DX NetOps

Morning all,

I have a quick question about Multi-Tenanting in Spectrum.

In our company we do Remote Infrastructure Monitoring (RIM) for various clients, currently utilising EMC SMARTS. There are some issues I have with the current system, and we have deployed Spectrum successfully onsite at different clients.

Now, I have been wondering, especially with the 64bit architecture that Spectrum is utiising, if we cannot use a SpectroSERVER per client, keeping each client separated by Landscape.

None of our RIM clients use more that 10000 devices, so the current landscape architecture covers that point.

We have all the SMARTS pollers in our own DC, with an open ICMP/SNMP channel into the clients, although using the Spectrum's Secure Domain Manager may be a safer method of carrying this out, security wise.

If this works, I will more than likely put up the argument for integrating Spectrum, NFA and PC to provide all the info that would be required. Possibly at a later stage ADA and SOI as well to provide a full on Service Management, remote management suite.

Any thoughts on this?

Regards

Kurt

Hi Kurt,

                As I was reading this the SDM/SDC functionality in Spectrum is what came to mind and as you noted and seems like a great fit.

Cheers

Jay

A Spectrum landscape per tenant also works well since not only does it handle overlapping IP ranges that SDM/SDC does, as Jason mentions above, but you can also provision your tenants to only have access to their specific landscape while your cross tenant users (central NOC, account teams, etc.) can have access to multiple tenants/landscapes.  Do you plan on providing customer access to topology/alarm data or is it strictly your NOC users managing these customer networks?  That would probably help drive the choice between SDM/SDC and landscape per tenant. 

Hi Robert,

We would more than likely allow the client to have a view of their infrastructure as well as the alarm data.

The NOC in all likelihood, will be utilising the web client for problem solving. We are currently utilising Service Now as the service desk manager, and will be integrating Spectrum with a bi-directional link into it.

Hi Kurt,  was this resolved?  if yes, let me know or you can go ahead and mark the correct answer as "correct". or tell us if more assistance required.  Thanks and have a great weekend.

Hi, we have installed the same once.

In our case we installed a Spectroserver for each client.

We use a central Spectroserver and Oneclick to unify the alerts and administration.

Via Firewall-Rules all Client-Spectroservers only could access the central one. ...  normally they try to connect to each other.

Administration could be done only through the central one.

Via local Oneclick-SErvers and restrictesd permissions (Security-String) we allow read-Access to local admins. .. they only could watch and clear local alerts and they could add devices in the local Spectroserver.

.. but they cannot:

- Change Alarming (Event-Configuration / SANM)

- Add Global Collections

These Limitations are acceptable. Basically these Limitations are not made by Spectrum, these are made by our Firewall-Rules to block access from local Spectroservers to others.
A local Spectroserver only forwards the alerts to the central one and provides Telnet/SSH through through the whole infrastructure.
If You use SDC, Secure Domain Connector, - this acts like a SNMP-Forwarder. ... it is nearly the same traffic as Polling directly through the VPN to the remote network. After some tests, we prefer a remote Spectroserver.

Hi Erich, 

(or someone else with relevant experience,)

Could I ask how many sites / remote landscapes you have? We are currently utilizing the SDC solution, for about 25 customers. However if one of the connections to the customer site flap, all the models are flapping as well and RCA kicks in. (lots of events). Also from time to time we experience a timeout on a device, which causes accepted alarms to be un-acknowledged. With a DSS on-site I would expect these problems to be less, Would you expect troubles with a oneclick and 25 to 50 remote DSS`s?

Regards,

Rob