So I’d never hear of “compensating controls in a hybrid cloud” before. I learned about today while reading the CCSP book. I knew the concept, but never formally. I’ve always made a point to keep things monitored. I’ve also implemented redundant monitoring before. But reading about this has made me want to standardize this technique as a new baseline going forward.
I’m envisioning redundant systems with automatic provisioning. One set to a higher warning threshold. Icinga2 and LibreNMS perhaps? Will have to include the deployment of their configuration into the system build process. Though I could also automate it externally I suppose. I already have Icinga2 pulling computer objects directly from Active Directory via LDAP query. That works well. I’ll need something similar for Libre though. Still, that shouldn’t be a heavy lift.
Another thing to consider would be automatic remediation actions. With two monitoring systems it’s possible for both to attempt remediation. This could lead to some undesired and potentially unexpected behavior. So there would have to be some more logic in B to detect if A had run. If it had, B wouldn’t do so as well.
Probably something like a log file would do the job. If system A runs the last step is to log “success” in a file. System B looks for that file entry before running. If system A is down or fail, system B will act.
Anyway, there’s my thoughts for today. Time to start work. Check out some other professional development posts .