• State Not Answered
  • Locked Locked
  • Replies 19 replies
  • Subscribers 38 subscribers
  • Views 6593 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Polling Using WMI versus the new Agent

tsowers

Currently polling a lot of internal servers using WMI and a couple of remote servers using the agent.  So far, the agent is working great for the remote sites, but are there any performance gains for running the agent locally to collect information versus having WMI polling on a node straight from the Orion server?

Parents
  • 0

    In terms of bandwidth consumption, our internal testing has seen ~80% reduction with the agent vs. native WMI queries.

  • 0 in reply to rob.hock

    I've noticed that my application templates seem to have chosen agent based polling without any direction on my part. Is this a known bug?

  • 0 in reply to prawij

    This is by design. All application templates by default utilize the agent unless no agent is installed; in which case agentless polling is used. This functions the same as the 64bit polling method when/if SAM is installed on a 32bit operating system. In that scenario it will automatically use 32bit polling. The option to override a template to use agentless polling when an agent is installed can be handy in the event you wanted to measure response time of user experience. You would likely get a far more accurate measurement polling from the Orion server than the Agent polling the localhost.

  • 0 in reply to aLTeReGo

    Thanks for the reply. So if I have say 1000 servers running a particular app monitor, and I have an agent on 10 of them, if the app template is set to use agent it will use the agent on those 10 and use (in my case) WMI for the other 990?

Reply
  • 0 in reply to aLTeReGo

    Thanks for the reply. So if I have say 1000 servers running a particular app monitor, and I have an agent on 10 of them, if the app template is set to use agent it will use the agent on those 10 and use (in my case) WMI for the other 990?

Children
  • 0 in reply to aLTeReGo

    Hi , would you be able to share, when to use Agent based vs. Agentless polling method?

  • 0 in reply to itengineer
     wrote:

    Hi , would you be able to share, when to use Agent based vs. Agentless polling method?

    This is somewhat use case driven, and part personal preference. Some customers prefer to use Agents anywhere/everywhere possible because Agents don't require credentials with elevated permissions or specially created least privilege accounts to be created, updated, and maintained on the endpoints. Simply install the Agent and go. Agents also have store and forward capabilities, allowing them to continue polling, even when the poller they're associated with is unreachable. Once the poller is reachable again, all monitoring information collected by the Agent while the poller was inaccessible is automatically uploaded to the poller and written to the database. This helps with availability reporting and limiting any gaps in data. 

    Obviously, there are distinct advantages to agentless monitoring, so I'm not at all suggesting this is how agents should be used in every environment. These reasons really come down to a matter of personal preference. 

    There are certain use cases where the Agent is advantageous or possibly even required. For example, if monitoring nodes across high latency links (upwards of 500ms) and low bandwidth connections. Unlike protocols like WMI, the Agent communications protocol is extremely latency friendly and high compression is used to limit bandwidth to a tiny fraction of that of WMI or RPC. 

    Agents also run over a single TCP Port, compared to WMI which by default can use any random port greater than 1024. This, along with the ability to control directionality (push/pull) can be helpful in secure environments where access control lists, firewall policies, and even NAT present difficulties with monitoring. For example, most ISPs won't allow monitoring via WMI across the internet because it uses the RPC protocol. In these situations, an Agent may be required if a VPN tunnel isn't available. Similarly, secure environments that do not allow any listening ports to be running on the endpoint, even WMI or SNMP, the Agent allows for a 'push' method to the pollers (Agent initiated communications) whereby there is no need for any listening ports on the monitored endpoint's IP for monitoring. 

    So in short, it really depends on what you're wanting to accomplish, as well as how agent-friendly the environment is. 

  • 0 in reply to aLTeReGo

    Researching a lot of security events has also shown that many of the more established Russian hacking groups love WMI. Another possible use case for agent based monitoring. I have always loved agentless but as the times are changing I think I may have to revisit my old way of thinking. Thanks for the info AlterEgo

  • 0 in reply to aLTeReGo

    That is so greatly explained

    Many thanks  

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.