By: Aaron Cieslicki
The first thing we have to do in talking about monitoring “the cloud” or “a cloud” or “private cloud” or “public cloud” or “virtual cloud” is talk about what these different terms mean. Ultimately, from a monitoring perspective, the only necessary concept is that a cloud is a distinct private address space. But we’ll get to that.
Is This Cloud Public, Private, or Virtual … or All of Them at Once?
There’s some sense that initially “private cloud” meant self-hosted or internal or on-prem, while “public cloud” meant going with a provider like AWS or Azure that owned and managed the servers and networking equipment. “Public cloud” offerings are effectively “virtual clouds”: distinct, private network address spaces routed by virtual networking devices serving virtual machines.
But it’s not clear that any of these terms are actually meaningful at this point. For example, AWS has a “Virtual Private Cloud” offering which is essentially a “private” public virtual cloud. The only useful definition is that a cloud is a distinct, private network address space.
Once we understand this, it is easy to see that monitoring cloud deployments is really the same “distributed monitoring” challenge Nagios has been helping administrators resolve for many years.
Cloud Monitoring Basics
So, let’s look at how cloud deployments are monitored. The simplest case is when your entire monitored landscape is one cloud, one private address space. In this case, it makes the most sense to put your Nagios server(s) in that cloud.
However, many of our clients are in “hybrid-IT” mode juggling multiple clouds (with multiple cloud vendors), as well as traditional on-prem hardware. In monitoring multiple clouds you have at least two challenges: you have to decide if and how your monitoring is going to cross firewalls, and you have to deal with the fact that you probably will be monitoring overlapping private IP addressing schemes.
The ever-flexible Nagios has multiple options for traversing firewalls with your monitoring data. The firewall challenge is more social than technical, as the firewall is where security, network administration, and monitoring teams meet and resolve conflicting priorities.
Even with these primary challenges in mind, the reality is that there are really only two possible monitoring architectures with multiple clouds: place a Nagios server in each cloud, or monitor multiple clouds with one (or more) Nagios servers.
A Nagios Server in Every Cloud
The easiest solution to both crossing firewalls and managing overlapping address schemes is to avoid both problems by placing a Nagios server in each cloud. None of your monitoring check traffic leaves the cloud, and none of your addresses can overlap. Stats for numerous Nagios servers are easily aggregated with Nagios Fusion, which pulls results form multiple Nagios servers onto one pane of glass.
Many Clouds, One Nagios Server
In some cases the right solution will be to have one Nagios server monitor more than one cloud. The overlapping IP address space issue can be resolved a couple of ways. For active monitoring where you are actively polling devices, you can monitor by FQDN rather than IP address.
A common tactic to reduce firewall issues monitoring multiple clouds is to use passive monitoring, where monitoring check results are sent one-way only from the monitored host to Nagios. With passive monitoring, there is no inbound polling traffic into the cloud from the Nagios server to the monitored hosts, only outgoing check results. Passive monitoring keeps security teams happy about limiting inbound traffic, and reduces some of the load on the network administration team compared to active polling using a large number of port forwards.
Cloud Monitoring Isn’t Cloudy at All!
Hopefully by now your monitoring forecast has gone from mostly cloudy to mostly sunny. We’ve sorted out a number of confusing cloud terms, and talked about both two primary challenges to cloud monitoring as well as two ways to meet those challenges with Nagios monitoring. From here, whether you have more questions on monitoring in general, or specific questions on cloud monitoring with Nagios, just send us an email at firstname.lastname@example.org.