...
- Active directory
- VSphere (VMWare)
- Nagios configuration filesor Shinken framework configuration files
- Network scans
...
The information that the module is getting are server names, FQDN, the server OS, and if defined in the LDAP entry, its locality.
VSphere from VMWare
The VSphere discovery is designed ti discovery physical servers (ESX) and their virtual servers. It will also get OS and their IP address, but only if the VMware tools are enabled and running on the virtual server.
The Synchronizer to VMware connexion is always through the VSphere server, and only need a read only access to it. The Shinken Enterprise servers do not ned any direct access to the ESX servers.
The Shinken Enterprise to VSphere communication is done with the SOAP API from VMWare, onto a HTTPS connexion.
Nagios or Shinken Framework configuration files
Shinken Enterprise is able to load any Nagios or Shinken Framework configuration files. It will automatically load the dfined objects into its configuration.
Network scans
The network scan discovery is optional. It's done thanks to the nmap command, launched on the Synchronzier server. It allow to scan networks defined by the Shinken Enterprise administrators.
The scans are done on the TCP and UDP ports. It will also try to get additionnals data from the servers and services running on them (it use the -O option of the nmap command).
Data storage of the configuration
All discovered data from the Synchronizer are saved into a Mongodb database. It possible, it's better for the database to be set aside the Synchronizer daemon. this database do not need to be shared with other daemons, and so its communications should be limited to the local synchronizer server.
Configuration interface and its access
The configuration interface is hosted on the Synchronizer daemon, and use another TCP port than the visualization UI. You can use two different credential systems:
- Manage directly on the configuration interface
- Manage credentials with Active directory accounts. the daemon will use Ldap connexions to check for the credentials.
The non-admon users will be restricted in the visibility onto the hosts that they are direct contacts, or are in a contact group linked with the hosts.
This interface is using the save Mongodb dtabse than the synchronizer daemon. The default port for this configuration interface is 7766.
| Interface | Daemon | Port |
|---|---|---|
| Configuration | Synchronizer | 7766 |
Synchonizer connexion summary
| Source daemon | Connexion to | Port | Protocol | Note |
|---|---|---|---|---|
| Synchronizer | Active Directory | 636 | LDAPS | Read only account |
| Synchronizer | VSphere | 443 | HTTPS | Read only account on VSphere |
The arbiter
The arbiter daemon reads the configuration from the synchronizer. It divides it into parts (N schedulers = N parts), and distributes them to the appropriate Shinken Enterprise daemons. Additionally, it manages the high availability features: if a particular daemon dies, it re-routes the configuration managed by this failed daemon to the configured spare. Finally, it receives input from users or passive check results and routes them to the appropriate daemon. Passive check results are forwarded to the Scheduler responsible for the check. There can only be one active arbiter with other arbiters acting as hot standby spares in the architecture.
...