====== Isolated environments monitoring: Sync server ======

{{indexmenu_n>10}}



===== Introduction =====

{{  :wiki:sync-server.png?nolink&  }}

The isolated environment monitoring system with [[:en:documentation:pandorafms:introduction:02_architecture#limited-access_networks|Sync server]] and [[:en:documentation:pandorafms:technical_reference:09_tentacle|Tentacle server]] allows to deploy monitoring in remote networks from which communication with the main Pandora FMS server is not possible. Pandora FMS's own server will start communicating with the isolated environment to recover all monitoring information.

This feature makes sense particularly when monitoring remote networks in locations other than Pandora FMS server, with the particularity that communication never starts from the remote network to Pandora FMS, but it is the server itself that "collects" the information initiating communications.

===== Operational overview =====

This feature is applied in environments generally with the following structure:

{{  :wiki:sync_server_scheme.png  }}

Start from Pandora FMS central server as if it were a standard installation. In the remote network, a data collection point (**Tentacle server**) is installed, which stores all data until the main server (**Sync server**) initiates communications and downloads the information, similar to a buffer.

Packets stored buffered in the remote environment will disappear once they have been downloaded by the main server.

<WRAP center round tip 60%>

The main difference between the sync server and the [[https://prewebs.pandorafms.com/manual/en/documentation/pandorafms:complex_environments_and_optimization/05_satellite|Satellite Server]] is that it is the main server that initiates communications and receives packets from the remote network. In an environment with a satellite server and/or proxy, it is the satellite/proxy that sends data to Pandora FMS server.

</WRAP>

A more complex environment, for example:

{{  :wiki:sync-server-2.png  }}

===== Configuration =====

Start from an environment where there is a main Pandora FMS server, at the **Sync Server**. To carry it out, modify the following parameters in the configuration file:
<code>

syncserver 1
sync_address <ip_address_tentacle_serve>
sync_port <port_number>

</code>

Where ''< ip_address_tentacle_server >'' is the IP address of the **Tentacle Server** and ''< port_number >'' is ''41121'', the default Tentacle protocol number.

   * Install the updated Tentacle server on the isolated network.
  * Modify the ''tentacle_serverd''  startup script (located by default at ''/etc/init.d/''  ), by adding the ''-I''  and ''-o''  parameteres to ''TENTACLE_EXT_OPS''  line, so:

<code>
TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -I -o"

</code>

  * It is not necessary to indicate any IP on the Tentacle server, since the sync server initiates communications and recovers the Tentacle server files indicated on the ''sync_address''  parameter.
  * Multiple remote Tentacle servers can be configured and the sync server will communicate with all of them, provided that the IP addresses are indicated on the **sync_address**  parameter, separated by commas, in the example:

<code>
sync_address 10.142.50.10,20.152.50.20

</code>

==== Full example ====

In ''/etc/pandora/pandora_server.conf'':

<code>
syncserver 1
sync_address 10.140.70.110
sync_port 41121

</code>

In the Tentacle server startup script (''/etc/init.d/tentacle_serverd''  **)**  identified in ''sync_address''  with ''10.140.70.110'':

<code>
TENTACLE_EXT:OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -I -o"

</code>

==== Sync server configuration with SSL ====

<WRAP center round tip 60%>

There is a [[:en:documentation:pandorafms:technical_reference:09_tentacle#safe_tentacle_configuration|quick guide]] on how to set up a Tentacle server with security options.

</WRAP>

**Sync server**  communications support SSL certificate use. Several parameters must be added to the ''pandora_server.conf''  file, and in the remote Tentacle server script, the same options should be used to achieve normal SSL connection.

=== Sync server ===

  * In ''/etc/pandora/pandora_server.conf'':
      * ''sync_ca'': < certificate path of the authenticating CA >.
      * ''sync_cert'': < server certificate path >.
      * ''sync_key'': < server certificate private key path >.
Configuration example:
<code>

sync_ca /home/cacert.pem
sync_cert /home/tentaclecert.pem
sync_key /home/tentaclekey.pem

</code>

=== Tentacle server ===

In ''/etc/init.d/tentacle_serverd'':

  * ''-e'': < certificate path >.
  * ''-k'': < public key path >.
  * ''-f'': < CA certificate path >.
<WRAP center round important 60%>

**ALWAYS**  indicate the absolute paths where the certificates are located in the parameters, e.g.:

<code>
/home/tentaclecert.pem

</code>

</WRAP>

The full configuration line should look something like this:

<code>
TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -e /home/tentaclecert.pem -k /home/tentaclekey.pem -f /home/cacert.pem"

</code>

=== Other configuration parameters ===

  * ''sync_retries'': Number of retries. 3 by default.
  * ''sync_timeout'': Expiration time. By default 10 seconds.
[[:en:documentation:start|Go back to Pandora FMS documentation index]]