...
A: If your physical/virtual servers have access to an internet proxy server, Cloudamize agents will still be able to relay data via the internet proxy to the Cloudamize servers. This is configured during installation.
Q: Is there a proxy available to forward data from the physical/virtual machines that are not directly accessible by the Internet?
A: No, Cloudamize does not provide a proxy server to forward data from the physical machines that are not directly accessible by the Internet, but this is a use-case for the Cloudamize Agentless Data Collector.
...
A: For Linux server hosts and virtual machines, the Cloudamize agent is a standalone binary executable. For Windows servers and virtual machines, the Cloudamize agent requires a .NET framework of 3.5 or greater.
Q: What is the performance overhead of running agents on physical/virtual servers?
A: The Cloudamize agents are lightweight. Typically, the agent uses less than 0.5% CPU utilization. Cloudamize Agents are Smart Agents: they run two processes. One is the data-collection agent and collection agent, and the other is the watchdog agent. Watchdog agent monitors the data-collection agent and makes sure the data-collection agent is behaving correctly. The watchdog agent monitors every system metric and caps the data-collection agent if it goes beyond expected consumption. If any of the metrics exceed the threshold, then the data-collection agent sleeps and waits until it can start collecting again. For example, typically, our agents take less than 0.5% CPU utilization. However, if CPU utilization goes higher than 2%, the data-collection agent sleeps and waits for the watchdog - agents to tell them when to start collection again.
...
A: Cloudamize agents collect data every 30 seconds and pushes push it out to the Cloudamize servers every 5 minutes.
...
Q: Can agents be installed on virtual machines (VMs) without also collecting data from the hypervisor, such as vCenter or the Hyper-V host machine?
A: Most performance metrics can be collected from the agent even when the agent is running on a VM, and no data is being collected from the hypervisor. However, there can be some inaccuracy when estimating the CPU utilization. This inaccuracy can lead to an overestimate of the required computational needs, and can result in Cloudamize recommending a larger machine than necessary. However, this is only an issue when the physical server is under-provisioned. In any case, memory and IO requirements are estimated correctly. To understand the issue, suppose that two VMs are running on a physical server that has a single CPU with a single one hardware thread. If both VMs are demanding the entire CPU, the hypervisor will allocate 50% of the compute time to each VM. However, from the perspective of a the VM and our agent on the VM, the CPU is 100% utilized. Since the agent sees the CPU as 100% utilized, while the CPU is actually only 50% utilized, the Cloudamize agent will over estimate overestimate the computational requirements of the VMs. If this scenario occurs frequently, then it could lead to Cloudamize recommended recommending a larger machine than is necessary. On the other hand, if CPU utilization data is collected from the hypervisor, then the actual CPU utilization is measured, and an accurate estimate of compute requirements is made.
...
A. Agent software is provided as-is, our guides can be used. Mass-installation is not supported by Cloudamize , but is commonly done by scripting, SCCM, and similar methods.
Q: For ADC Where are credentials stored, Only on the data collector VM, or are they saved to Cloudamize in the console?
A. They are stored on C:\Program Files (x86)\CloudamizeAgentlessDC\HostInfo.xml or HostInfoBackup.xml, Only on the data collector VM. These credentials are not transmitted to Cloudamize in any form.
Q: Will Cloudamize help to discover the MS SQL database and application mapping? (When Will Cloudamize help to discover the MS SQL database and application mapping? (When I discover the database name, will I be able to get the Application details running on the database, for eg: Application Host Name, Application IP address)?
...
A. Cloudamize supports TLS 1.2 and above versions, though 1.3 is preferred where available. TLS versions below 1.2 are not supported in order to keep data transmissions secure. The minimum required version of openSSL OpenSSL is 3.0.0 or higher.
Q: Does the watchdog restart the agents too or does it only kill the agents?
...
Q: Agentless data collector is limited to 500 hosts per subnet. How would you scale the data collector to deal with a larger subnet? Is it a vertical scale , or a horizontal scale?
A. We recommend increasing the number of Agentless Data Collectors as best practisepractice. Each data collector can monitor up to 500 hosts by default, so for larger environments, it is highly recommended to deploy multiple data collectors across different machines. There is an option to expand the maximum number of hosts on a single ADC, however be aware that doing do without also scaling system resources may result in instability in the ADC.
...
Q: Can we schedule the data upload from the data collector server to cloudamize SaaS server on at any time which that clients wish to schedule?
A. Cloudamize does not support a data upload schedule that the user can set up. ADC has its own schedule and sends data with the best effort.
Q: Can we use Agent or Agentless in the Nutanix environment?
A. For the Nutanix hypervisor environment, Cloudamize supports Agent and Agentless data collection methods. If the Nutanix hypervisor hides the CPU model for VMs where data is collected using Cloudamize Agent or ADC, the user will have to specify the CPU details manually.
...
A. No, the Agent relies on being installed in the default drive where Windows in is installed as it sits in the Program Files (x86) directory and utilises utilizes several Windows features from the OS drive. The GUI installer will not prompt for an install location and the usual .msi options that would change the location are disabled.
...
A. The Install script requires wget to retrieve content and curl to test/verify access to our data collection servers at am.cloudamize.com for US infrastructure, am-de.cloudamize.com for EU infrastructure, or am-ae.cloudamize.com for UAE infrastructure over port 443, either directly or through a corporate proxy. wget and curl , both of which come packaged with the installer so it can still run if they aren’t installed. No additional packages are used beyond these.
