Designing a Multi-Instance Management Configuration

The controller host has a critical role at the center of a Multi-Instance Management (MIM) configuration so choosing the most appropriate place to host the controller is an important decision.

MIM Behavior Overview

Instances of pfSense® Plus software are registered with the controller using a manual process. After registration, instances connect a special-purpose VPN back to the controller host which allows them to communicate privately and securely. All communication between the controller and instances is encrypted using this VPN. The only port on the controller which needs exposed to the Internet is the port for inbound VPN connections from registered instances.

Note

This VPN is only for use by the MIM controller, it does not enable connectivity between networks behind the other instances and the controller.

Designate a Controller

Selecting a controller host typically involves a few factors:

• The controller works best with a static IP address, but can also advertise a hostname which can be used in combination with Dynamic DNS if necessary. Instances can have dynamic addresses.

• Instances must be able to make connections back to the controller.

• The controller host requires increased CPU and memory resources to handle the additional MIM duties.

• The controller should reside in a location with stable power and connectivity.

Considering these factors, designate one host as the MIM controller and the remaining devices will be instances.