I have some unique requirements and have been evaluating the SolarWinds products for some time for suitability for these requirements. First, let me explain what I am trying to do (and what some of the limitations are for our particular environment).
What we are trying to do:
We provide a WAN that connects various customer networks throughout the US. The WAN is well managed up to the customer SDP and issues tend to get quickly resolved when they arise from time to time. However, beyond the service delivery points (SDP) to the various customer networks is where we experience the majority of our network issues. The network equipment (i.e. "nodes") beyond the SDPs are owned and managed by the various customers. These customers connect to the WAN in order to conduct tests between various systems. Being a test organization, documenting and monitoring the test environment for changes is very important to us and our customers. We are currently working with our customers to reach agreements that will allow us to monitor their node configurations via read-only SSH access. "Read-only" is important to limit our liability and ensure that we will not make any changes to the customer networks. Security is also very important and we have restrictions beyond our control to utilize only SSH2 for pulling configurations (SNMP is not allowed). To be clear, we have very little control to change the current environment and therefore must work within these restrictions.
Furthermore, as an incentive we would like to allow customers to be able to view the configurations that we will automatically pull from their network. Access will need to be restricted so that customers can only see information for the nodes at their particular site (i.e. they should not be able to see other customer node configuration information).
What we have done so far:
We have setup a small lab environment to test if the SolarWinds products can meet these requirements. Orion NCM is able to automatically download node configurations via SSH communication.
The problems we have run into:
Unfortunately, the current version of NCM can not restrict customer access to certain groups of nodes. However, Orion NPM does have this ability so it was suggested to us by a SolarWinds engineer to use NPM to import nodes from NCM. I am now wondering if I misunderstood the suggestion because I have run into two problems. First, if I try to add nodes via NPM I appear to only have the option to communicate via SNMP (i.e. no SSH option as there is in NCM). Second, although I have found a few references to importing nodes from NPM to NCM, I have not found any references to import nodes from NCM into NPM (the NPM web front-end would ostensibly have to be the customer interface since node restrictions can be implemented). I was hoping this might help with the restriction to add nodes that pull configurations via SSH2.
In summary:
I would like to use the user access restriction features of NPM with the abilities of NCM to pull configurations via SSH. I was under the impression that this was somehow possible but I have not found any explicit instructions on how to set this up yet (nor have I found a means through experimentation). Any suggestions/recommendations on how to proceed with integrating these two products for the desired effect would be greatly appreciated.
Thank You,
Chris Juszak
