What’s new in Pandora FMS latest release, Pandora FMS 757

Let’s check out together the features and improvements related to Pandora FMS new release: Pandora FMS 757.

NEW FEATURES AND IMPROVEMENTS

Internal messaging system in the Metaconsole

The messaging system has been implemented in the Metaconsole, which now also allows seeing, similarly to nodes, update notices, messages from other users and system notes.

New documentation in Russian

Although the translation is not yet 100% complete, we’re proud to say that the official Pandora FMS documentation is already in five languages: Spanish, English, French, Japanese and now… Russian!

Collection of new plugins

• Openstack Plugin

New Open Plugin. It captures data from hypervisors and instances remotely through the openstack api.

• Pandora MongoDB

New Enterprise plugin. It obtains server stats, the databases and their collections. Remote plugin, with support for Mongo Atlas.

• Plugin Ldap

New Open plugin, it connects to an ldap account and collects stats related to operations, connections, statistics or waiters.

• Plugin Nginx

Enterprise plugin update. Updated to python 3.

• Plugin VMware

Enterprise plugin update. Added a Reject parameter to discard agent IP automatic update.

• Cisco configuration Inventory Plugin

Enterprise plugin update. Added support for Spanish language systems.

• Plugin Inventario Cisco configuration

Enterprise inventory plugin update. Added option to define credentials in execution parameters.

From now on, let us add “Supernet” into our vocabulary. Learn more!

A set of computers and/or computer equipment connected to each other, and that can exchange data and information, all of those make up a network. The Internet is the network of networks. We could even think that the Internet is the “Supernet”, but we have to tread carefully when using frequently debated terms in computing… For that reason, today, we bring to the fore the term “Supernet” (or Supernetwork), of course always taking an approach from a monitoring perspective.

* Warning: what I write below is my way of looking at things from a practical and sincere point of view. This article only endorses me and, in any case, this entry should be read taking into account the learning approach, it does not intend to be official in any way. That said, let’s start from the basics, which is not the same as starting from scratch.

Terms: Supernet and Supernetting

If we have a network and we buy a new computer, we say that “we add it to a network.” If we have a supernet, then “we add it to a supernet.” We even have a specific verb for it. It is very common to use the term Supernetting; however the following terms are also valid (but less used):

• Prefix aggregation
• Route aggregation
• Route summarization

If we get even more specific, technically we will find differences but for the purposes of this post we will deal with it the same way… Do you think it is daring on my part? Well, there is more!

Request for comments

Although we can go a lot further back in time, the Internet was born in the United States of America, originally called Arpanet, in the late 1960s. A technological predecessor could be the landline from which many of the concepts are born, used when planning the “network of networks”. In fact, the wiring itself, the colors that identify the pairs, are very similar, at a physical or hardware level. This includes the similarities in switched connections (or circuit switching). But, obviously, the Internet and data transport in a digital way ended up completely absorbing telephony.

But the Internet needed more than the physical and conceptual foundation or sustenance of the great American telephone companies. Moreover, October 1969 is marked as the birth of the Internet since the first connection between two computers was made… And it was simply that, since it was not yet a common computer network.

The Internet was born, in my opinion, when pioneer Dr. Steve D. Crocker published the first issue of Request for Comment (RFC) on April 7, 1969. In Issue 6 (RFC 6), Steve Crocker recounts his conversation with Bob Kahn about code conversion for data exchange. RFC 11 publishes the connection implementation in the FAT operating system (yes, that’s what it was called), and I fervently believe that this, published in August 1969, is what enabled the feat performed in October of that same year.

Based on this knowledge base, the RFCs were born: gathering a group of people in their twenties who moved among different universities sharing knowledge and cementing concepts, something that we now do by email… In fact, RFC 733 (1977) outlines this technology and the standard for the email is published in RFC 822 (year 1982).

RFCs grew decade after decade: in 1992, RFC 1338 “Supernetting: an Address Assignment and Aggregation Strategy” was published for information purposes. Yes, at first the supernet was just a mere advertisement, not a protocol, and not even a standard.

Just the following year, in 1993, RFC 1518 “breaks” the paradigm of networks by classes. While class A networks allow millions of IP addresses, the next step – class B networks – only allowed 65 thousand IP addresses: between the two of them the “waste” of IP addresses is very high.

