Introduction
Partners or Managed Service Providers (MSPs) leverage the platform to deliver IT management services to multiple clients. Partners play a vital role in OpsRamp ecosystem by utilizing its tools to effectively manage, monitor, and optimize their clients' IT infrastructure.
Partners are the essential intermediaries between the SP and the end customers ensuring efficient delivery of the services across organizations.
With a customizable, structured, and secured environment that OpsRamp provides, the SPs enable the partners to offer high-quality services to their clients. This allows for greater scalability, flexibility, and control over the entire IT operations.
Partners benefit from the platform’s extensive monitoring, automation, and incident management capabilities to ensure proper functioning of the IT resources in the environment. This helps in proactively identifying issues and resolve issues before they impact operations.
Automating routine tasks and workflows leads to increased efficiency and reduced manual efforts and operational cost.
As a SP, you can configure tenant-specific stringent policies and settings to ensure they meet security and compliance requirements.
- A Service Provider (SP) can have one or more MSPs.
- A MSP can have one or more clients.
- Each partner’s clients have multiple users.
Following is a quick overview of the sections:
- Account: Allows you to view and update Account information such as Name, Notification Email, Country, Timezone, City, State, Access Endpoint Details, and other relevant information.
- Add-Ons: Allows you to select packages and add-ons, for advancing monitoring, as per partner’s specific operational requirements.
- Security: Allows you to configure strict password policies and settings for improved security to prevent unauthorized access and breaches.
Following are the permissions required to perform various tasks.
Type of user | Permission | User action |
---|---|---|
SP User | MSP_View | To view Partners card in Setup > Account. |
SP User | MSP_Manage | Add and Edit partner details. |
SP User | MSP_View | View partner details. |
Create a partner
Configure the following sections to create a partner:
ACCOUNT
The Account section has critical information and settings about your partner. It allows you to manage personal information like Name, Notification Email, Access Endpoint details.
Click Setup > Account.. The ACCOUNT DETAILS screen is displayed.
Click Partners tile.
Click +ADD in PARTNERS LIST screen. The ADD PARTNER screen is displayed.
Enter the following information.
PARTNER DETAILSField Name Field Type Description Name String Name of the partner. Alternate Email String Alternate Email address of the partner. Notification Email String Partner Email address. Timezone Dropdown Timezone of the partner. Country Dropdown Country where the partner is located. City String City of the partner. Address String Address of the partner. Postal Code Integer Postal code State String State in which the partner is located. ACCESS ENDPOINT DETAILS
Field Name Field Type Description Application Server String Hostname or URL of the application server. API Server String Based on the hostname entered in Application Server field, the API Server URL is displayed. This is a read-only field. Click NEXT.
ADD-ONS
The Add-Ons tab lists the Product Packages and Add-Ons.
Select one or more of the following packages as per the operational requirement to monitor the infrastructure:
- Hybrid Discovery and Monitoring (default)
- Event and Incident Management
- Remediation and Automation
- Choose the packages that match the requirements.
Based on the packages you select, the Add-Ons are displayed. If you keep only Hybrid Discovery and Monitoring, Adapter Integrations, Extended Data Retention, Mask Resource Identity Management, Offline Alerts, Log Management, and Trace Management are added as Add-Ons.
Hybrid Discovery and Monitoring package
A broad range of IT resources across data center, public cloud, and cloud native environments can be discovered and monitored with agent-based and agentless monitors. These include:
- Data center applications, URLs, containers, servers, and network resources.
- Public cloud environments of compute instances, databases, load balancers, and PaaS services.
- Cloud native environments with containers and orchestrators.
Built-in monitors are provided that capture availability and performance metrics and observer optimal threshold limits for supported resources. You can extend the platform to monitor any kind of IT resource by writing custom monitor scripts.
