Design challenge

Hello team,

I would like to get some feedback on a new setup I’m about to do.

I have security constraints and my LibreNMS cannot access the other list of devices directly, as it is not in the same network as the other devices. The solution could be to install LibreNMS in that subnet, and end up with 2 NMS boxes that I have to manage.

Is there a way for me to keep 1 main install, and have the new install just as a collector/poller? That does discovery within the subnet and polling, and funnel the data back to the main node which displays and manages the information?

CurrentNMS cannot poll or discover deives in subnet A (zerto traffic is permitted)
NewNMS: can pooll and discover devices in subnet A

NewNMS: Collect information and pass it to the CurrentNMS
Current NMS: Take the data and put it under the appropriate devices … etc

Your input is appreciated.

Thanks,
Joseph

Distributed polling could work for you, you would would need to allow data (mysql, memcached, and rrdcached) to flow between the distributed poller and the main LibreNMS server. If you can’t have any data passing between the subnets, you would indeed need separate servers.

Would a VPN connection be an acceptable method maybe?
https://blog.librenms.org/2016/12/remote-monitoring-using-tinc-vpn/

Thanks for your proposal. I can have the data pass in 1 way, which is from the newNMS to the CurrentNMS, so the data can be sent only in 1 direction. Can distributed piling still be the solution or does it require 1way flows?

Thanks,
SJ

It’s within the same DC, so VPN is not really an option :). Thanks for the feedback though.

-SJ

1-1 a connection is required, the main instance does not need access to the monitored devices, only the poller needs access to them.

Why wouldn’t it be? You just need the monitoring server to have a route to the other subnet. Having some form of VPN device that creates that connection can be done in any type of environment. Mind you in the same data centre there are probably better ways to get that connection going, by simply re-configuring routers directly.