cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 17

SNMP vs WMI polling - pros and cons

I'm pulling together a (semi-comprehensive) comparison of the impact of monitoring via WMI versus SNMP.

The upshot for those who are impatient: WMI monitoring (whether WMI polling or WMI via SAM) has a measurable - but manageable - impact on both the target device and the poller.

That said, if you are considering converting your monitoring of Windows devices from SNMP to WMI, what are you gaining? What are you losing?

Here's the start of my list. Please add your own in the comments below. Note that this is an off-the-top-of-my-head list. Coherency comes later.

SNMP Monitoring (as compared to WMI)

  • CON Cannot monitor Windows Volume Mount points
  • CON Challenges configuring earlier versions of Windows (NT, W2k)
  • CON Requires additional non-default configuration actions (enabling snmp agent, setting RO string, etc)
  • PRO Fewer ports for enterprise firewall rules (translates to an easier time getting security to agree to variances)
  • PRO No single point of failure for access
  • CON Changing SNMP string requires enterprise-wide changes
  • CON Uses SNMP service start time for uptime metrics, rather than actual server reboot time
    • Work-around: set up UnDP for hrSystemUptime
  • PRO Extremely efficient use of CPU, RAM and bandwidth (on both target and poller)

WMI Monitoring (as compared to SNMP)

  • CON WMI-only devices cannot use custom pollers (UnDP).
    • Work-around: If the machine has EVER been an SNMP polled device, the snmp info is retained and custom pollers can be used (at least until the SNMP RO string changes)
  • PRO Account settings used by SAM automatically
  • CON significantly more firewall ports required
    • Work around: per-server config can nail down WMI to just a couple of ports
  • CON will not work across a NAT-ed WAN connection (VPN, etc)
  • CON one password change in AD can cripple monitoring
  • CON cannot monitor topology
  • PRO doesn't try to monitor RAM as a volume (why does NPM do that, anyway?!?)
  • PRO uses REAL reboot time for uptime metrics
  • CON less efficient (vis a vis SNMP) use of CPU, RAM and bandwidth on both target and poller

OK guys, there's the start of my list. What did I miss?

Leon Adato | Head Geek
------
"Measure what is measurable,
and make measurable what is not so." - Gallileo

36 Replies
Level 7

I wanted to throw another pro/con in. It looks like at least in 12.1, if you go from SNMP to WMI the snmp-location field is no longer used to auto map on the world map and rather the AD Site name is used. The problem is is uses cn= and not location= so you might break your mapping.

0 Kudos
Level 11

I want to start off by saying how great this thread is!  Extremely useful information when it comes to resource utilization and objects available for monitoring via snmp vs wmi.  What about from a security stand point?  I have heard many times that WMI is more secure than SNMP, and I assume the people that say that are referring to SNMPv2c. 

Only the WMI Service Account password is encrypted, correct?  Or is the username also encrypted when sent across the wire?

I know for a fact that SNMPv2c sends a plaintext community string, which is not secure at all.  SNMPv3 uses username/pw that is encrypted, but does Windows support SNMPv3?

What are your thoughts from a security stand point?

0 Kudos

Windows Server 2016 does not support SNMPv3. Microsoft officially states that SNMP is deprecated in Windows Server 2012 and up, so I doubt you'll be seeing anything from Microsoft in the future either.

How to achieve Windows Server SNMP v3 Security Compliance

3rd Party Solutions:

  • MG-SOFT – Commercial
  • SNMP-Informant – Commercial
  • Net-SNMP – Open Source

How to achieve Windows Server SNMP v3 Security Compliance | The Official E-SPIN Blog

Level 10

As I have said elsewhere, I would like to be able to configure nodes to use both SNMP and WMI. Using SNMP for those monitored items that are more efficiently monitored with SNMP (or not available via WMI). Having both WMI credentials and SNMP community strings associated with each node eases administration and makes using some of the GUI features, like service control so much easier.
Unless & until the enhancement request to offer dual monitoring becomes available, our policy is to monitor physical servers using SNMP, virtual Windows servers using WMI. For virtual Windows servers connected via NAT addresses, we plan to use the Agent.   

0 Kudos
Level 8

Hello Everyone!

For people that use snmp (like me),  What are you do about Software Inventory? Because using snmp I cant get all software installed

0 Kudos
Level 12

Hi!

We use SNMP as our mainstay. We actually leverage WMI in templates for monitoring our Exchange Mount Points!

The templates use an AD Service Account for Solarwinds to poll the servers. It seems to work fine.

