SNMP Informant. SNMP Informant, the default Microsoft SNMP extension agents and WMI January 2009



Similar documents
SNMP Informant Release Notes Release

SNMP Informant Release Notes

Internetworking Microsoft TCP/IP on Microsoft Windows NT 4.0

Overview - Using ADAMS With a Firewall

Overview - Using ADAMS With a Firewall

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

SNMP Informant. Installation and Configuration Guide. Release

Before deploying SiteAudit it is recommended to review the information below. This will ensure efficient installation and operation of SiteAudit.

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

HP OpenView Operations 7.x for Windows. Firewall Configuration white paper. Version 2.2. Publication Date: 08/2003

Required Ports and Protocols. Communication Direction Protocol and Port Purpose Enterprise Controller Port 443, then Port Port 8005

Networking Best Practices Guide. Version 6.5

Simple Network Management Protocol

How To Set Up Foglight Nms For A Proof Of Concept

AT-S95 Version AT-8000GS Layer 2 Stackable Gigabit Ethernet Switch Software Release Notes

DB2 Connect for NT and the Microsoft Windows NT Load Balancing Service

UPPER LAYER SWITCHING

Technical Notes P/N Rev 01

SolarWinds. Understanding SolarWinds Charts and Graphs Technical Reference

SNMP Protocol for Easy Network Management

SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP)

IP Addressing A Simplified Tutorial

SNMP -overview. Based on: W.Stallings Data and Computer Communications

Know the signs of potential problems. Prevent problems before they occur. This unit contains the following three lessons:

An Overview of SNMP on the IMG

Installation Guide Supplement

SNMP Informant Installation and Configuration Guide

Chapter 12 Supporting Network Address Translation (NAT)

Broadband Phone Gateway BPG510 Technical Users Guide

Goverlan Remote Control

Product Standard General Interworking: Internet Server

Guideline for setting up a functional VPN

Network Station - Thin Client Computing - Overview

Whitepaper. Business Service monitoring approach

Cisco Configuring Commonly Used IP ACLs

White Paper. Deploying EUM. SurfControl Web Filter for MS Windows. rev. 1.1, January Enterprise Threat Protection

Configuration IP Routing and Multicast Avaya Ethernet Routing Switch 4500 Series

The PostBase Connectivity Wizard

Oracle Enterprise Manager Ops Center. Ports and Protocols. Ports and Protocols 12c Release 3 ( )

Integrated Citrix Servers

Jean Parrend 1/6 SNMP. Content. 1. Introduction...1

Accessing Remote Devices via the LAN-Cell 2

Management Software. User s Guide AT-S84. For the AT-9000/24 Layer 2 Gigabit Ethernet Switch. Version Rev. B

Comparison of SNMP. Versions 1, 2 and 3

Linking 2 Sites Together Using VPN How To

Chapter 11. User Datagram Protocol (UDP)

NetCrunch 6. AdRem. Network Monitoring Server. Document. Monitor. Manage

Basic Network Configuration

Windows XP Service Pack 2 Windows Firewall Group Policy Setup for Executive Software Products

PrintFleet Enterprise Security Overview

MailMarshal SMTP in a Load Balanced Array of Servers Technical White Paper September 29, 2003

MANAGING NETWORK COMPONENTS USING SNMP

Network Management & Security (CS 330) RMON

Lecture (02) Networking Model (TCP/IP) Networking Standard (OSI) (I)

CT LANforge-FIRE VoIP Call Generator

A Brief. Introduction. of MG-SOFT s SNMP Network Management Products. Document Version 1.3, published in June, 2008

Minimal network traffic is the result of SiteAudit s design. The information below explains why network traffic is minimized.

Transparent Identification of Users

Installation Guide. Squid Web Proxy Cache. Websense Enterprise Websense Web Security Suite. v for use with

EView/400i Management Pack for Systems Center Operations Manager (SCOM)

Catalyst Layer 3 Switch for Wake On LAN Support Across VLANs Configuration Example

First Workshop on Open Source and Internet Technology for Scientific Environment: with case studies from Environmental Monitoring

CCT vs. CCENT Skill Set Comparison

ITEC310 Computer Networks II

CompTIA Exam N CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ]

High-performance VoIP Traffic Optimizer Client Solution

Enabling Remote Management of SQL Server Integration Services

Section 11.1, Simple Network Management Protocol. Section 11.2, Port Data Capture

Network Terminology Review

Network Guide. Windows Configuration Using a Printer Server Monitoring and Configuring the Printer Appendix

