Chatta subito con l'assistenza
Chat con il supporto

Foglight Agent Manager 5.9.3 - Foglight Agent Manager Guide

Configuring the embedded Agent Manager Installing external Agent Managers
Understanding how the Agent Manager communicates with the Management Server Deploying the Agent Manager cartridge Downloading the Agent Manager installer Installing the Agent Manager Starting or stopping the Agent Manager process Frequently asked questions
Configuring the Agent Manager Advanced system configuration and troubleshooting
Configuring Windows Management Instrumentation (WMI) Configuring Windows Remote Management (WinRM) UNIX- and Linux-specific configuration
Monitoring the Agent Manager performance Deploying the Agent Manager to large-scale environments

Windows Firewall interference

Since the agent connects remotely (that is, from an external source) the Windows® Firewall can interfere with operations. In such cases, it is recommended that you initially try disabling the firewall to determine if that allows the agent to connect. When the agent can connect with the firewall disabled, re-enable it and open the following ports:

Minimum requirements for Windows Management Instrumentation

In order for the agent to have access to query WMI to collect OS and database metrics, the agent must have permission to access both DCOM and WMI. By default, any user in the Local Administrators group on the monitored host has the required permissions. Therefore, the best practice is to use a Local Administrator account on the monitored host as the agent OS user.

Promoting remote users to administrators on local machines through the Domain Controller

The recommended way of making users the administrators of their local machines is through Active Directory on the domain controller. Using the Domain Controller, you can:

1
Choose Control Panel > Administrative Tools > Active Directory Users and Computers.
2
In the Active Directory Users and Computers window that appears, in the left pane, under the domain node, click Computers.
4
In the Computer Management window that appears, choose System Tools > Local Users and Groups.
Using the Users node in the right pane, make an existing or a new user an Administrator.
Using the Groups node, add an existing user to the Administrators group.

Granting required permissions to individual remote users

When making users the administrators of their local machines is not possible, you can grant required permissions to individual remote users using the following procedures.

a
On the monitored host machine, at the Windows® Run prompt, type DCOMCNFG and press Enter.
b
In the Component Services window that appears, navigate to Component Services > Computers > My Computer.
c
Right-click My Computer and click Properties.
d
In the My Computer Properties dialog box that appears, open the COM Security tab.
e
In the Access Permissions area, click Edit Defaults.
f
In the Access Permission dialog box that appears, add the Distributed COM Users group to the list and grant it all permissions.
g
Click OK to save your changes and close the Access Permission dialog box.
h
In the Launch and Activation Permissions area, click Edit Defaults.
i
In the Launch and Activation Permissions dialog box that appears, add the Distributed COM Users group to the list and grant it all permissions
j
Click OK to save your changes and close the Launch and Activation Permissions dialog box.
k
In the My Computer Properties dialog box, click OK to close it.
l
Close the Component Services window.
1
On the monitored host machine, right-click My Computer, and navigate to Manage > Services and Applications > WMI Control.
2
Right-click WMI Control and click Properties.
3
In the WMI Control Properties dialog box, open the Security tab.
4
Expand the Root node and select CIMV2, then click Security.
5
In the Security for ROOT\CIMV2 dialog box, add the Distributed COM Users group
7
Click Apply and then click OK.

To add subsequent users, they only need to be added to the two groups, Distributed COM Users and Performance Monitor Users, since these groups are already granted the required permissions.

Even though the local user is now granted access to WMI with the above configuration, not all performance monitoring classes allow non-administrative users to access their instances. Some performance classes need special permission to enable non-administrative users to perform queries or execute methods on their object instances. Some of these queries can fail clearly with an error code (for example, by the Agent Manager service throwing a Java exception), but some of them can fail without returning any data or error codes. Therefore, this setup must be used carefully, as query results can be unpredictable. From the system security perspective, there is still only so much a non-administrative user can do.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione