Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Orion Platform > Application Centric Monitor > Application Centric Monitor Installation Guide > Requirements > Additional SAM technology requirements

Additional SAM technology requirements

Created by Su-Lyn Rosenberry, last modified by Su-Lyn Rosenberry on Oct 23, 2017

Views: 20 Votes: 0 Revisions: 4

SNMP requirements for monitored devices

SolarWinds SAM can monitor the performance of any SNMPv1‑, SNMPv2c‑, or SNMPv3‑enabled device on your network. Consult your device documentation or a technical representative of your device manufacturer to acquire specific instructions for configuring SNMP on your device.

Notes:

  • To properly monitor devices on your network, you must enable SNMP on all devices that are capable of SNMP communications.
  • Unix based devices should use the configuration of Net-SNMP version 5.5 or higher that is specific to the type of Unix-based operating system in use.
  • SolarWinds SAM is capable of monitoring VMware ESX and ESXi Servers versions 3.5 and higher with VMware Tools installed on virtual machines. For more information about enabling SNMP and VMware Tools on your VMware device, consult your VMware documentation or technical representative.
  • If SNMPv2c is enabled on a device you want to monitor, by default, SolarWinds SAM attempts to use SNMPv2c to poll the device for performance information. If you only want SolarWinds SAM to poll using SNMPv1, you must disable SNMPv2c on the device to be polled.

Asset inventory and hardware health monitoring requirements

Asset inventory data collection can be enabled for both physical and virtual assets and functions independently of hardware health monitoring. This means you do not need to have hardware health monitoring enabled to have inventory data collected and displayed.

The following hardware supports Asset Inventory data collection:

  • Dell servers with OpenManage Server Administrator Managed Node v7.2 or later
  • HP servers with HP System Insight Manager v6.2 or higher
  • IBM server with IBM Director (Common Agent, v6.3 or higher)
  • Additional hardware not listed here may be supported with a limited amount of information returned from the polling process.

The Asset Inventory feature supports the following operating systems and protocols and does not count against your SAM component monitor license. Additionally, these nodes must be managed by SAM to enable collection of Asset Inventory data:

Operating System Protocol

Windows

SNMP, WMI

Linux

SNMP

AIX (v7 and higher)

SNMP

VMware ESX/ESXi v4.x and v5.x

  • CIM
  • VMware API
  • SNMP for VMware nodes not polled via CIM or the VMware API

VMware API for ESX/ESXi hosts polled via vCenter.

HTTPS

AppInsight for SQL requirements and permissions

AppInsight for SQL supports the following versions of Microsoft SQL Server.

Microsoft SQL Server Version Versions Supported

Microsoft SQL Server 2008

Without SP, SP1, SP2, SP3

Microsoft SQL Server 2008 R2

Without SP, SP1, SP2 SP3

Microsoft SQL Server 2012

Without SP, SP1

Microsoft SQL Server 2014  
Microsoft SQL Server 2016  

AppInsight for SQL data is collected at the same default five minute polling interval as traditional application templates. Following are the requirements and permissions needed for AppInsight for SQL.

AppInsight for SQL does not require named-pipes. However, it does require TCP. For example, SAM uses TCP detection during discovery. You may receive an error message pertaining to "named-pipes." This is the result of the last client protocol that is tried during connection to the SQL server.

AppInsight for SQL permissions

The minimum SQL permissions required to use AppInsight for SQL are as follows:

  • Must have administraror permission at the host level.
  • Must be a member of the db_datareader role on the msdb system database
  • Must have VIEW SERVER STATE permissions
  • View any definition
  • Connect permission to Master database
  • Execute permission on the Xp_readerrorlog stored procedure
  • Connect permission to the Msdb database
  • Must be member of db_datareader role in the MSDB database
  • Connect permission to all databases

Review the following information regarding monitoring SQL servers with AppInsight for SQL:

  • AppInsight for SQL supports both the SNMP and WMI protocols and uses SQL to gather information about the application. Additional information is available for nodes managed via WMI.
  • Agents do not work with AppInsight for SQL when the SQL server being monitored is in a cluster.
  • SQL clusters cannot be polled with domain credentials via the Orion agent because agents do not work with AppInsight for SQL when the SQL server being monitored is in a cluster.

