Monitoring SQL without using credentials over the network

Hi there,

Is it possible to monitor a SQL server and instance without the need to open up multiple ports between two networks and also negate the need to use credentials over that same network?

An example would be if I wanted to monitor a SQL server/instance in a secure zone that only allows incoming connections on specific ports (not ranges) and where use of credentials in the connection is prohibited.

Could you in this scenario, leverage the Monitoring Service as a type of proxy/agent?