Difference between revisions of "Pandora: Metaconsole: Documentation en: Arquitecture"

From Pandora FMS Wiki
Jump to: navigation, search
(Architecture)
(Synchronization)
Line 53: Line 53:
 
= Synchronization =
 
= Synchronization =
  
There are two different types in the Metaconsole synchronization tools:
+
There are two different types of Metaconsole synchronization tools:
  
 
* '''Synchronization utilities''':  
 
* '''Synchronization utilities''':  
Line 64: Line 64:
 
:* Agent movements (From one instance to the other)
 
:* Agent movements (From one instance to the other)
  
{{Tip|If you want to synchronize the module categories, you should do it manually going into each Instance}}
+
{{Tip|If you want to synchronize module categories, it has to be done manually by entering each Instance}}
  
 
== Synchronization utilities ==
 
== Synchronization utilities ==
  
  
The synchronization tools match the content between the Metaconsole and Instances to make sure its correct working.
+
Synchronization tools match the content between the Metaconsole and Instances to make sure its functioning correctly.
  
  
{{Warning|After modifying these dat in the metaconsole will be necessary to synchronize them with the Instances to avoid unusual behaviors.}}
+
{{Warning|After modifying this data in the Metaconsole, it will be necessary to synchronize the data with Instances to avoid unusual behaviors.}}
  
{{Tip|Most of the synchronization is done by name. In order to not having any problems withe the exceptions we should follow the instructions from [[Pandora:Metaconsole:Documentation_en:Installation#Index_Scaling|Index scaling]] in the Metaconsole configuration section.}}
+
{{Tip|Most of the synchronization process is done by name. In order to not have any problems with the exceptions we should follow the instructions listed on [[Pandora:Metaconsole:Documentation_en:Installation#Index_Scaling|Index scaling]] in the Metaconsole configuration section.}}
  
 
=== User Synchronization ===
 
=== User Synchronization ===
  
In order an user could operate in the Metaconsole, this user should exist both in the Metaconsole and in the Instance.
+
In order for an user to operate with the Metaconsole, this user should exist both in the Metaconsole and the Instance.
  
{{Tip|But their passwords don't have necessarily to be the same one}}
+
{{Tip|Passwords don't necessarily have to coincide}}
  
{{Warning|Users should have the same permissions(ACLs, Tags and Wizard access) in the Metaconsole and Instances for its correct working}}  
+
{{Warning|Users should have the same permissions(ACLs, Tags and Wizard access) in the Metaconsole and Instances for it to correctly function}}  
  
  
We will see later the tool to synchronize users and their profiles in the section [[Pandora:Metaconsole:Documentation_en:Administration#Synchronization_Tools|Synchronization administration]].
+
We'll later look at the tool to synchronize users and their profiles in the [[Pandora:Metaconsole:Documentation_en:Administration#Synchronization_Tools|Synchronization administration]] section .
  
 
<center><br><br>
 
<center><br><br>
Line 93: Line 93:
 
=== Group Synchronization===
 
=== Group Synchronization===
  
Groups should be synchronized in order to warranty the access to the data they have.
+
Groups should be synchronized in order to guarantee access to the data they have.
  
  
  
{{Warning|The ACLs that an user has in each group in the Metaconsole should correspond with the accesses of the user with the same name in the instance.}}
+
{{Warning|The ACLs that an user has on each group in the Metaconsole should correspond with the user accesses that have the same name in the instance.}}
  
We will see later the tool to synchronize the groups in the section.
+
We will later look at the tool to synchronize the groups in the [[Pandora:Metaconsole:Documentation_en:Administration#Synchronization_Tools|Administration]] section.
 +
[[Pandora:Metaconsole:Documentation_es:Permissions#ACLs|More information on ACLs]]
  
 
<center><br><br>
 
<center><br><br>
Line 107: Line 108:
 
=== Alert Synchronization===
 
=== Alert Synchronization===
  
The alert synchronization refers to the synchronization between the Metaconsole and the Instances of the templates, actions and alert commands.
+
Alert synchronization refers to the synchronization between the metaconsole and instances for templates, actions and alert command lines.  
  
This synchronization is necessary because one alert is the '''association''' of a template, with a number of actions, to one module. Besides, each action has synchronized one command.
+
This synchronization is necessary because an alert is a link between a template -which includes a series of actions- and a module. Plus, each action has a command synchronized to it.  
  
