Secure your Meridian deployment

Simply deploying a monitoring solution, like OpenNMS Meridian, opens up new security challenges and implications. Fortunately, there are steps, precautions, best practices, and a guide, to help you make Meridian as secure as possible.

The OpenNMS Meridian security reference architecture presents the structural components of the monitoring solution and gives you recommendations for a more secure network monitoring implementation.

This document describes out-of-the-box components and typical use patterns for OpenNMS Meridian. Of course, your implementation may vary, but this is a great place to start—or a resource to double check that you've got your security basics under control.

From the reference architecture: A typical OpenNMS deployment

What it covers

The reference architecture describes everything from a minimal deployment of Meridian (simply Meridian Core, a PostgresSQL database, and the networked devices you with to monitor) all the way to a more advanced deployment with Kafka, visualization through Grafana, load balancers, a reverse proxy, and more.

It also addresses:

  • Roles vs. permissions vs. groups within OpenNMS
  • Authentication and authorization, including default passwords and where to change them
  • SSO integration and recommendations
  • How to secure your communications
  • Zero-trust vs. protected networks
  • Java KeyStore and TrustStore, to securely store certificates and private keys

What it doesn't cover

The reference architecture is all about securing your Meridian installation. It doesn't specifically address how to install or customize the OpenNMS software.

Thankfully, that's why you also have OpenNMS documentation to lean on. If you're just getting started with OpenNMS, that's the best place to go to learn more.

Need support or consulting?

Want to take the next step, or need a helping hand with your OpenNMS deployment or implementation?

We're here to help—contact us to get the most out of your monitoring.

Jump to section

About the Author: Colby Hoke

I'm the Director of Content at OpenNMS and am a proponent of Copyleft, sharing, and digital privacy.
Published On: August 8th, 2023Last Updated: August 11th, 20231 min readTags: ,