For that reason, the Classless Inter-Domain Routing (better known as CIDR) was born, which is an extension of the original IPv4 addressing system that allows more efficient address allocation. The original class-based method used fixed fields for network identifiers, which was wasteful as I said earlier: most organizations that are assigned those addresses (class A and class B networks) never intended to put so many devices on the Internet.

As additional information, this is the origin of CIDR notation, the suffix that accompanies an IP address (there are 32 bits in an IPv4 address, four octets separated by periods) and that allows describing or narrowing down a range of them. For example, for /20 it allows 4096 IP addresses, for /21 2048 IP addresses and so on, as well as all the way around (all powers of base 2, this is important for a supernet as we will see later). All these numbers can be obtained using the IP address calculator included in Pandora FMS. You may also find many of these calculators online, each with its own style, shapes and colors to present the same data.

Flexible like Pandora FMS

CIDR thus changed the fixed fields to variable length fields and this allowed to assign IP addresses better, and in a more refined way. CIDR IP addresses include a number that indicates how the address is divided between networks and hosts.

For example, in the CIDR address 201.249.0.0/19 the /19 indicates that the first 19 bits are used for the identification of the network and the remaining 13 are used for host identification.

The main purpose of a supernet is to decrease the size of the route table of routers. For example, instead of a router having 8 individual routes, it may have a single route aggregated from these 8 individual routes. This saves memory and processing resources on the routing devices, thus requiring less space to store their route table and less processing power to search the route table. It also provides stability in networks because fluctuations can be isolated, that is, in one part of the network they do not spread to all parts of the network.

Supernetting and Pandora FMS

From Pandora FMS version NG 731 IPAM was included (abbreviation of Internet Protocol Address Management) which allows to manage, discover, diagnose and monitor hundreds of IP addresses.

Within this feature, the supernet, subnets and even virtual private networks (VLAN) are included, all integrated, with the option to export data in CSV files. Unlike creating VLANs, we can only create supernets manually using IPAM. For that, you have to configure, with the necessary parameters, each of the supernets that you want to have, and later add networks already managed with IPAM that may belong to a VLAN. Although it is a manual process from version NG 758, it includes the ability to quickly addy our data from files in CSV format.

To finish off this post, let’s see what the rules that operate a supernet are.

Supernet Rules

Apart from good practices in network configuration, the established rules must always be followed and enforced to avoid chaos reigning.
The rules for creating supernets are as follows:

• Networks must be contiguous or sequential.
• The number of networks to add must be a multiple of two or “base two”.
• And the rule that is somewhat more complicated: compare the value of the first octet not common from the first block of IP addresses (the smallest) of the list of networks to add against the number of networks to add (see previous point). The value of the first non-common octet must be zero or a multiple of the number of networks to be added.

Together we check out the key concepts of systems and networks

In the middle of the information century, who has not surfed the Internet or used a computer, be it a desktop or a laptop? But do you really know what a computer is and what it is made of? and what about the Internet?

It is important to know at least the most superficial layer of something as important as computer systems and networks, and therefore, we are going to talk about the key concepts of these two topics.

A computer system is a device made up of the union of hardware and software, which allows the use of this system by a person, whether qualified or not, that depends on the purpose of the system.

But, what does “hardware” and “software” mean? Let’s talk a little more about it.

You can define as hardware the set of physical components that make up a computer system. We are going to define the main components of a computer system, although there are a few more:

• Processor: It is the component in charge of executing all the system programs. It is in turn made up of one or more CPUs.
• RAM memory: This component stores the data and instructions executed by the CPUs and other system components.
• Hard Drives: Information and content are stored here in computer systems.
• Motherboard: It is the component where the others are located, and works as a bridge for communication between them.

Well, now that we have a basic understanding of what hardware is, we move on to software.

Software are all the programs that run on a computer system, among which you may differentiate three types of software:

• System Software: It is responsible for the proper functioning of the operating system and hardware in general, such as device drivers.
• Programming software: They are tools whose sole purpose is the development of new software.
• Application software: It is any program designed to perform one or more specific tasks, for example video games or applications designed for business or education.

We already know what a computer system is, but without communication with the outside we are not making the most out of the potential that these systems have (which is a lot), so we decided to connect it to that abstract site full of information and services: the ‘Internet’.

