Submit a ticketCall us

Training ClassSign up for Network Performance Monitor (NPM) and Scalability instructor-led classes

Attend our instructor-led classes, provided by SolarWinds® Academy, to discuss the more advanced monitoring mechanisms available in NPM as well as how to tune your equipment to optimize its polling capabilities. NPM classes offered:
NPM Custom Monitoring and Polling
Orion Platform Scalability

Reserve your seat.

Home > Success Center > Server & Application Monitor (SAM) > SAM Documentation > SAM Getting Started Guide > Agents > How agents work

How agents work

Created by Chris.Moyer_ret, last modified by Anthony.Rinaldi_ret on Aug 24, 2016

Views: 4,652 Votes: 1 Revisions: 6

Updated: July 9, 2018

An agent is a software application that provides a communication channel between the Orion server and a monitored computer. Agents are used as an alternative to WMI or SNMP to provide information about your selected key devices and applications. These agents provide the following advantages:

  • Polls host and applications behind firewall Network Address Translation (NAT) or proxies.
  • Polls nodes and applications across multiple discreet networks with overlapping IP address space.
  • Provides secure encrypted polling over a single port.
  • Supports low bandwidth, high latency connections.
  • Polls nodes across domains where no domain trusts are established.
  • Provides full encryption between the monitored host and the Orion poller.
  • Monitors the server and installed applications during a network outage, regardless of whether the agent can communicate with the poller. When the poller connection is restored, the agent forwards the results of its monitoring data collected during the outage to the poller for processing. All data gaps are filled with the data collected by the agent.
  • The agent allows you to easily monitor servers hosted by cloud services, such as Amazon EC2, Microsoft Azure, Rackspace, or virtually any other Infrastructure as a Service (IaaS) provider.

Agent security

All communications between the Orion server and the agent occur over a single fixed port. The agent collects the data locally, using the same protocols as agentless polling, such as WMI or RPC. Then, the agent processes the data and sends it over the fixed port. The communications between Orion Server and the agent are fully encrypted using 2048-bit or 3072-bit Transport Layer Security (TLS) encryption, based on the agent and certificate versions. The agent protocol supports NAT traversal and passage through proxy servers that require authentication.

You can choose to override this behavior. For example, if you assign an application template that uses a User Experience Monitor and you do not want to measure response time locally from the server where the application is installed, you can switch the application to poll without using an agent. This can be configured at both the application and template level.


When you apply a large number of Windows component monitors, you may see a spike in CPU utilization. Consider changing the polling method for the Windows components from WMI to RPC to reduce the CPU compute overhead and improve performance.

RPC is a protocol native to the Windows operating system. For information about security, consult the vendor help.

Agent communication modes

Agent Communication can be deployed as either Agent Initiated or Orion Server initiated:

  • Agent-initiated communication: The agent initiates communication with the server on the default port of 17778. This port must be opened on the server firewall so the agent can connect. No change to the agent firewall is required.
  • Orion Server initiated communication: The agent waits for requests from the server on the default port of 17790. This port must be opened on the firewall of the agent computer so the server can connect. No change to the server firewall is required.

Reports installed for use with the agent:

  • Agent Inventory
  • Agent Plugin Version

Use Orion Server initiated communication in DMZ environments or cloud scenarios such as Azure. Use agent initiated communication with a proxy to poll multiple computers within a single Azure cloud service.


Last modified