Enterprise style Central Management Interface - {Now $1900}
-
I still think using another server to monitor services, management and polling devices is not ment for a firewall.
There are already great packages like zabbix and nagios which offer plenty of management abilities.
Monitoring a great deal of servers and services also take up plenty of cpu power/memory (10 sensors for each server with 20 servers..)
Just my 2 cents, why reinvent something which is already invented ?
-
Not for monitoring devices. More for maging and being able to configure all of your pfSense firewalls from one location. There is no product out which does this for pfSense. Also 1.3 can operate with 1 NIC, meaning this would become an appliance rather than your firewall slash everything else under the sun. I have been looking at a different solution for monitoring devices. ManageEngine has an MSP solution which for 2500 per/year aloows you to monitor 100 devices. I do agree that for monitoring pfSense would probably not make much sense since the cost of developing a solution would cost much more.
-
Very interesting! I can see a solution in my mind, but I don't know how long this will take. I think I need to research this or something….
-
It would be a dream come tru if someone developed a management client for pfsense like Firewallbuilder with log viewing capabilities…
Today I manage 20+ pfsense boxes for VPN/firewalls etc, just imagine if it would be possible to manage these from one gui
Wishlist:
object oriented firewall/VPN configuration, +only create the objects one time (drag/drop the object rules to the firewall and apply/upload)WE CAN ALWAYS DREAM ;)
/MRNilsson
-
@ MRNilsson
One does not have to just dream. One can also donate! Hint Hint.. ;D
-
Curious….Is someone developing a commercial solution for this? I noticed Centipede now has an automatic backup plugin for configs..... That is not a full solution but I get the feeling something like that is happening. This bounty gathered much interest in the beginning and then P :o :oF. The concept is a very good one (At least I think so) and am hoping that someone is still interested. I will up the bounty by $500. I would appreciate it if someone would tell me (Devs) if the lack of interest is due to wanting to make a commercial solution...add-on or if it is the bounty total. If it is the bounty total then if someone could tell me what it would cost to "interest" a dev to create this. I have added a significant amount of my own money and might be able to convince others to join in but with the bounty sitting stagnant it is difficult to convince people to pony up some cash when no one is negotiating.
-
I read this whole thing and can the requirements reconciled in a post and what is the last offer for this?
-
Hi ermal,
I will work on an updated list based on my reqs. I hope others who added to the bounty are still interested and can respond in kind.
A side note: I have been trying to reach you about the traffic shaper with no luck. Can you PM me the info as I have yet to receive it.
Thanks
-
I am interested in joining the discussion, as I operate a network of PFsense. I anticipate that my config is the classic central site connected via VPN to some remore sites. I have 40 wrap/alix remote units.
For me, the interest in a central management system is broken in three functions.- Backup. I want a system that can store all my configs in a safe place. Now i have a script that timely, from a central place, downloads all the config scripts.
- Distribution. I'd like a sytem to distribute config changes to all of my systems (things like admin password changes, filters, vpn configs,…) with a result feedback.
- Monitoring. Id' like to know the summary state of all of my remote systems. The info that I need are very basic, system up/down, VPN up/down, lan/wan usage. A central logging system is not a requirement for me, as it can be done in other ways.
A fourth function, Alerting, can be done for the bare activity of the system in other ways, so for now is not crucial for me.
As for the architecture, I' m dubious.
I think this system in interest of people who control a data center, so a dedicate machine I think is not a problem. For the operating system, every data center has different skills, and a specific architecture could be a problem.For the funding, I already put 300$.
Now, if the system covers the first 2 points I can put 600$ total, and other 400$ for the third.
I truly want a central system, so i'd really want to participate in developing something useful.Fridaynoon
-
Hi all, this is my post.
http://forum.pfsense.org/index.php/topic,13107.0.htmlWhere can i invest 200 $ for this project? But how long take this progect ??
And how match is it. -
How much can you contribute. ;D The more you can…the more likely someone is going to show interest........ Specify an amount that this would be worth to you and a mod or myself will add it to the amount listed.
-
I can add 1000€, but need an invoice (company here :)
-
Can this all be summarized so i can report an answer?
-
From my humble point of view ..
- The idea might be to develop the pfsense part of the Central Management Interface (CMI ?), and make it opened to anyone who'ld like to code his CMI template / site, or embed it in his current corpo site.
