Difference between revisions of "Firewall and bandwidth requirements"
(Created page with "Category:BCX Network Monitoring") |
|||
| Line 1: | Line 1: | ||
| + | |||
| + | ==Solution Overview== | ||
| + | |||
| + | A network appliance or VM is installed on-prem named bcxmonitor. | ||
| + | External connectivity either inbound OR outbound is required from this appliance or VM to monitor.burconix.com (188.39.33.109). | ||
| + | A unique 256-bit pre-shared key is established between the on-prem bcxmonitor and monitor.burconix.com | ||
| + | This encryption key is customer unique and is pre-configured at installation. | ||
| + | The encryption key is only known by your on-prem bcxmonitor and monitor.burconix.com, and is not transmitted over the wire at any time. | ||
| + | The on-prem bcxmonitor communicates with the local devices on your network using a combination of SNMPv1/SNMPv2/SNMPv3/IPMI/ICMP/Zabbix agent and scripts over HTTPS. | ||
| + | This data is then securely transmitted from your on-prem bcxmonitor to monitor.burconix.com using Transport Layer Security (TLS) protocol v1.2 encrypted against the pre-shared key configured at installation. | ||
| + | |||
| + | ==Option 1 (Active)== | ||
| + | |||
| + | The on-prem bcxmonitor is assigned a local static IP address eg: 10.0.0.1 | ||
| + | The on-prem bcxmonitor connects outbound to monitor.burconix.com on TCP port 10051 | ||
| + | |||
| + | [[File:bcx network monitoring firewall active.png|link=]] | ||
| + | |||
| + | The on-prem bcxmonitor requires external access to monitor.burconix.com (188.39.33.109) on TCP port 10051 in this configuration. | ||
| + | |||
| + | |||
| + | |||
| + | ==Option 2 (Passive)== | ||
| + | |||
| + | The on-prem bcxmonitor is assigned a local static IP address eg: 10.0.0.1 | ||
| + | A customer owned external IP address eg: 188.50.60.1 is configured on the customer firewall. | ||
| + | The external IP address eg: 188.50.60.1 mapped through to the local static IP address eg: 10.0.0.1 on TCP port 10051 only. | ||
| + | The external firewall is configured to only accept traffic from monitor.burconix.com (188.39.33.109) | ||
| + | |||
| + | [[File:bcx network monitoring firewall passve.png|link=]] | ||
| + | |||
| + | |||
| + | |||
| + | monitor.burconix.com talks inbound to the bcxmonitor appliance in this configuration. | ||
| + | |||
| + | |||
[[Category:BCX Network Monitoring]] | [[Category:BCX Network Monitoring]] | ||
Latest revision as of 12:33, 22 April 2020
Solution Overview
A network appliance or VM is installed on-prem named bcxmonitor. External connectivity either inbound OR outbound is required from this appliance or VM to monitor.burconix.com (188.39.33.109). A unique 256-bit pre-shared key is established between the on-prem bcxmonitor and monitor.burconix.com This encryption key is customer unique and is pre-configured at installation. The encryption key is only known by your on-prem bcxmonitor and monitor.burconix.com, and is not transmitted over the wire at any time. The on-prem bcxmonitor communicates with the local devices on your network using a combination of SNMPv1/SNMPv2/SNMPv3/IPMI/ICMP/Zabbix agent and scripts over HTTPS. This data is then securely transmitted from your on-prem bcxmonitor to monitor.burconix.com using Transport Layer Security (TLS) protocol v1.2 encrypted against the pre-shared key configured at installation.
Option 1 (Active)
The on-prem bcxmonitor is assigned a local static IP address eg: 10.0.0.1 The on-prem bcxmonitor connects outbound to monitor.burconix.com on TCP port 10051
The on-prem bcxmonitor requires external access to monitor.burconix.com (188.39.33.109) on TCP port 10051 in this configuration.
Option 2 (Passive)
The on-prem bcxmonitor is assigned a local static IP address eg: 10.0.0.1 A customer owned external IP address eg: 188.50.60.1 is configured on the customer firewall. The external IP address eg: 188.50.60.1 mapped through to the local static IP address eg: 10.0.0.1 on TCP port 10051 only. The external firewall is configured to only accept traffic from monitor.burconix.com (188.39.33.109)
monitor.burconix.com talks inbound to the bcxmonitor appliance in this configuration.