The Hybrid Discovery and Monitoring package includes the following modules:
- Resource Management
- Monitoring
- Reports
- Dashboards
- Alerting & Forwarding
- Anomaly Detection and Metric Forecasting
Event and Incident Management package
The Event and Incident Management package leverages proprietary event correlation algorithms, incident creation, and machine learning-powered alerts. The package includes:
- Service Desk
- Alert Correlation
- First Response Policies
- Alert Escalation
- OpsQ Machine Learning Bot
Remediation and Automation package
The Remediation and automation package implements patch job scheduling, remediation task execution, and resource maintenance using a remote console. The package includes:
- Patch Management
- Run Book Automation
- Job Automation
- Process Automation
- Remote Access with Session Replay
Add-ons
Following are the Add-Ons for Hybrid Discovery and Monitoring package:
Adapter Integrations – This add-on is used to enable Adapter category Apps, to perform discovery and monitoring of the end device.
Refer Compute, Network, Storage sections under Integrations
Batch Exports - Batch exports allows you to efficiently extract platform-generated enterprise data for data collection and analysis. You can snapshot and batch export the following types of data for each partner on demand and at scheduled intervals to Amazon AWS S3 and Microsoft Azure Blob Storage:
- Ticket data
- Alert data
- Metric data
- Inventory data
- Usage data
See Setup Batch Export for more information.
Extended Data Retention - You can retain the asset data for 12 months.
Offline Alerts - If any resource goes to an unknown state, an alert will be triggered.
Stream Exports - Get event data to the target location without scheduling the data export. The Streaming Export feature streaming of live data to different third-party tools using AWS EventBridge using the Export Integration and Create Streaming Export.
See Setup Streaming Export for more information.
Mask Resource Identity Management - Mask the text of captured sensitive information, including MAC addresses, IP addresses, and host names.
Event and Incident Management
Events represent business-impacting issues that require a response. Event and incident management uses escalation policies to aggregate, interpret, and act on events detected by monitors, resource diagnostics, and third-party integrations.
Using service maps, you can visualize the relationship between monitored resources and assess business and user impact based on resource health.
Event interpretation and response can be automated. Automation correlates and suppresses alerts, notifies users, and creates incident tickets for alerts that need operator intervention.
Add-ons
Following are the Add-Ons for Event and Incident Management package:
Alert problem area – Alert Problem Area enriches the alert Problem Area field with information extracted from the alert subject or description. Alert Problem Area is usually used for log-type alerts where rich information is embedded in the alert subject or description, but the metric value is the generic metric name. If the Problem Area field is not enriched, it defaults to the alert Metric field value.
See Alert Problem Area for more information.
Knowledge Base Management - Capture product information, operational procedures, and frequently asked questions, providing a reference source for the organization.
See Knowledge Base for more information.
OS Service Start/Stop Actions - This add-on provides the ability to start and stop the OS services on agent-installed devices when required permissions are given.
Navigation: Infrastructure > Resources Details > Services.Scheduled Task Management - The Scheduled Task entity provides the ability to schedule and run recurring tasks for a predefined duration and at a specified time period. Each instance of a scheduled task is recorded and grouped as Tasks in the Scheduled Task listing.
See Configure scheduled tasks for more information.
SLA Management - This module, when enabled, helps you to configure the response SLA and resolution SLA for a ticket, based on priority. An SLA (Service Level Agreement) is a negotiated and agreed contract between requester and assignee to resolve entities. SLA quantifies acceptable service levels and outlines when the services are delivered.
See Configure SLA settings for more information.
SMS and Voice - This is a paid add-on, and when enabled will send notifications through SMS and Voice.
Remediation and Automation
Automate operational tasks that respond to events or execute routine maintenance activities. Automation workflow capabilities permit you to compose workflows that are tailor made for your use cases.
Event remediation and automation can be automated by composing workflows to handle events. This includes SMS, Voice, and Email notifications. Remote SSH is also supported for alert resolution.
Add-ons
Following are the Add-Ons for Remediation and Automation package:
Process Automation - This add-on provides the ability to define and execute process automation tasks.
See Process Definition for more information.
Remote Access Management - This is used to enable remote access (RDP, SSH, Telnet) to managed devices.
See Remote Consoles for more information.