SQL account permissions

The following script configures permissions for a SQL account:

Important: This following scripts make changes directly to the database. You should create a database backup before running either of these scripts.

USE master
GRANT VIEW SERVER STATE TO AppInsightUser
GRANT VIEW ANY DEFINITION TO AppInsightUser
GRANT VIEW ANY DATABASE TO AppInsightUser
EXEC sp_adduser @loginame = 'AppInsightUser' ,@name_in_db = 'AppInsightUser'
GRANT EXECUTE ON xp_readerrorlog TO AppInsightUser
USE msdb
EXEC sp_adduser @loginame = 'AppInsightUser' ,@name_in_db = 'AppInsightUser'
EXEC sp_addrolemember N'db_datareader', N'AppInsightUser'

Windows Authentication

The following script configures permissions for a SQL account with Windows Authentication:

Important: This following scripts make changes directly to the database. You should create a database backup before running either of these scripts.

USE master
GRANT VIEW SERVER STATE TO "Domain\AppInsightUser"
GRANT VIEW ANY DEFINITION TO "Domain\AppInsightUser"
EXEC sp_adduser @loginame = 'Domain\AppInsightUser' ,@name_in_db = 'Domain\AppInsightUser'
GRANT EXECUTE ON xp_readerrorlog TO "Domain\AppInsightUser"
USE msdb
EXEC sp_adduser @loginame = 'Domain\AppInsightUser' ,@name_in_db = 'Domain\AppInsightUser'
EXEC sp_addrolemember N'db_datareader', N'Domain\AppInsightUser'
EXECUTE sp_MSforeachdb 'USE [?]; EXEC sp_adduser @loginame  = ''Domain\AppInsightUser'', @name_in_db = ''Domain\AppInsightUser''' 

Domain account with Orion agent

To use a domain account with an Orion agent, the domain account needs to have “Log on as a batch job” policy enabled for the default batch execution mode. Set this permission either locally on the monitored SQL server or as a domain policy (which enforces the policy to all machines within the domain). For details on this batch mode, see this Microsoft Technet article: https://technet.microsoft.com/en-us/library/cc957131.aspx

This policy is only enabled for a LocalSystem account by default and explicitly needs to be added for the domain account.

This user right is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy of workstations and servers.

The location for the policy is Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.

If you have issues, see Use a domain user to monitor AppInsight for SQL through an agent.

AppInsight for Exchange requirements and permissions

AppInsight for Exchange works only with the Mailbox Role, which is used for data storage. All other Exchange servers running different roles should use the Exchange application templates included with SAM if you intend to monitor them. Data is collected at the same default five minute polling interval as traditional application templates.

Microsoft Exchange Versions Supported

  • Microsoft Exchange Server 2010
  • Microsoft Exchange Server 2013
  • Microsoft Exchange Server 2016

Exchange hybrid versions are not supported.

AppInsight for Exchange Requirements and Permissions

  • Local administrator permissions are needed for automatic configuration, but they are not needed for monitoring once configuration is complete.
  • To provide organization-wide capability, the service account (Domain User) needs to be a member of the View-Only Organization Management group. Membership to this group gives the user object read-only access to the entire Exchange environment, without providing any domain or local access on the Exchange server. It also prevents possible abuse by an unauthorized user accessing the account (e.g. modifying Exchange environment configuration, creating or deleting users, and so on.)
  • In order to gather information, the user object must be assigned the Mailbox Search management role within Exchange. In order for the account to be configured correctly, the account must be a member of the Local Administrators group. 
    Note: For Exchange access, this is not required, but in order to modify Exchange and WinRM settings on the server, as well as to poll performance counters, this additional level of permission is required.
  • For Mailbox statistics, Hub Transport Servers need to be accessed via RPC.

PowerShell Requirements

  • Exchange 2010 must have PowerShell 2.0 installed
  • Exchange 2013 must have PowerShell 3.0 installed
  • Permissions must be granted for PowerShell to be accessed
  • PowerShell 2.0 is required for Windows 2012 (regardless of Exchange version)

For information on configuring PowerShell permissions, see Set PowerShell permissions for Exchange.

Common Configuration Issues

AppInsight for IIS requirements and permissions

Review the requirements and permissions for configuring AppInsight for IIS nodes in your environment. AppInsight for IIS data is collected at the same default 5 minute polling interval as other application templates.

Microsoft OS Version >IIS Version Supported

Microsoft Windows 2008

IIS 7.0

Microsoft Windows 2008 R2

IIS 7.5

Microsoft Windows 2012

IIS 8.0

Microsoft Windows 2012 R2 IIS 8.5
  • PowerShell 2.0 or higher must be installed on the IIS server.
  • Administrator rights or equivalent credentials to the IIS server bring monitored is needed for configuration. Non-administrative permissions for polling and monitoring is only achievable using the optional Orion Agent.
  • IIS 7.0 or higher must be installed.
  • AppInsight for IIS supports the following versions of Microsoft operating systems and their respective IIS versions:
     

If any prerequisite is missing, the application goes into an Unknown state.

Some resources may not function properly in Internet Explorer 8 or earlier. Consider upgrading Internet Explorer or using an alternate web browser such as Firefox or Chrome.

AppInsight for IIS technologies and ports

The following table outlines the technologies and ports used by AppInsight for IIS:

The IIS server must have the ports open on the managed nodes.

Technology Port Notes
RPC Endpoint Mapper TCP port 135 SAM uses this port to establish WMI/RPC connections to the remote computer. RPC is required for getting performance counters information via the ASP.NET resource.
WMI TCP ports 1025 - 5000 or TCP ports 49152 - 65535 By default, Microsoft Windows uses a random port from this range for WMI communications. The default port range differs based on the operating system. You must create a firewall exception on the remote computer.
PowerShell TCP port 5986 This is a secure listener hosted in the WinRM service.
HTTP TCP, At least one port mentioned in the bindings of a site. If the connection is not allowed, the HTTP Monitor is hidden.
HTTPS TCP. At least one port mentioned in the secure bindings of a site. If the connection is not allowed, the HTTPS Monitor will be hidden.
SSL TCP. At least one port mentioned in the secure bindings of a site. If the connection is not allowed, the SSL Certificate Expiration Date Monitor will be hidden.
SMB (Windows Shares) TCP port 445 Used for Site Directory Information and Log Directory Information.

Windows Scheduled Task Monitor requirements

The WSTM supports monitoring tasks on the following operating systems:

  • Windows 2003 R2 SP2
  • Windows 2008
  • Windows 2008 R2
  • Windows 2012
  • Windows 2012 R2

When SAM is installed on Windows 2003 R2 SP2, scheduled tasks on Windows 2008 or later cannot be polled by the Windows Scheduled Task Monitor (WSTM). Only tasks from root directory can be monitored. The WSTM will not work for tasks from every level of the Task Scheduler Library.

SAM Component Monitor port requirements

Component/
Monitor

Port

Type

Description

DHCP User Experience Monitor

67

UDP

The UDP port used for the DHCP request.

DHCP User Experience Monitor

68

UDP

The UDP port used for the DHCP response.

Directory Size Monitor

 

 

See SAM WMI requirements below.

DNS Monitor
DNS User Experience Monitor

53

TCP/UDP

The TCP and UDP port used for DNS queries.

Download Speed Monitor

19

 

The port used for the character generator service.

File Age Monitor
File Change Monitor
File Existence Monitor
Files Size Monitor

445

TCP/UDP

These components monitor uses TCP/445 and UDP/445 ports.

File Count Monitor

 

 

See "Application Performance Monitor WMI Requirements" on page "4".

