The Pros and Cons of Collecting Performance Data using Agentless

Download Report

Transcript The Pros and Cons of Collecting Performance Data using Agentless

The Pros and Cons of Collecting Performance Data
using Agentless Technology
Dima Seliverstov
John Tavares
Tianxiang Zhang
BMC Software, Inc.
Why Agentless
› Installing and administrating agents is a pain
–Agents have to be distributed across the enterprise
–When agents break they have to be patched
–Each agent you install has its own file system and
network port requirements
–Agents are not always built to network or security
standards
© Copyright BMC Software, Inc.
Blue Sky Model
› Wouldn’t it be great if operating systems came with
a standards based agent installed and configured
for monitoring and capacity planning?
© Copyright BMC Software, Inc.
Weather Report
› Identify which operating systems come with
performance collection installed
› Identify the metrics available and how often to
collect them
› Network and security issue
› Identify an alternate way of getting the system
performance data without having to install an agent
© Copyright BMC Software, Inc.
Overview of the Presentation
› Agentless data collection is a powerful technology
which has its advantages and disadvantages.
–System performance metrics availability
–Agentless monitoring components installed as part of
the operating system
–Security and network issue
› Present our experience with Windows agentless
technology
© Copyright BMC Software, Inc.
Agentless Implementations Considered
› SNMP (Simple Network Management Protocol)
› WMI (Windows Management Interface)
› Windows Remote Registry
› WBEM (Web Based Enterprise Management)
› Agentless monitoring by sending system
commands over the network
© Copyright BMC Software, Inc.
WBEM (Web Based Enterprise Management)
Introduction
› Developed by DMTF (Distributed Management Task Force)
› Built on top of the Common Information Model (CIM)
– Hierarchical object oriented representation of management information such
as computer system, network devices and applications
– Compiled textual representation known as MOF (Managed Object Format)
© Copyright BMC Software, Inc.
WBEM Communication Mechanism
› WBEM Client
– Issues CIM Operation requests and receives and
processes CIM Operation responses
› WBEM Server
– Uses CIMOM (CIM Object Manager) to communicate
with clients
– Receives and processes CIM Operation requests and
issues CIM Operation responses
– Uses CIM Repository as persistent store containing CIM
data in a namespace
– The root of the namespace is root\cimv2
› WBEM Provider
– Process CIM Operations on one or more managed
resources and maps the resource specific interface to a
CIM interface
© Copyright BMC Software, Inc.
WBEM Security
› Windows implementation of WBEM
– WMI (Windows Management Instrumentation)
– Encryption and authentication on per call or a per packet basis
› UNIX WBEM
– Encryption and authentication support via public key certificates via https
© Copyright BMC Software, Inc.
Windows Remote Registry
› In addition to WMI, Microsoft provides a Remote Registry interface to
getting system information from the performance registry remotely
› Available since Windows NT
› Unfortunately, there have been several security warning regarding
the use of remote registry service
› The protocol for the remote registry is RPC (Remote Procedures Call)
and introduces challenges in terms of network connectivity and
platform independent client tools
© Copyright BMC Software, Inc.
WBEM Availability
› Windows
– WMI installed as part of the core operating system since Windows 2000
› Solaris
– Solaris WBEM Services has been installed since Solaris 2.9
› HP-UX
– HP WBEM Services has been installed since HPUX 11.0
› AIX
– WBEM is supported for via the AIX 5L Expansion Pack and Web Download
Pack for AIX 5.2 and higher
› Linux
– RedHat and SUSE support Open Pegasus package Linux install packages
© Copyright BMC Software, Inc.
SNMP Overview
› Standard primarily used for network management
› SNMP stores elements in a Management Information Base (MIB )
– Extensible
– MIB stores information in a tree format
– Extended for system performance data
• RFC 2790 Host Resource MIB
rfc1213.mib
RFC1213-MIB
[Types]
iso (1)
org (3)
dod (6)
internet (1)
mgmt (2)
mib-2 (1)
system (1)
interfaces (2)
at (3)
ip (4)
icmp (5)
tcp (6)
udp (7)
egp (8)
transmission (10)
snmp (11)
© Copyright BMC Software, Inc.