Contact Support to change the add-on permission.
Remediation and automation package
The following are unavailable if you opt not to subscribe to this package:
Application Patch Management add-on
Automation option in the Workspace drop-down menu
These permission sets:
- Jobs
- Consoles
- Patch Approvals
- Recording Audits
- Scripts
- Commands
Selecting a partner that is not subscribed to the Remediation and Automation package generates the following warning on the Alerts, Service Desk, and Automation screens:
Access Denied! The partner is not subscribed to this product package.
Event and Incident Management package:
The following are unavailable if you opt not to subscribe to this package:
Event Enrichment, Scheduled Task, SLA, and SMS & Voice add-ons
The Alerts menu option in Setup (Setup > Alerts)
These permission sets:
- OpsQ
- Incident
- Change Request
- Task Request
- Service Request
- Problem
- Time-bound request
Selecting a partner that is not subscribed to the Event and Incident Management package generates the following warning on the Alerts, Service Desk, and Automation screens:
Access Denied! The partner is not subscribed to this product package.
- Click NEXT.
SECURITY
Security feature ensures effective Access Management and stringent Password Policy Settings. Access Management allows you to restrict specific IP addresses, implement two-factor authentication for improved security. Password Policy Settings enables you to implement strict password settings thereby preventing unauthorized access and security breaches.
ACCESS MANAGEMENT
Access Management in OpsRamp includes features such as enhanced security with Two-Factor Authentication and Duo Security MFA Configuration, restricting access to specific IP addresses, and enabling the Show Copy Clipboard functionality thereby enhancing usability.
Select one or more of these options as per the requirements:
Restrict Access to Specific IP(s): Restricting access to specific IP addresses can reduce security issues. Enter the IP Addresses separated by comma.
The following error message is displayed when you attempt to log into the platform from an IP address other than those permitted:Your organization policies restrict you from accessing OpsRamp from your current IP.
Block Duplicate Cloud Accounts - Ensure that each cloud account is uniquely created and managed. This helps you to block creation of duplicate resources across partners and reduce unnecessary CloudWatch expenses.
Skip User Consent Form: Select checkbox to skip user consent form. The form popup appears.
- Click ACCEPT to skip the user consent form.
- Click DENY to allow user consent form.
Enable Two-Factor Authentication: Select the checkbox to enable two-factor authentication. See Two-Factor Authentication for more details.
Enable Duo Security MFA Configuration: Select the checkbox to enable Duo Security.
- Enter the Integration Key, Secret Key, API hostname in the DUO SECURITY MFA CONFIGURATION dialog box and click SAVE. The details are displayed.
- Enter the Integration Key, Secret Key, API hostname in the DUO SECURITY MFA CONFIGURATION dialog box and click SAVE. The details are displayed.
Show Copy Clipboard: Select the checkbox to enable Show Copy Clipboard.
PASSWORD POLICY SETTINGS
The Password Policy Settings section allows you to configure password policy, which once configured will apply to all the users of the partner’s clients.
Change password after next login: Select this option, if you want to change password after next login. This means that all the users of the organization will mandatorily have to change their passwords after they login for the first time. This change will make all login sessions inactive.
Note: It is recommended not to change the password policy frequently, as this will affect the existing and newly created users of your organization, and will not apply to external authenticated users.
You can opt for Default PCI DSS standards or Custom policy.
Default PCI DSS standards: Select this checkbox to apply default PCI DSS standards. You cannot modify the settings.
Custom policy: Select this checkbox and configure the policy settings as per your organizational needs.
- Click FINISH. The partner is successfully created and a confirmation message appears.
The partner details are displayed in the PARTNERS LIST screen in a tabular form.
Table below shows the columns with their description:
Field Name | Description |
---|---|
Name | Name of the partner. |
Unique Id | Unique Id of the partner. |
Date Created | The date on which the partner was created. |
Status | The current status of the partner. |
View and edit partner details
Follow these steps to view and edit partner details:
- Click Setup > Account. The ACCOUNT DETAILS screen is displayed.
