From the documentation it states:
Is this still the case? We use agents on all windows servers for the following reasons:
After you update SAM to the 2020.2 release, you'll be able to use WinRM for monitoring applications (including AppInsight for SQL). Using WinRM sends WMI queries through HTTPS ports 5985 or 5986 directly (and is secured on both). This avoids the legacy approach of using WMI with DCOM and RPC--which is where that large span of firewall ports came into play. Your security team and/or network firewall team will be much happier that there is one less application requiring those ephemeral ports. The only thing that this does not solve for is application dependency mapping, which of course still requires the agent.
I am in the exact same situation, our security team does not allow for WMI because of the wide span of ports, and we also have cluster.
This is a problem in our environment.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.