Scalable remote access gateway for 20K+ servers

Question

Consider a worldwide distribution of thousands of embedded servers, and clusters of servers behind firewalls that sysadmin wants to access remotely.

With a focus on a remote access for login and diagnostic operations, reverse-proxy or vpns could work but may not scale for 20K+ devices.

I'm unfamiliar on how server monitoring solutions "know" to connect to remote server agents. I'm thinking that some form of periodic "I'm here" message to the sysadmin opscenter could provide access routing through a remote firewall. Perhaps periodic reverse ssh tunnels could provide a semi-persistent session so that sysadmin at opcenter (gateway) may connect to the device at any time. In this case, wouldn't the gateway server need to handle thousands of concurrent "port" connections.

One analogy for this feature is the Teamviewer service where you see a list of known remote devices. Any advise on similar solutions for SSH is much appreciated.

Answer 1

If all the devices you want to access are behind a proper firewall, and you have a full infrastructure behind each one to support it, I'd go for Citrix VDI, and put a virtual desktop at each location so you could remotely connect for management and maintenance.

In terms of monitoring, PRTG can do what you want. You can have remote probe devices (currently only windows devices), but they can connect back to a central hub (or decentralised servers), you can either run that over SSL, or start up a p2p vpn and connect that way.

I'm a little puzzled by the use case, I guess it depends exactly how much connectivity you need between hub and spoke.