02. 04. 2020 Damiano Chini NetEye

Tornado Communication over NATS

Until the NetEye 4.10 release, the Tornado module inside NetEye handled communications between its components (the Tornado Collectors and the Tornado Engine) via direct, clear-text TCP connections.

On local systems, this configuration does not represent a limitation, since in this case there is no requirement to verify the identity of the peer (it is always known) and to encrypt messages that are only sent locally. But when Tornado Collectors and the Engine are deployed on systems that are potentially remote, for obvious reasons this configuration raises some issues related to the integrity and confidentiality of the information exchanged by Tornado Collectors and the Engine.

Moreover, in multi-tenant systems, where sensitive data from different organizations passes through Tornado, it is desirable to have control over who can read the different data that does go through.

These reasons led us to the decision to integrate the NATS messaging system into Tornado, which grants security and high performance to these communications.

The NATS server manages communications between the Tornado components with a publish-subscribe pattern, which means that if a sender publishes a message belonging to a subject X, then only those subscribed to subject X will receive that message. Of course NATS also provides ways to configure which client can publish and/or subscribe to the different subjects. This enables us to have control over shared information in multi-tenancy scenarios within Tornado.

The Tornado Engine and Tornado Collectors now communicate with the NATS server over TLS and authenticate to NATS with different certificates, so that we can configure proper publish/subscribe authorizations in NATS for each Tornado component.

In a potential use case where Tornado Collectors need to run on remote nodes with respect to the Tornado Engine, a simple and safe architecture for the remote communication can then be the one below, with the NATS server residing on the node where the Tornado Engine runs, and remote Tornado Collectors communicating directly with the NATS server over TLS.

Damiano Chini

Damiano Chini

Author

Damiano Chini

Latest posts by Damiano Chini

15. 02. 2024 Bug Fixes, NetEye
Bug Fixes for NetEye 4.34
05. 01. 2024 Bug Fixes, NetEye
Bug Fixes for NetEye 4.32
05. 01. 2024 Bug Fixes, NetEye
Bug Fixes for NetEye 4.33
31. 12. 2023 Development, DevOps, NetEye
Speeding up the NetEye CI Testing Phase
29. 12. 2023 Development, NetEye
Reusing Code Logic between NetEye and Alyvix
See All

Related Content

Tags: , ,

11. 04. 2024 Business Service Monitoring, NetEye, SLM

SLA Reporting on a Business Process

Scenario NetEye 4 is a comprehensive monitoring platform which natively supports Business Processes. A Business Process is an abstract view of a customer’s business from the Application point of view. Usually, it’s a collection of Icinga 2 checks aggregated by Read More
25. 03. 2024 Development, DevOps, NetEye

Boosting NetEye CI Speed Post-FOSDEM ’24

On February 3rd and 4th, 2024, we attended FOSDEM, a major event where thousands of free and open-source software developers from around the world gather to exchange ideas and collaborate. This year I dedicated much of the second day to Read More
15. 03. 2024 APM, Log-SIEM, NetEye

Unleashing Elastic APM: Containerized Scalability Explored

Introduction: Unveiling Elastic APM in Containerized Environments In today's dynamic digital landscape, where every interaction matters, understanding the intricacies of application performance has become paramount. Elastic APM is a powerful toolset within the Elastic Stack included in the NetEye SIEM Read More
14. 03. 2024 NetEye, Unified Monitoring

How to Control Remote Devices from NagVis Maps via Tornado

This article stems from a project on the remote control of devices using NagVis maps. The main purpose is to find an easy way to actuate a remote device through a click on an interface. To do this, we implemented Read More
23. 02. 2024 Log-SIEM, NetEye, Unified Monitoring

Monitoring Logs in Elasticsearch: A Practical Example

Say you want to monitor logs coming into your Elasticsearch instance, and have it send data to your Monitoring Dashboard. I'll show you how to do this with a practical example, in particular for an event coming from the Active Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive