NetXMS Support Forum

Hi, I have been evaluating network management softwares for my company and I have reduced the number of NMS from 10 to 2, and one of them is NetXMS. And I'm really looking forward to start using it. But for the guys who decide it, i need a little more information about NetXMS to prove it's more usefull and secure than the other one.

As I wasn't able to find any good information about this I came straight here for help.

So i would like to know:

1. What are the limitations of transformation scripting, or I just can make whatever I want?
2. How much can we customize or adjust NetXMS to our needs, i.e., if we are not using standart enterprises or we need data, that origins do not provide, can we adjust NetXMS to start monitoring them? Like Enterasys, Mikrotik switches and all kinds of databases.  And if I add the necessary mibs, will I be able to get information about all the oids? Basically, i want to know whether we can get out other than standart information provided by NetXMS agent or not and if yes, then what are the limitations.
3. How secure is NetXMS? How secure are the connections between remote places? What security protocols are used? I read that NetXMS is using encryption, but I wasn't able to find any other information about security.

I hope, you can answer to these questions and if there are any uncertainties, please ask!

Thanks in advance,
Hopping, soon to be the new NetXMS user, Nikk

Hi!

Transformation scripts are very flexible - main limitation is what data you can access. First of all, all scripts run in strict sandbox environment, and cannot access any data outside of NetXMS server process. It is also possible to restrict script's access to data of nodes other then current (see http://wiki.netxms.org/wiki/SG:Security_Issues for explanation).

You can collect any data with NetXMS, it just matter of efforts you'll need to get them. There are few possible ways to get data:

1. SNMP - it is here out of the box, you can collect anything provided by SNMP. You can freely add new MIBs, but this is not necessary for data collection - only for MIB tree visualization for seemlier configuration.

2. agent extensions - you can develop your own sub-agents to provide application or device specific data (currently you have to do this in C, but later this year we will introduce support for sub-agents written in Java); if you can get your data with command line tools, you can integrate them into agent as external parameters or external parameter providers.

3. Application agents - we have small and simple "application agent" library which can be embedded into your application and provide internal data to NetXMS agenet.

4. SQL database - with ODBCQUERY sub-agent you can read data directly from SQL database.


We are trying to keep NetXMS as secure as possible. You have very flexible access right control; all access checks done in server, not in GUI nor API, so it's not possible to avoid it by using API directly for example. NetXMS uses own communication protocol, which is encrypted using AES-256 by default. Encryption scheme is pretty much standard - on client connect, server sends it's public RSA key to the client; client generates AES session key and sends it to server encrypted with server's public key. Same protocol used also for server-agent communications.

Best regards,
Victor

So, if i'm right, then with appropriate knownledge, I basically can get any information I want?

Thanks in advance,
Nikk

Quote from: Nikk on September 19, 2013, 03:07:53 PM
So, if i'm right, then with appropriate knownledge, I basically can get any information I want?

Yes, exactly.

Best regards,
Victor

Ok, and one more thing, I don't quite understand how external parameters work.

All information i can get from a node is listed under NetXMS agent, SNMP and WPC right?
So I just make data collection script, and it works just like that or there must be something underneath? Do I make somekind of reference to existing parameters in script or it can be even not related to them?


Thanks in advance
Nikk