[c-nsp] Giving customers access to your gear.

[Michael K. Smith - Adhost]

Hello Richey:

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Richey
> Sent: Tuesday, June 03, 2008 4:38 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Giving customers access to your gear.
> 
> I've got a customer with a T1.  They have been bought out by a large hotel
> chain.  They are pretty much demanding that they have SNMP full read access
> to our router that is at their location as well as a copy of the config for
> the router.   This is not their router, it is ours and we fully manage our
> router and hand them  Ethernet.     This seems a little odd that they want
> access to our gear, and I am not too keen on giving them access unless they
> are willing to accept some responsibility.   They don't want to accept any
> responsibility for the access they would have to this box.     They say that
> Verizion and AT&T don't have any problems giving them this kind of access to
> their gear.
> 
I think RO SNMP access is fine, and just make sure you sanitize the configuration of all "interesting" data like passwords, dynamic routing protocol configurations, etc.  If you are worried that SNMP access will create performance issues, draft up a letter for them to sign indicating that any outages or performance issues that are a result of SNMP polling will not be credited against the customer's SLA.

By the way, I'm assuming they are the only customer on this box.  If that is not the case then I would say no to unfiltered SNMP and the config file, indicating to them that the device terminates services for other customer and cannot therefore be shared with them.

Regards,

Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 475 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20080604/ff0fde50/attachment.bin>