This topic provides information about the architecture used for various components of the BMC PATROL for Microsoft Windows Servers.
Collection architecture for Microsoft Hyper-V remote monitoring
The following figure shows the collection architecture for Microsoft Hyper-V remote monitoring:
Collection architecture for Microsoft Cluster Servers
You can configure the Cluster KM with the cluster-level agent outside or inside the cluster. The communication between cluster API (
clusapi) and the cluster service is via RPC. The RPC is authenticated, but the data is not encrypted. It is binary data, not plain text. To encrypt data, create a VPN connection and use that connection for client-server communication.
The following figure shows the collection architecture for Microsoft Cluster Servers:
Collection architecture for remote monitoring
The following figure shows the collection architecture for remote monitoring:
The Windows Remote Management (WinRM) is the Microsoft implementation of WS-Management Protocol, a standard Simple Object Access Protocol (SOAP)-based, firewall-friendly protocol that allows hardware and operating systems, from different vendors, to interoperate. WinRM establishes a session with a remote computer through the SOAP-based WS-Management protocol. Data returned to WS-Management protocol are formatted in XML.
Event log remote monitoring
The following figure shows the architecture for the collector initiated subscription for PATROL for Microsoft Windows Event Log remote monitoring.
Collector initiated subscription in PATROL for Microsoft Windows Event Log
PATROL for Microsoft Windows Event Log Remote monitoring KM uses the WS-Management protocol to support subscribing to events. The system enables Event KM remote monitoring to allow administrators to get events from remote computers and store them in a local event log on the collector computer. The destination log path for the events is a property of the subscription. All data in the forwarded event is saved in the collector computer event log (none of the information is lost). Additional information related to the event forwarding is also added to the event.
PATROL Event Log KM reads forwarded event log and notifies the user if it matches the defined filtering criteria. PATROL Windows Event Log KM monitoring creates Collector Initiated subscription. The Collector Initiated subscription type allows collector computer to pull events from source computers. Subscriptions are defined on the collector computer. To work the subscription properly, the collector service named Windows Event Collector must be installed and be running. PATROL for Microsoft Windows KM supports Microsoft Windows 2008 and above operating systems as collector computer.
The following are the pre-requisites for the monitoring:
- Collector computer (PATROL Agent node): You must install WinRM 1.1 and above, must start Windows Event Collector service and PATROL Agent, and must install Windows operating system KM on Windows 2008 and above operating systems.
- Source computer (Remote servers): You must install Windows 1.1 and above.