Skip to main content
Skip table of contents

Physical Servers

Q: What specific information does the Cloudamize agent collect?

A: The Cloudamize agent collects system and application related performance and usage metrics such as CPU, memory, disk, network and running applications.

 

Q: How does the Cloudamize agent connect to the Cloudamize server?

A: The Cloudamize agent sends data to the Cloudamize server over SSL (port 443).

 

Q: Do I need to open firewall to send data to the Cloudamize server?

A: Yes, the Cloudamize agents send data to the Cloudamize server over SSL (port 443). You need to make sure that outbound SSL (port 443) access is permitted to the Cloudamize server. You will not need to open firewall access if you are using Internet proxy.

 

Q: What if my physical servers do not have direct access to the Internet?

A: If your physical servers have Internet proxy access, Cloudamize agents will still be able to relay data via your Internet proxy to the Cloudamize server.

 

Q: Is there a proxy available to forward data from the physical machines that are not directly accessible by Internet?

A: No, there is not a proxy that is available to forward data from the physical machines that are not directly accessible by Internet.

 

Q: Is the Cloudamize agent a standalone executable (i.e. libc) or does it need Java or another framework preinstalled?

A: For Linux server hosts and VMs, the Cloudamize agent is a standalone binary executable. For Windows servers and VMs, the Cloudamize agent requires .NET framework 2.0 or greater.

 

Q: What is the performance overhead of running agents on physical servers?

A: The Cloudamize agents are lightweight. Typically it takes less than 0.5% CPU utilization. Cloudamize Agents are Smart Agents. They run two processes. One is the data-collection agent and the other is the watchdog agent. Watchdog agent monitors the data-collection agent and makes sure the data-collection agent is behaving correctly. Watchdog agent monitors every system metric and caps the data-collection agent if it goes beyond expected consumption. If any of the metric is higher than the cap, then data-collection agents sleeps and waits until they can start collecting again. For example, typically, our agents take less than 0.5% CPU utilization. However, if CPU utilization goes higher than 2%, data-collection agents sleeps and waits for watchdog-agent's to tell when to start collection again.

 

Q: What is the data collection frequency?

A: Cloudamize agents collects data every 30 seconds and pushes it out to Cloudamize server every 5-min.

 

Q: Can agents be installed on virtual machines without also collecting data from the hypervisor such as vCenter or the Hyper-V host machine?

A: Most performance metrics can be collected from the agent even when the agent is running on a VM and no data is being collected from vCenter. However, there can be some inaccuracy when estimating the CPU utilization. This inaccuracy can lead to an overestimate of the required computational needs, and can result in Cloudamize recommending a larger machine than necessary. However, this is only an issue when the physical server is under provisioned. In any case, memory and IO requirements are estimated correctly. To understand the issue, suppose that two VMs are running on a physical server that has a single CPU with a single one hardware thread. If both VMs are demanding the entire CPU, the hypervisor will allocate 50% of the compute time to each VM. However, from the perspective of a the VM and our agent on the VM, the CPU is 100% utilized. Since the agent sees the CPU 100% utilized, while the CPU is actually only 50% utilized, the Cloudamize agent will over estimate the computational requirements of the VMs. If this scenario occurs frequently, then it could lead to Cloudamize recommended a larger machine than is necessary. On the other hand, if CPU utilization data is collected from the hypervisor, then the actual CPU utilization is measured and an accurate estimate of compute requirements is made.

 

Q: How much bandwidth is used when the data is transported from Cloudamize agents?

A: Windows/Linux agents are approximately 5KB to 40KB per 10 minutes.

Q: Can I import the data rather than run an agent?

A. No. Cloudamize reads data from vCenter’s read-only APIs. For non-VMWare environment, Cloudamize provides a proprietary agent that can be installed for data collection and can be removed after the data collection period is completed.

Q: What is the methodology in obtaining the ‘Software Installed’ on each node? Is the Cloudamize Agent or ADC looking for EXE files, running processes, other methods?

