What connectivity methods does the Assure24 agent use to connect to the management centre?
Each agent establishes a secure authenticated connection via the Internet to the servers at the Assure24 Management Centre.
How do you make sure that only relevant information reaches people?
Customer profiles are created for each user of the service. The profile contains association with clients services, service groups, devices and devices groups. Additionally, time windows for shift patterns or holidays can also be configured.
What notification methods are available?
A client’s support team, support individual or a client’s third party or out of hour support desk can be notified of issues or status change through either email or SMS text messages to a mobile phone.
How can problems be automatically resolved?
Assure24 utilises intelligent agents that can perform corrective actions to resolve an identified issue. This can be as basic or as sophisticated as required, and can range from restarting of services to performing a set of commands based on automated troubleshooting information.
How will the service manage third party applications?
Critical availability and performance information is gathered from a combination of application log files, database tables, process monitors, performance monitors and application status commands. This information is then processed with any automatic resolutions and/or notifications taking place.
How will the service manage in-house developed applications?
The Assure24 agents manage in-house developed applications in the same way in which they manner third party applications (see above). The only difference is that the in-house developers can use the Assure24 monitoring system to report and escalate errors within the application.
Does Network Address Translation (NAT) need to be configured?
The Assure24 service does not require Network Address Translation to be configured. However, Assure24 can support devices that are configured with Network Address Translation, so even if it is in use, the service can still be delivered.
What happens if any of the service monitoring components fail?
Availability design has been built into each collection, processing and presentation element of the Assure24 service. The collection agents can continue to operate even if network failure occurs. The centralised systems we utilise to monitor and notify are also fully redundant and configured to ensure continued availability and performance.
Will my network ever become exposed to external access?
Our network environment is fully secure to prevent external access by any individual or corporation. If a customer wants extra protection then a customer network can be connected to the Management Centre via either a dedicated leased line or secure VPN using addresses that are not propagated throughout the network.
How does Assure24 guarantee the security of my data?
The Assure24 services are not targeted to use a clients’ proprietary data and only collect availability and performance information about a client’s system and application.
How secure is the Assure24 environment?
The Assure24 management centre is separated from the Internet utilising firewalls and specific access control configuration. We also employ other security policies and procedures to address issues such as information security, data security and other security concerns.
What if I already have an operations team – do you replace them?
The Assure24 services complement the operation of our customers’ IT staff. Our goal is to enable your technology team (external support company or in-house team) to focus on your business, core development of applications and related mission-critical systems while the application and management servers monitor the day-to-day the availability and performance of your IT service environment.
Other monitoring and management applications are prone to issues and reconfiguration, e.g. when I change a hostname or IP address. How does the agent handle this?
The agents use its own unique identifier and is tolerant to both changes in IP address and hostname. The agent can also work in an environment that utilises Network Address Translation.
Can you summarize the agent communication?
-
It’s Secure: Third parties cannot packet sniff traffic between the agent and server, nor can they introduce malicious data.
-
It’s Authenticated: A hacker cannot masquerade as an existing agent, nor fool an agent into connecting to another server.
-
Uses only a single outgoing port: In an age where firewalls intersperse organisations, configuration is made easy because the agent communicates using an existing proxy server or can utilise a single documented port.
Can you summarize the agent encryption process?
-
A private/public key is generated the first time that the server is run after installation.
-
The first time that an agent is started it must be told which is its server; this is currently a command-line flag (which it remembers), but will become a pop-up. Then it also generates its own private/public keys.
-
If the agent cannot find the server’s public key, it connects to the server and downloads it.
-
On startup, the agent creates a ‘negotiation’ message made up of a random pass-phrase and its public key. This message is signed and encrypted using the server’s public key. Once sent, the communication channel is switched to encryption using the random pass-phrase.
-
On receipt of this first message, the server unencrypts it and verifies the signature. Then it can proceed to deal with the packaged information. An MD5 checksum is computed from the agent’s public key which will be unique to that agent, and the random pass-phrase is also used to enable encryption.
-
Transparent encrypted communication can now take place between server/agent as the encryption is performed by low-level routines.
I don’t want my data to be stored on the same system as your other customers, can this be accommodated?
We can provide a dedicated centralised management server for use with agents deployed within a specific customer environment. However, this will incur additional costs and will require additional set-up and configuration, impacting on deployment timescales.
How do you monitor network devices such as routers, switches and printers?
In the majority of instances, we collect information from network devices using the industry standard SNMP protocol. However, in certain situations we have found we get a greater level of detail using other methods and have also developed collection methods that utilise the telnet, http and ftp protocols.
The infrastructure associated with collecting these metrics will be dependent upon the environment, the number of devices being monitored and the metrics being gathered. We can either configure an agent running on another server to collect data or we can place dedicated devices to collect SNMP metrics from the network devices. If we are collecting over 10 metrics from 10 devices we would tend to recommend a dedicated collection server.