1.3.6. CMI
The CMI console allows the remote centralized management of the VPN Gateways updates. It maintains the system update packages and the object base (networks, hosts, protocols, means of authentication, etc.) to distribute among the different VPN Gateways. It also centralizes logs to view them graphically.
It is a mandatory component for the Secure Remote Access 2SRA module, which includes non-critical components such as:
CMDB: The memory of the solution where all the configuration, assets, and parameterization are saved.
Aggregation and enrichment of all the information generated by any VPN Gateway.
Administration Console: The control panel for the solution.
DNF Repository: A rpm package repository used as an installation and update source.
Note
The CMI Console is NOT a critical node of the solution, which is why it does NOT require high availability. If this component is offline the VPN would continue to work. However, during the downtime, we would no longer have the ability to configure, update and monitor/analyze the Firewall records of accepted or denied traffic.
1.3.6.1. Sizing a CMI Instance
The dimension of Network Access solution infrastructure can be directly inferred from the expected workload in terms of users, IPs, types of authentication or use cases deployed that the NAC must sustain. The workload may be complicated to estimate, but this is a crucial exercise to build an efficient NAC Architecture.
The hardware specifications for the CMI are:
Resources |
Minimun |
|---|---|
Memory |
8 GB |
CPU |
4 cores |
Disk Size |
200 GB |
Disk Type |
SSD |
Network |
2 NIC** |
Note
** The 2 network interfaces are mainly for service and management (internal communication between the different nodes)