Panopta OnSight™: Behind the Firewall Monitoring

With cyber threats at an all-time high, architectural best-practices call for placing servers on properly segmented networks with limited access from the public internet. While this certainly helps you mitigate your security risk, it leaves you with a significant monitoring blind-spot. One of Panopta’s core strengths is its ability to provide both an external and internal view of your infrastructure, using our external monitoring probes and Panopta OnSight. Panopta OnSight is a virtual appliance that sits behind your firewall and monitors the status of your infrastructure. It installs in just a few minutes on all well-known hypervisors, including: VMWare, Xen, Microsoft Hyper-V and KVM. OnSight provides you with the capability of a wide range of monitoring options. This includes:

  • Uptime and availability monitoring of network services
  • ICMP Ping
  • TCP/IP port checks
  • Agentless resource polling
    • SNMP
    • SSH (Linux)
    • WMI (Windows)
    • CIM

 

Why Use OnSight

If you manage business critical applications on your company’s private corporate network, you can use OnSight to leverage the same system you rely on for public monitoring to watch over your internal applications and tools. In addition, public and private cloud environments (like AWS, Azure, and Rackspace) are making it easier to build complex, multi-tiered applications. Cloud environments, especially hybrid cloud, are more likely to span multiple private networks, making it harder to get complete coverage. You’d want to deploy OnSight™ because of the depth of the architecture; it cannot be reached from the outside due to its multi-tier layout.

OnSight™ is also helpful in environments where auto-scaling is utilized. With the new nodes being spun up and killed, ensuring monitoring is keeping up is important! A typical application architecture may expose a public service (website, app, API) through a shared/dedicated load balancer. Then, behind the load balancer are several web application nodes and supporting servers which contribute to serving your application.

Simplified Diagram

Deploying OnSight onto the private segment of your cloud allows you to gain uptime and performance insight on each of  the individual nodes and resources in your application stack. This additional insight helps diagnose problems you may encounter and helps you detect issues before they result in downtime or major service degradation. Combining the view of your internal and external infrastructure delivers the complete visibility you require to provide your end-users with the best experience possible.

 

Security

The OnSightappliance exclusively communicates with the Panopta cloud via an outbound encrypted connection. It establishes the outbound connection to securely send monitoring data and events back to our SaaS cloud to power all of your reporting, notifications, and dashboards, as well as to download monitoring configuration. No inbound connectivity is required which keeps your private infrastructure unexposed. In addition, if you have servers that do not have outbound internet access, you can install our monitoring agent and configure it to send its data to the OnSightappliance instead. The OnSight™ appliance operates as a proxy, enabling monitoring on your private servers without requiring outbound access.

 

Getting Started and Setting up OnSight

Once you’ve downloaded and imported the appropriate OnSight image, you can begin monitoring in one of two ways:

1) You can put OnSight into discovery mode with a range of IP addresses to scan and it will build up a queue of devices/servers and the services running on each server. You can review the list of discovered servers and choose which ones you would like to add into Panopta to monitor. We’ll soon have support for auto provisioning rules using our existing template as well.

2) You can also manually add the servers (either through the control panel or API) and configure on each of them to use OnSight as their primary monitoring node. You can also handle provisioning of servers monitored by OnSight in bulk using our powerful template system.

 

Advanced Set Up Options for OnSight

OnSight also supports high availability options for environments in which internal monitoring is imperative to operations. To do this, deploy multiple OnSight instances (preferably on different underlying hardware) and set them to be part of the same cluster. When you do this, Panopta will automatically distribute checks evenly across all OnSight nodes in a cluster. This ensures no single appliance gets overworked. In addition, our central infrastructure continually monitors  each OnSightinstance in the cluster and in the event we lose our connection with any of the nodes, it will immediately failover all the checks to other nodes in the cluster so that your monitoring continues to run.

For more information on how to configure OnSight in a cluster, refer to our knowledge base article. If you have any other questions regarding OnSight™ or the installation process, our support team is available to answer questions! We can be reached via email or web chat.

 

About Panopta: Panopta provides advanced network and server monitoring for online businesses and service providers. We go beyond providing basic monitoring to give operations teams the tools they need to detect issues before they occur and minimize the impact of outages or slow load time. Contact us with any questions you may have, or sign up for the free trial and see for yourself!

 

  • Posted by Admin on Jan, 8, 2016