Embedded Files
RansNet mfusion is a centralized monitoring and management platform that enables administrators to securely manage all RansNet network devices through an intelligent and secure platform.
In addition to RansNet devices, mfusion supports the monitoring of third-party network and IoT devices using standard protocols such as SNMP (v2/v3), ICMP, and MQTT, providing administrators with holistic, end-to-end visibility across the entire network from a unified dashboard.
It's important to note that only the management data is transmitted between RansNet device and mfusion. The management data includes device configurations (commands), device operating statistics, monitoring status, etc. User data does not flow through the mfusion. User data is either breakout locally from the device or pass through the secure VPN tunnel between device and gateway (which is typically hosted at customer HQ/DC network).
Below is a typical SD-WAN topology that how the mfusion and RansNet devices are typically deployed.
RansNet branch devices (SD-Branch)
RansNet Gateway device (SD-WAN Gateway)
RansNet mfusion SD-WAN orchestrator
mfusion Multi-tenancy
The mfusion platform is super-tenanted and supports multi-tier access levels with strict role-based access control.
Each customer is provisioned as an entity (tenant), and the respective devices are allocated to the entity, and user accounts (administrator) are assigned to the respective entity with a pre-defined set of permission profile (access rights)- allowing multiple customers and partners to securely share the same platform while managing their respective devices, with complete access isolation, data separation, and security.
The permission profiles define user access rights within their respective tenant. Users are attached with respective permission profiles for given access rights. Below is an example of setting permission profile.
mfusion Flexible Deployment
RansNet operates a cloud-hosted mfusion platform, backed by scalable and high-availability computing resources, allowing multiple customers to securely share the platform while operating within their own isolated tenants.
For customers requiring a localized or private deployment, mfusion can also be delivered as a dedicated hardware appliance or virtual appliance, fully isolated from external networks and third-party resources.
This flexible deployment architecture enables mfusion to meet diverse customer requirements related to scalability, security, compliance, and data residency.
Device to mfusion Communication
The RansNet devices communicate with mfusion through a proprietary API-based lightweight TLS tunnel (TLS1.2) with AES-256 encryption while management data is in transit. The mfusion API authenticates/validates each device connection using a combination of device MAC, S/N, embedded certificates and proprietary algorithm to ensure absolute device authenticity and prevent identify spoofing.
When user makes configuration on mfusion dashboard, the GUI settings are compiled into a set of commands and stored on a secure queue for the respective device, waiting for device to pull. The TLS tunnel is initiated by the device through a proprietary daemon process, eg. the device will "call-home" to mfusion via a TLS tunnel every 5s to query mfusion to check if there's any configuration changes (commands) for itself; if yes, it will pull the commands and apply locally.
Hence, the communication is always "one-way" - the device initiates an outbound TLS tunnel to mfusion every 5s, gets authenticated and validated by mfusion API, and the configurations (if any) are always pulled from mfusion. The device can use any IP connectivity (dynamic, static, cellular, etc), as long as it's able to reach to mfusion IP address; and the device doesn't need to open any ports for inbound access since the request is initiated outbound by the device itself.
This simple and secure management communication technology has multiple advantages:
Completely shields the device from external threats, since no ports or services open on the device itself
Secures management data transmission, encrypted via AES-256 using TLS 1.2 protocol
Removes device's WAN IP dependency (unlike SNMP monitoring requires static IP)
Exchanges different TLS session keys for each pull action
Frees device and mfusion server resources (tunnel is torm down after each pull)
The end result is a highly secure and efficient management communication, which consumes only 1-2kbps of bandwidth during active usage.
Report abuse