22 Replies Latest reply on May 30, 2017 9:18 AM by ceward

    Agents for Windows - Why is Agent-Initiated 'Recommended'?

    jbiggley

      We're starting to leverage agents as part our testing for cloud-based server monitoring (less holes in the firewalls = better security, right?) and when you go through the agent add process it says that agent initiated is the preferred communication method.  Any ideas why?  We are leaning towards server initiated as it makes the security types less worried when comms from external servers are going out from our network rather than listening for inbound comms.

       

      Check out the /Orion/AgentManagement/Admin/DownloadAgent.aspx page to see what I mean.

       

      2016-08-29 15_23_59-Agent Downloads.png

       

      Tagging aLTeReGo as the guru of all things agent.

        • Re: Agents for Windows - Why is Agent-Initiated 'Recommended'?
          nick_scott

          If you were to have a thousand (max agents per poller) agents configured with server initiated and lets say a portion of your network dropped your polling server would be making continuous communication attempts potentially maxing out your available 64k ports.

           

          Agent initiated allows the sever to do the legwork, saving the poller from unnecessary polling cycles.

           

          I'm sure there are other reasons but this is something I have seen in production.  Misconfigured server initiated agents have taken down our pollers more than once.

          1 of 1 people found this helpful
            • Re: Agents for Windows - Why is Agent-Initiated 'Recommended'?
              jbiggley

              Help me understand this a little more. If an agent is deployed with server-initiated polling and the agent goes offline, how often does the poller try and contact the agent?  What is the duration of the communication attempt if the agent does not respond?

               

              What I am trying to figure out here is the implications to that 64K port limitation. If agents are tried every 2 minutes but take longer than that to free up a port (or if Windows isn't providing that port fast enough) then there is a theoretical limit to the number of nodes you could have on any given polling engine given a scenario of complete loss of connectivity.  And since we like to do things bigger and badder (is that a word?), I'm very interested in how this looks.

              • Re: Agents for Windows - Why is Agent-Initiated 'Recommended'?
                chadsikorra

                What do you mean by misconfigured server initiated agents taking down the poller?

              • Re: Agents for Windows - Why is Agent-Initiated 'Recommended'?
                aLTeReGo

                Josh, there is no single 'right' answer here. Agent initiated is the easiest on end-users because it allows for automatic agent registration and node creation. That is why it's the default and the recommended mode. We added 'Passive' mode because we knew that not all environments or situations would allow for agent initiated communication.

                1 of 1 people found this helpful
                • Re: Agents for Windows - Why is Agent-Initiated 'Recommended'?
                  chadsikorra

                  We use server initiated polling for our cloud based monitoring due to the same concerns you had regarding the direction of the initiated traffic. However, I have noticed that the server initiated agents have a tendency for polling problems (such as application status going to "unknown"). Restarting the Orion services on the central poller, or restarting the central poller altogether, is the only thing that fixes it sometimes.

                  • Re: Agents for Windows - Why is Agent-Initiated 'Recommended'?
                    Peter Monaghan, CBCP, SCP, ITIL ver.3

                    I have to say in my years of experience I am not a fan of agent-based monitoring. I use Solarwinds today for NPM/SAM/etc. and I use SAP's Solution Manager for my SAP servers/applications. SolMan is agent-based. The administration and overhead for my SolMan agents is exponentially higher. Granted, I get tons more data back, more than I ever wanted or could do with, but the technical debt I pay for agent-based monitoring is much higher.

                    1 of 1 people found this helpful
                    • Re: Agents for Windows - Why is Agent-Initiated 'Recommended'?
                      squinsey

                      I'm a bit late to the party jbiggley (as I'm actually searching for another agent related issue) however they are also best in a NAT'd environment.

                      Due to some segments having overlapping IPs and 1:1 NATs in place for our network, the agents are still able to perform.

                        • Re: Agents for Windows - Why is Agent-Initiated 'Recommended'?
                          jbiggley

                          After some chatting with the UX team and here on Thwack, I've come to the conclusion that agents are pretty great -- in the right circumstances.  We are going to stick with our SNMP and/or WMI stance for now, but when needed we'll be using agents.  We're also defaulting to server-initiated and have communicated to the SolarWinds devs that making the assumption of agent-initiated comms is not a security best practice.  It means that you have to listen for those comms in some sort of edge zone.  We've opted to default to server-initiated as an extra layer of security.

                           

                          I know some features and process flows were designed around agents self-registering. Hopefully that won't be a sticking point for SAM going forward.

                          1 of 1 people found this helpful
                            • Re: Agents for Windows - Why is Agent-Initiated 'Recommended'?
                              jbiggley

                              I wish I could say we would miss you when you were gone but we won't.

                               

                              I've used lots of solutions over the years and if I've learned anything it is that the person implementing it is as much at fault for the outcomes as is the product.  No product, not even the SolarWinds Orion platform, is perfect.  The more I push and stretch and hammer away at the products the more things I discover that make me go "hmm" as well as "oh, heck yah that's awesome!"  Somehow I manage to make things work.  And not just work in isolation but work at a very grand scale.  We interface with other platforms, we deliver a critical service for thousands of co-workers who depend on us to help them help our customers, and we do it with relatively little pain given all that we are asked to do.

                               

                              I've read your vitriol time and time again.  If you don't like the product(s) then get involved with the beta tests, the UI/UX reviews, offer suggestions on how to fix the problems.  I've been a SolarWinds customer for nearly a decade now.  I've built and implemented systems of all sorts of sizes and shapes and I support a platform that is on the scale of ridiculous for a single instance.  I can promise you that I don't hold back when I talk with the folks at SolarWinds.  Whether it is product concerns, process concerns, or just concerns about the messaging in general, they get to hear it all.  And the best part?  THEY LISTEN!  They are collaborative and eager to support us.  They want to work with us because they understand that their customers help them make a better product.  Since there is no perfect customer there is no perfect product but I can tell you that it is a pretty powerful combination when folks come together to try and solve a problem.

                               

                              Sorry that you aren't able to find value in any of the SolarWinds products.  I expect that means you will be promptly uninstalling the code and surrendering your licenses. It sounds like you have another solution that is already doing the job for you so why bother to run two platforms?  Please let us know when you've removed all of your SolarWinds products.  I am sure we can help you find a non-profit or charity that would appreciate a donation of those licenses.  Heck, I'd be glad to take them off your hands for my lab environment.

                               

                              Although, I expect the reality is that monitoring is an essential service to you and your employer/clients and shutting off a monitoring environment, regardless of your personal opinions on its completeness, would be a resume generating event.  Hopefully you can start to contribute solutions to help the Community of Practice for Enterprise Monitoring.  This 'rant on repeat' is getting old.

                              2 of 2 people found this helpful
                                • Re: Agents for Windows - Why is Agent-Initiated 'Recommended'?
                                  ceward

                                  Yes in some environments you only have so many ways to deal with Monitoring. As an example those familiar with the PURDUE model, you can not hop a level. And you are often confronted in those levels of multiple domains, not part of a forest, stand alone servers....etc

                                   

                                  So if you have the 4 levels, and need to move Alerting to your DMZ you face the challenge how do I get alerting from level 1? 2? I can use Windows Event forwarding, and send those to a server in the level. And then that server up to the next level and so on?

                                   

                                  Or as encrypted 1 way communication then that is fine. But then I need an agent.

                                   

                                  Unless others on this board have any other ideas on how to move events with out violating the restrictions of the PURDUE model.

                                • Re: Agents for Windows - Why is Agent-Initiated 'Recommended'?
                                  dodo123

                                  Love to know your environment, versions of software windows and SolarWinds.