Request for few SolarWinds Admin interview Q/A

Explain what each of the SolarWinds products does and how best to implement it? Is always a fun one... Basically your first question.

Explain what the greatest skill of a monitoring engineer is?

Explain why observability is important to an organisation? 

Give real life examples of things you've achieved with monitoring.

Why do you stand out from others?

Don't worry we all struggle during interviews it takes me about two or three interviews every time I start looking for new customers.

Good Day.

Below brief note on how I would answer the questions posted.  Btw I've lately been through an interview process for Solarwinds.  These answers worked pretty well.

Anyone in the community feel free to explain, expand, correct as needed.

=================================================================================

 1.  How does Solarwinds function? in terms of architecture Solarwinds functions like many modern applications, with a web server front-end, middle tier application servers, and a database back-end.  Solarwinds accomplishes its monitoring function by ‘polling’ monitored devices and retrieving information about those devices.   Solarwinds then evaluates that data to determine if configured thresholds have been exceeded and fires alerts in response, OR displays collected metrics in dashboards and reports.  Extra credit: explain that some metrics are available out of the box, and others must be retrieved via SWQL queries.  If you use the term ‘SWQL’ good idea to explain that SWQL is a SQL variant which facilitates pulling data from different tables without joins.

2. How do SNMP and ICMP polling operate in SolarWinds? Solarwinds core application servers are called ‘polling engines’.  In any Solarwinds deployment we have a single “Main Polling Engine” and (usually) any number of “Additional Polling Engines”.   The polling engine contacts monitored devices using a configured protocol (ICMP, SNMP, WMI, SSH, Agent, others) and returns data to Solarwinds, storing that data in the database.  The details of each polling method might be beyond the scope of an average interview but be prepared to explain that ICMP is essentially PING and returns limited results, mostly up/down and response time data, while SNMP returns any metrics configured in that device’s SNMP MIB (Management Information Base).  Btw if you use terms like ‘MPE’ and ‘APE’ for polling engines make sure to explain what those acronyms mean.

3. How are node down and up alerts triggered? Solarwinds by default uses ICMP (PING) to determine device up/down status.  Device up/down status depends on the results of PING.  By default, multiple up or down results are required to change status.  You might mention that you can track up/down status with SNMP, but ICMP is used in the large majority of situations.

4. What distinguishes SNMPv2 from SNMPv3? SNMPv3 encrypts both authentication and transport, SNMPv2 does not.  With SNMPv2 everything goes over in clear text.  In any kind of enterprise environment you should ALWAYS use SNMPv3.  Only use SNMPv2 for those limited situations where you need to monitor a (very old) legacy device that does not support SNMPv3, and then MAKE SURE to document that risk with your organizational security people. 

Some other questions they would ask is about the ports used, Architecture, UnDP, Integration with ticketing tools, Firewall, Alerts.

1) IIS front end, SQL back end, polling from polling engine on a per-device cycle. Data is polled from the engines on SNMP, WMI, Agent methods, and is collected by log/flow methods. Data works its way into the DB that way from a PE to a DB, and can then be queried by the UI and the alerting service

2) SNMP allows access to a small DB with a folder structure of data and potential data, the place in this structure is an OID, and the stuff in it is a MIB, you query devices with one of a few methods (GET, GET NEXT..) for what lives in a the MIBs you care about. ICMP polling runs a ping query every polling cycle, if down you enter a fastpoll scenario, where 4 more pings are run. Something like that. More detail available from places that support those standards

3) An alert is the results from a SELECT statement against the DB, WHERE something. Thus a node down alert or Up alert are whatever they're set as being. Usually though it'll revolve around a Node (A thing with an ID and an IP in the Nodes table) having the status DOWN (ICMP did not return successfully for the whole fastpoll). The Trigger is when the select statement is run, for every ID that comes back. run an action defined in the trigger action section

4) Security, more fields, encryption. 

Always an interesting one. Also, I find questions vary depending on the type of deployment your interviewing for. My experience is interviewing prospective engineers to join a small team managing a fairly large and complex SolarWinds instance, running along side multiple other tools and integration platforms, this will vary per role.

I agree with acmtix as SolarWinds encompasses many hats these days, simply having experience with SolarWinds can vary depending on the modules you are familiar with vs what you will be expected to be responsible for. So I like to ask the candidate to explain what modules they are familiar with / have worked with most recently and to tell me what their favourite and least favourite module would be and why.

What other monitoring platforms have they worked with and to what degree? (This is to try and gauge if they are a one-trick pony or if they have spent a long time on a different product since last using SolarWinds, as things do evolve.)

Do they have any specific SolarWinds training such as SCP's or have they attended online courses or seminars etc.

Scale of previous deployments—This gives an idea of the depth of experience. I've interviewed many engineers who boast of being a SolarWinds admin for years, but when you find out they are managing a 100-node platform with about 10 alert profiles, it is a slightly different experience level.

Talk through a real-world scenario of an issue you've faced and how you've overcome it.

I'll sometimes chuck in some "what if" exam-type questions:

• You receive a 500 - Internal Server Error when you launch the Orion Web Console. You suspect the cause is a corrupted web.config file. You rebuild the Orion website to try and resolve the issue. What should you do before you delete SolarWinds NetPerfMon from IIS Manager?

1. Run the Configuration Wizard
2. Delete Temporary ASP.Net files
3. Record the Website Directory and Bindings of the Orion website
4. Delete the SolarWinds Orion Application Pool

Q: What would I need to do to ensure that User A only has access to London DC Devices and User B only has access to Edinburgh DC Devices?

If the engineer has advised they are proficient in SWQL/SQL I will sometimes have some examples to hand which have an obvious mistake and will ask them to briefly examine the query and see if they can spot the mistake.

The golden one:
If you could tell me one thing about yourself that would help me work better with you, what would it be?

Obviously always try and amend some of the questions to be relevant to the role, so don't ask questions about modules you have no intention of the engineer being involved in (For example I don't ask about WPM because we don't use it here).

In addition to the technical questions I always ask a lot of people or team questions. Trying to gauge how they interact with others, if they like to work as part of a team and get along with others. I have worked with people with incredible technical skills and minimal people skills and people with incredible people skills and low technical skills. The thing is I can teach technical skills to almost anyone but it's hard to teach people skills to a grown adult. 

I agree. I recently encountered a question about ports, but unfortunately, I couldn't provide a clear overview. I'm still a bit confused about the port requirements, and the documents shared by SolarWinds list over 1,000 ports with various definitions, which makes it a bit overwhelming. Now, I feel more confident in answering some questions, and I owe it all to dgsmith80 adam.beedell  and robert777 for their detailed explanations, which I will be using during the interview. I’m looking forward to more questions, especially related to API integration and ports, along with possible answers.