Configuring SNMP Cisco and/or its affiliates. All rights reserved. 1

A Heterogeneous Internetworking Model with Enhanced Management and Security Functions

Stateful Inspection Technology

MOC 6435A Designing a Windows Server 2008 Network Infrastructure

District of Columbia Courts Attachment 1 Video Conference Bridge Infrastructure Equipment Performance Specification

Network Management - SNMP

HP StorageWorks EVA Hardware Providers quick start guide

Integration with CA Transaction Impact Monitor

SNMP Simple Network Management Protocol

BEA WebLogic Server. and BEA WebLogic Express. SNMP Management Guide

Module 1: Reviewing the Suite of TCP/IP Protocols

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version Rev.

Delphi 2015 SP1-AP1 System Requirements

Enterprise Edge Communications Manager. Data Capabilities

How Do I Upgrade Firmware and Save Configurations on PowerConnect Switches?

IBM Proventia Management SiteProtector. Configuring Firewalls for SiteProtector Traffic Version 2.0, Service Pack 8.1

Transport and Network Layer

Running custom scripts which allow you to remotely and securely run a script you wrote on Windows, Mac, Linux, and Unix devices.

How To Configure A Vyatta As A Ds Internet Connection Router/Gateway With A Web Server On A Dspv.Net (Dspv) On A Network With A D

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Visio Enabled Solution: One-Click Switched Network Vision

Securing Networks with PIX and ASA

Subnetting and Network Management Omer F. Rana. Networks and Data Communications 1

These options allow you to define baseline settings for how scanning will occur on your network

SNMP Monitoring and SWG MIB

Network Management System (NMS) FAQ

PrintFleet Enterprise 2.2 Security Overview

Mathatma Gandhi University

PREFACE iss.01 -

IBM Security SiteProtector System Configuring Firewalls for SiteProtector Traffic

Transcription:

Informant Systems, Inc. 11135-23A Avenue Edmonton, AB T6J4W5 Canada p: 780.908.6669 f: 780.434.8991 www.informant-systems.com SNMP Informant SNMP Informant, the default Microsoft SNMP extension agents and WMI January 2009

Copyright Copyright 2004-2009 Informant Systems, Inc. All Rights Reserved. Copyright 1999-2004 Williams Technology Consulting Services Restricted Rights Legend This software and documentation is subject to and made available only pursuant to the terms of the Informant Systems License Agreement and may be used or copied only in accordance with the terms of that agreement. It is against the law to copy the software except as specifically allowed in the agreement. This document may not, in whole or in part, be copied photocopied, reproduced, translated, or reduced to any electronic medium or machine readable form without prior consent, in writing, from Informant Systems, Inc. Information in this document is subject to change without notice and does not represent a commitment on the part of Informant Systems. THE SOFTWARE AND DOCUMENTATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND INCLUDING WITHOUT LIMITATION, ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. FURTHER, INFORMANT SYSTEMS DOES NOT WARRANT, GUARANTEE, OR MAKE ANY REPRESENTATIONS REGARDING THE USE, OR THE RESULTS OF THE USE, OF THE SOFTWARE OR WRITTEN MATERIAL IN TERMS OF CORRECTNESS, ACCURACY, RELIABILITY, OR OTHERWISE. Informant Systems may make changes to specifications and product descriptions at any time, without notice. Trademarks or Service Marks SNMP Informant is a registered trademark of Informant Systems, Inc. All other trademarks are the property of their respective companies. Document Information Version Last Updated Author Edit Notes 1.0 January 30, 2009 GKW Prepare document Page i

Table of Contents About This Document... 1 Brief SNMP Technical Overview... 1 How does SNMP Informant work?... 2 Default Microsoft SNMP Extension Agents... 2 SNMP Informant vs. the Default MS SNMP extension agents... 5 What about WMI?... 7 Why Use SNMP Informant?... 8 Monitor System and Server Performance... 8 Collect Configuration and State Information... 9 Control your Windows Servers... 9 Monitor MS Cluster Server and Citrix using SNMP... 9 Product Maintenance and Product Development... 9 About Informant Systems, Inc.... 9 Table of Figures Figure 1: The SNMP UDP Packet... 1 Figure 2: SNMP Informant functional overview... 2 Figure 3: How SNMP Informant collects performance information... 6 Figure 4: How SNMP Informant hooks into the Performance Subsystem... 6 Figure 5: How SNMP Informant collects WMI information... 8 Page ii

