Network topology and distributed monitoring
This post is also available in : Spanish
Introduction to network topology
This time we’re dedicating an article to distributed monitoring, and we’re going to talk about the many possibilities Pandora FMS offers in the area of distributed environments and diverse network topology.
So what is a distributed environment? It refers to networks that are not centralized in one geographic location, such as those formed by local office branches of a national or international company.
Most companies’ IT infrastructure is now split between physical hardware in the office, plus the attendant OSs and apps, and another part that is in the Cloud or outsourced.
This inevitably gives rise to very distinct network topologies in which not all the IT resources are under the same roof. That’s why Pandora FMS offers different features and functions in order to cover these kinds of networks.
First let’s take a quick look at the two basic kinds of monitoring and then how to adapt them to the kind of decentralized monitoring Pandora FMS offers.
Applicable to both centralized and distributed monitoring.
The first category of monitoring consists of launching checks across a network to collect data on hardware, software, latency, availability and so on. These checks are carried out via standard network protocols such as ICMP, SNMP, TCP/UDP, HTTP, etc. They are usually launched from a central monitoring server that initiates the checks and are intended to give immediate feedback.
Typical remote monitoring checks are:
- Hardware checks (Host Alive)
- Communications latency (Host Latency)
- Monitoring a port to check that a service is online (HTTP port 80)
- Network traffic (SNMP)
- Web site monitoring
A small piece of software is installed which collects data on the OS. This kind of monitoring allows data to be harvested from deeper layers, to monitor apps from “inside” the server.
Communication is almost always initiated by the agent, but can also be done so by the server itself. Data collected by Pandora FMS agents is sent in XML packets.
Typical data collected by agents concern:
- CPU and memory use
- Hard drive capacity
- Active processes
- Online/active services
- Internal application monitoring
How to apply these two kinds of monitoring to distributed network topology using Pandora FMS.
Agent remote checks – broker mode
Let’s say you’re monitoring a Windows machine with agent software installed, and a few basic monitoring checks running. There’s also a router you want to monitor that provides the external connection for the Windows device. But, from Pandora FMS it’s not possible to reach this sub-network, and logically, it’s impossible for the server to execute remote checks.
Since the Windows hardware is connected directly to the router, you can use the agent’s broker mode to monitor the remote router and send the data to Pandora FMS as if it were a separate agent.
A software agent carries out remote checks rather than the server.
The software agent uses the available network protocols to perform the remote checks. Once the information has been collected from the remote system the agent-broker sends it to the Pandora FMS server.
Monitoring remote networks with proxy agents – proxy mode
A different network topology problem; you want to monitor a complete sub-network composed of various machines. Unfortunately, your Pandora FMS server is located in a different segment of the network, without access to the unmonitored sub-network. This time the software agents are installed on the machines, in which case the broker agent solution is unworkable and you need to use proxy-agent mode. This gives you a point of contact between the Pandora FMS server and the sub-network, where software agents can be installed without any problem. These agents send XML packets to the proxy agent that in turn sends them in the same format to the Pandora FMS central server agents.
First, a word about Tentacle. This is a proprietary communications protocol used by Pandora FMS to transfer data files between agent and server, with various work modes, one of which is proxy mode.
Software agents can use Tentacle’s proxy mode to function as proxies for other agents. In this mode, a software agent receives the XML packets from other agents and resends them to the Pandora FMS central server. Note the operational difference between proxy mode and broker mode; the former allows data packets from other software agents to be resent, whereas broker mode doesn’t, as in the latter mode there are no agents installed on the remote network.
This is useful if you have a network from which only one server can communicate with the Pandora FMS server. The agents installed on machines without access to the server will send their XML files to the proxy agent, which in turn sends them to the server.
Multi-server distributed monitoring
This time you want to monitor your HQ’s IT landscape. Enabling communications is simple, as you’re dealing with an internal corporate network, inaccessible from outside. However, the amount of hardware to monitor means that with just a single Pandora FMS server performance will suffer.
In this case the solution is to install various Pandora FMS servers in parallel, connected to the same database and capable of working independently. On one hand, the workload is divided among various servers, each of which takes care of a different office sub-network, and on the other, it permits easy viewing of the data from a single control point, as only one database is used.
Pandora FMS installation comprises three basic components: console, server and database.
If there are various Pandora FMS servers in a single installation it’s important to know whether all of them are connected to the same database. These kinds of installations are generally used when the number of devices is too high for a single server to handle, or if there’s an option to enable database communication from other sub-networks. Installing additional servers can also be an alternative to proxy mode.
The above schematic shows a total of three Pandora FMS servers, two of which are monitoring a single network, dividing the load, and a third monitors another network. All three are connected to a single database.
The user can access all the information from the console, without being preoccupied by the workings of the three servers.
Distributed delegated monitoring – Export server
Various clients use our monitoring services, meaning that there will be an independent Pandora FMS installation in each of their offices. In our head office we also install a Pandora FMS server and enable the export server. This lets us observe on our own console all information proceeding from our clients’ infrastructure.
This exact copy of our clients’ monitoring allows us to establish our own alerts, thresholds and events. This allows us to work in tandem and anticipate possible problems and issues on our clients’ behalf.
This configuration permits us to run various databases, as well as their corresponding servers and consoles. Each installation with its own database is one instance, and it handles monitoring and data storage of different environments.
One situation where it can be used is in monitoring various clients’ networks, each one with a distinct database containing different information.
Remote network monitoring with local and network checks – Satellite server
Imagine you need to bring an external DMZ type network topology under monitoring oversight, using both remote checks and software agents. In this case it’s not possible to use an additional Pandora FMS server, as we’re talking about a network from which direct communication to our database can’t be initiated. Furthermore, agent broker and proxy mode are unviable, so it’s time for the satellite server.
Install the satellite server in the DMZ, where it will handle not only remote checks but also be monitored by agents, sending all the data to the Pandora FMS server in the corporate network.
A fast-evolving function, satellite server can be installed on a network and independently execute remote checks and redirect XML files from other proxy agents.
Unlike a regular server installation, the satellite server doesn’t need a direct database connection. It sends all collected information to the central Pandora FMS server via Tentacle. This makes it one of the best options for deploying monitoring on networks that a Pandora FMS server can’t reach, allowing as it does, to perform in proxy mode and also launch remote checks by itself. It also includes specific functions for carrying out remote checks, making it a better option for remote monitoring than agent broker mode.
Monitoring isolated restricted networks
An organization has two datacenters, one in Europe and the other in Asia. Both environments are secure and restricted, but, given the increasing prevalence of cyber attacks and the sensitive nature of the data in use by Pandora FMS, there can be no direct communication between the European and Asian offices. In this case, enable the sync server in the European Pandora FMS installation and install a satellite server and various agents to monitor the Asian datacenter, where the satellite listens and waits for a connection from outside the network.
Communications are initiated by the sync server Europe-side, without allowing any connection from the Asian datacenter, where there is a complete system installed comprising satellite server and tentacle in listening mode.
One of the new functions of Pandora FMS version 7.0 “Next Generation”, for use on isolated and restricted networks from which it is not possible to initiate outside-network communications.
The Pandora FMS server itself initiates communications with the isolated environment, allowing agent-based monitoring or remote monitoring, combining the functions of the sync server with satellite, proxy or broker.
The Pandora FMS server in sync server mode will initiate communication with the isolated environment where there is a Tentacle server installed in listen mode.