Setting up a multitenant environment at Centreon

Print Friendly, PDF & Email

In this post we will see the configuration necessary to be able to configure a multitenant or multi-client environment, where the idea is that each Company or Client that we have monitored can access its resources. From a single frontend we will only give visibility to what interests us, in this case that each Company can see its equipment and certain basic monitoring tasks.

 

We will play at creating Users, Groups, Roles and permissions, The scenario will be very simple, we have Company A, B Corp… each one will have its users, and we will create custom menus so that apart from seeing your machines, they can only perform the actions that interest us. We start by defining everything!

 

Creating User Groups,

First of all, we will create a Group for each Company, since “Configuration” > “Users” > “Contact Groups” > “Add”. We name a name and an alias,

 

Creating Users,

Now we create the Users of each Company from “Configuration” > “Users” > “Add”, in the 'General Information' Tab’ We will fill in your username, His alias, your email if we are interested in receiving notifications and we link it to the Contacts group we have just created. So with all the users to be generated, optionally it will be to enable from here the Notifications topic.

 

In the 'Centreon Authentication' Tab’ we must specify at least the password that we are going to give to the User.

 

Configure access to resources,

Since “Administration” > “ACL” > “Resources Access” > “Add” we can create different ACLs to give access to the resources. We will define what each Company can see. First on 'Access list name’ We define a name for it.

 

On the “Host Resources” we will be able to filter and indicate which Hosts can see, we can do this manually by indicating which Hosts or which Hosts Group can see, or make exceptions. In this example I want Company A to see all the hosts, We won't do the filter here, since the model I follow is that each Company has its own monitoring Poller, therefore it will be easier for me to tell you to see all the machines, but of his Poller only.

 

So in the “Filters” we will be able to select and filter the Poller that we are interested in associating.

 

Creating Access Groups,

To allow access to the group, since “Administration” > “ACL” > “Access Groups” > “Add” we will be able to link this Access Group with the User Group that we have previously created, in the 'Group Information' tab’ we indicate a name and an alias to the group and link the User Group we have created before.

 

In the 'Authorizations Information' tab’ we select the ACL that we created not long ago also to give you access to the resources that have interested us.

 

Defining Menus,

One thing that can be interesting, will be to indicate which Centreon Web Interface Menus they can use, if we are only interested in seeing the Monitoring part, or also the Settings… Since “Administration” > “ACL” > “Menus Access” > “Add” we will be able to define them, we give a Name and an Alias to the Menu, we link it to the ACL Groups of the companies and mark the ticks of the pages that they can see.

 

Defining what Actions they can perform,

In “Administration” > “ACL” > “Actions Access” we will be able to create different accesses to what tasks they can perform within Centreon, we give a generic name for all companies and link the Groups of Companies. Finally, we will mark the ticks of the functions that we are going to let them perform, how can they disable a machine, force your check, Put on maintenance…

 

Another way to link resources,

Another very elegant way can be for example by creating a Host Template for each Company, so we can make every Host we create in Centreon, we link you directly to a Company. As always, we'll create it from “Configuration” > “Hosts” > “Templates”.

 

And in the “Notification” we will link the User Group to this Template, we can also enable from here if we want everyone to receive notifications.

 

Testing…

And nothing, all that remains is to enter as a User and see that we have created everything well, we only see the machines that interest us, The menus, actions on resources…

 

I hope you found it interesting, The truth is that it is a very flexible product and you can make any type of necessary configuration, With this document I wanted to show you a little bit what we can do with ACLs, thinking about it in environments where more than one person and different companies or customers of ours will access to see their monitoring.

 

Recommended Posts

Monitorizando Tareas programadas con Centreon
Read
Monitoring Crowdsec with Centreon
Read
Monitoring our firewall's web UTM rules thanks to Centreon
Read
Monitoring Proxmox EV with Centreon
Read

Author

by Héctor Herrero 
nheobug@bujarra.com
Autor del blog Bujarra.com Cualquier necesidad que tengas, Do not hesitate to contact me, I will try to help you whenever I can, Sharing is living ;) . Enjoy documents!!!

Antivirus protection for our Nextcloud data

24 of January 2019

Installing phpIPAM

2 February de 2019