Alerts are configured and assigned from the Metaconsole with the templates, actions and commands of the Metaconsole itself. In order that this configuration would be possible and coherent, the instance where the module to which an alert will be assigned would be placed should has the same templates, actions and commands.
+
Alerts are configured and assigned from the Metaconsole with templates, actions and commands which are from the Metaconsole itself. For this configuration to be possible and coherent, the instance where the module that will be assigned an alert can be found must have the same templates, actions and commands.  
  
There is one tool to synchronize the alerts that we will see later in the section.
+
There exists a tool to synchronize alerts, which can be seen in the Administration section of this Wiki.
  
  
{{Warning|The tool only synchronize the data structures.The commands are associated to one script. The synchronization of that script should be done in a manual way entering into the Instances..}}
+
{{Warning| The tool only synchronizes data structures. The commands are related to a script. Synchronization for said script must be secured manually entering the instances.}}
  
 
<center><br><br>
 
<center><br><br>
Line 122: Line 123:
 
</center><br><br>
 
</center><br><br>
  
=== Tag Synachronization ===
+
=== Tag Synchronization ===
  
Tags are a complementary access control mechanism to the groups, so they also should be synchronized to warranty the access to the data that they have associated to.
+
Tags are an access control mechanism which are complementary to groups, and therefore must also be synchronized to guarantee access to all related data.  
  
 
+
{{Warning|The tags an user has on each Metaconsole group must correspond with a homonymous user's tags in the instance.}}
{{Warning|Tags that an user has in each group in the Metaconsole should match withe the tags of the user with same name in the instance.}}
 
  
  
Line 139: Line 139:
  
 
Unlike the synchronization utilities, propagation is not necessary for the best performance of the Metaconsole. It is only a tool to make easier the availability of data in the Instances.
 
Unlike the synchronization utilities, propagation is not necessary for the best performance of the Metaconsole. It is only a tool to make easier the availability of data in the Instances.
 +
 +
Tools for tag synchronization will be seen in the [[Pandora:Metaconsole:Documentation_es:Management#Sincronizaci.C3.B3n|Administration]]  part of the Wiki.
 +
 +
[[Pandora:Metaconsole:Documentation_es:Permissions#Tags|More information on tags]]
  
  
=== Components Propagation ===
+
=== Propagation utilities ===
  
With the component propagation tool, its is possible to copy any component created in the Metaconsole to the Instances that you want.
+
These tools are meant for copying or moving data from a particular instance to another, or from the Metaconsole to Instances.  
  
 +
Different from synchronization utilities, propagation isn't needed for the Metaconsole's optimum performance. It's only a tool to make data availability easier on Instances.
 
<center><br><br>
 
<center><br><br>
 
[[image:Metaconsola_Components_Prop.png|400px]]
 
[[image:Metaconsola_Components_Prop.png|400px]]
Line 152: Line 157:
  
  
This tool allows to move agents between Instances.
+
This tool allows moving agents from instance to instance.
  
  
{{Tip|To avoid involuntary errors, what is actually done is to copy the agents to the destination Instances and deactivate them in the origin ones.}}
+
{{Tip|To avoid involuntary mistakes, what's really done is copying the agents to the destined Instances, and deactivate them in the Instances of origin.}}
  
  
Line 162: Line 167:
 
</center><br><br>
 
</center><br><br>
  
[[Pandora:Documentation_en#Part_6._Metaconsole|Go back to Pandora FMS documentation index]]
+
[[Pandora:Documentation_en#Part_6._Metaconsole|Return to the Pandora FMS documentation index]]
  
 
[[Category:Pandora FMS Metaconsole]]
 
[[Category:Pandora FMS Metaconsole]]

Revision as of 15:50, 27 April 2016

Go back to Pandora FMS documentation index

1 Architecture

The Metaconsole architecture is composed by a single central node: The Metaconsole along with as many server nodes as you want, which here we call Instances. Instances are normal installations of Pandora FMS. They consist of a web console in the front end and a server in the back end that processes the data received, performs remote checks,etc. The Metaconsole doesn't have its own server. From version 6.0 onward, the Metaconsole has been changed, and now has its own server.

1.1 Where does it store data?

Some data can be found on the Instances, others on the Metaconsole, and others in both places. They need to be synchronized between themselves to work properly.

