...
A. Yes, due to the remote aspect of the agentless; Agentless requires additional firewall rules and additional permissions on both Windows and Linux (Eg:- on Windows a Domain Admin account is required and remote DCOM permissions may need to be enabled, on Linux an account that allows commands to be run remotely via SSH is required, usually set up via sudoers). However, results are almost entirely the same.
Q: If I have a server, let's take the case the server has a name (server 01) and an IP address, is moved during a discovery period with Cloudamize to another place and the server name stays the same (Server 01) but due to the replacement receives a new IP. How does Cloudamize handle such a situation. Is it a new server or does it simple continue with monitoring? with the Agent Based solution?
A. The server will be considered as a new server only if the UUID changes. Cloudamize will still consider it as the same if there is any change in the IP or hostname and can be updated later on from the backend.
Q: Does Cloudamize requires Domain admin access user, or domain user added to local admins?
A. If a Domain Administrator account is not used but another account in the host Administrators group (a local account) is used, remote WMI access will be denied due to Remote UAC. Disabling Remote UAC is not recommended due to security reasons.
The account created should be a part of the Domain Admin account as the admin access is required to run the WMI Queries which are used to collect the data in the assessment.
Q: The (Windows agent) implementation seems to be .NET (see FxCop). What about the Linux agents? Mono?
A. The Linux agent does not appear to be implemented using Mono. The Linux agent statically links against various Linux system libraries like libpthread, libc, libm, librt, libstdc++, and libgcc, which are licensed under the GNU Lesser General Public License. This suggests that the Linux agent is likely implemented in C or C++ rather than using Mono/.NET.
Q: How do the agents communicate with the cloud service? We have an enterprise gateway with TLS interception for outgoing connections. Is this technically possible? Is certificate pinning used?
A. HTTPS or SSH (OS dependent) with TLS encryption (v1.2 minimum, v1.3 preferred). Certificate pinning is not used.
Q: What is the impact on the machine’s CPU/Memory usage?
A. It will be Minimal and monitored by the Watchdog service/process. The Cloudamize Linux Agent requires 3% of CPU and 5% of memory while running. The Cloudamize windows Machine Agent requires .2% of available CPU and 3% of memory while running.
Q: If a machine has multiple IP addresses, how does the Cloudamize agent know which IP to use?
A. We choose the numerically lowest private IP address of those returned by the query to display on the portal. So eg:, if one is 169.254.x.x and another is 169.254.x.x+1, we will display 169.254.x.x in the portal.
Q: Is there a specific port needed for linux machines to communicate with an ADC?
A. Yes, for each Linux endpoint that needs to communicate with the Cloudamize Agentless Data Collector (ADC), TCP port 22 needs to be opened inbound. This is required for the ADC to access the Linux servers over SSH.