A good way to do connect a remote office to zenoss is to use openvpn
(or some other vpn technology).
-EAD
On Jan 17, 2007, at 6:29 AM, W. Chris Shank wrote:
I've been reading up on SNMP and it seems that security is an issue
if not done correctly (and since it's complicated, I doubt my first
attempts will be done correctly). Since most of what I want to
monitor lies in remote offices, the majority of the connections are
over the Internet. I was concerned about exposing that much data to
the Internet and also the potential of SNMP used to as an exploit
tool.
And that brings up another question. I typically use SSH to tunnel
into a remote network and port forward to where I need to go. There
doesn't seem to be an easy or practical way to do this with Zen.
Can anyone recommend a way to aggregate scan results from remote
locations like this? Is it possible to have one Zen server at each
site and have the results forwarded on to a master server?
----- Original Message -----
From: Dimitar G. Katerinski <[EMAIL PROTECTED]>
To: General discussion of using zenoss system <zenoss-
[EMAIL PROTECTED]>
Sent: Wednesday, January 17, 2007 4:43:27 AM GMT-0500
Subject: Re: [zenoss-users] Process monitoring with SSH?
On Monday 15 January 2007 16:36, W. Chris Shank wrote:
> Is this in the roadmap?
>
> What is the best way to get the most out of Zenoss without
opening up
> remote servers to potential security problems with SNMP?
And what exactly are those potential security problems with SNMP? When
implemented right, SNMP is the right protocol to be used for
monitoring. Just
setup snmp daemon for ro only comunity, deny all rw requests, use
snmp v3 for
privacy of the connection, and you should be ok. Oh, yes, you could
use a
little help from iptables for extra security on the OSI layer 4.
SSH IMHO
adds a lot of overhead both for the monitoring system and the
monitored
machine.
Regards,
Dimitar G. Katerinski
--
http://tropot.net/photoblog/ - my life. in pictures.
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
--
W. Chris Shank
ACE Technology Group, LLC
www.myremoteITdept.com
(610) 640-4223
--------------------------------
Security Note: To protect against computer viruses,
e-mail programs may prevent sending or receiving
certain types of file attachments. Check your e-mail
security settings to determine how attachments are
handled.
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
