We are using 2003 as the DATA Collector in a DMZ enviourment. Currently Data Collector is NOT part of any domain.
Our client would like to perform a discovery before we create a import list for the DMZ, IS THAT POSSIBLE ??? or I NEED TO join THE DATA COLLECTOR TO DOMAIN BEFORE I CAN DO THE DISCOVERY IN DMZ.
Any help is greatly appreciated.
Regards / G
greetings...
the basics + rules of thumb...
1 data collector per 200 targets (full assessment)
1 data collector per 500 targets (basic assessment)
collectors can run across WANs - however, one collector per location is recommended
Data Manager has to be installed as local admin
then... for the discovery...
You can decide whether to perform a discovery OR import a csv file
If the client has an accurate listing of their servers, i like the import method.
If not, do a limited discovery - as quite often, customers find out about servers they never knew they had ie. server/desktops sitting under peoples desks or hidden away in back rooms.
here are some pointers...
On Windows systems - ports 135, 137 through 139,and 445 need to be open
On Linux and UNIX systems, port 22 is required for Secure Shell (SSH)
Trusted Domains - The collector host does not have to be in a trusted domain. However, the fully qualified account the collector uses for connection to the target systems must be one of the following:
Account of the target system
Account of the target system domain
Account of a trusted domain of the target system
Account Privileges
Windows: Inventory and performance data collection through WMI, Remote Registry, and Perfmon. An account with local administrative rights to the target system required.
Linux and UNIX: Inventory and performance collection through SSH scripts. A root equivalent administrator account is required.
hope this helps
Thanks for taking time, I knew the basics but my question was IS IT A MUST FOR A DATA COLLECTOR TO BE PART OF A DOMAIN IN DMZ.
And, figured out that the answer is NO ITS NOT MUST .
Also, Discovery in with IP is not recommend as it will pick every router/switch etc ip's on the specified range, and therefore importing a list is a better option to go for.
Thanks again for your valuable time.
Regards / G