Techniques for Fast and Efficient Server Monitoring

CC Image courtesy of jakeliefer (Flickr: Old Keys) [CC-BY-2.0 via Wikimedia Commons]

Techniques for Fast and Efficient Server Monitoring

FrameFlow is highly customizable and offers a wide variety of monitoring options. We’ve designed it that way on purpose to give you the flexibility to build out your monitoring configuration in a way that best suits your work environment, practices and policies.

Authentication Methods

There’s one area where first time users often have questions and that’s when it comes to authentication. FrameFlow is an agentless monitoring system, which means we don’t install anything on the systems being monitored. Instead we use standard protocols to reach out to the monitored machines and collect the data we need. To do that we need to authenticate to the machines being monitored. This is a good thing because it means that FrameFlow plays by the rules when it comes to your network security polices rather than wildly opening ports to reveal monitoring data like some agent-based systems do.

FrameFlow offers three different authentication mechanisms and in this post we’ll describe each of them along with the reasons why you might choose one over the other.

1) Local Admin Authentication

How it Works: Local admin authentication offers the highest level of flexibility. With this type of authentication FrameFlow contacts the box it needs to monitor and authenticates with it directly. Counter-intuitively, it works not only for local administrator accounts but for domain accounts as well.

Advantages: Local admin authentication works across domains, from domains to workgroups and from workgroups to domains. It’s the most flexible authentication option available.

Disadvantages: It’s slower than other authentication methods. If you’re monitoring less than a couple hundred systems you will not likely notice, but above that you might consider using one of the other techniques listed below. Also, on Windows Server 2008 and later, if you are using a local administrator account and it’s name is not “administrator” then you’ll have to modify a local security policy to work around a restriction imposed by User Account Control (UAC).

2) Windows Domain Authentication

How it Works: With this option selected your event monitors will authenticate with your domain controllers before trying to contact a monitored machine. If authentication is successful, the DC will give the event monitor a security token that FrameFlow will use to connect to the machine being monitored.

Advantages: Domain authentication is fast because domain controllers are optimized for handling authentication requests and the monitored machines will automatically accept the security token that was given to the event monitor.

Disadvantages: Domain authentication will not work if you need to monitor systems that are running in workgroups or that are in different domains where there is no trust relationship. Domain authentication won’t work if the FrameFlow machine is not a domain member.

3) Service Authentication

How it Works: By default the FrameFlow service runs in the LocalSystem account, a built-in Windows account with very limited network access. If you use the Windows service manager to set the FrameFlow service to run in an account (local admin or domain) then FrameFlow will automatically get a security token when its service starts up. That token will be the default one and you can set your event monitor authentication to “Use the monitoring service account.”

Advantages: Service authentication is the fastest by far. Your event monitors no longer need to authenticate at all if the service account has the required rights and permissions. If you need to use a different account, you can still override this in the event monitor settings. If you are monitoring 500+ systems, using service authentication as much as possible will dramatically speed up monitoring actions.

Disadvantages: Like domain authentication, service authentication will not work if you need to monitor systems that are running in workgroups or that are in different domains where there is no trust relationship. If the account username or password has to be changed, manual action is required to set the new credentials and restart the FrameFlow service.

That’s a quick overview of each authentication option. We encourage you to look at the advantages and disadvantages of each method and select the one that works best for your environment. Speeding up your existing monitoring will allow you to monitor more systems, expand your monitoring configuration and ensure that you have a fast and efficient server monitoring configuration.

To test these options and the many other features of FrameFlow, we invite you to take our server monitoring software for a free 30-day spin with no obligations or credit card required!