SNMP Communication Mechanism
› Management information is maintained by the SNMP agent and
queried by a SNMP manager
› SNMP agent and the SNMP manager must have access to the
Management Information Base
› The SNMP agent and SNMP manager communicate via UDP (User
Datagram Protocol) port 161
› The SNMP manager gets the data from the agent via the get-request
and get-next-request
get-response
get-response-next
SNMP Manager
© Copyright BMC Software, Inc.
SNMP Agent
UDP Port 161
SNMP Security
› There are 3 major versions of SNMP
–SNMP v1
• Unencrypted traffic
• IP address-based access lists and community
strings
–SNMP v2
• Encryption
–SNMP v3
• Encryption
• Authentication
© Copyright BMC Software, Inc.
SNMP Agent Availability
› Usually not installed as part of the operating system
› Open source SNMP agent called net-snmp is
available to gather the data for the Host Resource
MIB
› A Host Resource MIBs provides a limited set of data
–The data availability will be shown in the slides to
follow
© Copyright BMC Software, Inc.
Metric Availability
› Windows provides the best data set
› UNIX WBEM implementations provide a good data
set with a limited number of exceptions
› SNMP provides a limited amount of performance
configuration data and almost no statistical data
© Copyright BMC Software, Inc.
CPU
CPU Configuration
Model
Clock Rate
CPU Statistics
User Time
System Time
Idle Time
Wait Time
Run Queue Length
Solaris
HPUX
AIX
Linux
Windows
SNMP
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
Yes
Yes
Yes
Yes
Yes
No
No
No
No
No
© Copyright BMC Software, Inc.
Memory
Total Physical
Memory
Free Physical Memory
Solaris
HPUX
AIX
Linux
Windows
SNMP
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
© Copyright BMC Software, Inc.
Disk and File System
Disk Configuration
Model
Capacity
Disk Statistics
Bytes Read
Bytes Written
I/O Count
I/O Time
Queue Length
File System Type
Mount Point
Block Size
Capacity
Free Space
Solaris
HPUX
AIX
Linux
Windows
SNMP
No
Yes
Yes
Yes
Yes
Yes
No
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
Yes
Yes
Yes
Yes
No
Yes
Yes
Yes
Yes
Yes
No
No
No
No
No
AIX
Yes
Yes
Yes
Yes
Yes
Linux
Yes
Yes
Yes
Yes
Yes
Windows
Yes
Yes
Yes
Yes
Yes
SNMP
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Solaris
Yes
Yes
Yes
Yes
Yes
No
No
No
No
HPUX
Yes
Yes
Yes
Yes
Yes
© Copyright BMC Software, Inc.
Network
Network Configuration
Type
Network Statistics
Bytes Received
Bytes Transmitted
Packets Received
Packets Transmitted
Solaris
HPUX
AIX
Linux
Windows
SNMP
Yes
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
No
No
No
No
No
No
No
No
No
No
No
Yes
Yes
Yes
Yes
No
No
No
No
© Copyright BMC Software, Inc.
Process
Command Name
Real User ID
Process ID
Start Time
Priority
Nice Value
Scheduling Class
Working Set Size
Resident Set Size
Shared Resident Size
Resident Data Size
Resident Text Size
User Time
System Time
Major Page Faults
Minor Page Faults
Bytes Read
Bytes Written
Solaris
Yes
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
No
No
Yes
Yes
Yes
Yes
Yes
Yes
HPUX
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
Yes
Yes
Yes
Yes
No
No
No
No
AIX
Yes
Yes
Yes
Yes
No
No
No
No
No
No
No
No
Yes
Yes
No
No
No
No
© Copyright BMC Software, Inc.