About This Document This short document describes the MS SNMP, the SNMP extension agents included with a default SNMP installation, how they differ from the SNMP Informant extension agents, and why you would want to use the SNMP Informant extension agents instead of or in addition to the default MS extension agents. It also discusses the Microsoft WMI (Windows Management Instrumentation) protocol, and how SNMP Informant bridges SNMP and WMI. Brief SNMP Technical Overview SNMP is the most popular network management protocol in the TCP/IP protocol suite. It is a simple request/response protocol that communicates management information between two types of SNMP software entities: SNMP applications (also called SNMP managers) and SNMP agents. SNMP messages are based on the UDP (User Datagram Protocol), which is a fast, connectionless transport protocol. It is embedded within an IP packet within an Ethernet frame. Figure 1: The SNMP UDP Packet The Microsoft-Windows-SNMP-Agent-Service component (also called a stack ) runs in a Windows OS enables Simple Network Management Protocol (SNMP) requests to be processed by the computer. The (SNMP.EXE) receives the SNMP requests from the network, decodes them, and then dispatches them to the appropriate SNMP subagent (somename.dll). Microsoft provides several different subagents when the SNMP is installed. These subagents are also called extension agents. The SNMP Informant product line consists of several such extension agents. Component Name Associated Programs Component Type Description Microsoft SNMP Service (also called a stack, a master agent or extendible agent) Snmp.exe Agent Receives SNMP requests and delivers them to the appropriate SNMP subagent DLL for processing. The is also responsible for intercepting events (traps) from the SNMP subagents and forwarding trap messages to the appropriate management systems. SNMP Subagents (also called extension agents) Lmmib2.dll, Inetmib1.dll, and others (including SNMP Informant extension agents) Agent Provides a set of entry points. When an SNMP request is received, the SNMP delivers it to the appropriate subagent by calling one of these entry points. After the subagent processes the message, it passes the information back to the SNMP, which then forwards the message to the SNMP manager. Page 1

How does SNMP Informant work? SNMP Informant is installed on a Windows server after the Microsoft SNMP is installed and configured. As mentioned, SNMP Informant products are SNMP extension agents. Once SNMP Informant is installed, the SNMP Informant MIBS are copied to the Network Management System where they are used by the management application. MIB (Management Information Base) files are translation files that cross references numeric OIDs (Object Identifiers) and target data types. How SNMP Informant works Step 3: Install SNMP Informant MIBs Step 1: Install SNMP Service Step 2: Install SNMP Informant SNMP SET messages SNMP GET messages Network Management Station Step 4: Collect the data Step 5: Analyze the results Windows XP/Vista/2000/2003/2008 Figure 2: SNMP Informant functional overview Once SNMP Informant is installed on a server running the Microsoft SNMP, no additional work is required to configure the product. If the SNMP Informant-Exchange product is installed, then during installation, the Administrator is required to enter the name/password of an Exchange Management account so that it can connect to the local Exchange WMI provider. Default Microsoft SNMP Extension Agents As mentioned, when the Microsoft SNMP is installed, it includes many extension agents, which provide information about various sub-systems within the host server. The following table identifies these default extension agents, and describes them (including a reference to the RFC document ID. Note how many of the 21 MS extension agents either have a dependency on the Routing and (8), or are otherwise network-oriented, and are not server performance based. Page 2

Extension agent (DLL) and MIB FILE Description Object Identifier RFC Dependency acsmib.dll ACS.MIB iasperf.dll ACCSERV.MIB iasperf.dll AUTHSERV.MIB dhcpmib.dll DHCP.MIB ftpmib.dll FTP.MIB hostmib.dll HOSTMIB.MIB httpmib.dll HTTP.MIB igmpagnt.dll IGMPV2.MIB for the Quality of Service Admission Control Service (QoS ACS) RADIUS-ACC-Server- MIB contains objecttypes for monitoring accounting information between a network access server and a shared accounting server. RADIUS-AUTH-Server- MIB contains objecttypes for monitoring authentication, authorization, and configuration information of a network access server. contains object-types for monitoring the network traffic between remote hosts and the DHCP server. contains object-types for monitoring the File Transfer Protocol (FTP). Contains object-types for monitoring and managing host resources. for the Hypertext Transfer Protocol (HTTP) Collects information on what groups are joined on the subnet. 1.3.6.1.4.1.311.1.15 (None) (None) 1.3.6.1.3.79 2139 Internet Authentication Service 1.3.6.1.3.79 2138 Internet Authentication Service 1.3.6.1.4.1.311.1.3 (None) DHCP 1.3.6.1.4.1.311.1.7.2 (None) IIS Server 1.3.6.1.2.1.25 1514 (None) 1.3.6.1.4.1.311.1.7.3 (None) IIS Server 1.3.6.1.359 (None) Routing and Page 3

