I'm working on a small EC2 project that involves a handful of servers in two different regions (US East and EU West). My first task is to implement a Nagios monitoring solution. Monitoring within a region is simple - I just use the private domain names/IPs, but I'm a little unsure of the best way to handle monitoring the second region without setting up a second Nagios install. The environment is fairly static, so I'm not going to be scripting the configuration with the EC2 tools just yet.
As I see it, I have two options.
- Two Nagios installations (which is over-kill for the small number of servers I'm dealing with).
Pros: I don't have to alter the group permissions nor do I have to pay for the traffic, redundancy in the monitoring solution - I could monitor the Nagios servers.
Cons: two installations to deal with and I'd need to run another server instance. - Have the single installation monitor both regions.
Pros: one installation to deal with.
Cons: slightly reduced security - security group will have to have NRPE (5666) opened for one source IP and also paying for a small amount of bandwidth at the Internet rate for data transfer between the regions.
I guess my question is - how have others handled this problem and what are your recommendations?
Thanks!
Option 2 should be a lot cheaper - NRPE traffic is fairly sparse, so the bandwidth cost should be a lot cheaper than the cost of running a whole extra instance. Since NRPE traffic goes over SSH by default, I don't see that as a huge security issue.
If you still want to stick with option 1, you might want to think about reducing the redundancy and running the Nagios servers on existing instances that are already running other services. This goes against the grain of what you'd do with physical servers, but could work for you on EC2 since it's so easy to replicate your server images and spin up new ones when instances fail.