The Device42 Remote Collector
The Remote Collector (RC) is a separate virtual appliance from the main D42 appliance. It is sent autodiscovery jobs by the main appliance (MA), and runs them remotely. All auto discovery jobs except for Power SNMP jobs can currently be run remotely. It is possible to have an unlimited number of RC appliances. The Remote Collector allow users to perform SNMP, IPMI, hypervisor and other auto discoveries across networks with only https access, and without needing to open numerous ports up across segments.
Each RC needs to have the ability to communicate over port 443 with the main appliance. Communication establishes a websocket on a connection port that can be random (an ephemeral port), but that is opened automatically and by default. The main Device42 appliance then talks to and controls the RC over the websocket port.
RC Deployment Example
Remote collectors are extremely flexible, and make discovery with Device42 easier than ever. You can deploy one or more, with no logical limit to the number of remote collectors.
In the deployment example pictured, a remote collector is deployed within each isolated DMZ Network Segment that, per firewall rules typical of a DMZ, the Device42 appliance is normally unable to directly reach and/or discover. Deploying a remote collector to these segments not only bolsters security by saving the Network Administrator from having to make multiple temporary (or permanent & insecure) firewall rules (aka ‘holes’) to allow discovery traffic to pass from the main appliance over the wide range of ports utilized by various vendors APIs. Please note that the diagram does not show the majority of network connectivity that would be present, and instead focuses mainly on what is discovered by the MA vs. the RC, and the communication between the RC & MA.
Instead, as mentioned briefly in the introduction, all communication and discovery information is securely transmitted between the RC and the MA once a connection is established via Port 443 (HTTPS/SSL). This means a single, secure and easily monitored 1:1 rule allows for comprehensive and continuous discovery of the secured network segment [as often as scheduled or desired] - without compromising its isolation or security.
Installation and Configuration
To download the Remote Collector please contact Device42 at email@example.com. A virtual appliance image is available for all major hypervisors. Deploy the VM image to your hypervisor, and proceed to login through the console or via ssh on port 22. The default credentials for the Remote Collector are:
username: client password: device42
After logging in you will see the main menu:
From this menu you can select “RC Setup” to register your RC with your main Device42 appliance. To do this, you will need to first generate a One Time Password (OTP) from Device42. Visit Device42 in your browser and go to Tools>Auto-Discovery>Remote Collectors. Here you will be able to view any existing registered RCs and generate an OTP to register a new one:
Click “Generate OTP” in the top right and copy the password you receive.
In the RC console, under “RC Setup” enter your OTP along with the IP address or FQDN of the main appliance:
After the initial registration on port 443, all subsequent communication occurs over a secure websocket channel between RC and MA.
Running Remote Discoveries
Once registered, you can now schedule any auto-discovery jobs from the main appliance, instructing them to run on the remote collectors of your choosing. Each autodiscovery screen now shows a “Remote Collector” drop-down menu. Clicking this box will display all registered Remote Collectors, and allows you to choose the RC you would like the discovery to run from: