Hello Icinga Community,
I need to evaulate the options for an Internet connected Client Passive Monitoring towards an Internet Facing DMZ Satellite Icinga Server. So the Client can reach the Internet Satellite, but the Internet Satellite cannot reach the Client.
Communication should be secure, so a Icinga API Call with credentials in the Request is not an option. What Setup would you use?
I read about NSClient++ that it can encrypt communication and do passive checks. The counterpart NSCA Server, what can write to the icinga2.cmd pipe file, when running on the Icinga Master Server. But how can I make this Internet DMZ setup work, when the NSCA Server runs on an Internet Connected Server and not on the Icinga Master? Do you have any best practices, recommendations?