Everyone knows the term “Internet”, but do we know what the “Internet” is?
We could say that the Internet is the great global network that unites all existing devices, allowing communication between all of them from anywhere on the planet. In turn, this large network is made up of other smaller networks, such as those of a country, city, neighborhood, etc.
Mainly, we distinguish three types of networks:

• LAN: It is the smallest network, a local area network, such as the one in work areas or the one you have at home.
• MAN: It is a somewhat larger network, being able to cover from neighborhoods to cities. They can also be the networks used by large companies for communication between their different offices.
• WAN: It is a network that connects countries or even continents to each other, not devices. We can say that the Internet is the ultimate WAN network.

Ok, we already know what the Internet is made of. But, how do devices communicate on these networks? There are systems used to identify each computer on the network, known as IP addresses. An IP address is, basically, the ID or identifier of a device, so it is unique and unrepeatable.

At the beginning, when the idea of an IP address was created, there were only a few dozen computers in the whole world, and this, as we already know, has gotten quite out of control since then. As a result of this increase, they decided to come up with a new concept, known as DNS (for its acronym Domain Name System).

What the DNS protocol does is, basically, translate the domain name that we enter, either in the web browser or in any other program, and convert it into an IP address, with which it communicates with the destination. Of course, all domain names are stored on DNS servers, scattered around the world to avoid connection overload, and to avoid slow name resolutions.

There are a large number of protocols, each with a different purpose. These protocols are grouped in layers, such as application, transport, Internet or access to the network, according to the TCP/IP model. But, that’s not all. We still lack another important concept in relation to communications between devices, what we know as “ports” of a computer system.

Imagine a road, if all the traffic that wants to enter a city only had a single road, what would happen? Well, the same thing happens in computing, and that is why these virtual ports exist.

These ports range from 0 to 65535, but the first 1024 are reserved for “important” protocols, such as the DNS protocol, which we have mentioned above, belonging to the application layer and that uses port 53 for both UDP and TCP connections.

TCP and UDP are two protocols belonging to the transport layer, whose main difference is that the TCP protocol is connection-oriented. That is, the TCP protocol makes sure that the data reaches its destination, while the UDP protocol sends the data, faster but less securely. This data may even not arrive or at least not fully arrive.

The protocols for web connections or HTTP/HTTPS, both belong to the application layer. Depending on which one you choose, it uses a different port. That is, for HTTP connections, port 80/TCP is used, although it is deprecated due to its lack of security, so the standard has become HTTPS connections, which use port 443/TCP and include a security layer based on SSL/TLS.

Connections made through safe channels or SSH, also from the application layer, use port 22/TCP, and thus we could continue with lots of other protocols.

Of course, these ports are a standard in the systems that receive the requests, the client that initiates the request can use any port that is not reserved to send the request and receive this data. As you can see, this is much easier to communicate with servers, although they can also modify their default ports, but the normal thing is that they do not do so if they want to provide a public service.

Finally, we are going to talk about a concept that, due to the pandemic, is the order of the day: the VPN.

As its name indicates (Virtual Private Network), we can define a VPN as a network “tunnel” that is created between client and server, where data are fully encrypted and sent through the Internet. The common use of VPNs is anonymity on the network, since the IP that is exposed is that of the VPN server, or, also, to be able to visit pages that cannot be accessed from the source country.
In the business environment, this tunnel allows direct communication between the client device with any other device in the network of that server, which allows access to an environment as if we were physically in the office of our company. It also allows access control and registration, which otherwise could not be done.

Satellite server in remote environment monitoring

Today we will talk about one of the most versatile elements that Pandora FMS Enterprise offers us for monitoring distributed environments, the Satellite server. It will allow you to monitor different networks remotely, without the need to have connectivity directly from the monitoring environment with the computers that make it up. We will describe the typical case of companies that have central headquarters and remote offices, the different things we may find and how the satellite server can help us deploy efficient monitoring in an economic, fast and simple way.

Standard monitoring types

Before getting into the description of the case, let’s remember how monitoring works overall with Pandora FMS. There are two basic types of monitoring, local monitoring and remote monitoring.

