X-ROAD ENVIRONMENTAL MONITORING 1. Taustakuva vaihdetaan hiiren oikealla näppäin > ”Muotoile tausta…” > Täyttö / Kuva tai materiaalikuviotäyttö / Lisää ”Tiedostosta..:” > Valitse kuva (1920x1080px koossa niin venymistä ei tapahdu). Säädä otsikkotekstin väri taustakuvan mukaan. 2. Nimi ja @nimi vaihdetaan masterpohjan ensimmäiseltä sivulta: Ylänavikaatiosta valitse Näytä / Dian perustyyli > Valitse ensimmäinen dia (Office teema-niminen) ja muuta sivun alareunan nimitekstit haluamaksesi > Sulje perustyylidianäkymä painamalla ”Sulje perustyylinäkymä”-nappia.
Table of Contents Why we need to monitor security servers? Environmental monitoring solution Implementation status and next steps
Why Monitoring FOR CENTRAL ADMINISTRATION X-Road security servers are not maintained by central administration However X-Road central administration needs to ensure secure and robust operation of X-Road instance’s security servers Some important data for central administrators X-Road software version Operating system patch level
Why Monitoring FOR LOCAL ADMINISTRATION Organizations have to maintain their own security servers The security servers need to be monitored to ensure robust operation Preferably using the industry standard server monitoring tools such as Nagios or Zabbix Important data for system administrators Memory usage Disk space Running processes
Why Monitoring The same monitoring information dataset is available for both local and central administrators although the needs may be different
Environmental Monitoring Architecture
Extended X-Road Protocol In clustered configuration there are multiple security servers per client However monitoring needs to address individual security servers, not just clients With X-Road 6.0 Message Protocol this is not possible Monitoring extends the Message Protocol by adding <securityServer> element to address security servers by server code
Extended X-Road Protocol - Request
Extended X-Road Protocol - Response
Monitoring Data CPU load Memory Disk space File descriptors Operating system information Processes Installed packages
Access Control Monitoring requests are not allowed from everywhere Client that is the owner of the security server can always make the query Central monitoring client can make the query Needs to be configured on the central server using global configuration extension part
Central Monitoring Data Collector Harvester service collects monitoring data from security servers Harvester saves the monitoring data to ELK stack Administrator can analyze the monitoring data in the ELK stack
Central Monitoring Data Collector
Implementation Status Monitoring data via extended X-Road protocol Since 6.7.10 Monitoring data via JMX Central monitoring data collector Implementation starts Q4/2016