Idea Details

Support for multiple CAPC’s for scalability and physical multi-tenancy

Last activity 07-20-2017 03:11 AM
hkunze's profile image
02-03-2016 07:31 AM

Hi all,

 

we need the ability to connect more than one CAPC to one Data Aggregator.

 

Our network environment is divided into some access segments to separate the operator, admin und customer traffic.

For security reasons we have to isolate these user groups, so we would like to provide one CAPC to every access segment/group.

All segments are connected through a firewall which secures the PM-system from outside traffic.

 

All customer-groups should have read/write access via their own CAPC to the Performance-Manager system.

At the moment we are using eHealth distributed consoles in exactly this way to separate our customers and our local staff.

 

We act in an service provider environment, so we need this functionality to meet our company security policy!

 

I think this idea will also be useful for other service providers or enterprise customers.

 

Thanks a lot!

 

Best regards

Holger


Comments

07-19-2017 08:31 AM

Matthew,

that sounds very good!


Maybe we can divide it into two steps:

 

------------------------------

Step 1 would meet our needs to have multiple CAPC instances for one CAPM without any user separation.
With this feature we would be able to basically seperate different user groups (i.e. operator, customer, admin etc.) which use different access networks. One CAPC for every group / every access network would be fine.
Certainly there's a firewall between the access network with user authentication.

------------------------------

Step 2 with different user accounts for each CAPC would increase the security on a higher level.

i.e.
CAPC 1: "operator network" - user Jim, Todd and Jerry
CAPC 2: "customer network" - user Cust-a, Cust-B and Cust-C
CAPC 3: "admin network"    - user Tom and Jerry

All three networks are isolated, so the CAPC should act as a "proxy" to access the central CAPM. To prevent an access from Jim on CAPC 2 or 3 an user-based Separation would be more secure.
Step 2 matches our company security rules.

------------------------------

 

Hope that answer your question.

Many thanks!

 

Holger

07-13-2017 12:24 PM

Supporting multiple CAPCs within a single CAPM instance is part of our high availability vision for the product.

 

As far as the need to limit which customers can access a specific CAPC instance, will that always be controlled by network access?  Or is there a need/desire for CAPM to support separate user access per CAPC instance (as opposed to shared user access across multiple CAPC instances)?