SNMP Discovery

Instead of using canned SSH-based probes, we are researching the possibility of using SNMP against unix boxes (and possibly windows). In theory we can do this by simply replacing the SSH probes with equivalent SNMP probes which SNMP GET information from extended MIB objects which we apply to all machines we plan to instrument.

Since we have to touch all boxes anyway (even in "agentless" SSH probe mode), there is little or no opportunity cost to picking SNMP aside from the need to port the probes. But that cost is balanced by certain advantages:

• SNMP doesn't require us to open up shell access to a broad population of machines
• SNMP is the same protocol used for net devices & printers (2 down, Windows potentially remains the odd man out)

Platforms

Probes to Replace

• ? (will get list when Discovery is available

Proof of Concept (UNIX)

On Linux/net-snmp 5 here's one way to do extensions (there are several).

• Use "exec" to add an extension to snmpd.conf

  exec echotest /bin/cat /etc/motd
  

• Restart snmpd and do a GET against a view which can see the extended MIBs

  snmpget -v2c localhost -c public 'NET-SNMP-EXTEND-MIB::nsExtendOutputFull."echotest"'
  

...we may want to use SNMPv3, but the general idea is clear... we can expose arbitrary configuration data through SNMP. Since there are only a few dozen probes (and maybe only a subset of actual interest to Yale) we should be able to leverage SNMP for UNIX discovery instrumentation.

Proof of Concept (Windows)

It's not yet clear which way to go. There is a possible benefit to going SNMP for all discovery. However, it is not clear that the benefits outweigh the costs, because it might be possible to do WMI discovery without granting privilege by properly securing the WMI namespace... this might be much easier than porting another set of custom SNMP probes for Windows.