Talk by George Koutsogiannakis:
A walkthrough on setting up agentless monitoring for Windows servers from a Linux perspective. What other options are out there, why the method of WMI is selected and what options does WMI provide. The advantages and disadvantages of this solution are then examined as well as how to remediate its shortcomings. Last, a look on the future of monitoring through WMI.
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Agentless on Windows - Icinga Camp Stockholm 2019
1. ❏My name is George
❏Working with Linux for more than 15 years now
❏Usually as a Linux Systems Administrator
❏Write code in bash and python
❏Automate stuff in Ansible
❏Mess a lot with monitoring systems
❏Worked with Nagios, Op5, ME AppManager,
Xymon/Hobbit and lately Icinga
❏Try to avoid windows systems
2. Disclaimer:
Icinga agent is a good solution
●Lots of plugins
●Ready-made Templates
●Need to keep it up-to-date!
●Keep automation in mind
From the Linux standpoint:
You want something similar to by_ssh checks
3. What is agentless
Definition :
To obtain data and metrics from systems
without installing extra software aka agents
While keeping ourselves secure
In other words, we want to be lazy and do as less work
as possible when it comes to windows systems
4. What are the options then?
➔SNMP
➔WMI
➔PowerShell
➔SSH
5. ●Created in the 1980s (v1)
●(almost) all monitoring tools support it
●A lot were based on it
●Best suited for network appliances e.g routers,
switches
●Good choice for black boxes e.g UPS, HVAC
●Can be a security nightmare (avoid v1, even v2c)
●Needs to be enabled in windows systems
6. ●Built-in on windows systems
●Easy to turn on and secure
●Offers plenty of functions out-of-the box
●Perfect for pre-WinSrv 2019 installations
●Linux client is abandonware
●Not versatile, not easily
7. ●Remote powershelling
●Available for a number of Linux distributions
●Access to COM and WMI layers
●Needs to be secured tightly
●Need to learn to write cmdlets
●Can be also used for accessing Linux systems
●Ultimately versatile and powerful
8. ●Server & client support since WinSrv 2019
●Similar to Powershell
●Allows execution of local scripts
●Allows execution of executables
●Security (again!)
9. Bonus round
Passive checks
●Not just for windows
●Rely on results sent to Icingas API
●Won’t mix with DSL
●Last resort method
●Mostly for corner cases
10. Recap
No one-size-fits-all method!
Take competence and resources into account
Monitoring has evolved
Find the best method for your needs
Monitor the heck out of it