On Instances:

  • Agents
  • Modules
  • Alerts
  • Policies

On the Metaconsole:

  • The Metaconsole configuration:
  • Components
  • Reports* and the template reports
  • Network maps*
  • Visual maps*
  • Netflow filters

In both:

  • Users and profilesThe userLos usuarios y perfiles
  • Groups
  • Templates, actions and alert commands
  • Tags
  • Categories

* Though these items are stored in the metaconsole, they are configurations that are used to view the Instance data, therefore are useless on their own.

1.2 How is information obtained and modified?

The Metaconsole obtains and modifies the Instances' information in two different ways:


  • Active: Accesses the instances' Database or API remotelt from the Metaconsole (this is the case for agents,modules, alerts, etc).




Metaconsola Arquitecture Active.png



  • Passive: replicates data from instances to the Metaconsoloe Database (this is the case for events).


Metaconsola Arquitecture Passive.png



2 Synchronization

There are two different types of Metaconsole synchronization tools:

  • Synchronization utilities:
  • Users
  • Groups
  • Alerts
  • Tags
  • Propagation Utilities:
  • Component Propagation (from the Metaconsole to the Instances)
  • Agent movements (From one instance to the other)

Info.png

If you want to synchronize module categories, it has to be done manually by entering each Instance

 


2.1 Synchronization utilities

Synchronization tools match the content between the Metaconsole and Instances to make sure its functioning correctly.


Template warning.png

After modifying this data in the Metaconsole, it will be necessary to synchronize the data with Instances to avoid unusual behaviors.

 


Info.png

Most of the synchronization process is done by name. In order to not have any problems with the exceptions we should follow the instructions listed on Index scaling in the Metaconsole configuration section.

 


2.1.1 User Synchronization

In order for an user to operate with the Metaconsole, this user should exist both in the Metaconsole and the Instance.

Info.png

Passwords don't necessarily have to coincide

 


Template warning.png

Users should have the same permissions(ACLs, Tags and Wizard access) in the Metaconsole and Instances for it to correctly function

 



We'll later look at the tool to synchronize users and their profiles in the Synchronization administration section .



Metaconsola Users Sync.png



2.1.2 Group Synchronization

Groups should be synchronized in order to guarantee access to the data they have.


Template warning.png

The ACLs that an user has on each group in the Metaconsole should correspond with the user accesses that have the same name in the instance.

 


We will later look at the tool to synchronize the groups in the Administration section. More information on ACLs



Metaconsola Groups Sync.png



2.1.3 Alert Synchronization

Alert synchronization refers to the synchronization between the metaconsole and instances for templates, actions and alert command lines.

This synchronization is necessary because an alert is a link between a template -which includes a series of actions- and a module. Plus, each action has a command synchronized to it.

Alerts are configured and assigned from the Metaconsole with templates, actions and commands which are from the Metaconsole itself. For this configuration to be possible and coherent, the instance where the module that will be assigned an alert can be found must have the same templates, actions and commands.

There exists a tool to synchronize alerts, which can be seen in the Administration section of this Wiki.


Template warning.png

The tool only synchronizes data structures. The commands are related to a script. Synchronization for said script must be secured manually entering the instances.

 




Metaconsola Alerts Sync.png



2.1.4 Tag Synchronization

Tags are an access control mechanism which are complementary to groups, and therefore must also be synchronized to guarantee access to all related data.

Template warning.png

The tags an user has on each Metaconsole group must correspond with a homonymous user's tags in the instance.

 





Metaconsola Tags Sync.png



2.2 Propagation Utilities

These tools are useful to copy or move data from one Instance to other or from the Metaconsole to the Instances.

Unlike the synchronization utilities, propagation is not necessary for the best performance of the Metaconsole. It is only a tool to make easier the availability of data in the Instances.

Tools for tag synchronization will be seen in the Administration part of the Wiki.

More information on tags


2.2.1 Propagation utilities

These tools are meant for copying or moving data from a particular instance to another, or from the Metaconsole to Instances.

Different from synchronization utilities, propagation isn't needed for the Metaconsole's optimum performance. It's only a tool to make data availability easier on Instances.



Metaconsola Components Prop.png



2.2.2 Agent Movement

This tool allows moving agents from instance to instance.


Info.png

To avoid involuntary mistakes, what's really done is copying the agents to the destined Instances, and deactivate them in the Instances of origin.

 





Metaconsola Agents Prop.png



Return to the Pandora FMS documentation index