For the event monitors that need to authenticate to a remote device, the settings section includes a number of different options and some are new as of Tembria Server Monitor v5.5. Using them correctly can help to increase monitoring throughput, generally letting you monitor more things more frequently.
The Auth Type option lets you select how Tembria Server Monitor will authentication to the remote machine. With “Domain/Local Authentication” we authenticate to the domain and then reach out to the remote machine in the security context granted by the domain controller. That means that the remote machine needs to be a member of the domain as well, or a domain trusted by the one we authenticated to. This option has the advantage of being relatively fast.
With the “Remote Authentication” option we reach out to the remote machine and then authenticate to it. This has the advantage that the remote machine can be in another domain or in a workgroup and authentication will still work. The downside is that it can take a while for the remote authentication procedure to complete. It not usually an issue but if you are monitoring hundreds of machines, the time can add up.
The remaining authentication options are used to select the user name password that will be used to authenticate.
The first option, called “Use the monitoring service account”, tells the event monitor to use whatever account the monitoring service is logged into. This option is disabled by default because our installer puts the service in the LocalSystem account, where most services run. To enable it, go to the Services applet in the Administrative Tools section of the Window Control Panel. In the properties for the Tembria Server Monitor Service you can use the Log On tab to select the account that our monitoring service runs in. Choose an account with administrative privileges for the majority of the machines to be monitored and then restart the monitoring service. Back in the Tembria user interface you’ll see the option is now available. This option has the highest performance of all because the monitoring engine is automatically authenticated and the event monitors can simply connect to the remote machines and get their jobs done.
The next option to “Use and authentication profile” becomes available after you have defined one or more authentication profiles. An authentication profile lets you give a name to a user name / password pair and then you can select those credentials with the profile name. If you need to change the user name or password at a later date, you just change them in the authentication profile and all the event monitors pick up the change automatically.
The last option “Use these credentials” allows you to directly specify the user name and password to be used when authenticating. It’s great for quick and easy tests or monitoring devices that need special credentials but it’s more difficult to manage in the long run.
So to sum up, for optimal monitoring performance use the option to “Use the monitoring service account” and use “Domain/Local Authentication” wherever possible. Use the other options as necessary in order to connect to devices that need separate credentials.
Posted by Don