SCOM: Building on the Net-SNMP MPs

Due to the ubiquity of the Net-SNMP agent, the Net-SNMP management packs can be used for a wide range of UNIX/Linux devices, and one of my primary intentions in creating these management packs was to extend them to Linux-based proprietary platforms such as Check Point Secure Platform and VMWare ESX.  To that end, I am currently putting the finishing touches on management packs for Check Point Splat and VMWare ESX SNMP monitoring that reference the Net-SNMP Library MP. 

Check Point Secure Platform

SPlat is a hardened Linux kernel, which conveniently supports the Net-SNMP agent for manageability.  The Check Point-specific SNMP objects are exposed through the extended Net-SNMP agent as described in the CHECKPOINT-MIB.   So in this case, the Net-SNMP Monitoring MP can be used for basic system health, while an additional Check Point MP can be added to monitor the Check Point software modules for availability status and Firewall/VPN/Etc performance metrics.  


Of course, ESX server is a modified Red Hat Enterprise Linux distribution that also utilizes the Net-SNMP agent for SNMP support.  VMWare exposes ESX-specific objects to SNMP via dlMod extensions to the Net-SNMP agent, including VM Guest info and some performance metrics.   So, in VMWare environments, the host operating system can be monitored for health through traditional Net-SNMP-implemented MIBs (UCD-SNMP, HOST-RESOURCES), while VMWare-specific counters can be monitored through the use of the VMWare MIBs.  

When it comes to monitoring of VMWare,  the VMWare SNMP implementation has the advantage of being easy to deploy and rather lightweight, and given the likelihood that SNMP may be used in VMWare environments for full vendor hardware monitoring, the VMWare SNMP implementation is a good way to introduce some monitoring of the hypervisor virtualization layer.  That being said, the VMWare SNMP implementation does leave a lot to be desired; for example, alarms/events are only exposed in SNMP through traps, only a few performance counters are available, and many VMWare Infrastructure objects are not represented.    For more complete/comprehensive monitoring of VMWare environment, the only data provider choice seems to be the VMWare API.   I’m working on something along those lines presently, but I’ll post more on that at a later date.


About Kristopher Bash
Kris is a Senior Program Manager at Microsoft, working on UNIX and Linux management features in Microsoft System Center. Prior to joining Microsoft, Kris worked in systems management, server administration, and IT operations for nearly 15 years.

2 Responses to SCOM: Building on the Net-SNMP MPs

  1. Dan Nichols says:

    Hi Kris,

    Looking forward to hearing more about your work with the VMware API.

  2. Kristopher Bash says:

    Thanks. Unfortunately I haven’t done much more with this recently, as I am trying to completely rework a set of SNMP MP’s first. What I am hoping to do with the VMWare API is to take a development shortcut and not actually invoke the API through the SOAP web service, but rather utilize the PowerCLI powershell interface on an agent to connect to a VC server in order to extract inventory and performance data for the whole environment on a scheduled basis. The scripts to do this would export all the collected data to XML files, which would then be used as inputs for discoveries, monitors, and rules.

    I’ve done some proof of concept work with this and it seems viable, but the PowerCLI scripts have to be written carefully to make sure they can execute in a reasonably short time, even in a large environment. While even in the best case, interfacing with VI with PowerCLI is too slow for near-real time monitoring, I think the benefit would be that data for all objects could be collected in one workflow, minimizing the actual overhead of interfacing with the API through bulk collection. If a Host and Guest performance snapshot were collected in one scheduled process every 5 minutes, and then other workflows utilized this collected data for performance mapping and monitoring, it would be functionally equivalent to polling the API for each individual object every 5 minutes, with less actual object instantiation and API interfacing.

    If this doesn’t prove to be viable, there’s always the option of engaging the API through the SOAP web service.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: