Advice From The Community

Read answers to top IT Infrastructure Monitoring questions. 431,024 professionals have gotten help from our community of experts.
Rony_Sklar
What tools do you recommend for SQL server monitoring for an enterprise-level business?
author avatarSergiy Ustenko
User

I use the Paessler (PRTG) for long time, and highly recommend one: https://www.paessler.com/database-monitoring

author avatarDonaldBakels
Real User

I highly recommend 2 products from the SolarWinds ITOM Suite;
1 Server Application Monitor Check link: https://www.solarwinds.com/server-application-monitor
1 Database Performance Analyzer for SQLServer https://www.solarwinds.com/database-performance-analyzer-sql-server

Both products are integrated

author avatarPieterVan Blommestein
Real User

It is a very easy answer. For sure OpsMgr(SCOM). The simple reason is, Microsoft developed OpsMgr(SCOM) to monitor Microsoft products and the best to do this. NO other monitoring toolset can do it as good as OpsMgr(SCOM). OpsMgr(SCOM) can do 3rd party monitoring as well.

author avatarWalter Harris
Real User

We have used Microsoft system center operations manager  and it integrates well with SQL.  We are starting to use open source tools and sending the metrics to Wavefront. This provides more real time monitoring but extensive development.  The main issue we have in our environment with SCOM is real time ability.  

author avatarMohamed Y Ahmed
Real User

PRTG With SQL sensor
Check this link: https://www.paessler.com/manua...

author avatarUsman Malik
Consultant

You can use Solawind or BMC

author avatarMorne' O'Kennedy
Real User

I personally believe in SCOM (Operations Manager) since it contains all the required tools to monitor and manage SQL operationally. Majority of enterprises already have the Microsoft EA in place so the System Center licensing is already available along with SQL. 
.. in summary

author avatarIan Ian
User

I am 100% biased as I work for Panopta, but I wouldn't work here if I didn't think our monitoring tools weren't outstanding. 

Nurit Sherman
Is it required in your company to conduct a security review before purchasing an infrastructure monitoring solution? What are the common materials you use in the review? Do you have any tips or advice for the community? Any pitfalls to watch out for?
author avatarMenojRoekalea
User

I would start focussing on the used acounts and their privileges, other components aren't that interresting security wise. But the used accounts are probably over privileged as my experience has showed my before.

author avatarDavid Collier
User

As with any software that is deployed within any organisation, security must be built-in from the ground up. When it comes to Infrastructure Monitoring Software, the problem has and additional dimension - that of the underlying protocols used in the core work of gethering data. These protocols are typically outside of the control of the software developer themselves. So I would certainly incude "How the software vendor responds to 3rd party vulnerabilities". And there are potentially many areas where such vulberabilities can exist. For instance SNMP is pretty standard for collecting metrics and intercepting SNMP "traps". But what if there is an issues with SNMP itself?  (I won't go into SNMPv1, v2 and v3 here) How does your vendor respond and mitigate against issues with underlying protocols. I've mentioned SNMP, but what SSH (or the numerous implementations of SSH), WMI. sFlow etc etc. This is my first layer. Security of the PROTOCOL.
The next thing is the communication of the monitoring data. Each of the above protocols need a TCP/IP port to be open. That means putting holes in your firewall. And for me that's the only downside of "agentless" monitoring tools. Don't get me wrong, agentless is great for ease of deployment and ease of management in a closed network. For anything that goes over a wider network or Internet, then it's agent-based management for me. Why, well typically because it should be more secure. The agent should communicate data to the management server over a single port in an encrypted for. The agent should also be configured to only respond to data requests from a VERY limited number of servers. So that's the second layer, the security of the AGENT.
Moving up our IT monitoring ladder, we have the security of the MANAGEMENT ARCHITECTURE. Is all data encrypted in transit? Is it encrypted at rest (i.e. in the database). Is access to the database limited to only the management software? Is all other access simply REad-Only (e.g. for 3rd party reporting tools). There's also the security of the entire network within which the management software is operating - but that comes under the remit of wider network security. Most IT Infrastructure Monitoring software these days is web-based. Is the web-server secure? i.e. is Apache, NGinx, IIS etc fully patched and as secure as possible. Same for databases.
We then also need to consider the ability of users to "do bad things". As a previous respondent says, deny everything and allow by exception. This is typically achieved by using some form of RBAC mechanism in the software (Role Based Access Control). Each user is given on the level of access to the monitoring software that is needed to deliver the service the business needs. For instance, A firewall guy (or gal) does not the ability to run scripts on an Oracle database. Therefore I'd include in my review an assessment of the granularity of RBAC for users of the monitoring software. Let's call this the security of the APPLICATION.
Now that's a long response, but never, ever lose sight of the simple truth - the human brain is more complex, intricate and flexible than any IT system. Or in other words, don't underestimate the ability of man to screw it all up.
DAVE COLLIER
Nobius IT.