These Exchange Mount Point templates were created by Matthew LaSota of Sentinel Technologies! Leon I know you worked with him!

You were actually here in Chicago, Northwestern Memorial Hospital and helped us construct our current Solarwinds system!

You did a wonderful job!!!

Is there a difference in what information SNMP pulls from devices versus WMI?

At this time, I only see WMI as another method of polling. But will I see a difference in what information I will be able to get from polling WMI than SNMP?

Will I still be able to pull BIOS information, SN, etc.?

We currently have (4) pollers. Using NPM, SAM, NCM, UDT, QoE, IVIM, VNQM.

We will have our WPM on the pollers soon and getting it off of it's own server, so it is integrated with everything.

Soon, we will have a separate web server. Lots of people are using Solarwinds now.

Thanks much!

Cheryl

0 Kudos

Cheryl,

Leon has created a very thorough comparison and posted it here on Thwack: SNMP_vs_WMI_20130412.docx

and also here:  Re: SNMP vs WMI polling - pros and cons

These two documents should give you a good grasp on the SNMP or WMI debate!

I use them both depending on what data I am retrieving and demand on the server.

Hope this helps!

Butch

Thanks bspencer63! Appreciate it!

Cheryl

0 Kudos
Level 14

Leon,

Now that NPM 11.5 and SAM 6.2 are out there, I would like to re-visit this thread - but add Agent polling to the PRO/CON discussion. What are the considerations when deciding how to poll a Windows node? How do the various features (in particular some of the new ones) in NPM and SAM impact that decision?

Hmm. It should still technically be the same, although it's actually possible to generate a much more significant load on the machines with agents because you're not just doing basic polling.

TLDR: Maybe that should be a separate question like, what polling method should I use when:

(conditions)

Such as:

access limitations

security restrictions

on domain/off domain

consistent set of credentials/not

etc

0 Kudos
Level 13

Just adding the KB under the same post will help others.

What polling method should I use?

http://knowledgebase.solarwinds.com/kb/questions/3613/What+polling+method+should+I+use%3F

Level 12

Great list Leon, glad I stumbled upon it.

Level 11

You are forgetting the native integration with propietary apps from Microsoft, APP Insight from SAM is built around this freature, (SQL, Exchange, IIS)

0 Kudos

Leon Adato There is a missing pro & con of SNMP polling a windows server:

You will see (and can monitor) all of the virtual interfaces, thus causing UX/UI confusion to other users who are doing SNMP walks via "list resources" in Orion and making it harder than it should be to identify actual interfaces. On the plus side, you can monitor traffic across said interfaces. This is a windows server with 1 physical interface highlighted.

snmp.jpg

rob.hock One thing I always wondered with regards to WMI, how is the polling actually being done? Is it just a RPC using WMI credentials, or is it via powershell?

Level 12

to reiterate what Rob stated above:

it has has determined that it takes roughly the same amount of resources to complete a single (1) WMI poll as it does to complete five (5) SNMP polls.

Yes, but to be clear - the difference in impact on the target is (generally speaking) negligible. If an SNMP request takes .001% of a machine's resources, and WMI takes .005% (I just made that value up, don't quote me on it) nobody is going to pitch a fit when you turn on WMI. And the value you get from WMI monitoring (windows volume mount points, hardware details, seamless addition of SAM monitors without providing additional permissions, etc) may be worth the nominal hit to the system.

Leon Adato | Head Geek
------
"Measure what is measurable,
and make measurable what is not so." - Gallileo

Can you speak of what impact you will see on the polling server? Is there any resource that should be increased (memory, cpu's, etc...) on the Orion server when changing a large number of nodes from SNMP to WMI?

In our environment we currently have about 500 Windows servers and are looking to get away from SNMP and change them all to WMI. Currently we are only polling about 80 through WMI the rest are still on SNMP. When I make that change will this put more of a stress on the poller?

0 Kudos
Level 9

Hello all,

I'm looking for a definitive answer to just one thing.

Which monitoring protocol, WMI or SNMP, will affect performance of the monitored Windows 2008R2/2012R2 the least? WMI or SNMP? In the context of this question, it is not relevant which reveals any specific metric or health, only which puts more load on the monitored machine(s).

Thank you!!!

Pjc

0 Kudos

Typically SNMP would be considered lighter weight from a host / query / network perspective.

Agreed.

Leon Adato | Head Geek
------
"Measure what is measurable,
and make measurable what is not so." - Gallileo