Monalytic provides a quick explanation of how the SolarWinds Orion Agent functions on a Windows operating system, and also how it provides Administrator level privileges to provide vital information about the system.
An Agent is a software application that provides a communication channel between the Orion server and a monitored system. Agents are commonly used as an alternative to WMI or SNMP to provide information about your system for several reasons such as:
After completion of the Agent installation on the remote system, the Orion server communicates with the Agent in one of two ways:
The communications between Orion Server and the agent are fully encrypted using 2048-bit or 3072-bit Transport Layer Security (TLS) encryption, based on the agent and certificate versions.
On a Windows system, the Orion Agent uses the “Local System Account” to poll critical information about the system and can also provide remote administration from the SolarWinds Web Console. The Local System account is a predefined local account used by the service control manager (SCM). This account is not recognized by the security subsystem, so you cannot specify its name in a call to the LookupAccountName function. Its token includes the NT AUTHORITY\SYSTEM and BUILTIN\Administrators SIDs (Security Identifier). The Local System account does not have a password and cannot be modified to contain one.
In some cases, using a different account might be desired if security is a concern. For the Agent to properly function, the new account must be a member of the local administrators group on the system. A local user or domain account can be used but may require frequent password changes depending on the environment’s security policies. The Local System account can be changed, but should be done with caution in order to remain in compliance with your company’s security policies and guidelines.
If the SolarWinds Agent is installed on the SQL Server where the SolarWinds Orion database resides, the Agent can leverage the “Local System Account” to provide SQL Instance and Database information because it is tied into the NT AUTHORITY/SYSTEM account on the machine. In a standard SQL deployment, the NT AUTHORITY/SYSTEM account is listed under “Users” and is granted connection to SQL via the ‘sa’ account.
The Orion Agent is a great alternative to monitoring critical systems in any environment but may require some additional planning to ensure security policies are satisfied. Whether using WMI or the Agent installation, both provide the necessary data collection features required to monitor Windows and Linux systems.
Monalytic specializes in SolarWinds project-based services, managed services, and training. This is all we do, let’s talk!
Back to News