We have a multi-tiered network here, divided into three tiers for security purposes. Machines at tier 1 are (relatively) wide open; machines at tier 2 cannot be seen AT ALL from tier 1, and tier 2 machines have very specific one-way port forwarding to see tier 1. Tier 3 is similarly buried beneath tier 2. Intermapper running on a tier 1 machine can see nothing on tiers 2 or 3. Intermapper on tier 2 could conceivably SNMP-query tier 1 machines but the responses would be blocked.
So far it looks as if each tier will have to have its own standalone IM machine. This is okay, except we'd like to be able to monitor them all together with IM Remote to avoid a proliferation of screens for operators to watch.
The only scheme we've been able to come up with is to find a way for tier 2 and 3 IM's to create some form of snapshot file which is then pushed up to tier 1 on some kind of regular basis. Ideally this would be via UDP through a strictly write-only port (i.e. not even acks going back down). If the "snapshot" contained enough information to be able to query devices etc. on it (albeit at a single point in time), this might be just what we need.
Anyone have any ideas as to how we could do this more elegantly without opening up exploitable ports between tiers?
Thanks for any insights! -- -- Mike Dustan, Computing Operations & Tech. Support, Simon Fraser University, Burnaby, BC Canada. Web: http://www.sfu.ca/ots/
I'm never wrong. I thought I was wrong once, but I was wrong.
____________________________________________________________________
List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/
To unsubscribe: send email to: [EMAIL PROTECTED]
