Enterprise style Central Management Interface - {Now $1900}
-
i have been looking at how Vmware Virtual Center manages their ESX servers, and they seem to use the following configurations:
the management server with vcenter and SQL (sql can be on a separate server if wanted)
the esx servers has OpenPegasus, a WBEM server, the Virtual Center Client pushes configurations to the ESX server OpenPegasus via CIM-XML over a SSL session (https?)Maybe OpenPegasus can be used for pfsense too?
http://www.openpegasus.org/page.tpl?ggid=799
"Pegasus is an open-source implementation of the DMTF CIM and WBEM standards. It is designed to be portable and highly modular. It is coded in C++ so that it effectively translates the object concepts of the CIM objects into a programming model but still retains the speed and efficiency of a compiled language. Pegasus is designed to be inherently portable and builds and runs today on most versionsof UNIX(R), Linux, OpenVMS, and Microsoft Windows."i'm really impressed on how Vmware's Virtual Center Client is managing multiple ESX servers, and would really like to see something similar for pfsense. (but thumbs down to vmware for not making it a multi-platform client :( )
-
And in case someone wants to know about the licensing it uses the MIT license. ;D
http://www.openpegasus.org/license.tpl?CALLER=license.tpl
-
I work a lot with ESX and Virtual Center and sure it is impressive. VI client is built with .NET and uses smart and cool controls built by vmware themselves. VI client uses SOAP to communicate to virtual center server which then uses CIM-XML to contact ESX hosts (service console is a redhat based vm).
That's why their "SDK" is very simple, it's nothing but the documentation of the SOAP webservice :-D. They also provide a pre built proxy for faster access (.net XML serialization/deserialization is damn too slow), so managing VC by code is easy.Their design is not so bad… perhaps too plateform dependant on the administrative side.
-
Hi,
I'm fairly new to pfsense however I really like the idea of the CMI. I'd be more than willing to help with any PHP development of said application, I have quite alot of time to spare at the moment and can dedicate other resources to the project, hosting, test platforms etc.
If someone wants to go about the project then let me know.
-
If someone wants to go about the project then let me know.
That is a good question. Dingo and several others have voiced interest in working on this bounty. Everyone seems to have posted their requirements. I do not know if one person will be taking this bounty or if it will be split between multiple devs. Mcrane, Juve and Dingo have expressed interest in this. Please correct me if I am wrong but Dingo asked for our final reqs which one might assume he is working on this. Some clarification would be nice. If someone could officially claim the bounty so I know that the money I budgeted isn't just sitting there.
As to helping you might want to ask Dingo, mcrane or Juve.
Mark
-
I havent 100% jumped on this, Ive been watching the thread to see what others have as input, I have a game plan for a CMI and I am working on the technical aspects of the implementation. So Id consider it as still alive but I also dont want to duplicate efforts and end up with 2 different systems. Been quiet the past two days as Im deeply involved ina project for a client
-
Hi,
I've been playing with backing up and restoring config files to pfsense using CURL today. And for anybody who decides to take on this bounty be aware that you need to force curl to use HTTP version 1.0 as lighttpd does not support curl posts properly without this.
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
Took me hours to figure out why it wasnt posting properly.
-
I don't know which is better but I have been using sftp to back them up automatically. It will be interesting to see how this might be done via a CIM.
-
Found this and it is pretty cool. Do not know regarding the license because it doesnt specify a specific one but describes its licensing instead. Also check out the demo…..
http://www.project-observer.org
http://demo.project-observer.org -
I just looked at http://www.project-observer.org as you suggested. Found the license it looks like a BSD style license. In the features it mentions "Aware of m0n0wall and pfSense SNMP limitations." that implies that it can talk to both m0n0wall and pfSense.
Very cool find. I'm definitely going to give it a try.
-
So that means this is something which could en integrated? Would this compromise security for networks outside of the local network?
-
To know how it could be integrated will first need to install it and see how it communicates with PFSense. Looking at the code may be useful as well. I should have time to do that on Monday or Tuesday.
-
I also like the fact that it supports
Cisco CatOS devices
devices since my internal routers tend to be cisco for voice and data.
-
This seems to be going a good way. I am going to add the $150 to make it the full 1000. :-)
I suggest to keep in mind that there will be installations with MANY pfsense boxes
as outlined earlier in this discussion. Please try to take into account the scalability,
maybe with a modular solution that could be deployed two tier for smaller (e.g. 2-20 boxes)
implementations and three tier for larger implementations (e.g. 21-… boxes)- adding part 1 and 2 on one box for the small solution and for large solutions go
part 1 on one box and then part 2a on another box managing e.g. no.1-20 pfsenses and part 2b on
yet another box managing e.g. no.21-40 pfsenses, etc.
Another one to take into account is IF MySQL is being used - check out the licensing if resold.
AFAIK they want to see cash.
postgres is AFAIK the REAL open solution.
just my $ .02. The bounty is held anyway. :-)
Best, B.
- adding part 1 and 2 on one box for the small solution and for large solutions go
-
Any news? Testting of solutions….?
-
Yupp Im compiling my research into a specification…. just takes time i guess... recovering from a bad motorcycle accident has slowed me down a bit.
-
Any news? I'm eager to add some $$$ to the bounty….
-
If you are eager to add some $$$ to the bounty then you should do it now. The more money…the more incentive there is to complete it.
Mark
-
Good point. I stopped as a saw the bounty not operating.
So I will try to do my part.
300$ is what i can add for now.Hoping to hear good news…
Fridaynoon
-
Im working on a pretty involved solution, bring on the bounties i havent forgotten about you all