I wanted to know if it is secure to Host a external CheckMK Server in the Cloud which is reachable from everywhere over the Internet?
The external Host should be the Master and collect all cmcdumps from many different Servers and doesnt have direct Access to the other Locations.
I dont have found any information about how Secure it is to Host an https CheckMK WEB UI wich is reachable from Outside. There is no information about if the acutal checkmk is made for this.
I also think about hosting grafana on the master and deploy some Dashboards on the Cloud side.
Iād adjust that a bit. For me, a restricted key only ssh on a random port or opened via knock. Then you can do pretty much whatever you need. Itās a whole lot more secure than vpn.
Hallo,
it is possible to harden VPN too.
OpenVPN is a simple way for me dial into some networks with an ipad for first steps after a support call.
Ralf
Itās a lot of work ironing out all the firewall rules, pre-connection checks and such in attempt to make VPN secure. Maybe I should have said āeasier to secureā. Letās just say I havenāt seen a secure VPN yet.
My follow up question now:
How is the use case concept for the Managed Service Edition?
My understanding is that i Manage all customers from my site. This means my master Hosts needs a VPN Connection to all customers i want to manage.
If my master checkmk or a customers checkmk is compromised this could be a big security issue.
How is the managed service Edition secure to use to see and manage all Customers?
I will note the idea of a blog post, but this is a terribly complex matter. You already see the different ideas in here and while all are valid, there is no obvious ārightā way. That said, a blog post might create more problems, than it solves. But as said, I will note it and pass it on.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.
