How the SolarWinds Orion Agent Functions on Windows OS

Monalytic provides a quick explanation of how the SolarWinds Orion Agent functions on a Windows operating system, and also how it provides Administrator level privileges to provide vital information about the system.

  • What is the SolarWinds Orion Agent
  • How the Agent Works
  • How the Agent Performs Administrator Level Operations
  • How to Modify the Local Account on the Remote Windows System
  • How the Agent Provides Database Information on a Microsoft SQL Server
  • Final Thoughts

What is the SolarWinds Orion Agent

An Agent is a software application that provides a communication channel between the Orion server and a monitored system. Agents are commonly used as an alternative to WMI or SNMP to provide information about your system for several reasons such as:

  • Inability to use WMI in certain secure environments.
  • Monitoring hosts and applications behind firewall NAT or proxies.
  • Requirements of using a single TCP port versus WMI that uses random open ports in the operating system.
  • Requirements for secure communication between the Orion server and monitored system.
  • Polling nodes across domains where there are no domain or forest trusts.
  • Monitoring data retention during network outages between SolarWinds and the monitored host (up to 24 hours).

How the Agent Works

After completion of the Agent installation on the remote system, the Orion server communicates with the Agent in one of two ways:

  1. Agent-Initiated – The Agent initiates communication back to the Orion server via port 17778 (Windows and Linux).
  2. Server-Initiated – The Orion server communicates with the remote Agent via port 17779 (All Operating Systems).
Encryption

The communications between Orion Server and the agent are fully encrypted using 2048-bit or 3072-bit Transport Layer Security (TLS) encryption, based on the agent and certificate versions.

Example of an Agent Deployed Environment

How the Agent Performs Administrator Level Operations

On a Windows system, the Orion Agent uses the “Local System Account” to poll critical information about the system and can also provide remote administration from the SolarWinds Web Console. The Local System account is a predefined local account used by the service control manager (SCM). This account is not recognized by the security subsystem, so you cannot specify its name in a call to the LookupAccountName function. Its token includes the NT AUTHORITY\SYSTEM and BUILTIN\Administrators SIDs (Security Identifier). The Local System account does not have a password and cannot be modified to contain one.

In some cases, using a different account might be desired if security is a concern. For the Agent to properly function, the new account must be a member of the local administrators group on the system. A local user or domain account can be used but may require frequent password changes depending on the environment’s security policies. The Local System account can be changed, but should be done with caution in order to remain in compliance with your company’s security policies and guidelines.

How to Modify the Local Account on the Remote Windows System

  1. Open the “Services” application on the system where the Agent is installed.
  2. Locate the “SolarWinds Agent” service in the listed services.
  3. Right click the service and click “Properties”.
  4. Click the “Log On” tab located at the top.
  5. Click the “This account:” radio button.
  6. Click “Browse” and locate the desired user account along. Enter the password for the selected account to be used.
  7. Click “Apply”, then click “OK”.

How the Agent Provides Database Information on a Microsoft SQL Server

If the SolarWinds Agent is installed on the SQL Server where the SolarWinds Orion database resides, the Agent can leverage the “Local System Account” to provide SQL Instance and Database information because it is tied into the NT AUTHORITY/SYSTEM account on the machine. In a standard SQL deployment, the NT AUTHORITY/SYSTEM account is listed under “Users” and is granted connection to SQL via the ‘sa’ account.

Final Thoughts

The Orion Agent is a great alternative to monitoring critical systems in any environment but may require some additional planning to ensure security policies are satisfied. Whether using WMI or the Agent installation, both provide the necessary data collection features required to monitor Windows and Linux systems.

Monalytic specializes in SolarWinds project-based services, managed services, and training. This is all we do, let’s talk!

Back to News