- Click Partners tile.
- Search for the partner and click on partner name. The ACCOUNT DETAILS screen is displayed.
Information related to partner like Account ID, URL, API Endpoint, Account Created date are displayed. - Click SETTINGS located in the upper-right corner of the screen. The ACCOUNT SETTINGS screen is displayed.
- Make the necessary changes in the tabs:
- ACCOUNT: Modify Name, Notification Email, Country, City, State as required.
- ADD-ONS: Add packages and Add-Ons as required.
- SECURITY: Enable Two-Factor Authentication, restrict access to specific IP(s) or modify password policy settings as required.
- BRANDING: Configure custom branding for the partner. Using custom branding, you can customize the platform UI by adding company logo, providing a website title, and changing the look and feel of the website to match the company theme.
See below for more information.
Note: When you add a new URL in production, you must contact support to have a DNS entry added for the new URL.
Configure custom branding
Follow these steps to configure custom branding:
From ACCOUNT SETTINGS screen, click BRANDING tab.
Enter the following branding elements:
SITE BRANDING
Branding Element Field Type Description Website Title String Custom website title that is used in the browser tab. Documentation URL String URL of the documentation site. Logo File Input Custom image. A logo that is used for the navigation bar and login page. - Supported file format: PNG, JPG
- Size: Less than 10KB (recommended)
- Dimension:
- Height: 512px
- Width: no more than 512px
Favicon File Input Custom image that is used in the browser tab. - Supported file format: PNG, JPG
- Size: Less than 10KB (recommended)
- Dimension: square, 128 x 128 px
LOGIN PAGE
Branding Element Field Type Description Page Header String Header text for the login page. Location is on the first line of the login page. Page Subheader String Sub-header text for the login page. The text displays on the second line of the login page. Text Color Color picker Color of the header and sub-header text. Background Color Color picker Colored layer around the logo. Background Image File Input Background image on the login page. The image appears darker than the original due to an overlay on top of the image. - Supported file format: PNG, JPG
- Size: Up to 128 x 128px (preferred)
- Dimension: 1440x900 (recommended). Smaller images are tiled.
Current Background Image field displays the uploaded Background Image.
Click SAVE. The partner account settings are saved.
Branding example
Following values define partner-level custom branding using a custom logo, favicon, background, and text labels:
Following image shows the custom branding login page:
Terminate a partner
Partner termination is a process of moving the partner to a terminated state and cleaning up all partner data. The data will be deleted and can no longer be retrieved once terminated.
A Service Provider with Partners_Manage permission can terminate a partner.
The following partner data is deleted:
- Resources & Synthetics along with asset data
- Metrics
- Alerts
- Tickets
- Users
- Audit data
- Configuration & Policies
- Device management policies
- Maintenance windows
- Alert correlation policies
- SNMP trap configuration
- Partner details
- Management profiles
- Integrations
- SSO configurations
Follow these steps to terminate a partner:
Click Setup > Account. The ACCOUNT DETAILS screen is displayed.
Click Partners tile. The PARTNERS LIST page is displayed.
Search for the partner you want to terminate using the search box.
Hover over the partner name and click the action (three dots) icon.
Select Terminate. The CONFIRM TERMINATION dialog box is displayed.
The dialog box provides all information regarding backing up all partner data because once terminated without backup, all data will be erased permanently.
Note: You can terminate only one partner at a time.Provide the following information in the dialog box:
- Enter the partner name (as shown in the box) in the Name box.
- Select the checkboxes against the information provided.
Note: All fields are mandatory.
Click TERMINATE to confirm you want to terminate the partner. The partner is terminated and all data related to the partner is erased. The partner cannot be activated again. Also, all the users will go into Inactive state.
Filter
Use the filter dropdown to view partners that are in Active, Inactive, and All Status (active and inactive) statuses:
- Click Active dropdown and select the following options:
- Active - Displays a list of active partners.
- Inactive - Displays a list of terminated partners.
- All Status - Displays a list of active and terminated partners.