Agent-based or Agent-less Network Monitoring 34
An anonymous reader writes "ITO has published an interesting article on agent-based and agent-less network monitoring approaches: "Agents can monitor the status (availability and performance) of applications, servers, and network components in significantly more depth than generic management tools, since they are able to gather data through application-specific interfaces, exercise the full application functionality, and perform localised aggregation and summarisation of high volume metrics for example.""
I advise a mixed approach (Score:4, Interesting)
Re:I advise a mixed approach (Score:3, Informative)
I know this article doesn't really cover it, but we feel very different about client computer agents. Deploymen
Re:I advise a mixed approach (Score:2)
Why the hassle (Score:1)
OK, it's not secure, but again what else is secure if we don't give it enough research and care, it can be simply implmented and it's integrated in most of the equipment that need monitoring, but hey we ignore it, as long we di
Re:Why the hassle (Score:2, Insightful)
Re:Why the hassle (Score:2)
Re:Why the hassle (Score:3, Informative)
In the interim, however, you can always use IPSEC to provide the security that SNMP lacks, providing your equipment supports it.
On the NMS front, there are a number of platforms that support SNMPv3. NetCool and Spectrum as a couple of examples, and Concorde will have it by 3rd Q this year.
Re:Why the hassle (Score:4, Informative)
First of all, as far as hosts are concerned only a small fraction of people writing an application bother to define a MIB and register OIDs. The fraction that has bothered to read the proxy agent specs and plug themselves correctly into the SNMP agent is even smaller. Even really trivial things like RAID status are simply not present on most OS-es. Plenty of things in the MIB are still 32 bit counters while the OS-es have moved on to 64 bit internally. SNMP on a Unix (or Winhoze for that matter) platform is a disaster area.
Second, SNMP is too inflexible for large network applications like modern access boxes and high end routers. These nowdays discard most of SNMP functionality and replace it with proprietary protocols or XML. Cisco HFR and the ex-Uniphase (now Juniper) boxes are prime examples.
Third SNMP has never been the favourite due to its inflexibility for applications related to deep telco nuts and bolts like element management, mobile comms systems, etc. The reasons are too long for a slashdot rant, but they are there and they are real. This is mostly corba territory with some web services sprinkled in a few places. SNMP does not play there.
Overall, SNMP is used only in places where minimal surface level monitoring is required and the requirement for reliable transfer of alarms and data is not present. It is either discarded or supplemented by custom agents in nearly all cases where people need to look into the guts of the system.
Re:Why the hassle (Score:2)
In a nutshell: speed of alerts vs. footprint (Score:4, Insightful)
The main difference for my company's application is that an agent can tell you immediately of service degradation while an agent-less solution must wait for the next polling interval. As the article mentions, another important consideration is that agents can drill much deeper.
Importantly, agents require less NW overhead but take up more, often cheaper, RAM, disk and CPU resources.
In my current situation, my approach is to deploy agents wherever possible.
Cheers,
Bill
Re:In a nutshell: speed of alerts vs. footprint (Score:2)
Work for an vendor of "agent less" monitoring solutions there AC? (:-{)}
Unless you are blessed with tons of unused bandwith, cranking the polling interval to 60 seconds for thousa
Re:In a nutshell: speed of alerts vs. footprint (Score:2)
To Agent, or Not To Agent, That is the Question (Score:4, Interesting)
A lot of Windows software that claims to be agentless really just remotely installs a small stub using a domain account behind the scenes to do the task. Microsoft is actually making a decent stab at the problem with WMI, a sort of big brother to SNMP. Unfortunately the implementation is complex, non-standard, and up until now nobody has really used it for the type of remote instrumentation that this article talks about. Even Microsoft's own software has not really been instrumented properly.
Re:To Agent, or Not To Agent, That is the Question (Score:1)
Actually, they WERE making a good stab at this - five or so years ago. Since then, the nature of where they're trying to go with this has changed, nearly the entire project-team has disbanded (and was reformed with a different focus), and t
Re:To Agent, or Not To Agent, That is the Question (Score:2)
I am not sure that WMI really counts as agentless anyway, one of its great featur
Re:To Agent, or Not To Agent, That is the Question (Score:3, Interesting)
Which makes
"Agentless" monitoring does not exist (Score:5, Informative)
a) specific metrics gathered
b) frequency of update
c) "agent" based required distribution and control of a 3rd-party piece of software
Performance and resource utilization are a red herring.
Re:"Agentless" monitoring does not exist (Score:3, Interesting)
This is not correct.
It is absolutely true that snmpd, sar, and whathaveyou count as "agents" as much as anything else. However, you've artificially limited the discussion to only the range of monitoring appraoches that use such tools; of course when you only discuss types of monitoring that use agents, there is no such thing as agentless monitoring.
However, many (and arguably many of the best) monitoring approaches simply observe the behaviour of the actual running services, without using any additional too
Re:"Agentless" monitoring does not exist (Score:2)
Agent servers (Score:4, Interesting)
Most monitoring agents go overboard. They monitor everything under the sun, even things that require a significant amount of computing power to wrangle in to useful data.
Even lightweight agents like Nagios' nrpe do stupid things like an expensive forking scan of the process table once for each monitored process. God help you if you're running HP's Openview.
You end up needing agents to scale... (Score:1)
Others already mentioned you need agents to do a deep dive... lots of companies are running at least 2 of them (one from the vendor to handle the OS + hardware, one from a 3rd party to do "everything else").
To monitor and manage a large amount of systems you need to push the "smarts" of the system as far down as possible. Pure agentless/polling systems either run into network issues (saturate links with polling) or CPU issues (what do I do with t
The biggest downside, overlooked. (Score:3, Insightful)
Monitoring systems really should be a couple orders of magnitude more reliable than the things which they monitor. One of the most effective ways to ensure that is by having them be far clearer and simpler; an advantage that cooperative monitoring forgoes.
Hard to say. (Score:1)
http://www.bdnacorp.com/index.shtml [bdnacorp.com]
That said, my opinions here are not those of my employer. (I'm an engineer - why else would I be reading slashdot non-main-page article?) My opinions also aren't specifically about our product because it does inventory, not monitoring.
It's hard to say agent or agentless. Someone in a previous comment said there is no such thing as "agentless" and mentioned SNMP, WMI, sar, etc. Naturally, there needs to be *something
Re:Hard to say. (Score:1)
We run at least 3 different monitors at this site that I know of. Some are hardware specific, some are 3rd party. It all comes down to what the different lines of business need. Our QA testers have to have a clea
The best agent based i found... (Score:1)
I worked in telecomms, and used/administered both a Nokia NMS2000 and a Siemens OMC-S and OMC-B
While is WAY more complex than SNMP (rmeember te S is for simple) is Extremely reliable, and has many advantages over SNMP:
Atomic transactions: In Q.3 you can specify a complex configuration change and be certain that, in case of a failure mid-process, your system will be either in the initial state, or the final one, but not in an intermediate state (the lack of this feature, plus the se