Sun Microsystems 10 manual Dd Use case Multi-network monitoring

3.4. Multi-network monitoring

Requirement

[dd]A company has several different networks that are separated into several levels either by firewalls or by routers. A variety of computers are installed in the individual networks. Administration is to be simplified, and the company would like to be able to "look into" all the networks directly from a central location and administer without having to connect the networks by routing.

Solution

[dd]A central monitoring and administrator server is installed. On this server, several zones are created that have each a connection to a network. Monitoring or administration of the computers of the individual networks is done from the zones. The following details are used in particular:

∙Sparse-root zones, that is, the zones inherit everything, if possible, from the global zone.

∙All zones use the same monitoring and administration tools.

∙Monitoring data are stored in file systems that are shared between zones.

∙Data can be evaluated from a local zone or centrally from the global zone.

∙From a central location (the global zone), central configuration files can be distributed directly to all zones or to all systems in the networks. Circuitous paths via routers and firewalls are omitted.

∙Routing between zones must be turned off.

∙Option: Use exclusive-IP instances.

Assessment

[dd] This use case has the following characteristics:

∙The operating division's expenses for creating the zones are low.

∙The administrative overhead decreases for systems in the networks since no multiple login via routers or firewalls must be performed.

∙A single point of administration can be created.

∙Relief of the strain on routers and firewalls stemming from network load and additional configurations.

∙Use of uniform monitoring tools.

∙Use of uniform configurations is simplified.

Global Zone

System 1

Figure 10: [dd] Use case: Multi-network monitoring

19