SNMP, OID/MIB, Trap, Push/Pull, Agent

[jtaugher]

I'm kinda new to SNMP. I'm trying to learn what AHM can or cannot do in regards to SNMP.

With RMA's loaded at customer sites, can we have say Veritas send SNMP traps to the server which RMA.exe (service) is running?

Or can it only request and read the OIDs, such as a Cisco router and check outbound utilization, have it check in Novell how many current connections there are since these elements are listed in an OID?

[KS-Soft]

No, RMA cannot receive SNMP Traps. I hope we implement such option in future versions.
Yes, RMA can request and read the OIDs.

Regards
Alex

[jtaugher]

No, RMA cannot receive SNMP Traps. I hope we implement such option in future versions.
Yes, RMA can request and read the OIDs.

Is there anything that can be done short of this? An external product?

Such that when Veritas Backup Exec is done with a job, it can send an SNMP alert to <something>. To which that <something> can then be read by AHM?

[jtaugher]

No, RMA cannot receive SNMP Traps.

The manual states: "SNMP Trap test method allows you to receive SNMP Trap messages - unsolicited messages from a device (such as router, server) to an SNMP console. Traps might indicate power-up or link-up/down conditions, temperatures exceeding certain thresholds, high traffic, etc. Traps provide an immediate notification for an events that otherwise might only be discovered during occasional polling.

This test method is different from any other. Unlike rest of tests that really test some devices (by sending request and receiving response), SNMP Trap test method was implemented as listener - it does not send any requests. HostMonitor listens for incoming messages from network hosts and reacts in real-time."


I guess I'm REALLY confused. RMA cannot receive Traps -- but can to what - AHM?? Would this allow a Veritas Backup Exec to send a trap to AHM?

[KS-Soft]

Sure, you may send SNMP Trap messages to HostMonitor.
HostMonitor supports 55 test methods while Remote Monitoring Agent supports about 45 test methods. There is table that illustrates HostMonitor's, RMA for Windows and RMA for UNIX capabilities: http://www.ks-soft.net/hostmon.eng/index-tests.htm

Regards
Alex

[plambrecht]

I'm also a requesting party for the RMA to support SNMP Trap support (for a long time now )

Greetz

Pieter

[jtaugher]

Sure, you may send SNMP Trap messages to HostMonitor.

I've recently become a product manager over our AHM branded monitoring service. I'm trying to determine what this product can or cannot do. I am evaluating some other products as well. I think we have been using this product for 2-3+ years.


0. Thus, it would be helpful to know if a wishlist is available and on that wishlist what items may potentially be worked on for upcoming versions?

1. Can AHM (SNMP Trap) differentiate traps that are coming from 20+ companies network? [We currently use RMA at 50+ of our customers.]
- Can we setup something to indicate trap coming from 216.xxx.240.96/28 are associated with ACF, write them to an ACF-SNMPTrap log or at least when parsing with either your LogAnalyzer or another be able to distinguish what came from this subnet?

2. Is it secure, or indifferent, to send SNMP-based traffic from private networks, over the internet, to AHM?

[KS-Soft]

I'm also a requesting party for the RMA to support SNMP Trap support (for a long time now)

We just implemented 13 new tests that can be performed by agent. There are 7 more tests to go...
I am afraid SNMP Trap will be implemented last because:
- often its possible to send messages directly to HostMonitor
- this test are different from any other, we have to develop a new behavior for this test. Normally HostMonitor sends requests and RMA listen for requests. Here HostMonitor should listen for requests from the agent. BTW it means you need to open port on firewall that protects network with HostMonitor. So, why just do not open port for incoming SNMP messages? yes, I know its not encrypted...

Regards
Alex

[KS-Soft]

0. Thus, it would be helpful to know if a wishlist is available and on that wishlist what items may potentially be worked on for upcoming versions?

Sorry, this list for internal use.

1. Can AHM (SNMP Trap) differentiate traps that are coming from 20+ companies network? [We currently use RMA at 50+ of our customers.] Can we setup something to indicate trap coming from 216.xxx.240.96/28 are associated with ACF, write them to an ACF-SNMPTrap log or at least when parsing with either your LogAnalyzer or another be able to distinguish what came from this subnet?

Sure. You may define different filters for different test items.
See manual for details http://www.ks-soft.net/hostmon.eng/mfra ... m#snmptrap

2. Is it secure, or indifferent, to send SNMP-based traffic from private networks, over the internet, to AHM?

SNMP traffic is not encrypted. So, theoretically someone can intercept your data. Question is how importand data that you want to send to HostMonitor...

Regards
Alex

[plambrecht]

- this test are different from any other, we have to develop a new behavior for this test. Normally HostMonitor sends requests and RMA listen for requests. Here HostMonitor should listen for requests from the agent.

This brings me back to another request...
Change the direction that the RMA's connect to the HMServer...
The RMA should connect to the HMServer, and not the other way around...
Your naming is like this, it is not a Remote Monitoring Server, but a Remote Monitoring Agent...
HM is a Server application, not a client application...
Also it would provide a greater flexibility to implement sites with dynamic public IP's, with only and ISDN dialup line etc etc etc...
The changeover has numerous advantages.
Also disadvantages, but these are mainly program related, and not function related...

I know it is a big change, but I think it is a very logical one...

Pieter

[jtaugher]

Also it would provide a greater flexibility to implement sites with dynamic public IP's, with only and ISDN dialup line etc etc etc...

If you have sites with dynamic public IPs, why not use a dynamic-DNS service -- like no-ip.com, dyndns.org, etc?

I realize the point of yours is to have the RMAgent receive the information and forward back to the host. Perhaps, such as, receiving SNMP Traps locally, and forwarding back to AHM either on the open port or on a encrypted port.

[plambrecht]

If you have sites with dynamic public IPs, why not use a dynamic-DNS service -- like no-ip.com, dyndns.org, etc?

This is not reliable enough.. if the updater fails, I have no control anymore

I realize the point of yours is to have the RMAgent receive the information and forward back to the host.

Not really. the function of AHM sending a request to the RMA, the RMA gets the info and returns is, doesn't change.
The difference is that the RMA sets up de TCP connection, and keeps it alive.
and not AHM

Pieter

[KS-Soft]

Also it would provide a greater flexibility to implement sites with dynamic public IP's, with only and ISDN dialup line etc etc etc...
The changeover has numerous advantages.

I agree, it has some advantages. That's why I did not say we don't want to implement this option. I just said we need to redesign some code, that's why SNMP Trap test for RMA will be implemented later.

Regards
Alex

[plambrecht]

Alex, I know.. just bringing jtaugher up to speed...

P.

[jtaugher]

that's why SNMP Trap test for RMA will be implemented later.

So this MIGHT be implemented at some point? Or will this be something that might be dropped as an idea in the future?

I realize you won't share your development document, but either we wait around for it and when it's available deploy at 200+ sites; or look to find a way around it, or go start evaluating other products (oh joy!).


(btw .. the "Notify me when a reply is posted" doesn't appear to work).