I have a question: is it possible for osqueryd to register with two concurrent (but different!) fleetdm backends?

You could run 2 separate instances of osqueryd, each configured for a different fleet server

@Tor Houghton this is a very interesting use case. I think this has been raised by others in the community in the past. To help the Fleet team understand your use case, why do you want osqueryd to register with two backends ?

So, the use case is really rather simple. I have two different types of users (ops and response) in two different infrastructures. The ops people cannot use tools in the response infrastructure, but osquery is too good to be a tool for responders only (and it is easier to roll out if ops see their use cases taken seriously). (Sorry for the late response!)

The ops people cannot use tools in the response infrastructure

Is this a non-negotiable requirement? If there’s room for negotiation, the “Observer” role (RBAC feature in Fleet) would allow you to give ops users access to only read data and run pre-designated queries in Fleet. This^ is the intended solution for giving some users restricted access in Fleet. Docs on the specific permissions of the “Observer” role are here: https://fleetdm.com/docs/using-fleet/permissions#permissions

Fortunately (or unfortunately, depending on standpoint), yes.