currently I have 2 types of setups:
Small customers who are not connected to our network environment with dynamic IPs - I Monitor those via Icinga2 Agent and those agents are connecting to our Icinga2 Master server through internet connection.
Large customers where we have a site2site VPN connection to each of them. The VPN connection is only one way so we can connect to the customers network but the customer has absolutely no access to our environment. Currently I monitor those customers with NRPE / NSClient++.
Now I’m planning to replace the NRPE / NSClient++ with the Icinga2 Agent because of performance, flexibility and stability reasons. I tried to configure an Icinga2 Windows Agent but It always tries to contact the Master Server for the certificate lookup. Is there anyway on how to implement the Icinga2 agent in this network setup automatically?
I’ve written a powershell deployment which configures the Icinga2 agent and contacts the master automatically which works well, But I’m trying to avoid internet traffic when I already have VPN connections setup. Currently the only correct solution I can think of now is to let customers reach my Icinga2 Server on 5665.
Do you have any other idea for an automatic deployment of the Icinga2 agent in this VPN scenario?