I'm pulling together a (semi-comprehensive) comparison of the impact of monitoring via WMI versus SNMP.
The upshot for those who are impatient: WMI monitoring (whether WMI polling or WMI via SAM) has a measurable - but manageable - impact on both the target device and the poller.
That said, if you are considering converting your monitoring of Windows devices from SNMP to WMI, what are you gaining? What are you losing?
Here's the start of my list. Please add your own in the comments below. Note that this is an off-the-top-of-my-head list. Coherency comes later.
SNMP Monitoring (as compared to WMI)
WMI Monitoring (as compared to SNMP)
OK guys, there's the start of my list. What did I miss?
I wanted to throw another pro/con in. It looks like at least in 12.1, if you go from SNMP to WMI the snmp-location field is no longer used to auto map on the world map and rather the AD Site name is used. The problem is is uses cn= and not location= so you might break your mapping.
I want to start off by saying how great this thread is! Extremely useful information when it comes to resource utilization and objects available for monitoring via snmp vs wmi. What about from a security stand point? I have heard many times that WMI is more secure than SNMP, and I assume the people that say that are referring to SNMPv2c.
Only the WMI Service Account password is encrypted, correct? Or is the username also encrypted when sent across the wire?
I know for a fact that SNMPv2c sends a plaintext community string, which is not secure at all. SNMPv3 uses username/pw that is encrypted, but does Windows support SNMPv3?
What are your thoughts from a security stand point?
Windows Server 2016 does not support SNMPv3. Microsoft officially states that SNMP is deprecated in Windows Server 2012 and up, so I doubt you'll be seeing anything from Microsoft in the future either.
How to achieve Windows Server SNMP v3 Security Compliance
3rd Party Solutions:
As I have said elsewhere, I would like to be able to configure nodes to use both SNMP and WMI. Using SNMP for those monitored items that are more efficiently monitored with SNMP (or not available via WMI). Having both WMI credentials and SNMP community strings associated with each node eases administration and makes using some of the GUI features, like service control so much easier.
Unless & until the enhancement request to offer dual monitoring becomes available, our policy is to monitor physical servers using SNMP, virtual Windows servers using WMI. For virtual Windows servers connected via NAT addresses, we plan to use the Agent.
We use SNMP as our mainstay. We actually leverage WMI in templates for monitoring our Exchange Mount Points!
The templates use an AD Service Account for Solarwinds to poll the servers. It seems to work fine.
These Exchange Mount Point templates were created by Matthew LaSota of Sentinel Technologies! Leon I know you worked with him!
You were actually here in Chicago, Northwestern Memorial Hospital and helped us construct our current Solarwinds system!
You did a wonderful job!!!
Is there a difference in what information SNMP pulls from devices versus WMI?
At this time, I only see WMI as another method of polling. But will I see a difference in what information I will be able to get from polling WMI than SNMP?
Will I still be able to pull BIOS information, SN, etc.?
We currently have (4) pollers. Using NPM, SAM, NCM, UDT, QoE, IVIM, VNQM.
We will have our WPM on the pollers soon and getting it off of it's own server, so it is integrated with everything.
Soon, we will have a separate web server. Lots of people are using Solarwinds now.
Leon has created a very thorough comparison and posted it here on Thwack: SNMP_vs_WMI_20130412.docx
and also here: Re: SNMP vs WMI polling - pros and cons
These two documents should give you a good grasp on the SNMP or WMI debate!
I use them both depending on what data I am retrieving and demand on the server.
Hope this helps!
Now that NPM 11.5 and SAM 6.2 are out there, I would like to re-visit this thread - but add Agent polling to the PRO/CON discussion. What are the considerations when deciding how to poll a Windows node? How do the various features (in particular some of the new ones) in NPM and SAM impact that decision?
Hmm. It should still technically be the same, although it's actually possible to generate a much more significant load on the machines with agents because you're not just doing basic polling.
TLDR: Maybe that should be a separate question like, what polling method should I use when:
on domain/off domain
consistent set of credentials/not
Leon Adato There is a missing pro & con of SNMP polling a windows server:
You will see (and can monitor) all of the virtual interfaces, thus causing UX/UI confusion to other users who are doing SNMP walks via "list resources" in Orion and making it harder than it should be to identify actual interfaces. On the plus side, you can monitor traffic across said interfaces. This is a windows server with 1 physical interface highlighted.
rob.hock One thing I always wondered with regards to WMI, how is the polling actually being done? Is it just a RPC using WMI credentials, or is it via powershell?
to reiterate what Rob stated above:
it has has determined that it takes roughly the same amount of resources to complete a single (1) WMI poll as it does to complete five (5) SNMP polls.
Yes, but to be clear - the difference in impact on the target is (generally speaking) negligible. If an SNMP request takes .001% of a machine's resources, and WMI takes .005% (I just made that value up, don't quote me on it) nobody is going to pitch a fit when you turn on WMI. And the value you get from WMI monitoring (windows volume mount points, hardware details, seamless addition of SAM monitors without providing additional permissions, etc) may be worth the nominal hit to the system.
Can you speak of what impact you will see on the polling server? Is there any resource that should be increased (memory, cpu's, etc...) on the Orion server when changing a large number of nodes from SNMP to WMI?
In our environment we currently have about 500 Windows servers and are looking to get away from SNMP and change them all to WMI. Currently we are only polling about 80 through WMI the rest are still on SNMP. When I make that change will this put more of a stress on the poller?
I'm looking for a definitive answer to just one thing.
Which monitoring protocol, WMI or SNMP, will affect performance of the monitored Windows 2008R2/2012R2 the least? WMI or SNMP? In the context of this question, it is not relevant which reveals any specific metric or health, only which puts more load on the monitored machine(s).
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.