NRDS behind a firewall

[scottwilkerson]

Is there a reason why your gearman worker cannot process the Windows checks via WMI? I know you would have to install the plugins & deps, but then....

We have some clients that install XI on a machine, and then gearman workers, never use XI but it then has all the correct plugins, etc....

[BanditBBS]

Is there a reason why your gearman worker cannot process the Windows checks via WMI? I know you would have to install the plugins & deps, but then....

We have some clients that install XI on a machine, and then gearman workers, never use XI but it then has all the correct plugins, etc....

Scott,

I have the latest WMI and all plugins on all my gearman workers(8)

Here are the couple issues that this doesn't solve:
1.) There are some checks that WMI just can't do or is not the best method. For those I want to use a passive agent and the best one at the moment is NRDS. I'm just asking for a sexy method to get the results back to my Corporate XI server without having to punch a hole in the firewall for every server OR without having to install XI on my gearman worker so they can all hit it and it can send the results. However, it is looking like the XI on the worker method may be the best answer for my question
2.) WMI requires a hell of a lot of ports, it randomly chooses out of a large range when running. My PCI zone is segmented into a bunch of subnets that are all firewalled between eachother and I know my security team will not allow me to open the amount of ports WMI requires. This is another issue at the moment and maybe even a moot point if I get NRDS on them all as I could just use NRDS for all checks on my PCI servers.

[tmcdonald]

Painful as it may be, I think another XI box is the easiest route. Maybe not the sexiest, but then again asking a cramped room full of nerds about implementing sexy is probably not your finest moment.

I suppose I could ask scott or one of the devs about how XI handles the forwarding, see if we could maybe strip that functionality out and use that, but that's not a surgery I want to perform.

[BanditBBS]

Painful as it may be, I think another XI box is the easiest route. Maybe not the sexiest, but then again asking a cramped room full of nerds about implementing sexy is probably not your finest moment.

I suppose I could ask scott or one of the devs about how XI handles the forwarding, see if we could maybe strip that functionality out and use that, but that's not a surgery I want to perform.

HA! I need a picture of the office now....see how cramped you guys really are!

Yeah, guess I'll go the route of another XI install. I have 5 more prod installs available on my license, so not like it's going to cost me anything. Go ahead an lock this up.