FTP Monitor
FTP User Experience Monitor

21

 

This field is the port number used for FTP sessions

HTTP Form Login Monitor
HTTP Monitor
TCP Port Monitor

80

 

This field is the port number used for HTTP forms-based login sessions.

HTTPS Monitor

443

 

The port used by the web site.

IMAP4 Monitor

143

 

 

IMAP4 User Experience Monitor

143 and 993

IMAP4

This component monitor uses these ports when used with a Microsoft Exchange mail server.

IMAP4 User Experience Monitor

25

SMTP

This component monitor uses these ports when used with a Microsoft Exchange mail server.

IMAP4 Port sessions

143

IMAP4

This field is the port number used for IMAP 4 sessions.

IMAP4 Port sessions

585

IMAP4

For Secure IMAP (IMAP4-SSL), use port 585.

IMAP4 Port sessions

993

IMAP4

For IMAP4 over SSL (IMAPS), use port 993.

LDAP User Experience Monitor

389

 

The port used for LDAP connections.

LDAP User Experience Monitor

636

 

For LDAP over SSL, use port 636.

Linux/Unix Script Monitor Ports

22

 

This field allows you to specify the port number used for the SSH connection.

NNTP Monitor

119

UDP

This field is the port number used for NNTP connections.

ODBC User Experience Monitor

1630

TCP

This component monitor uses port TCP/1630.

Oracle User Experience Monitor

1521

TCP

The Oracle SQL*Net Listener allows Oracle client connections to the database over Oracle's SQL*Net protocol. You can configure it during installation. To reconfigure this port, use Net Configuration Assistant.

Oracle User Experience Monitor

1526

TCP

The Oracle SQL*Net Listener allows Oracle client connections to the database over Oracle's SQL*Net protocol. You can configure it during installation. To reconfigure this port, use Net Configuration Assistant.

Performance Counter Monitor

See description

TCP

This monitor uses RPC, requiring the following ports:

  • TCP/135
  • RPC/named pipes (NP) TCP 139
  • RPC/NP TCP 445
  • RPC/NP UDP 137
  • RPC/NP UDP 138

POP3 Monitor
POP3 User Experience Monitor

110 (default)

 

This field is the port number used for POP3 connections.

POP3 Monitor
POP3 User Experience Monitor

995

 

For Secure POP3 (SSL-POP) use port 995.

POP3 User Experience Monitor
SMTP Monitor

25

SMTP

This component  uses port 25 for SMTP sessions.

SMTP Monitor

465

SSMTP

For Secure SMTP (SSMTP), use port 465.

POP3 Monitor

See Description

 

This component monitor uses the following ports when used with a Microsoft Exchange mail server.

  • 102   X.400 MTA
  • 110   POP3
  • 119   NNTP
  • 143   IMAP4
  • 389   LDAP
  • 563   POP3 over SSL
  • 636   LDAP over SSL
  • 993   IMAP4 over SSL
  • 995   Secure POP3 over SSL

POP3 User Experience Monitor

110 (default)

 

This field is the port number used for POP3 sessions. The default value is 110. For Secure POP3 (SSL-POP) use port 995. It also uses an SMTP Port, port 25 for SMTP sessions.

Process Monitor

 

SNMP

This component monitor uses SNMP communication.

Process Monitor WMI

 

 

Uses WMI communication to test if the specified Windows process is running and uses RPC communication to test if the specified Windows process is running.

RADIUS User Experience Monitor

1812
1645

 

This field is the RADIUS protocol authentication port. The default value is 1812. Cisco devices may require port 1645. This field is the RADIUS protocol accounting port. The default value is 1813. Cisco devices may require port 1646.

RWHOIS Port Monitor

4321

 

This template tests the ability of an RWHOIS server to accept incoming sessions on port 4321.

SQL Server User Experience Monitor

1433

 

This component monitor only works if Microsoft SQL Server is using the default port 1433. If you have a Microsoft SQL Server database that uses a non-standard port, you cannot monitor it using the SQL Server User Experience monitor. You need to use the ODBC User Experience monitor instead to manually define a connection string that will allow you to talk to Microsoft SQL Server on its custom port.