The first, which we call local, consists of installing a small software on your devices (servers, mobiles, workstations, etc.) which we call monitoring agent. Agents are in charge of collecting the metrics locally on the machine, packaging them and sending them to the server. In this type of monitoring, communication goes from the agent (monitored device) to the server in a defined time interval, so the server does not have to interrogate the device, it just has an open port through which information is received, and any device that can reach that port will be able to send its data, so communication is “simple”, you just need to make sure that your monitoring server is exposed to all of your agents.

The second form of monitoring is what we call remote monitoring. Remote monitoring means that the monitoring server interrogates the agent to monitor through some protocol (icmp, tcp, snmp, http, wmi, etc). This could go from a simple ping to connecting to the api of a complex tool, such as vsphere, to retrieve information from all virtual machines, esx and datastores running in this environment and their corresponding metrics.

This type of monitoring opens the doors to being able to retrieve large amounts of data requiring little configuration and without the need to install any extra software on the devices, which is wonderful, but it also entails other inconveniences, such as having to guarantee connectivity from the monitoring server to each of the elements to be monitored, taking into account the security criteria to open these communications.

When you have a single headquarters of any size, this is not usually a problem, since you might usually have your devices and applications concentrated in the same place and communications management between environments is usually easier, this situation becomes complicated when you have more than one headquarters or small remote offices.

Description of a distributed environment

Let’s picture a distributed architecture with a headquarters where you have most of your applications and IT equipment, but you also have smaller sites that also have their equipment and applications. We have examples of this infrastructure, highly distributed, in environments like restaurant franchises, supermarkets, banks, retail stores, pharmacies, insurance companies, etc. Where they usually have powerful, well-managed data centers at headquarters, but remote sites lack the space or staff to maintain servers. Most of the time, there are not even permanent technical support staff for the equipment in these locations, so implementing monitoring can be challenging.

If some technology is implemented such as a site-to-site vpn, a sd-wan or dedicated communication between your sites, there is hardly any problem, you may have your monitoring environment at your headquarters and from there “attack” your remote devices. Well, the problem is that these solutions are expensive and require implementation and management, and if they are not already implemented, their implementation can become very complicated (and expensive). It is in these cases where the satellite server becomes essential, since it combines the versatility of remote monitoring with the communication behavior of local monitoring.

Using the Satellite Server

The Satellite Server consists of software that will be in charge of doing the remote checks on your network. Let’s say that in our restaurant, for example, it will do network scans, monitor each of the restaurant’s devices through different protocols, store these data and then pack them and send them to the main Pandora FMS server as if it were a local agent, so the headquarters/remote headquarters communication is simplified. You just have to make sure that a single device, the Satellite Server, can communicate with Pandora FMS server, in that sense from the remote headquarters to the main headquarters to send the data packets. Remote checks will always be done from within the local network without the need to expose any of the services, devices or applications of your remote headquarters.

Even if you want to make use of hybrid monitoring (local and remote monitoring) in your remote headquarters, you may install software agents on your devices and point them to our satellite so that it becomes the single delivery point between your remote headquarters and your headquarters.

In addition, the Satellite Server has remote configuration, so once deployed, it can be managed and configured from your main monitoring environment, being able to add new metrics, alert systems, policies and more configurations without having to access your remote headquarters, all from your Pandora FMS web console at your headquarters.

Regarding its deployment, the Satellite Server is a very light software especially compared to a full Pandora FMS installation, so the hardware requirements for monitoring remote sites are really low, it can even be deployed in a Raspberry Pi, which is a very cheap and compact device, or failing that, you may use any of the resources that are already deployed at the headquarters, such as a data server, to deploy your Satellite.

As you can see, monitoring remote sites using the satellite server simplifies a huge deal the configuration necessary for monitoring, helping you save money and implementation time that without a tool like this would be a lot higher and more complex.

Today we discussed only one of the typical cases, which is one of the most common ones, to describe the performance and the usefulness of a satellite server, but it is not only valid for remote locations, it is useful in many other ways, such as load balancing, making checks at the same point from different locations (very useful in monitoring web pages) or even for monitoring complex environments such as Kubernetes or Openshift, where many of the services are not exposed to the outside, such as databases or backend services, and that you could monitor if you deployed a pod with the satellite within the network and directly attacking these services, for example.