Linux
Yes
Yes
Yes
Yes
Yes
Yes
No
No
No
No
No
No
Yes
Yes
No
No
No
No
Windows
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
SNMP
Yes
No
Yes
No
No
No
No
No
No
No
No
No
No
No
No
No
No
No
UNIX Agentless Monitoring by Sending System Commands
over the Network
› Log in remotely to multiple agentless computers and collect the
necessary performance metrics
› Use Secure Shell
– Supports certificate based encryption and authentication
Metric Type
Command
CPU
sar,uptime
Memory
sar, vmstat
Process
ps
I/O
netstat,iostat,vmstat,netstat,nfsstat
Disk
df,iostat
© Copyright BMC Software, Inc.
Downside the Approach
› The commands vary from operating system to operating
system
› The output of the command must be parsed specifically for
each operating system
› Secure shell may not be installed on all computers of
interest
› Metrics are usually instantaneous and not cumulative and
must be sampled frequently for a reliable system estimates
© Copyright BMC Software, Inc.
Issues with Agentless Data Collection
› Network Ports
› Network Bandwidth
› Data Sampling
› Patching
© Copyright BMC Software, Inc.
Network Ports
› Windows WMI and Remote Registry use dynamic
ports
–This wide range of ports used, can play havoc with
firewall rules
Infrastructure
Ports Used
SNMP
161
WMI
135,137,139,445 1024-65536
Remote Registry
WBEM
5988,5989
© Copyright BMC Software, Inc.
Network Bandwidth
› SNMP agents use considerably/exponentially less
bandwidth then WBEM
– WBEM uses an XML based protocol
› If you lose network connectivity from the client to the
agent-less server, you will lose data
© Copyright BMC Software, Inc.
Network Bandwidth continued
› No batch transfer
›
– Data is collected through out the day
– It’s not possible to schedule batch data transfer at a particular
time when the network utilization is low
No summarization
– Data is not summarized at the agentless computer
– Every data point requested is transmitted over the network
© Copyright BMC Software, Inc.
Data Sampling
› Cumulative Counters and Instantaneous Gauges
– Cumulative Counters need to be sampled less frequently because they
represent the difference in a system between two points in time
› WMI and WBEM provide many metrics that are cumulative
› SNMP and sending system commands over the network approach will
provide mostly instantaneous metrics
› SNMP and some UNIX WBEM implementations CPU and Process
Metrics are provided as an average over a 1 minute time interval
› In general, to achieve good representation of system activity for
capacity planning a sample rate should be 1 – 2 minutes for
instantaneous values
© Copyright BMC Software, Inc.
Patching agentless components
› Isn’t the whole point of going to agentless data
collection to avoid patching?
› Agentless really means that someone already
installed an agent for you
› Agentless components do break and need to be
patched
› It can be challenging to identify and address a
problem due to a variety of tools and debugging
techniques for each platform
© Copyright BMC Software, Inc.
Experience with Windows Agentless
Technology
› WMI requires 'Enable Account' and 'Remote Enable' permissions for
the Root/CIMV2 for the WMI namespace
› Configuring user accounts on individual computers can be
challenging
– Use domain administrator account
– Use regular user domain account to configure agent-less computers with a
regular user with 'Enable Account' and 'Remote Enable' permissions for the
Root/CIMV2 for the WMI namespace
• You will need to create the permission on each individual computer
› Windows WMI encountered frequent security events when running
using a non-administrator user account on Windows 2003 machines
› Network administrators were concerned about the constant network
traffic during the day
© Copyright BMC Software, Inc.
Final Thoughts
› WBEM is extremely promising
› Software vendors including Hewlett-Packard, IBM,
Microsoft, RedHat and SUSE are beginning to roll
out their products with WBEM support enabled
› WBEM provides a common and secure framework
for collecting system performance data
› A strong development, open source community and
a standards organization are supporting a variety of
implementations for clients, servers and providers
© Copyright BMC Software, Inc.