Collection Zone supports overlapping IP namespaces through the optional MultiRealmIP ZenPack.
This ZenPack is not installed when Collection Zone is set up. To have it installed, please contact Zenoss Support.
With this ZenPack, Collection Zone can prefix a realm identifier to the IP addresses of a network, enabling unified monitoring. The primary use cases for multi-realm IP management are as follows:
A large company that manages multiple locations has defined the same network spaces across the locations, and as a result, created multiple overlapping IP spaces. Collection Zone needs a way to identify each separate IP space in the system.
Service providers that are responsible for monitoring multiple customers that have created independent networks and IP spaces that are unique to their location, but not unique to the service provider.
Prerequisites and considerations
- Under multi-realm IP networks, device names must be unique even though the IP addresses overlap.
- If an event contains the unique name of a device, assigning it the proper device is simple. However, if only the IP address is sent, the event is assigned by looking up the IP within the context of the realm.
- If a device is moved between realms, the device must be remodeled so that its IPs are placed in the correct location.
- The Network Map only displays the default realm.
To set up a multi-realm network, please contact Zenoss Support.
Example multi-realm system
The following diagram shows an example system.
The system contains network 10.10.10.0/24, which has a central Collection Zone server, and is therefore the default network. The default network is treated exactly the same as a Collection Zone system without MultiRealmIP installed.
The system also contains network r1 and network r2. These networks are behind a firewall and have the same IP space,192.168.0.0/24. Each realm has a distributed collector. The Collection Zone server accesses the collector by using an IP translation from the firewall to map the address that is accessible from in front of the firewall to an address that is behind the firewall. Remote collectors in a multi-realm setup must be accessible from the central server using SSH.