Extension agent (DLL) and MIB FILE Description Object Identifier RFC Dependency inetmib1.dll IPFORWD.MIB Defines objects for managing routes on the IP Internet. 1.3.6.1.2.1.2 1354 2096 (None) lmmib2.dll LMMIB2.MIB mcastmib.dll MCASTMIB.MIB LAN Manager MIB-II covers workstation and server s. MIB module for managing IP Multicast routing 1.3.6.1.4.1.77.1 (None) (None) 1.3.6.1.3.60.1.1 (Pending) Routing and intermib1.dll MIB_II.MIB Management Information Base (MIB-II) provides a simple, workable architecture and system for managing TCP/IP-based internets. 1.3.6.1.2.1.1 1.3.6.1.2.1.2 1.3.6.1.2.1.4 1.3.6.1.2.1.5 1.3.6.1.2.1.6 1.3.6.1.2.1.7 1213 (None) snmpmib.dll MIB_II.MIB rtipxmib.dll MIPX.MIB rtipxmib.dll MRIPSAP.MIB btpagnt.dll MSIPBTP.MIB ripagnt.dll MSIPRIP2.MIB rtipxmib.dll NIPX.MIB Management Information Base (MIB-II) provides a simple, workable architecture and system for managing TCP/IP-based internets. for the Internetwork Packet Exchange (IPX) Protocol for the Routing Information Protocol (RIP) for the Boot Protocol (BOOTP) for the Routing Information Protocol version 2 (RIP2) Novell-defined MIB for the IPX Protocol 1.3.6.1.2.1.11 1213 (None) 1.3.6.1.4.1.311.1.8 (None) Routing and 1.3.6.1.4.1.311.1.9 (None) Routing and 1.3.6.1.4.1.311.1.12 (None) Routing and 1.3.6.1.4.1.311.1.11 (None) Routing and 1.3.6.1.4.1.23.2.5 (None) Routing and Page 4

Extension agent (DLL) and MIB FILE Description Object Identifier RFC Dependency (No.dll) SMI.MIB Provides the common definitions for the structure and identification of management information for TCP/IP-based internets. (No object identifier available ) 1155 1215 1902 1903 1904 (None) ospfagnt.dll WFOSPF.MIB winsmib.dll WINS.MIB Nortel Networks defined MIB for the Open Shortest Path First (OSPF) routing for the Windows Internet Name Service (WINS) 1.3.6.1.4.1.18 (None) Routing and 1.3.6.1.4.1.311.1.2 (None) WINS SNMP Informant vs. the Default MS SNMP extension agents While the SNMP support provided by Microsoft has improved substantially over the past few years, it still has limitations. The different MS extension agent DLLs installed with the SNMP provide information on several specific subsystems, but no MS SNMP extension agent provides access to the performance counter subsystem. SNMP Informant s Performance Provider product line accepts incoming SNMP messages, decodes them (determines what performance counter object is being asked for), then gets the data from the performance counter subsystem, and returns it to the system making the request. Figure 1 on the following page show how SNMP Informant bridges SNMP and the Performance counter subsystem on the host server. It is important to note that no modifications need to be made to the host SNMP to support SNMP Informant. Figure 2 is a more technical diagram showing how SNMP Informant integrates with the Microsoft SNMP stack. Page 5

Figure 3: How SNMP Informant collects performance information Figure 4: How SNMP Informant hooks into the Performance Subsystem Page 6

