How to Install Multiple Monitoring Agents on a Microsoft Operating System Version StoneGate Firewall/VPN 2.6 and SMC 3.2
INTRODUCTION This document provides detailed instructions for installing multiple Monitoring Agents on a Microsoft operating system. For detailed configuration parameters about Monitoring Agents, please refer to StoneGate Administrator s Guide (SGAG.PDF) GENERAL FEATURES OF MONITORING AGENTS When you have a Server Pool in your network hosting services that needs to be available at any time, it is essential to monitor the health and availability of the servers in case problems occur. It is also important to have the ability to automatically perform actions on the servers. For these purposes, StoneGate offers the Monitoring Agent feature for Server Pools. It is a software agent that is installed on all Server Pool members to monitor them. This ensures that the services provided by the servers are always available to users. The Monitoring Agents are configured in the sgagent.local.conf and sgagent.conf files. The agents are configured manually to perform the desired actions and tests. StoneGate engines frequently poll the Monitoring Agents for information on the servers, such as the load, possible log messages, and the status of the servers. The status can be either OK or EXCLUDED. The OK status implies that the server handles the established connections properly, and it is ready to accept new connections. If the server status is EXCLUDED, all established and new connections are directed to other members of the Server Pool, instead of the EXCLUDED one. One of the core features of the Monitoring Agent is the TESTER that checks whether the servers function properly. Tests can be configured by using built-in internal tests, but new scripts may also be written. The tester runs all tests that are defined in the sgagent.conf file, located on each server in the pool. Depending on the result of the test, certain actions may be performed. Should a test fail, an alert is sent to the StoneGate engines, and optionally, the tester can take the non-functional server out of the Server Pool by setting its status to EXCLUDED. NETWORK DIAGRAM This scenario includes two application servers running HTTP and FTP services. Each service has a dedicated Monitoring Agent to keep track of the service status, CPU load, or other parameters.
INSTALLATION PROCEDURE FIRST MONITORING AGENT Before beginning the installation, you need to obtain the latest Monitoring Agent software from the StoneGate CD media kit, or our official web site (https://my.stonesoft.com/download/lbagent). The current version is 2.6.2.112 After downloading the Monitoring Agent, double click the executable file to run the installation wizard - Click Next to continue - Click Yes to accept the license agreement - Enter the User Name and Company Name and then click Next to continue
INSTALLATION PROCEDURE FIRST MONITORING AGENT - Select the directory where the first Monitoring Agent is installed. (We use a folder named m1 for the first Monitoring Agent). - Click Next to proceed to the file copy stage ** We recommend that you assign your own Destination Folder rather than using the default path - Installation complete - Run the Registry Editor - Locate \HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet \Service\SGAgent - Change the DisplayName value to StoneGate Monitoring Agent-M1 Warning : Incorrect use of the Registry Editor may cause serious problems that may require you to reinstall your operating system. Stonesoft highly recommends that you make a full backup before using the Registry Editor to change any value.
INSTALLATION PROCEDURE FIRST MONITORING AGENT - Add c C:\Program Files\Stonesoft\m1 to the end of the default ImagePath value data field - Change the key name from SGAgent to SGAgentM1 - Export the SGAgentM1 key - Make a backup copy of the C:\Program Files\Stoneosft\m1 folder in another directory
INSTALLATION PROCEDURE FIRST MONITORING AGENT - Click Start > Settings > Control Panel. Double-click Add / Remove Programs, and uninstall the Monitoring Agent. - After removing the Monitoring Agent, double click the exported registry file, and copy the m1 folder back to C:\Program Files\Stonesoft\m1
INSTALLATION PROCEDURE SECOND MONITORING AGENT In the previous section, you successfully installed the first Monitoring Agent. This section shows how to install the second Monitoring Agent. - Click Finish to continue - Select the directory where the second Monitoring Agent is installed. (We use a folder named m2 for the second Monitoring Agent). - - Click Next to proceed to the file copy stage ** We recommend that you assign your own Destination Folder rather than using the default path - Run the Registry Editor - Locate \HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet \Service\SGAgent - Change the DisplayName value data to StoneGate Monitoring Agent-M2 Warning : Incorrect use of the Registry Editor may cause serious problems that may require you to reinstall your operating system. Stonesoft highly recommends that you make a full backup before using the Registry Editor to change any value.
INSTALLATION PROCEDURE SECOND MONITORING AGENT - Add c C:\Program Files\Stonesoft\m1 to the end of the default ImagePath value data field - Change the key name from SGAgent to SGAgentM2 - Reboot your machine to make these Changes take effect - After rebooting, there are two Monitoring Agent services: M1 and M2. **Repeat the steps above to install additional Monitoring Agents
CONFIGURE SERVER POOL ELEMENT After installing the first and second Monitoring Agents, you must define two Server Pool Elements for these two agents. For more details about the StoneGate Management client, please refer to StoneGate Administrator s Guide (SGAG.PDF) - Create the first Server Pool Element - Add a Host Element (web100 and web101) to the Server Pool Members field - Assign two external IP addresses for ISP- 200 and ISP-201 - Monitoring Agent port is 7777 (default) - Create the second Server Pool Element - Add a Host Element (web100 and web101) to the Server Pool Members field - Assign two external IP address for ISP-200 and ISP-201 (This IP address MUST be different from the first Server Pool Element) - Monitoring Agent port is 6666 - Add two access rules and insert these two Server Pool elements in the Destination field. There is no need to configure any NAT rules for Server Pool elements - Save and install the policy to make it take effect
CONFIGURE SGAGENT.LOCAL.CONF AND SGAGENT.CONF FILES These steps show how to configure the Monitoring Agents conf files: M1 is for monitoring HTTP services, and M2 is for monitoring FTP service. For M1 - Edit C:\Program Files\Stonesoft\m1\sgagent.local.conf - Add one line host web100 - Save and exit - Edit C:\Program Files\Stonesoft\m1\sgagent.conf - Add the following lines: - Save and exit o config boot-delay 05 (optional) o test web o interval 05 o action exclude o recovery always o command portlistening 81
CONFIGURE MONITORING AGENT S SGAGENT.LOCAL.CONF AND SGAGENT.CONF FILE For M2 - Edit C:\Program Files\Stonesoft\m2\sgagent.local.conf - Add one line host web100 - Save and exit - Edit C:\Program Files\Stonesoft\m2\sgagent.conf - Add the following lines: - Save and exit o config port 6666 o config boot-delay 05 (optional) o test ftp o interval 05 o action exclude o recovery always o command portlistening 21
CHECK THAT THE MONITORING AGENTS ARE STARTED AND CAN CONTACT THE STONEGATE ENGINE After completing the steps above, the StoneGate Monitoring Agent (M1 and M2) services are able to start. Four log entries appear the Log and Alert browser, showing that all of these agents are able to communicate with the StoneGate Engine correctly. Note: different Server Pool Elements MUST USE different external IP address and Port for agent communication