This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Orion Agent in DMZ through Proxy Server to Orion Server - Help with Setup

I would like to monitor servers in our DMZ but currently our Security Team will only allow SNMP as a Polling Method for those servers.  However there is much more OOTB monitoring in Orion that is available if using the Orion Agent.  For example, monitoring using AppInsight for SQL.

The Security Team here is not comfortable opening a port for the Agent to deliver data from the DMZ server to the Orion Server.  But they are willing to consider Agent use if through a proxy server as is suggested in many posts throughout SW KBA and Thwack.  However I don't see any articles talking about how to set up that proxy server.

Has anyone done this or maybe understands the concept and can explain it to me?  I have never worked with proxy servers before.

TIA

  • Don't know about using a proxy but do you know you can have the traffic go in the other direction? From Orion server to the agent.
    Sounds better when monitoring servers in DMZ.
  • Talking port security, using snmp vs the agent is not much different, but direction may have some influence on your decision like mentioned.

    SNMP is Orion server initiated - udp/161
    Agent with agent-initiated - tcp/17778
    Agent with Orion server initiated - tcp/17790

    Could also deploy a polling engine inside the dmz that has very limited access just to monitor these systems with the agent and any connectivity back to the primary and database is through this one system.

    Either way, speaking security... there’s a great case to use the agent instead of snmp. Especially if you’re not using snmpv3. Agent communication uses 1 single port and is encrypted.

    Another reason I don’t recommend snmp is Microsoft is deprecating that service. Still a necessity for network devices and sometimes linux with the agent though..

    Best of luck!