A. The installed app list comes from the registry in Windows, basically, the list of apps that appear when you open add/remove programs. We use the rpm/deb database on Linux to list all packages installed on the system.

Q: Will Cloudamize continue using Admin to operate during assessment duration?

A. Yes, Cloudamize Windows Agent will continue to use SYSTEM account whenever it is running.

Q: Can an user provide custom role for necessary permissions?

A. No, Cloudamize Windows Agent will use only SYSTEM account.

Q: Can all update, install and download functions be deactivated in the agents?

A. Agents do not automatically update, download or install once installed. This must be triggered manually.

Q: How does the distribution of the agents work? Which accounts and rights are used?

A. Agent software is provided as-is, our guides can be used. Mass-installation is not supported by Cloudamize, but commonly done by scripting, SCCM, etc.

Q: For ADC Where are credentials stored, Only on the data collector VM, or are they saved to Cloudamize in the console?

A. They are stored on C:\Program Files (x86)\CloudamizeAgentlessDC\HostInfo.xml or HostInfoBackup.xml, Only on the data collector VM.

Q: Will CloudAmize help to discover the MS SQL database and application mapping? (When I discover the database name, will I be able to get the Application details running on the database, for eg: Application Host Name, Application IP address)?

A. Yes, for the details that will be collected by Cloudamize for the MS SQL data on our Knowledge base https://support.cloudamize.com/kb/Agentless-Overview.36852924700.html under Supported MS SQL data collected by Agent-Based and Agentless.

Q: What is the minimum version on OpenSSL/TLS that is supported by the current Cloudamize agent?

A. Cloudamize supports TLS 1.2 and above versions. The TLS version below 1.2 is not supported due to security reasons. Cloudamize Agent is currently using version 3.0.13. for the OpenSSL. The minimum required version of openSSL is 1.1.1 or higher.

Q: Does the watchdog restart the agents too or does it only kill the agents?

A. The watchdog will restart the Agent on a periodic basis if it determines the environment has enough resources for the Agent to run without interfering in normal operations.

Q: Would it be possible to download the actual agent installers prior (Windows and Linux) since our ops team wants to distribute the install packages early?

A. Installation of actual agents to collect data for an assessment requires a customer key that is only issued upon the opening of the console account. A free demo account can be provided that will give access to the Agent download and installer, but the dummy key will result in any gathered data being discarded upon receipt, and once you have the actual customer key you would have to uninstall and re-install again on all infrastructure using the customer key.

Q: Agentless data collector is limited to 500 hosts per subnet. How would you scale the data collector to deal with a larger subnet? Is it a vertical scale, or a horizontal scale?

A. We recommend increasing number of Agentless Data Collector. To scale the Cloudamize Agentless Data Collector to handle more than 500 hosts, it is recommended to use a horizontal scaling approach by installing additional data collectors on separate machines. Each data collector can monitor up to 500 hosts, so for larger environments, it is highly recommended to deploy multiple data collectors across different machines.

Q: Can we schedule the data upload from data collector server to cloudamize SaaS server on any time which clients wish to schedule?

A. Cloudamize does not support a data upload schedule that the user can set up. ADC has its own schedule and sends data with best effort.

Q: Can we use Agent or Agentless in Nutanix environment?

A. For the Nutanix hypervisor environment, Cloudamize only supports Agent and Agentless data collection methods. If the Nutanix hypervisor hides the CPU model for VMs where data is collected using Cloudamize Agent or ADC, the user will have to specify the CPU details manually. Cloudamize will assess VMs based on data collected by the Agent or ADC.

Q: Can we change the Installation Drive for Agent?

A. No, the Agent relies on being installed in the default drive where Windows in installed as it sits in the Program Files (x86) directory and utilises several Windows features from the OS drive. This is why the GUI installer doesn’t prompt for an install location and why the usual .msi options that would change the location are disabled.

Q: Is the traffic from the agent to the Central collector encrypted and how (if applicable)?

A. All data from the Agent to our cloudamize servers is encrypted using TLS 1.2 as a minimum (1.3 is preferred where available).

