we 
install a small appliance which builds a tunnel with us.

Hope this helps. Kind regards,
-- 

*Toussaint OTTAVI*

*MEDI INFORMATIQUE*
*Mail:* t.ottavi at medi.fr

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20081222/a49f4e8b/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list