- The CMI could than run on any LAMP / WAMP of your choice.. the idea being to only provide a set of functions usable for php5 dev's.
- I think we could think as if building up a client / daemon and functions API to communicate between the CMI host and the N pfsense nodes.
- Since the main purpose of pfSense is not to serve as web server, i'ld rather have this CMI host'able on a dedicated box.. not on my firewall !
- The infos served by the nodes should be quickly accessible .. and sharable (if needed) .. RSS, XML comes to mind .. somehow .. each node could export as RSS feed / XML containing the infos required to be displayed by the CMI GUI ?
The plugin should:
- Let you view a global status page summarizing all your pfsense nodes vital infos (carp status, iface status, load, states, ram, cpu, hdd .. all gathered via cron than interpreted via an RSS feed parser ?), let the user select what infos to display on the global status page (possibly limit the number of infos to poll)
- Have a schedule to determine the frequency of updates to be performed, and on which node.
- To perform the scheduled updates, we could set a cron job on the CMI's LAMP that'll query the CMI's database to look for nodes to query (and what infos to request). This cron could connect to each node with a magic handshake mechanism that would make the node spit back the RSS feed with the infos request by the CMI's cron script
- For each pfsense node, we would have the ability to access the admin interface without the need to re-log as admin on it
- For each pfsense node, we would have the ability to send / save / restore / backup a config file
- For each pfsense node, view the logs (RSS feeds ?) or some more ajaxified mechanism .. the API could contain a simple JSON or XML PHP script that'll feed a JS class to make async requests to nodes to get their log data ?
Possible uses
- For each node, manage packages
- Centralized logging mechanism (implies vpn between the nodes and the CMI ? - syslog integration for "centralized syslogd" on the CMI host)
These are rough idea..
But maybe some are worth debating ?What do you think ?
-
I'm very interested in this thread.
I can agree to some of the requirements listed by df. Obviously we have some habits in managing our networks, and we like the way we do it. In my opinion, as I wrote in a past post, I need a distribution function, a way to make a global change to some specific parameters of a config.
Ermal, I'm very happy if you say you're interested, as i saw this thread not a priority for the devs.
In the past we had at least three possible contributors (kapara df & me), I dont know if one of us can summarize a single view of the project.
I think we have to agree from stating some architectural point: lamp/wamp/other, a dedicated machine, link directly via Internet (a VPN is a problem when some remote machine is not working)
and to some basic functionality.
On this some devs have to say if they can take the bounty, telling what management function can be done, and when.
Obviously they have to tell if they can take care of the evolution of the project, that has to follow the evolution of the basic pfsense.Greetings for the new year…
-
Do the bounty posters want a standards based soluton, or special pfsense only solution? I think the only intelligent way would be for a standards compliant solution rather than a pfsense only solution… such as the suggested CMI model.
I think CIM - common interface model - may be more appropriate. Open standard. Extensible. Several tools for it exist. A good look at http://www.openwbem.org/ maybe worth the time. It implements CIM and has some vendor backing.
How does one collect on a bounty?
I understand GPL accomplishes different goals than BSD. Different. Why the animosity against a GPL solution? Would a GPL add on be acceptable?-tom
-
dutler: My idea is to have a lightweight easy to embed "CMI", or rather GUI that interprets the data collected by the .. probes (?) set in crontab.
In a way, we would work much like most supervision systems (Nagios ..), but always following the KeepItSimpleStupid guideline.
I'm personally not against third party plateforms / frameworks, as long as we are allowed to freely use, distribute, and sell it, and as long they respect the above KISS rule.
To clarify my previous post, i can offer a $1000 euros bounty to any legal entity (understand company) that can make legit invoice for the job.
But, I, personally, would like to see the code produced but this bounty freely available to anyone, and if Scott and other members agree, make it part of pfSense as a package (for the pfsense related part of the CMI's probes / plugins mechanisms that will be required on remote boxen).
And btw, best wishes to all for '09.
-
Pulling my bounty. Looks like this is not going to happen and am looking into alternative solutions. Thanks for showing interest. Unless someone else is interested in continuing with this I don't mind if it is moved.
-
I'm likely to take on this project starting in a few days. For those that are still interested please reaffirm your interest.
Mark
-
The original author of this bounty has contacted me and indicated that he is no longer interested in this bounty. I will be moving this thread to "Expired" at the end of this week unless someone has reasonable objections.