TACACS+User Experience Monitor

49

 

This field is the TACACS+ protocol connection port. The default value is 49.

Tomcat Server Monitor

8080

 

This field allows you to specify the port number used by the web site. The default value for this field is 8080.

VMware Performance Counter Monitor

443

 

Port number to use for VMware API. The default is 443.

ESX Hardware Monitoring

5989

 

Ensure port 5989 is open on the firewall.

Windows Event Log Monitor

 

 

This component monitor uses the following ports:

  • TCP/135
  •  RPC/named pipes (NP) TCP 139
  •  RPC/NP TCP 445
  •  RPC/NP UDP 137
  •  RPC/NP UDP 138
  •  POP3 User Experience Monitor port 110

SAM Template port requirements

Template port requirements will vary depending on how you utilize them. The following provides a list of monitor templates that use ports. 

Template

Port

Description

Blackberry Delivery Confirmation template

25

Blackberry Delivery Confirmation template uses port 25 on the SMTP server for sending the test email. If the SMTP server uses a different port, change this value.

Finger Port Monitor

79

This template tests the ability of the Finger service to accept incoming sessions on port 79.

Gopher Port Monitor

70

This template tests the ability of a Gopher server to accept incoming sessions on port 70.

IRC Port Monitor

6667

This template tests the ability of an IRC server to accept incoming sessions on port 6667.

Java Application Server (SNMP) template

1161

This template is configured to send SNMP requests on port 1161.

SNPP Port Monitor

444

This template tests the ability of an SNPP server to accept incoming sessions on port 444.

Windows FTP Server (via WMI)

21

 This template monitors the Windows FTP Publishing Service and tests the ability of the FTP server to accept incoming sessions on port 21.

SAM WMI requirements

Microsoft Windows by default uses a random port between 1024 and 65535 for WMI communications. You must create firewall exceptions to allow TCP/UDP traffic on ports 1024 - 65535 or the component monitors and templates that use WMI will not work.

The following component monitors use WMI:

  • Performance Counter Monitor
  • Process Monitor – WMI (if script uses WMI access)
  • Windows Event Log Monitor
  • Windows PowerShell Monitor (if script uses WMI access)
  • Windows Script Monitor
  • Windows Service Monitor (if script uses WMI access)

The following templates use WMI:

  • Active Directory
  • Blackberry Enterprise Server
  • Citrix XenApp 5.0 Core WMI Counters
  • Citrix XenApp 5.0 ICA Session WMI Counters
  • Citrix XenApp 5.0 Presentation Server WMI Counters
  • Citrix XenApp 5.0 Services
  • Errors in Application Event Log
  • Exchange 2007
  • Exchange 2007 Client Access Role Services
  • Exchange 2007 Client Access Role WMI Counters
  • Exchange 2007 Common WMI Counters
  • Exchange 2007 Edge Transport Role Services
  • Exchange 2007 Hub Transport Role Services
  • Exchange 2007 Hub Transport Role WMI Counters
  • Exchange 2007 Mailbox Role Services
  • Exchange 2007 Mailbox Role WMI Counters
  • Exchange 2007 Unified Messaging Role Services
  • Exchange 2007 WMI Counters
  • Exchange 2010 Client Access Role Services
  • Exchange 2010 Common Performance Counters
  • Exchange 2010 Edge Transport Role Services
  • Exchange 2010 Hub Transport Role Services
  • Exchange 2010 Mailbox Role Services
  • Exchange 2010 Unified Messaging Role Services
  • Exchange Server 2000 and 2003
  • Internet Information Services
  • Orion Server
  • SharePoint Server (MOSS) 2007
  • SharePoint Services (WSS) 3.0
  • SQL Server 2005 Database
  • SQL Server 2008 Database
  • Windows Print Services
  • Windows Server 2003-2008
Last modified

Tags

Classifications

Public