What about WMI? WMI, or Windows Management Instrumentation is a proprietary Microsoft technology which allows Windows systems to connect to other Windows systems and collect an extensive amount of system configuration and state information as well as performance data. One of the problems with WMI though, is that if you are running a Network Management System that is NOT Windows-based, then you can t collect WMI data from a remote Windows Server. Plus, the WMI protocol is inherently slower than SNMP and requires Windows authentication. WMI also requires several ports to be opened up between the Network Management System and the target server. SNMP on the other hand, requires a single port (UDP 162). The description below comes from the Zenoss FAQ, answering the question What Ports does WMI use? http://www.zenoss.com/community/docs/faqs/faq-english#whatportsdoeswmiuse WMI uses DCOM to communicate DCOM information from the Microsoft site... Firewall and Registry Settings for DCOM DCOM dynamically allocates one port per process. You need to decide how many ports you want to allocate to DCOM processes, which is equivalent to the number of simultaneous DCOM processes through the firewall. You must open all of the UDP and TCP ports corresponding to the port numbers you choose. You also need to open TCP/UDP 135, which is used for RPC End Point Mapping, among other things. In addition, you must edit the registry to tell DCOM which ports you reserved. SNMP Informant s WMI Provider product line accepts incoming SNMP messages, decodes them (determines what WMI class/object is being referenced), then gets the data from the WMI CIM (Common Information Model) database and returns it to the system making the request. Importantly, SNMP Informant allows you to collect Windows WMI data from a non Windows system (i.e. Linux or Unix) using SNMP. Further, since SNMP Informant WMI Providers are SNMP to WMI bridges, they do not require the authentication of a native WMI request. In addition to providing a plethora of WMI data through SNMP GET commands, the SNMP Informant WMI-OS provider allows the NMS to send SET request messages to: Start, stop and pause Windows s o Service state can be gathered through SNMP GET commands Spawn remote programs and scripts Initiate server reboots Figure 4 shows how SNMP Informant bridges SNMP and WMI. Page 7

Figure 5: How SNMP Informant collects WMI information Why Use SNMP Informant? In summary: The pre-installed MS extension agents are neither performance nor WMI agents, and are thus incapable of accessing performance counter or WMI class information. Neither can they control windows s or the server itself. Monitor System and Server Performance When you install a Microsoft server product such Exchange, or SQL Server (or others like BizTalk Server and ISA Server), they will extend the performance counter subsystem by adding many additional performance objects and instances. You can see this for yourself by starting Performance Monitor (start/run/perfmon) and looking at the performance counters of a server without MS Exchange or SQL Server installed, then installing Exchange or SQL Server and running Performance Monitor again. The Microsoft SNMP extension agents will not allow access to this performance information. SNMP Informant will. In fact, SNMP Informant Performance providers allow you to use SNMP to access performance counter information for virtually every object and instance supported by a variety of Windows operating systems (XP/Vista/2000/2003/2008) and many Microsoft server products. There are over 4000 data points in the SNMP Informant-Advanced product alone! SNMP Informant also supports access to Citrix Presentation Server performance counters as part of the SNMP Informant-Citrix product. Translating Microsoft SNMP extension agent OIDs into equivalent performance counter objects can be difficult. SNMP Informant OIDs can be directly translated to an equivalent performance counter. Many Microsoft troubleshooting white papers reference tracking performance counter objects and instances. This is easy with SNMP Informant. Page 8

Collect Configuration and State Information Microsoft SNMP agents do not support collection of WMI data. SNMP Informant does. SNMP Informant WMI providers include support for the Microsoft operating system and hardware (good for ITIL CMDB population), Exchange 2003, Virtual Server and Hyper-V. Recently, with the release of the SNMP Informant-Citrix product, SNMP can now be used to extract Citrix Presentation Server WMI information. Control your Windows Servers Microsoft SNMP extension agents do not support control. SNMP Informant does. You can use SNMP Informant WMI providers to monitor and control Windows processes using SNMP. Start, stop or pause s. Spawn remote scripts, reboot servers. This can all be done with SNMP Informant (using SNMP SET commands). Monitor MS Cluster Server and Citrix using SNMP Microsoft SNMP extension agents do not support monitoring Microsoft Cluster Services. SNMP Informant does. The SNMP Informant-Cluster product allows you to use SNMP to monitor your Microsoft Cluster server infrastructure. Microsoft SNMP extension agents do not support monitoring Citrix Presentation Server. SNMP Informant does. Recently released, the SNMP Informant-Citrix product allows you to use SNMP to monitor Citrix Presentation Server performance counters and WMI objects. Product Maintenance and Product Development Informant Systems, Inc. is continuously improving SNMP Informant, and regularly adding support for other Microsoft and relevant server products. About Informant Systems, Inc. Informant Systems has been developing and providing the network management community with cost-effective SNMP extension agents for Windows operating systems and server applications since 1999. Our flagship product, SNMP Informant is in use by small, medium and large organizations around the world, including Universities, financial institutions, Fortune 500 companies and large multi-national organizations. Informant Systems, Inc. 11135 23A Avenue Edmonton, AB T6J4W5 Canada Phone: 780-908-6669 Fax: 780-434-8991 Web: http://www.informant-systems.com Product Information: Product Support: product.info@informant-systems.com product.support@informant-systems.com Primary Contact: Garth K. Williams President and Managing Director garth.williams@informant-systems.com Page 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information