Post on 12-Oct-2020
Avenue ControllerRemote management and monitoring solution for the MSP
1.Challenges for the MSP
2
Problems for the MSP
Connectivity
Provide access towards customers’ infrastructure without tainting the own network. IPsec VPNs are cumbersome to setup and are high maintenance.
Maintaining a high volume of IPsec VPNs to networks that are not the MSP’s own poses a large number of networking issues.
Monitoring
Setting up a monitoring solution usually requires an IPsec VPN connection or a connection over public IP with port forwarding.
Monitoring done without on-premise materials is usually unreliable since traffic passes over the unreliable internet.
Automation
Deployment of IPsec VPNs between the MSP network and customers’ networks are usually not automated.
Automation is not an option when the remote network cannot be managed.
3
Connectivity
Many (cloud) solutions are available today that allow MSPs to manage systems remotely. They all perform one thing: allow remote management of (most likely) Window systems
I.E. LogMeIn, TeamViewer, ...
Many other solutions provide dialup VPN based access,
Existing solutions for the MSP
Monitoring
Many solutions provide monitoring, centralized or distributed using proxies or probes
I.E. Nagios, PRTG, Zabbix
4
No size fits all
There are no enterprise solutions combining
multi-tenant connectivity and monitoring
5
2.Our solution
6
IntegrateWhy not combine multiple existing
solutions into one?
7
Let’s build a complete solution for the MSP
ZabbixThe ideal enterprise open-source platform. Scalable, open, complete JSON API.
OpenVPNWidely supported VPN platform (Windows, OS X, Linux), lightweight, easy to deploy, little overhead
IoT deviceCan function as a Zabbix proxy and a remote VPN gateway
8
Avenue ControllerPuts it all together
SyslogThe widely supported standard for logging and logshipping
ReportingEnhance your Zabbix experience by adding reporting.
Here’s what the Avenue Controller does for MSPs
◎ Drastically reduce time to deploy monitoring◎ Drastically reduce installation and operational cost for
monitoring◎ Provides a no-configuration VPN into the customer network◎ Provides simplicity for your engineers◎ Provides the ability to scale◎ Provides a complete reporting tool
9
How does it work?
◎ Automate deployment of remote nodes, called leaves◎ Integrate the leaves as Zabbix proxies○ Provide a secure path○ Manages TLS keys○ Automatically define proxies in your Zabbix installation and maintain integrity
◎ Provide a central VPN solution providing instant connectivity towards a customer
○ Provides a one-stop shop for connectivity to your customers○ Automates session management
◎ Provides a secure relay for syslog messages○ Allows the Leaf to be used as a syslog receiver○ Relays the syslog messages to a syslog server of your choice in your NOC
◎ Provides a reporting framework○ Allows for PDF reports to be created on demand or scheduled○ Provides a GUI to build and store reports
10
How does it work?
◎ Addon functions○ Perform network discovery of the remote subnet○ LDAP integration○ Logging○ Automatic database backups○ Can be deployed publically or only for internal access only at the MSP (on-premise)
11
Leaf-102
Intel NUC based
+ Cheap to buy & run
+ Easy to deploy in the field
+ Reliable enough for small customers
Leaf platforms
vLeaf
VMware based
+ Fast to deploy
+ No hardware needed
+ Better for enterprise customers
12
Recently added features
◎ External API for integrations◎ vLeaf (VMware support)
13
Roadmap
◎ Integration with an IPAM◎ One-click connectivity towards common protocols without a
VPN client, I.E. Terminal Services, SSH, Telnet, HTTP, ..◎ Syslog & auditing (WIP)◎ SAML (ADFS) integration◎ Customizeable Leaves◎ Wi-Fi scanning (& possibly testing)
14