Community

Network topology and distributed monitoring

April 24, 2017

Network topology and distributed monitoring

This post is also available in: Spanish

network topology featured

Introduction to network topology

This time we’re dedicating an article to distributed monitoring, and we’re going to talk about the many possibilities Pandora FMS offers in the area of distributed environments and diverse network topology.

So what is a distributed environment? It refers to networks that are not centralized in one geographic location, such as those formed by local office branches of a national or international company.

Most companies’ IT infrastructure is now split between physical hardware in the office, plus the attendant OSs and apps, and another part that is in the Cloud or outsourced.

This inevitably gives rise to very distinct network topologies in which not all the IT resources are under the same roof. That’s why Pandora FMS offers different features and functions in order to cover these kinds of networks.

First let’s take a quick look at the two basic kinds of monitoring and then how to adapt them to the kind of decentralized monitoring Pandora FMS offers.

Basic monitoring

Applicable to both centralized and distributed monitoring.

Remote monitoring

The first category of monitoring consists of launching checks across a network to collect data on hardware, software, latency, availability and so on. These checks are carried out via standard network protocols such as ICMP, SNMP, TCP/UDP, HTTP, etc. They are usually launched from a central monitoring server that initiates the checks and are intended to give immediate feedback.

network topology

Typical remote monitoring checks are:

  • Hardware checks (Host Alive)
  • Communications latency (Host Latency)
  • Monitoring a port to check that a service is online (HTTP port 80)
  • Network traffic (SNMP)
  • Web site monitoring

Agent monitoring

A small piece of software is installed which collects data on the OS. This kind of monitoring allows data to be harvested from deeper layers, to monitor apps from “inside” the server.

Communication is almost always initiated by the agent, but can also be done so by the server itself. Data collected by Pandora FMS agents is sent in XML packets.

network topology

Typical data collected by agents concern:

  • CPU and memory use
  • Hard drive capacity
  • Active processes
  • Online/active services
  • Internal application monitoring

Distributed monitoring

How to apply these two kinds of monitoring to distributed network topology using Pandora FMS.

Agent remote checks – broker mode

Let’s say you’re monitoring a Windows machine with agent software installed, and a few basic monitoring checks running. There’s also a router you want to monitor that provides the external connection for the Windows device. But, from Pandora FMS it’s not possible to reach this sub-network, and logically, it’s impossible for the server to execute remote checks.

Since the Windows hardware is connected directly to the router, you can use the agent’s broker mode to monitor the remote router and send the data to Pandora FMS as if it were a separate agent.

network topology

Technical operation

A software agent carries out remote checks rather than the server.

The software agent uses the available network protocols to perform the remote checks. Once the information has been collected from the remote system the agent-broker sends it to the Pandora FMS server.

network topology

Monitoring remote networks with proxy agents – proxy mode

A different network topology problem; you want to monitor a complete sub-network composed of various machines. Unfortunately, your Pandora FMS server is located in a different segment of the network, without access to the unmonitored sub-network. This time the software agents are installed on the machines, in which case the broker agent solution is unworkable and you need to use proxy-agent mode. This gives you a point of contact between the Pandora FMS server and the sub-network, where software agents can be installed without any problem. These agents send XML packets to the proxy agent that in turn sends them in the same format to the Pandora FMS central server agents.

Technical operation

First, a word about Tentacle. This is a proprietary communications protocol used by Pandora FMS to transfer data files between agent and server, with various work modes, one of which is proxy mode.

Software agents can use Tentacle’s proxy mode to function as proxies for other agents. In this mode, a software agent receives the XML packets from other agents and resends them to the Pandora FMS central server. Note the operational difference between proxy mode and broker mode; the former allows data packets from other software agents to be resent, whereas broker mode doesn’t, as in the latter mode there are no agents installed on the remote network.

network topology

This is useful if you have a network from which only one server can communicate with the Pandora FMS server. The agents installed on machines without access to the server will send their XML files to the proxy agent, which in turn sends them to the server.

