We rewrote the UpGuard agent as a connection manager to reap the benefits of agentless monitoring. Why get rid of agents? Because agents must be updated. They are like a free puppy–it's easy to take them home but you have to feed them, take them to the vet, and clean up after them for years afterward. The new connection manager allows for an agentless architecture while keeping all SSH/WinRM activity behind your firewall. It's fast, light, easy to maintain, and secure.
How does it work?
The connection manager sits between UpGuard and your infrastructure and uses SSH or WinRM to document the state of your nodes. (Nodes can be servers with any OS, network devices, cloud apps–anything with an API or IP address.) The connection manager then sends that information either to hosted UpGuard or to an appliance that can also be deployed behind your firewall.
Is it secure?
This is really two questions: is SSH secure and are the endpoints secure? We think SSH is as secure a protocol as anyone can reasonably expect. With a connection manager in place you are also reassured by the fact that all SSH activity takes place behind your firewall. UpGuard itself uses bank-grade security and two factor auth to protect across the seven layer security model.
How do I get started?
1. Once you've logged into UpGuard, you need to create a connection manager group. Click "Add Connection Manager Group" and give it a name that will make sense to you. This is also where you will get the API key for the connection manager, which you will use in step 3.
2. Download and install the connection manager. Find its IP address using the tool of your choice or by making a console connection. Pause for a moment here to skim the full connection manager documentation and view the recommended VM specs and other requirements-- Windows/WinRM and SSH.
3. Register the connection manager with UpGuard. Paste the IP address of the connection manager into your browser and you will see the connection manager login page. In the field for the API key, paste the key you grabbed back in step 1. Now that UpGuard and the connection manager know about each other, there's only one piece missing...
4. Add nodes to the connection manager. Fill out the details for the nodes that you want to monitor.
Now you can monitor the state of your system–changes to files, packages, ports, users, and anything else that makes up a machine–with no additional work to maintain the installation. This example has been for servers and devices that use SSH; there is a similar process for Windows. Compare the time needed to create a connection manager (not much) to the time needed for even one update of an agent installed on a handful of nodes, or one session on chat troubleshooting an old version, and you understand why we moved to the connection manager.
All the information needed to perform a CSTAR assessment is bundled into the UpGuard platform. Learn more about CSTAR.
Read Blog >
The UpGuard Website Risk Grader provides a low friction way to get an initial assessment of a business' risk profile.
Read Blog >