I am looking to use APM to monitor our Windows servers here. Unfortunately I have to monitor servers through a firewall as we have many different VLAN's for security purposes. I did some digging through the forums here and have not found a good solution. So far there seems to be two responses. For example:
One is to add additional polling engine to each VLAN that contains Windows servers that need to be monitored. This solution will not work in my case based on cost as we have many VLANS that would each require a polling engine and some only contain a handful of Windows servers.
Secondly some people have suggested to modify the registry to limit the number of ports that DCOM/WMI/RPC uses to a range of 100 ports instead of the default. This may work however my network guys most likely will not want to open up that many ports to all the VLANS. Also, if I understand it correctly that would be a registry change on every Windows server. I am also not sure what the complete impact to all the Windows servers that may have in the future.
I am hoping somebody out there has found a better solution then the two listed above or have had success with option 2 that might be able to provide some tips.
Was also thinking about possibly using IPSEC polices on the solar winds server and monitored servers to wrap the DCOM/WMI/RPC traffic and use only 3 ports through the fire wall. I have found articles that show you how to configure AD domain replication and client server authentication using IPSEC policy's and was thinking there may be a way to do the same for APM monitoring. However I am not that familiar with IPSEC and have not tested this.
IPSec support for client-to-domain controller traffic and domain controller-to-domain controller traffic: http://support.microsoft.com/kb/254949
