cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Highlighted
Level 8

Questions

Hello, I'm working on a new SolarWinds implementation with many of their products in scope. I have information, but it's a bit limited for port communication via pollers and servers. I've based my firewall changes on the SolarWinds Port Requirements, but I'm being asked for more specific reasoning.

Could someone please direct me to another doc/URL that has some info below or is there anyone that can answer for me?

I've inherited the project that they've been attempting for a few years, so any guidance is immensely appreciated.

Thank you!

 

Why do SolarWinds Polling Servers need to establish communication to End Hosts for Ports that are typically reserved for Server Services.

  • For UDP or TCP 53, will the SolarWinds Polling Servers be requesting DNS services from the End Hosts?
  • For UDP 123, will the SolarWinds Polling Servers be requesting NTP services from the End Hosts?
  • For UDP 162, will the SolarWinds Polling Servers be sending SNMP Traps to the End Hosts?
  • For UDP or TCP 389, will the SolarWinds Polling Servers be requesting LDAP services from the End Hosts?
  • For TCP 25, will the SolarWinds Polling Servers be requesting SMTP services from the End Hosts?
0 Kudos
8 Replies
Highlighted

Re: Questions

Is Orion going to be on the other side of the firewall from what it monitors?
For instance DNS, Orion will resolve server names to IPs. Is the DNS server on the otherside of the firewall?
If you just want to monitor servers beyond the firewall, then all you need is SNMP 161 to poll it (v3 ideally), 162 if you want the traps (I don't, polling is enough) and I recommend the Agent for monitoring the clients instead of SNMP (ports 17777 -17778 I think but check that)
0 Kudos
Highlighted
Level 8

Re: Questions

Yes, it'll be on the other side of the firewall, but only for certain servers, networks/VLANS (i.e. DMZ and PCI compliance). There are two data centers and both have pollers for each side, which will also function as HA/failover in the event of DR. To get us started, we want to monitor the essentials like ICMP, SNMP, and WinRM. I don't think we're looking at server agents currently for polling. 

0 Kudos
Highlighted
Level 12

Re: Questions

This is a HUGE "it depends" situation.

A) Start with getting things installed. You will have 3 important pieces.  1) Main polling engine, 2) Web server, and 3) SQL server.  

It's possible that in a smaller setup you will be doing all 3 on the same server.  If that is true, or if all of them are on the same network without a firewall between them, then put a big green check on this... it's good.  If it's a larger setup, then we need to understand it more.

 

B) How about the people using Orion, can they get to the web server?  If it's through a firewall, then it's http/80 and https/443 from the desktops to the orion web server. (assuming we are not getting proxies or load balancers involved)

 

C) Now what are you going to monitor and how?  and specifically what things are you going to monitor that are on the other side of a firewall.  There are a LOT of options here.  This is the NPM forum, but will you also have SAM? You have choices like SNMP, WMI, or the Agent (and the agent can initiate the connection from the polling engine or the agent.  This is important to your security team and firewall rules). 

 

And that is just the tip of the proverbial iceberg.

Highlighted

Re: Questions

@brscott brings up good points, and I remember starting out my Account rep was able to get me in tough with an Engineer to help design the system correctly. That type of session may help here as well, so you can accurately describe your goals and current environment.

There are a number of things to consider and you likely don't want all those details on a public forum.
0 Kudos
Highlighted
Level 8

Re: Questions

No, this will be a larger deployment, so SQL and polling servers are separate. Once complete, do users connect to the Web interface of the polling server or is there another server that should be designated? Most likely they'll connect via HTTPS via CNAME. I'm not certain on proxies and load balancers yet. The SQL servers will be configured in failover clusters as we're using some for the pollers at two different sites and another SQL cluster strictly for DPA. We're going to use HA, IPAM, NTA, NCM, NPOM, NTM, SRM, and VMAN to name a few. SNMP, ICMP, and WMI/WinRM will be monitored.

0 Kudos
Highlighted

Re: Questions

Solarwinds doesn't use every port on every host, it depends on what you want to monitor. If you are asked to monitor dns, you probably need port 53, if you don't then don't open it up. It's all situational and depends on what you plan on pulling back.
- Marc Netterfield, Github
0 Kudos
Highlighted
Level 8

Re: Questions

Yes, and this will be only for domain controllers running DNS? Is there a doc other than Port Requirements that I can reference to assist me?

 

Thanks!

0 Kudos
Highlighted

Re: Questions

Everything under SAM Template port requirements essentially depends on what data you think you need access to. I think the most detailed information for each use case is the documentation for each individual component type,. but it's not a whole lot more than whats already in the ports doc.

http://www.solarwinds.com/documentation/en/flarehelp/sam/content/sam-component-monitor-types-sw3188....
- Marc Netterfield, Github
0 Kudos