Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

Installing NPM, SAM, VNQM and Netflow and multiple APE's in AWS Cloud

I am looking into running all of my Solarwinds software to monitor my on-prem devices inside the AWS cloud. Is anyone else doing this? If so what have your experiences been? I found this article https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/install-orion-aws.htm and there are some different configurations shown but not one with the APE's also in the cloud. Any assistance would be appreciated.

Find more posts tagged with

Accepted answers

All comments

jclobo

Hi Bob, do you receive any advice about your question? I have the same scenario.

rcbarr

So do I.

rcbarr

Bob did you ever get this working? So we have tested source to target through the firewall (on-premise to EC2 instance(s)), working.

But now I am thinking, ok, we are going to build 100s of servers in our cloud instance so I need a single firewall rule (that contains all ports required) to allow us to monitor from on-premise to the EC2 instances. Forget this!!!!

OK Plan B, put a poller (APE) in the cloud and according to the only viable link I can find, and you posted above, HYBRID is what I am going with and according to this SINGLE document.

According to this graphic I only need 4 ports opened for the APE to communicate back to the Main Poller and Database. Am I having Monday Morning Blues and not thinking this through or is this IT.

Thinking about it, what about SAM? SAM will introduce a whole new set of port requirements.

> SAM component monitors (solarwinds.com)

Did you get it working?

mesverrum

I ran Orion in AWS and then in GCP in my previous role for a few years.

The document is correct about just needing the 4 ports, but it is only addressing the communications between the APE and primary server. If your SAM target nodes are back on-prem then you would need to handle those ports basically one by one, depending on which protocols and such your components will use. If the target nodes from the AWS APE are also only going to be in AWS then that should simplify your life a bit. Most likely you'd want to create an AWS security policy for all your servers that allows traffic on all the necessary ports for traffic originating from your AWS APE and it would be part of your standard workflow/cloud formations/whatever process to always apply that security rule to servers as they are spun up in the future.

Itemizing which ports you need to open up is a bit of a chore, but its definitely important. For example when my CTO came hunting for me after the SW breach it was really easy for me to prove that our policies were tightly locked down and we had not been impacted.