Hi,

I have few queries on SCOM agent.

1) How secured is installing SCOM agent on any server

2)other monitoring tools provides agentless monitoring. Is agentless monitoring solution is more secured than Agent monitoring.

3) Impact on servers when  SCOM agent runs workflows (CPU/Memory utilization).

4)When heart beat fails, management server tries to ping the target server. What if ping is disabled on target server. Do we get false alarm

5)When Agents sends data to management servers, will it compress the data (and also will it encrypt the data)

Thanks in advance

Bharath

1) How secured is installing SCOM agent on any server
You may use local system account to run agent service and then use action account to gather information about, and run responses on, the managed computer (a managed computer being either a management server or a computer with an agent installed). The MonitoringHost.exe processes run under the action account or a specific Run As account. There might be more than one MonitoringHost.exe process running on the agent at any given time.
Some of the actions that MonitoringHost.exe performs include:
Monitoring and collecting Windows event log data.
Monitoring and collecting Windows performance counter data.
Monitoring and collecting Windows Management Instrumentation (WMI) data.
Running actions such as scripts or batches.
The separation of the Health Service process from the single and multiple uses of the MonitoringHost process means that if a script running on the managed computer stalls or fails, the functionality of the Operations Manager service or other responses on the managed computer will not be affected.

2)other monitoring tools provides agentless monitoring. Is agentless monitoring solution is more secured than Agent monitoring.
No i does think so.

3) Impact on servers when  SCOM agent runs workflows (CPU/Memory utilization).

4)When heart beat fails, management server tries to ping the target server. What if ping is disabled on target server. Do we get false alarm
yes.

5)When Agents sends data to management servers, will it compress the data (and also will it encrypt the data)
SCOM agents will encrypt data send to management server. If agent and Management server on the same domain, it will use kerberos to encrypt data otherwise certificate should be deploy to both management server and agent.

Roger

1) What security considerations are you looking for. when u install SCOM agent on a server then only SCOM agent can communicate with your server. and the workflows in management Packs in SCOM will have access to your server (registries, services, event logs,etc).

2) If agentlessly monitored , then your server does not have a physical component installed on your server. Its monitored via a proxy server; which has physical scom agent installed on it.

3) SCOM agent sometimes causes high CPU utilization.

4) Agents send their heartbeat to SCOM every 60 seconds by default. If it does not sends 3 consecutive HB then "hb failure" alert is generated. After that SCOM tries to ping the server. if the ping is disabled then you will get a "failed to connect" alert. 

5) Agent sends data via edb files.

Hope this helps.