Multi-server distributed monitoring

This time you want to monitor your HQ’s IT landscape. Enabling communications is simple, as you’re dealing with an internal corporate network, inaccessible from outside. However, the amount of hardware to monitor means that with just a single Pandora FMS server performance will suffer.

In this case the solution is to install various Pandora FMS servers in parallel, connected to the same database and capable of working independently. On one hand, the workload is divided among various servers, each of which takes care of a different office sub-network, and on the other, it permits easy viewing of the data from a single control point, as only one database is used.

Technical operation

Pandora FMS installation comprises three basic components: console, server and database.

If there are various Pandora FMS servers in a single installation it’s important to know whether all of them are connected to the same database. These kinds of installations are generally used when the number of devices is too high for a single server to handle, or if there’s an option to enable database communication from other sub-networks. Installing additional servers can also be an alternative to proxy mode.

network topology

The above schematic shows a total of three Pandora FMS servers, two of which are monitoring a single network, dividing the load, and a third monitors another network. All three are connected to a single database.

The user can access all the information from the console, without being preoccupied by the workings of the three servers.

Distributed delegated monitoring – Export server

Various clients use our monitoring services, meaning that there will be an independent Pandora FMS installation in each of their offices. In our head office we also install a Pandora FMS server and enable the export server. This lets us observe on our own console all information proceeding from our clients’ infrastructure.

This exact copy of our clients’ monitoring allows us to establish our own alerts, thresholds and events. This allows us to work in tandem and anticipate possible problems and issues on our clients’ behalf.

Technical operation

This configuration permits us to run various databases, as well as their corresponding servers and consoles. Each installation with its own database is one instance, and it handles monitoring and data storage of different environments.

One situation where it can be used is in monitoring various clients’ networks, each one with a distinct database containing different information.

network topology

Remote network monitoring with local and network checks – Satellite server

Imagine you need to bring an external DMZ type network topology under monitoring oversight, using both remote checks and software agents. In this case it’s not possible to use an additional Pandora FMS server, as we’re talking about a network from which direct communication to our database can’t be initiated. Furthermore, agent broker and proxy mode are unviable, so it’s time for the satellite server.

Install the satellite server in the DMZ, where it will handle not only remote checks but also be monitored by agents, sending all the data to the Pandora FMS server in the corporate network.

Technical operation

A fast-evolving function, satellite server can be installed on a network and independently execute remote checks and redirect XML files from other proxy agents.

network topology

Unlike a regular server installation, the satellite server doesn’t need a direct database connection. It sends all collected information to the central Pandora FMS server via Tentacle. This makes it one of the best options for deploying monitoring on networks that a Pandora FMS server can’t reach, allowing as it does, to perform in proxy mode and also launch remote checks by itself. It also includes specific functions for carrying out remote checks, making it a better option for remote monitoring than agent broker mode.

Monitoring isolated restricted networks

An organization has two datacenters, one in Europe and the other in Asia. Both environments are secure and restricted, but, given the increasing prevalence of cyber attacks and the sensitive nature of the data in use by Pandora FMS, there can be no direct communication between the European and Asian offices. In this case, enable the sync server in the European Pandora FMS installation and install a satellite server and various agents to monitor the Asian datacenter, where the satellite listens and waits for a connection from outside the network.

network topology

Communications are initiated by the sync server Europe-side, without allowing any connection from the Asian datacenter, where there is a complete system installed comprising satellite server and tentacle in listening mode.

Technical operation

One of the new functions of Pandora FMS version 7.0 “Next Generation”, for use on isolated and restricted networks from which it is not possible to initiate outside-network communications.

The Pandora FMS server itself initiates communications with the isolated environment, allowing agent-based monitoring or remote monitoring, combining the functions of the sync server with satellite, proxy or broker.
The Pandora FMS server in sync server mode will initiate communication with the isolated environment where there is a Tentacle server installed in listen mode.

network topology


    Written by:



    2 comments
    1. Jimmy Olano

      This is one of the best articles in this blog: quick summary about Pandora FMS and very simple explication and graphical too; congratulations!

      • Carla Andres

        Thanks Jimmy!

    Leave a comment

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.