Multi Tenancy for MSSP
76 views
Skip to first unread message
Giulia Anello
Oct 17, 2024, 6:09:49 AM10/17/24
to Wazuh | Mailing List
hello everyone
I am testing the functionality of wazuh and, in particular, I would like to try to get separate environments for each client to ensure security and segregation between data.
I could use more information regarding implementing a solution for mssp.
I would like to have separate environments for each client and coordinate everything through an external cluster - I attach image of the architecture I would like to implement.
(mssp_arch)
How can this be achieved? should multiple virtual machines be deployed? should this be done in the client's environment?
Do you have to have a virtual machine for each client? how do the agents communicate with the mssp console?
how can I implement this on a large scale?
What I would like to achieve at login is a similar situation, (example.png), being able to switch between multiple clients (each with their own separate agents) without having a single dashboard with all the information. I need this both to ensure security but also to have more order in agent management
I am testing the functionality of wazuh and, in particular, I would like to try to get separate environments for each client to ensure security and segregation between data.
I could use more information regarding implementing a solution for mssp.
I would like to have separate environments for each client and coordinate everything through an external cluster - I attach image of the architecture I would like to implement.
(mssp_arch)
How can this be achieved? should multiple virtual machines be deployed? should this be done in the client's environment?
Do you have to have a virtual machine for each client? how do the agents communicate with the mssp console?
how can I implement this on a large scale?
What I would like to achieve at login is a similar situation, (example.png), being able to switch between multiple clients (each with their own separate agents) without having a single dashboard with all the information. I need this both to ensure security but also to have more order in agent management
Thanks all
Lucas Esteban Pedrosa
Oct 18, 2024, 11:34:02 AM10/18/24
to Wazuh | Mailing List
Hello, Giulia
You can achieve this with cross-cluster-search. For each customer, there should be an indexer or indexer cluster, a server or server cluster and, optionally, a dashboard. Then you'd have an additional, central indexer (or cluster) and a dashboard. Agents would register and connect to each manager (cluster) corresponding to their customer, then events would be indexed in their respective indexer (cluster). These would in turn sync with your centralised indexer from where you'd have access with the dashboard. Customers could also have access to their particular indices via their own dashboard.
This set up would require at least one VM (in the case of an all-in-one set up) for each customer and an additional one for you and this would scale up according to the size of the clusters. You'll find more details on this configuration here: https://wazuh.com/blog/managing-multiple-wazuh-clusters-with-cross-cluster-search/
Let me know if you have any more questions.
Best regards,
Lucas
Lucas
Giulia Anello
Oct 22, 2024, 9:09:28 AM10/22/24
to Wazuh | Mailing List
Hi Lucas and thanks for your answer. The solution you indicated might be for me but I need to do some testing to make sure.
Could you tell me what ports are used for communication between the various clusters (thus the various clients) and the ccs dashboard env? so: on which ports the communication between me and each client takes place.
thanks
Could you tell me what ports are used for communication between the various clusters (thus the various clients) and the ccs dashboard env? so: on which ports the communication between me and each client takes place.
thanks
Reply all
Reply to author
Forward
0 new messages