First, I need to say: sorry for the long text.
I am designing an environment which I must monitor several separated networks. They might have duplicated IPs. Also, it´s mandatory that those different networks have no communication/interaction between them.
There will be a dedicated team to monitor everything via a central server.
There might be specific teams allocated within the different monitored environments that is allowed to monitor, generate reports, acknowledge alarms, etc using its local nagios server.
In some environments, I will have a single server. In some others, I will have 2, for redundancy.
The communication between the central environment and the remote ones will be provided via a secure and firewalled connection (site to site VPN).
I am planing to install a central server running Nagios, PNP4Nagios, NDOUtils, add on Dashboard for NDOUtils and NAGVIS. this server will monitor the basic infrastructure to get connected and working with the remote servers (the VPN connection, the remote nagios processes, etc).
The remote servers will run nagios, PNP4Nagios, NDOUtils and Nagvis as well. It will send the check results to the central server.
The communication between the central site and the remote ones will be strictly to receive updates (check results) from the remote servers and also to actively monitor the remote servers and the connections needed to get connected to the remote servers.
Since each remote server is installed within a different environment, I will probably define a management IP range (private IP) and use NAT for each remote server.
I don´t know if I should use DNX / mod gearman / Merlin or if all I have to do is to use a simple set up of passive and active checks via NSCA/NRDP.
*I know that the central server must have all the configs, but I do not want to have all the configs from a remote server installed within another remote server in a different environment. I guess Merlin asks for this. If so, I will discard it as an option.
The config files will be sorted in a way that turn the back up and control easy (each remote environment will have its own directory structure). The central one will have all of them. During the insertion process, the config file will be automatically replicated.
to guarantee consistency, periodically, there will be a script to validate integrity of the configs (if something is different from the central server, an alert will be sent).
Am I in the right way?
what are the recommendations in the set up described above?
Also, I am not sure yet about how to provide the proper redundancy (failover process).
Thanks.