2 Replies Latest reply on Jun 20, 2012 4:10 PM by dc_san

    SAM 5.0.1 Multiple domains & credentials

    dmcconnell@epsilon.com

      Hi,

       

      Our company has many domains (100+) and most do not have trust relationships with the others.  I have found managing application in SAM to be quite cumbersome when it come to assigning credentials.  Let me give you a scenario and maybe someone else has encountered this and has a workaround...

       

      We have a department that has many servers spread across let's say 10 domains.  All of the nodes are polled via SNMP.  I have a custom property defined "Department" that I can group all of this departments nodes together.  I have a template "Base metrics" that polls several metrics via WMI from the servers, so I need to use credentials that are specific to the domain that the node lives in.  Right now, I assign that template to all servers that have the same "Department" and assign a credential based on which domain I think has the most nodes from this group.  Now comes my issue... When I go back to update the credentials for the nodes that are failing to run the WMI, I have to go to Manage Assigned Application monitors, and chose each monitor for each node, click Edit Properties and update the credentials.  This is very time consuming if you have many nodes that need to be updated.  Anyone else experiencing this issue?  If all of your nodes live in one domain, you would probably never notice this.  When you have multiple domains, it's an administrative nightmare.

       

      Here are some of my thoughts, hopefully Solarwinds is seeing this and possibly already has some of this on their roadmap or enhancement list.

       

      1.  Make managing assigned application monitors more like managing nodes, where you can group by custom properties and application monitor AND search.  You would be able to multi-select nodes/applications and click on "Edit Properties" or "Update Credentials" or similar.

      2.  Have the ability to tie SAM credentials to nodes when they are created/discovered for SNMP, similar to they way you can for WMI nodes today.  Then you could set the app template to inherit credentials from node.

      3.  Have the ability to associate a credential in with a DNS suffix.  So you could have the system lookup the correct credentials by the DNS suffix of the node that the app monitor is assigned to.

       

      Let me know if anyone has any workarounds they've been using.

       

      Thanks,

      David McConnell

      Epsilon

        • Re: SAM 5.0.1 Multiple domains & credentials
          aLTeReGo

          I've used dozens of different products over the years and credential management has always a bear. This is especially true when dealing with multiple domains that have no trust relationships between them.  I do have some tips that might help ease the burden of maintaining your assigned credentials.

           

          You can leverage node custom properties, as well as sort assigned application templates by node name to ease targeting your credential changes.

          Asssigned Application templates.png

           

          I've also posted a report that will show which component monitors are using which application templates.

          Credentials Used By APM Component Monitors

           

          I recommend naming your credentials something meaningful when creating them. Once they're assigned to an application there is little or no reason to change them. If the password changes you can simply update the password in the credentials library. This one change will effect any and all applications where this credential has been assigned. So for each domain I would come up with a naming convention of the credential title like [Site\Domain\Username] or [Application\Domain\Username] but this can really be anything that suits your environments needs.

           

          We're currently working on multi-edit for application template editing which should make credentials management even easier. It won't however effect the Assigned Application Monitors page. At least not yet. We're also tracking a request for custom properties to support applications and component monitors under FB621.

           

          Hopefully something in this will help ease the burden of managing credentials across multiple domains in a large environment but I still encourage others in the community to share any tips and tricks they might be using as well.