Q: What is the list of servers that must be reachable for the agents? am-de.cloudamize.commonly?

A. It depends on the region chosen for the assessment, but if you’re using our EU collector then only am-de.cloudamize.com is required, traffic is not sent to/from anywhere else. The list of servers that must be reachable for the Cloudamize agents to our servers at am.cloudamize.com for US infrastructure, am-de.cloudamize.com for EU infrastructure, am-ae.cloudamize.com for UAE infrastructure over the port 443, either directly or through a corporate proxy.

Q: When installing the Linux agent packages, does the install process use the os package installer and will there be additional dependencies (packages) installed?

A. The Install script requires wget to retrieve content and curl to test/verify access to our data collection servers at am.cloudamize.com for US infrastructure, am-de.cloudamize.com for EU infrastructure, or am-ae.cloudamize.com for UAE infrastructure over port 443, either directly or through a corporate proxy. wget and curl come packaged with the installer so it can still run if they aren’t installed. No additional packages are used beyond these.

Q: When deploying agentless approach “Servers (windows and linux) are located in same subnet. Can we add whole IP subnet / range containing every operating systems to "Add Windows Hosts" and exclude linux operating systems afterwards? when there are no separate IP ranges for Windows and Linux systems?

A. If the user adds a subnet using the “Add Windows Hosts” function, the ADC will attempt to connect to any servers it finds in that subnet with the provided credentials using WMI over RPC. Since Linux servers don’t use these protocols, they would not be added by this sweep of the subnet. Using “Add Linux Hosts” attempts the same thing but using SSH instead, so Linux hosts would be responsive to this. Assuming all servers on the subnet have a single login that has been enabled specifically for Cloudamize, another precaution that can be in this scenario is to use one login for Windows servers and another for Linux servers.

Q: The Linux install recommends installing via online shell script that dynamically downloads a compressed tarball. Are agent install binaries static/self-contained without external dependencies? Is a packaged installer available for all platforms without manually maintaining the installCloudamizeAgentV2.sh script and ccagent-v2.tgz tarball?

A. The linux agent does not use static linking for the C/C++ runtime, and that is one of the reasons we have minimum OS versions. We do use static link some other libraries though (they believe libpcap, and we also use static link openssl and zlib for the version of curl we ship). We do have a packaged installer available - cloudamize_agent.tgz..It is used by extracting and running the install.sh script it contains. It is platform independent, but still has our minimum OS requirements (rhel 7 or later).

Q: How are the credentials protected when ADC is used for the data collection(encryption\obfuscation\hash)?

A. Passwords are encrypted.

Q: For Agentless Data collector, where will the credentials be stored which are used for systems discovery?

A. Credentials will be stored on C:\Program Files (x86)\CloudamizeAgentlessDC\HostInfo.xml or HostInfoBackup.xml, and only on the data collector VM with the passwords being encrypted.

Q: Agentless - Are there any domain-join requirements for the discovery server, or can it be standalone? When we have multiple domains, will remote discovery work to domain-joined Windows servers if the discovery server is off domain or on a different domain to the targets, and domain accounts are used to connect?

A. The Agentless Data Collector can collect from multiple domains with proper setup, though we usually recommend using one ADC per domain, hosted on a server within the domain, to simplify the process. For Windows servers, the ADC uses remote WMI over RPC so going cross-domain may require remote DCOM privileges be configured separately depending on the current setup; this may not be an issue though, so it may be the simplest to install, test and only deploy multiple ADCs if there are issues adding hosts to the one.

Q: Is there a way for Cloudamize to use SSH keys vs. passing credentials? when we use Duo MFA?

A. The Cloudamize Agentless Data Collector is not designed to use public keys, and only supports the username/password method for now. If the servers cannot support username/password authentication at all then data can still be collected from them using the Cloudamize Agent instead of the Agentless Data Collector.

Q: Does Agent support use of an aggregator proxy like a syslog server in between the On Prem server and Cloudamize server?

A. The Agent requires direct communication to Cloudamize endpoint servers, or communication via an http proxy. No other setup is currently supported.

