Skip to main content

We are looking at deploying NetBrain and managing multiple customer networks from it.

My question is, for optimum separation from a security standpoint, must there be a separate front server per customer (tenant)? 

Or can each front server service multiple tenants whilst maintaining separation?

The biggest risk we are concerned with is that if a vulnerability exists in the front server, could an attacker on one customer network leverage a front server to gain access to another customer network?

It would be a simple matter to have a separate front server for each tenant, but costly where we have lots of customers with small networks.

This sounds like a classical approach for network management solutions, no matter what the vendor: you will always want your management servers, jump hosts, front servers etc. to be omnipotent to manage and makes changes to everything. At the same time, those servers should be unreachable from any network but the management network. A simple ACL should do the trick. Access passwords are stored centrally in NB, maybe separated by tenant (or domain?), if that is another security issue to you.


Hi graeme_mcclinton,

 

We do not support to register one Front Server in multi tenants.

Front Server will directly communicate with devices, and one Front Server may not have access to different customer’s network.

The scenario you concerned may not happen.


Reply