author avatarTchidat Linda
Real User

Although in our company we didn't require to conduct a security review before choosing an infrastructure monitoring solution, we have particularly look about the authentication method. Talking about user's accounts, groups and permissions.
One tip we have used, was to look for a monitoring solution that can interface with an existing entreprise authentication server (LDAP Server). In other that users could directly log in this purchased solution with their entreprise accounts.
So we have no more need to invest in creating a new secure users database and simply focus on creating users permissions depending on employees category.

author avatarCarlos Daniel Casañas Bertolo ஃ
Real User

The documentation MUST indicate that the standard security configuration is DENY EVERYTHING and grant permissions based on multiple conditions (IP, user, schedule, ...).
The BD with which it is compatible must be able to be encrypted.
Compatible with iso 27000.
The trial must pass several security tests before being included as an option to choose.

author avatarMatt Davis
Real User

My company does not require a security review per se, although we do incorporate security measures to protect our network. For example, if your monitoring system is public facing, you'd want to lock it down so that only the IP ranges and TCP/UDP port ranges necessary for you to monitor what you want to monitor are allowed in. If you are doing only active monitoring, then you don't really need to allow any establishment of connections from outside. If you are using SNMP traps, or an agent that pushes info to the monitoring services, the respective IPs and ports need to be allowed in. You can do this with a firewall like iptables. Security by obscurity is also still a helpful thing. Default port numbers, etc. are low-hanging fruit for bots and things that scour the internet for easy victims. You can also use something like fail2ban, which creates a blacklist of IPs who repeat failed logins. It is also helpful to ask the vendor which versions of software they use. It is possible they use an older version, which is not as secure as using one that is regularly updated with security patches. For example, do they use mySql? Which version? What about the OS? Is it a version still supported?

author avatarSofian Bayoudh
User

IT security is an ongoing exercise, with some sporadic penetration testing. SOC should be closely coupled to NOC, especially in terms of log management, traffic capture and analysis (for heuristics/forensics), connectivity/management, DNS security, WAF, etc.
So it's more than security review before deploying NOC, it's rather complete integration with due proper design and planning.

author avatarTjeerd Saijoen
User

Security is always important, the first thing you review is if you start using monitoring is do you need this on-premise or from the cloud.

With on-premise you follow your own security rules however important are the following questions:

-How is the monitoring data stored in the database?
-Are the DB fips enabled?
-How are agents sending data, is the data encrypted?
-What kind of data is sent between customer systems and monitoring server?
-Does the monitoring software using security policies or for example integrate with LDAP or active directory?

Today you have many tools for infra monitoring we deliver monitoring from the cloud and using a VPN/IPSec tunnel between the customer and the systems in our cloud.

Also, we have customers doing a security check on our servers and we using patent recognition to check if our systems have no security leaks. Second, we using local gateways at the customer to collect the data we need and only the local gateway has a connection with our servers. Using this technology we have only one connection between datacenter and gateway and this connection is monitored all the time as well only 2 ports are open in the firewall.

Important is what are you using for infrastructure monitoring and how is it connected, what kind of interface is it web or client/server from the client to the monitoring server.

author avatarRakesh Kanojia
Consultant

security review for infrastructure monitoring software are limited to,
1. Software layer for venerability.
2. User privileges.

See more IT Infrastructure Monitoring questions »

What is IT Infrastructure Monitoring?

IT Infrastructure Monitoring refers to collection of tools and processes that enable infrastructure managers to be aware of how key infrastructure elements are working, e.g. network, compute, storage and databases. Infrastructure Monitoring tools are used with physical, virtual and cloud systems. The tools are designed to deliver deep insight and visibility into an entire network and system infrastructure.

Asked what to look for in an IT Infrastructure Monitoring solution, IT Central Station members point to ease of installation, scalability and heterogeneous Operating System coverage as key differentiators. Members express a desire to have “out of the box” support for multiple applications as well as a Unified Monitoring Portal (UMP) and transaction monitoring. For some, a simple implementation of business and infrastructure dashboards is essential. Users like having a single point of configuration.

An intuitive GUI is considered a plus for administrative efficiency.  Users want to monitor end user experience in context. For example, they want to be able to create business groups so they can track infrastructure performance by internal IT client.

Architecturally, members suggest that fully-featured, non-java, agent based technology can enable the user to install probes where needed. This is in contrast to trying to monitor everything, an approach used by some infrastructure monitoring vendors. Non-Java matters because it reduces the footprint of the agent on the server and can help with stability. A distributed, highly-available monitoring cluster capability is viewed as a “must have” for enterprises that run geographically distributed sites, especially organizations that have a high cost of service disruption.

According to IT Central Station members, the best infrastructure monitoring solutions do some of the work of forming insights for administrators.  Users want granulated data on where traffic latency and bandwidth utilization issues are occurring. Reporting sophistication is also important, some users expressing an interest in infrastructure monitoring packages being able to report on compliance of the cloud environment, for example.

Find out what your peers are saying about Paessler AG, Zabbix, SolarWinds and others in IT Infrastructure Monitoring. Updated: August 2020.
431,024 professionals have used our research since 2012.