Are you using one of notable ways to reduce load on your servers?
WMI (Windows Management Instrumentation) is an established standard to access and/or control Windows components, services and applications. With its query language (resembling the SQL used by many relational databases), WMI allows collecting information from multiple sources, so-called providers. However, this comes at a cost: running a WMI query is a resource- and time-consuming operation compared to certain alternatives.
What’s worse, to interact with WMI-enabled host, one needs to configure remote WMI access properly.
To run WMI queries, in most cases administrator’s privileges are required. There are cases when no partially elevated user account can be actually used for WMI query. That means, in turn, a possible security issue.
There’s, however, simpler and more efficient alternative: SNMP.
SNMP under Windows
To begin using SNMP under Windows, the corresponding components should be installed first. On current Windows releases, SNMP is typically added as an optional feature, so it is better to rely on current Microsoft documentation: see Microsoft’s SNMP installation guidance.
By default, there are no communities defined for Windows SNMP service (that means, no access by default) and the only host allowing connection is the loopback interface (“localhost”), i.e. the same system. That can be configured either from corresponding SNMP Windows Service settings, or by means of PowerShell script. Similarly, SNMP Traps can also be configured.
By default, standard SNMP service under Windows provides basic information on performance counters for CPU (how much CPU time has been used by certain process), RAM (memory usage per process), processes list and network-related information.
When necessary, SNMP can be programmatically extended (e.g., with a .NET SNMP library), allowing custom variables and controls.
SNMP under other OSes
Net-SNMP is the typical SNMP implementation for many non-Windows systems, including Linux distributions, BSD-like systems and macOS. By default, Net-SNMP includes limited read-only access to certain general system information. On Linux systems, this often makes it practical to expose and monitor common host metrics such as CPU, memory and disk usage over SNMP.
Unlike in Windows implementation, extending Net-SNMP is simpler. To populate certain OID trees (SNMP variables), a command producing them should be mentioned in configuration file (which allows on-the-fly modification when necessary)
General SNMP advantages over WMI
SNMP authentication requires fewer steps and is added as simply as removed. Setting up remote WMI access can be a challenge. For new deployments, it is worth preferring SNMPv2c or SNMPv3 over SNMPv1, and using read-only access when monitoring only.
SNMP probes in general require less resources and take less time than WMI queries.
Extending SNMP to add required OIDs can be similarly simple (or simpler) than extending WMI.
Conclusion
Although SNMP cannot completely replace WMI (there can be WMI providers that do not have SNMP counterparts; there are queries that manage Windows resources or actions not controlled by SNMP), for monitoring (read-only) purposes it can be used in many cases.
When SNMP replacement is available, one should consider using it, other conditions equal.
If you need assistance with setting up a SNMP monitor for a case mentioned above, feel free to contact us.