RMM Service

stacksofplates

@scottalanmiller said in RMM Service:

write their own agent (like us

Could you give us more details on this? I'm really curious how you all wrote the agent. Like what language, whether you used gRPC or a message bus for the async communication, etc.

JaredBusch

@stacksofplates said in RMM Service:

@scottalanmiller said in RMM Service:

write their own agent (like us

Could you give us more details on this? I'm really curious how you all wrote the agent. Like what language, whether you used gRPC or a message bus for the async communication, etc.

I read his statement as he figured out they needed to have their own agent instead of just using salt. As far as I know that is where SS stalled. Not that he made his own agent for SS.

stacksofplates

@jaredbusch said in RMM Service:

@stacksofplates said in RMM Service:

@scottalanmiller said in RMM Service:

write their own agent (like us

Could you give us more details on this? I'm really curious how you all wrote the agent. Like what language, whether you used gRPC or a message bus for the async communication, etc.

I read his statement as he figured out they needed to have their own agent instead of just using salt. As far as I know that is where SS stalled. Not that he made his own agent for SS.

Oh ic, I thought he meant they wrote one like Tactical did.

scottalanmiller

@stacksofplates said in RMM Service:

@scottalanmiller said in RMM Service:

write their own agent (like us

Could you give us more details on this? I'm really curious how you all wrote the agent. Like what language, whether you used gRPC or a message bus for the async communication, etc.

They used Go. We only "decided we needed to". They got to it before we did so we stopped. But they went the same path of Salt > Decision but then got it built on Windows. But I've not looked into their architectural details yet.

scottalanmiller

@jaredbusch said in RMM Service:

@stacksofplates said in RMM Service:

@scottalanmiller said in RMM Service:

write their own agent (like us

Could you give us more details on this? I'm really curious how you all wrote the agent. Like what language, whether you used gRPC or a message bus for the async communication, etc.

I read his statement as he figured out they needed to have their own agent instead of just using salt. As far as I know that is where SS stalled. Not that he made his own agent for SS.

Correct

notverypunny

@scottalanmiller I know you've said in the past that the smallest VPS from vultr or DO should be more than sufficient for a meshcentral server. Tactial's documentation specifies 2GB of RAM, would a VPS option like the $10/mth DO shared CPU option (2GB RAM, 1CPU, 50G HDD, 2TB transfer/mth) be sufficient or should something beefier be used as a minimum setup?

scottalanmiller

@notverypunny said in RMM Service:

@scottalanmiller I know you've said in the past that the smallest VPS from vultr or DO should be more than sufficient for a meshcentral server. Tactial's documentation specifies 2GB of RAM, would a VPS option like the $10/mth DO shared CPU option (2GB RAM, 1CPU, 50G HDD, 2TB transfer/mth) be sufficient or should something beefier be used as a minimum setup?

That's likely enough for a really small install. It really depends on how many devices. Likely you will want a little more power.

FATeknollogee

Does the patch management in Tactical work or are those buttons just placeholders?

DustinB3403

@fateknollogee said in RMM Service:

Does the patch management in Tactical work or are those buttons just placeholders?

It works. On the demo it appears to be disabled

notverypunny

Started playing with this at work. Our existing toolset is too legacy-minded for the current covid reality. So far I'm very impressed. I'd like to have more granular permissions options (like allowing users access to workstations but blocked on servers) but it's not a deal-breaker.

IRJ

@notverypunny said in RMM Service:

I'd like to have more granular permissions options (like allowing users access to workstations but blocked on servers) but it's not a deal-breaker.

You aren't using a segmented network with firewall rules blocking incoming ports like RDP and SSH?

IRJ

@notverypunny said in RMM Service:

@scottalanmiller I know you've said in the past that the smallest VPS from vultr or DO should be more than sufficient for a meshcentral server. Tactial's documentation specifies 2GB of RAM, would a VPS option like the $10/mth DO shared CPU option (2GB RAM, 1CPU, 50G HDD, 2TB transfer/mth) be sufficient or should something beefier be used as a minimum setup?

Containerize it and you will only use the resources you need with the ability to scale when needed.

https://wh1te909.github.io/tacticalrmm/install_docker/

DustinB3403

@irj said in RMM Service:

@notverypunny said in RMM Service:

I'd like to have more granular permissions options (like allowing users access to workstations but blocked on servers) but it's not a deal-breaker.

You aren't using a segmented network with firewall rules blocking incoming ports like RDP and SSH?

How does segmented networking affect the user permissions within Tactical. I get how it would segment the devices, but that does nothing for the RMM side. IE different teams of people to manage different equipment or resources.

stacksofplates

@irj said in RMM Service:

@notverypunny said in RMM Service:

@scottalanmiller I know you've said in the past that the smallest VPS from vultr or DO should be more than sufficient for a meshcentral server. Tactial's documentation specifies 2GB of RAM, would a VPS option like the $10/mth DO shared CPU option (2GB RAM, 1CPU, 50G HDD, 2TB transfer/mth) be sufficient or should something beefier be used as a minimum setup?

