Deploy Private Edge Delta Dashboards
4 minute read
Overview
You can configure dashboards in Edge Delta to quickly view key metrics generated by your fleets. You may want to publish these dashboards in common areas for SREs to continuously monitor. You can share URLs for the dashboards so that users or devices without Edge Delta accounts can display the dashboards by accessing a public URL with a unique identifier. However, you may want to restrict access to these dashboards to protect your observability data.
In Edge Delta this is done by configuring CIDRs on each dashboard. However CIDRs on a public website can only whitelist public URLs. This document explains how to configure your network to allow a one to one access relationship between a device and a dashboard.
To start, we will allow only devices on a particular private network to access Dashboards. Then we will further segment access to each device.
Get your Static Public IP Address Range
A public IP address is a globally unique IP address assigned to each device connected to the internet. It is visible to any device across the internet. Public IPs are essential for devices that host servers (web, mail, etc.), provide remote access, or establish VPNs, as they allow outside devices to locate and connect to them.
In contrast, private IP addresses are used within a local network (LAN), are not routable on the internet, and can be reused in different networks. So devices under different LANs can have the same private IP.
ISPs manage the distribution of public IP addresses. You can request a static public IP from your ISP, which means it won’t change over time as opposed to a dynamic IP which can change when a router reconnects to the ISP. Larger organizations or those with multiple services hosted might have several public IPs. They might need separate IPs for different services like separate web and email servers, externally accessible corporate networks, or multiple geographic locations requiring their own public IP.
You need to get the static private IP address or address range that your devices will use when accessing the dashboards, whether for the entire network or a dedicated range for these devices.
Note: Consider security implications as devices with public IPs are more exposed to the internet; protective measures like firewalls, intrusion detection, and strict access controls are essential
Configure CIDR in Edge Delta
Now that you have a static private IP address or address range that the devices will use, you can configure the dashboards you want to share. On each dashboard, in the Security Settings, configure the CIDR for your static public IP address or range.
At this point, any device on any network that accesses the internet using a public IP address in that range can access any of the dashboards.
Next, you may want to consider configuring your internal network to limit access to particular dashboards to particular devices. You may want to do this in a multiple business unit enterprise or where specific teams look after specific systems.
Configure Static Private IP Addresses
Assigning static private IP addresses to each device (such as TVs, monitors, or NUCs) ensures that each device retains the same IP address across reboots and network changes. This consistency is crucial for accurately implementing and sustaining access controls.
Most routers have a DHCP reservation feature where you can bind a specific IP address to the MAC address of each device. Alternatively, you can configure each device manually by setting a fixed IP in the device’s network settings. Ensure each device’s IP does not conflict with others on the network and keep a record of IP assignments to avoid overlaps and facilitate troubleshooting.
URL and IP Filtering
A proxy server or an advanced firewall that supports URL and IP filtering rules acts as a gatekeeper, controlling which devices can access specific URLs based on their IP addresses. This enhances security by ensuring only designated devices access your network’s sensitive resources, or the Internet.
Your firewall or proxy must be capable of handling Layer 7 (application layer) filtering to manage URL and IP-based rules effectively. Define a rule for each device (private IP address), specifying which URLs are accessible. You may want to restrict access to only the Edge Delta dashboard.
For example:
| Device Private IP | Dashboard |
|---|---|
| 192.168.1.10 | https://app.edgedelta.com/dashboard/abcdefg1234567 |
| 192.168.1.11 | https://app.edgedelta.com/dashboard/hijklmno891011 |
At this point, your dashboards alone each have access to specific Edge Delta dashboards.
Optional Control, Segmentation, and Security
Consider configuring internal DNS resolution. By configuring your DNS server to resolve dashboard URLs internally, network administrators gain an additional layer of control over which devices can access certain network resources. This approach ensures that only devices capable of resolving these specific URLs - through your internal DNS settings - can access the dashboards.
Consider implementing VLANs for device group segmentation. VLANs (Virtual Local Area Networks) provide a means to partition different devices into separate network segments. Configuring VLANs for groups of TVs or devices displaying dashboards enhances not just security but also network performance by reducing broadcast traffic and improving manageability.