Monitoring Agent for Windows or Linux servers
The server agent vs SNMP Polling, subject to discussion
The availability and performance of your company's servers is very important because they directly impact productivity. It is unthinkable that a company department can no longer access applications for part of the day or regularly complains about application malfunctions. This is one of the reasons why real-time monitoring of your servers is essential to detect incidents as quickly as possible.
Your servers may be managed or hosted by a Service Provider in the cloud. He is then in charge of supervising them to respect the SLAs to which he has committed himself.
In all cases, whether servers are internally monitored or outsourced, the same question arises: is it better to use a monitoring solution that requires agent installation or an agentless solution? The literature is abundant on this subject and opinions are divided.
The purpose of this document is to show that the use of an agent is not synonymous with constraint and complexity. Whether you are a small business, a multinational or a Service Provider, some agents can bring you ease of operation, productivity gains and flexibility.
So, server monitoring with or without an agent?
As mentioned in the introduction, the literature is rich on this subject. The main finding is that everything depends on the desired supervision. If your IT production is complex with many servers, and it is necessary to collect non-standard indicators at high frequencies, the use of a monitoring solution with agent is strongly recommended. If you only have a few servers to monitor with standard indicators, an agentless monitoring solution is sufficient.
SNMP v1, v2 or v3 collection
For the operators, the task seems easier because nothing to install on the servers but there are still constraints like :
- Fewer indicators, less fine granularity
- SNMP configuration (declare SNMP service on each server, create VPN, encrypted tunnel or SNMP v3 implementation, open streams)
- more network exchanges (response query)
- Weaknesses of the SNMP v1 and v2 protocol from a security point of view
- Microsoft does not recommend SNMP for Windows server monitoring (NT, W2k, Volume Mount Points, uptime metrics reboot time, "Unfortunately Microsoft deprecated SNMP in server 2012 (and does not support 64 bits counters). So we are unlikely to see any major changes to it in the future" https://technet.microsoft.com/en-us/library/hh831568.aspx ... )
With .NET Agent for Windows or C++ Agent for Linux
Whether with a.NET agent for Windows or in C++ for Linux, the SNMP collection counterpart in agent form solves many monitoring problems :
- Positioned on Windows and Linux servers, collection uniformity
- Automatic discovery and collection of performance indicators locally
- Triggering automatic scripts
- Top Process history by memory or automated I/O
- Sends data to the manager in an encrypted tunnel
- The manager can initialize all the agent's functions locally
- Syslog or Windows Events Log Management and Event Management Features
- APM features and application performance monitoring (.NET, JAVA or IIS traces)
- Remote poller Ping, WMI, Shell and SNMP
ServicePilot allows to supervise the different types of servers in WMI and/or SNMP (Windows, Linux, Sun, Solaris,...), virtualized environments (VMware, HyperV) and the applications they host (Exchange, Active Directory, DNS, Skype for Business,...). ServicePilot integrates a multifunction agent for Windows and Linux servers
Supervision of Windows and Linux servers with ServicePilot Agent
ServicePilot offers an agent for the supervision of Windows and Linux servers that is particularly powerful and allows native integration with the manager. This agent installs quickly with any cable distribution solution and consumes very few resources. The agent's recognition by the manager is dynamic and the data is sent to the manager at the agent's initiative. The new servers on which the agent has been previously installed will automatically be integrated into the supervision without manipulation on the part of the operators.
The connection between the agent and the manager does not require a VPN. The agent will connect directly to the manager, create his connection and an encrypted tunnel for data exchange. This architecture is much simpler with regard to the opening of flows and well accepted by security. As far as agent updates are concerned, it's very simple, they are automatic and it's not necessary to come back to each server to install a new version.
The agent automatically discovers the server resources and feeds synthetic and detailed dashboards with numerous indicators (System Supervision discovery, Automatic process discovery, Top processes per CPU consumption, memory).
The screenshot below illustrates the granularity and flexibility of server monitoring dashboards, in which I can zoom in using the calendar to understand the impacts of processes on my server's CPU peak 26 days ago on a 7-minute time scale.
The agent offered by ServicePilot not only supervises the server but also has several extended features such as log analysis and application response time that can be activated via the manager according to your supervision needs.
Zoom on the automatic mass update feature
The mass update functionality, introduced with ServicePilot 8.2.0, ensures substantial simplification for agent provisioning, by combining their configuration with that of the associated set.
More specifically, this means that the agent configuration file is created when the package is added to the setup, and are stored on the ServicePilot server.
The agent can then recover its configuration at regular intervals (for example every 30 seconds) via HTTP or HTTPS synchronization.
Any changes to the agent configuration, whether the deployment is local or remote, can be made from the ServicePilot server, with just a few clicks on the associated package.
Discover APM metrics or security events in a few clicks
Transactions, Response times, Errors, Automatic RUM for applications running JAVA, .NET, IIS technologies, or monitoring application server http transactions.
Parsing of unformatted logs, Syslogs, Windows Events to control your IS events in order to keep server connection reports, application authentications, etc. The functionalities of the machine learning type as well as the Big Data architecture of ServicePilot allow to quickly make analyses of the surface anomalies or top ranking type in a very simple way with pre-constructed queries, according to the different technologies.
ServicePilot Agent features go beyond the System part, with :
- Remote or local ping collection
- Remote or local SNMP collection
- Web, TCP, SQL, DNS/DHCP application tests, ...
- Collection SMI
- Collection of Windows Logs, Syslogs, Traps and Events
- VMWare vSphere API
- VoIP: PSTN, PSTN-XR and CDR streams
- Netflow Collection, sFlow
- IPRoute
- HTTP application traces
- API for collecting NRPE, PERL, shell scripts,...
Conclusion
I have automated mechanisms for the Microsft Windows or Linux servers monitoring that the SNMP does not give me, I can always add SNMP monitoring for specific processes to represent it automatically in my cartographies and apply process level SLA.
With a single agent, I can not only monitor my server, but also correlate security and application information without any complicated correlation rules with a dedicated dashboard.
An APM Full-Stack dashboard like the one just above makes it possible in particular to avoid incessant transfers of responsibilities during performance incidents and facilitate communication within the IT department's employees.
A supervision solution must be simple to implement and provisioning must be reliable, fast with maximum automation to avoid repetitive tasks. The ServicePilot server monitoring agent allows you to quickly meet your objectives:
- Incident reduction
- Reduced incident resolution time
- Reduced risk
- Cost reduction
- Improvement of the quality of service
- User Satisfaction
- Capacity analysis
- SLA reporting for management