Containerize it and you will only use the resources you need with the ability to scale when needed.

https://wh1te909.github.io/tacticalrmm/install_docker/

This would most likely be an easier setup on K8s. I wouldn't recommend running prod stuff with docker-compose. You can just set up an ingress for those three hostnames with annotations and cert-manager will generate certs for them automatically.

stacksofplates

@dustinb3403 said in RMM Service:

@irj said in RMM Service:

@notverypunny said in RMM Service:

I'd like to have more granular permissions options (like allowing users access to workstations but blocked on servers) but it's not a deal-breaker.

You aren't using a segmented network with firewall rules blocking incoming ports like RDP and SSH?

How does segmented networking affect the user permissions within Tactical. I get how it would segment the devices, but that does nothing for the RMM side. IE different teams of people to manage different equipment or resources.

He's saying if you segmented the network you wouldn't need to worry about those controls in the RMM at all.

travisdh1

@stacksofplates said in RMM Service:

@dustinb3403 said in RMM Service:

@irj said in RMM Service:

@notverypunny said in RMM Service:

I'd like to have more granular permissions options (like allowing users access to workstations but blocked on servers) but it's not a deal-breaker.

You aren't using a segmented network with firewall rules blocking incoming ports like RDP and SSH?

How does segmented networking affect the user permissions within Tactical. I get how it would segment the devices, but that does nothing for the RMM side. IE different teams of people to manage different equipment or resources.

He's saying if you segmented the network you wouldn't need to worry about those controls in the RMM at all.

So long as the clients have a connection to the controller, that's ALL an RMM tool cares about. Doesn't matter how many different networks the clients happen to be on or how well segmented the network is. He'd still need some way to manage who has access to certain groups of client systems.

IRJ

@travisdh1 said in RMM Service:

@stacksofplates said in RMM Service:

@dustinb3403 said in RMM Service:

@irj said in RMM Service:

@notverypunny said in RMM Service:

I'd like to have more granular permissions options (like allowing users access to workstations but blocked on servers) but it's not a deal-breaker.

You aren't using a segmented network with firewall rules blocking incoming ports like RDP and SSH?

How does segmented networking affect the user permissions within Tactical. I get how it would segment the devices, but that does nothing for the RMM side. IE different teams of people to manage different equipment or resources.

He's saying if you segmented the network you wouldn't need to worry about those controls in the RMM at all.

So long as the clients have a connection to the controller, that's ALL an RMM tool cares about. Doesn't matter how many different networks the clients happen to be on or how well segmented the network is. He'd still need some way to manage who has access to certain groups of client systems.

Yeah I get that and @DustinB3403 and you are correct. As long as you manage assets together you could have this issue.

It's rare that workstations and serves are managed the same way using the same type of monitoring and controls. It's not something I've ever seen in my career, but I also haven't worked on Service Provider or consultant side.

travisdh1

@irj said in RMM Service:

@travisdh1 said in RMM Service:

@stacksofplates said in RMM Service:

@dustinb3403 said in RMM Service:

@irj said in RMM Service:

@notverypunny said in RMM Service:

I'd like to have more granular permissions options (like allowing users access to workstations but blocked on servers) but it's not a deal-breaker.

You aren't using a segmented network with firewall rules blocking incoming ports like RDP and SSH?

How does segmented networking affect the user permissions within Tactical. I get how it would segment the devices, but that does nothing for the RMM side. IE different teams of people to manage different equipment or resources.

He's saying if you segmented the network you wouldn't need to worry about those controls in the RMM at all.

So long as the clients have a connection to the controller, that's ALL an RMM tool cares about. Doesn't matter how many different networks the clients happen to be on or how well segmented the network is. He'd still need some way to manage who has access to certain groups of client systems.

Yeah I get that and @DustinB3403 and you are correct. As long as you manage assets together you could have this issue.

It's rare that workstations and serves are managed the same way using the same type of monitoring and controls. It's not something I've ever seen in my career, but I also haven't worked on Service Provider or consultant side.

Yeah, from the service provider side of things, servers and workstations are all managed from the same RMM.

FATeknollogee

@dustinb3403 said in RMM Service:

@fateknollogee said in RMM Service:

Does the patch management in Tactical work or are those buttons just placeholders?

It works. On the demo it appears to be disabled

Have you actually tried it?

DustinB3403

@fateknollogee said in RMM Service:

@dustinb3403 said in RMM Service:

@fateknollogee said in RMM Service:

Does the patch management in Tactical work or are those buttons just placeholders?

It works. On the demo it appears to be disabled

Have you actually tried it?

Yes I set it up in my lab and used it on some equipment/vms without issue.