Q. Can the agents be uninstalled without leaving any residue?

A. Yes, normal uninstallation procedures will normally suffice, plus removing any remaining Cloudamize install directory.

Q: Are there functional differences in the implementation with agents or agentless?

A. Yes, due to the remote aspect of the agentless; Agentless requires additional firewall rules and additional permissions on both Windows and Linux (Eg:- on Windows a Domain Admin account is required and remote DCOM permissions may need to be enabled, on Linux an account that allows commands to be run remotely via SSH is required, usually set up via sudoers). However, results are almost entirely the same.

Q: If I have a server, let's take the case the server has a name (server 01) and an IP address, is moved during a discovery period with Cloudamize to another place and the server name stays the same (Server 01) but due to the replacement receives a new IP. How does Cloudamize handle such a situation. Is it a new server or does it simple continue with monitoring? with the Agent Based solution?

A. The server will be considered as a new server only if the UUID changes. Cloudamize will still consider it as the same if there is any change in the IP or hostname and can be updated later on from the backend.

Q: Does Cloudamize requires Domain admin access user, or domain user added to local admins?

A. If a Domain Administrator account is not used but another account in the host Administrators group (a local account) is used, remote WMI access will be denied due to Remote UAC. Disabling Remote UAC is not recommended due to security reasons.

The account created should be a part of the Domain Admin account as the admin access is required to run the WMI Queries which are used to collect the data in the assessment.

Q: The (Windows agent) implementation seems to be .NET (see FxCop). What about the Linux agents? Mono?

A. The Linux agent does not appear to be implemented using Mono. The Linux agent statically links against various Linux system libraries like libpthread, libc, libm, librt, libstdc++, and libgcc, which are licensed under the GNU Lesser General Public License. This suggests that the Linux agent is likely implemented in C or C++ rather than using Mono/.NET.

Q: How do the agents communicate with the cloud service? We have an enterprise gateway with TLS interception for outgoing connections. Is this technically possible? Is certificate pinning used?

A. HTTPS or SSH (OS dependent) with TLS encryption (v1.2 minimum, v1.3 preferred). Certificate pinning is not used.

Q: What is the impact on the machine’s CPU/Memory usage?

A. It will be Minimal and monitored by the Watchdog service/process. The Cloudamize Linux Agent requires 3% of CPU and 5% of memory while running. The Cloudamize windows Machine Agent requires .2% of available CPU and 3% of memory while running.

Q: If a machine has multiple IP addresses, how does the Cloudamize agent know which IP to use?

A. We choose the numerically lowest private IP address of those returned by the query to display on the portal. So eg:, if one is 169.254.x.x and another is 169.254.x.x+1, we will display 169.254.x.x in the portal.

Q: Is there a specific port needed for linux machines to communicate with an ADC?

A. Yes, for each Linux endpoint that needs to communicate with the Cloudamize Agentless Data Collector (ADC), TCP port 22 needs to be opened inbound. This is required for the ADC to access the Linux servers over SSH.

Q: Does Cloudamize support IBM AS400 servers while scanning over ADC?

A. IBM servers are not supported for data collection with Cloudamize software.

Q: Is there an AIX version of the agent? If not, is it possible to leverage agentless monitoring to cover IBM workloads?

A. Cloudamize currently does not support IBM workloads for data collection, only Windows and Linux.

Q. How to avoid ADC processes on the servers are being picked up by Cybereason XDR?

A. The way to avoid this is to whitelist the Cloudamize processes using Cybereason’s whitelisting method.

Q. What does the agent do with the TRACE_SOCKET command? Which network connections are monitored and for what purpose? What data is recorded?

A. Cloudamize doesn't support TRACE_SOCKET command anymore.

Q. How does the distribution of the agents work? Which accounts and rights are used?

A. This is up to the customer. Agent software is provided as-is, customer can use our guides/KB articles for more information on the requirements for the setup. Mass-installation is not supported by Cloudamize, but commonly done by scripting, SCCM, etc.

 

 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.