Looking for general idea's how others are managing their customers MikroTik devices. Either as a CPE device or a managed router
I'm looking to setup a "jump box" central management server that has winbox, dude client as well as Radius. Then be seperate MikroTik CHR virtual machine.
-Windows Server 2012r w/ AD and Radius server - as well as Duo Two-Factor Authentication
-MikroTik CHR VM
-Local internal private VM network (Cloud based)
Remote routers will only allow winbox access on WAN port from the central server. Also configure Radius Authentication for remote login, only allow from this specified remote server. Then have a local admin account as backup.
Does anyone else do anything similar to this? Or do you have all your remotely managed devices connect to a central MikroTik or CHR via SSTP or VPN connection?
Opinions? Otherwise, I was looking at Splynx.. I'm trying to not over-complicate this.