Q: When deploying using an agentless approach “Servers (windows and linux) where Windows and Linux servers are located in the same subnet. Can , can we add a whole IP subnet/range containing every both operating systems system types to "Add Windows Hosts" and exclude linux Linux operating systems afterwards? when there are no separate IP ranges afterward?
A. The subnet will have to be scanned twice, once for Windows and once for Linux systems?A. If the user adds a subnet using the “Add Windows Hosts” function, the ADC will attempt to connect to any servers it finds in that subnet with the provided credentials using WMI over RPC. Since Linux servers don’t use these protocols, they would not be added by this sweep of the subnet. Using “Add Linux Hosts” attempts the same thing but using SSH instead, so Linux hosts would be responsive to this. Assuming all servers on the subnet have a single login that has been enabled specifically for Cloudamize, another precaution that can be in this scenario is to use one login for Windows servers and another for Linux servers.
...
Q: The Linux install recommends installing via an online shell script that dynamically downloads a compressed tarball. Are agent-install binaries static/self-contained without external dependencies? Is a packaged installer available for all platforms without manually maintaining the installCloudamizeAgentV2.sh script and ccagent-v2.tgz tarball?
A. The linux agent does not use static linking for the C/C++ runtime, and that is one of the reasons we have minimum OS versions. We do use static link links for some other libraries, though (they believe libpcap, and we also use static link openssl and zlib for the version of curl we ship, and zlib). We do have a packaged installer available - cloudamize_agent.tgz.. It is used by extracting and running the install.sh script it contains. It is platform-independent , but still has our minimum OS requirements (rhel 7 or later).
...
A. Passwords are encrypted, and no credentials are transmitted outside of the customer’s network.
Q: For Agentless Data collector, where will the credentials be stored which that are used for systems discovery?
A. Credentials will be are stored on in C:\Program Files (x86)\CloudamizeAgentlessDC\HostInfo.xml or and HostInfoBackup.xml , and only on the data collector VM with the passwords being encrypted. They are not transmitted to Cloudamize at any time.
Q: Agentless - Are there any domain-join requirements for the discovery server, or can it be standalone? When we have multiple domains, will remote discovery work to domain-joined Windows servers if the discovery server is off-domain or on a different domain to the targets, and domain accounts are used to connect?
...
A. The Cloudamize Agentless Data Collector is not designed to use public keys , and only supports the username/password method for now. If the servers cannot support username/password authentication at all then data can still be collected from them using the Cloudamize Agent instead of the Agentless Data Collector.
Q: Does Agent support the use of an aggregator proxy like a syslog Syslog server in between the On-Prem server and Cloudamize server?
...
A. Yes, normal uninstallation procedures will normally suffice, plus removing any remaining Cloudamize install directorydirectory. System restart is almost never required for either installation or uninstallation of Cloudamize software.
Q: Are there functional differences in the implementation with agents or agentless?
A. Yes, due to the remote aspect of the agentless; , Agentless requires additional firewall rules and additional permissions on both Windows and Linux (Eg:e.g.- on Windows, a Domain Admin account is required and remote DCOM permissions may need to be enabled, on Linux an account that allows commands to be run remotely via SSH is required, usually set up via sudoers). However, the results are almost entirely the same.
...
A. The server will be considered as a new server only if the UUID changes. Cloudamize will still consider it as the same if there is any change in the IP or hostname and can be updated later on from the backend.
Q: Does Cloudamize requires require a Domain admin access user , or a domain user added to local admins?
...
The account created should be a part of the Domain Admin account as the admin access is required to run the WMI Queries which are used to collect the data in the assessment.
Q: The ( Windows agent ) implementation seems to be .NET (see FxCop). What about the Linux agents? Mono?
A. The Linux agent does not appear to be implemented using Mono. The Linux agent is implemented using C++, and statically links against various Linux system libraries like libpthread, libc, libm, librt, libstdc++, and libgcc, which are licensed under the GNU Lesser General Public License. This suggests that the Linux agent is likely implemented in C or C++ rather than using Mono/.NETPublic License.
Q: How do the agents communicate with the cloud service? We have an enterprise gateway with TLS interception for outgoing connections. Is this technically possible? Is certificate pinning used?
...
A. It will be Minimal and monitored by the Watchdog service/process. The Cloudamize Linux Agent requires 3% of CPU and 5% of memory while running. The Cloudamize windows Machine Agent requires . 2% of available CPU and 3% of memory while running.
...
Q: Is there a specific port needed for linux Linux machines to communicate with an ADC?
...
A. Cloudamize currently does not support IBM workloads for data collection, only Windows and Linux.
Q. How to do we avoid ADC processes on the servers are being picked up by Cybereason XDR?
A. The way to avoid this is to whitelist the Cloudamize processes using Cybereason’s whitelisting method.
Q. What does the agent do with the TRACE_SOCKET command? Which network connections are monitored and for what purpose? What data is recorded?
A. Cloudamize doesn't support TRACE_SOCKET command anymore.
Q. How does the distribution of the agents work? Which accounts and rights are used?
A. This is up to the customer. Agent software is provided as-is, customer can use our guides/KB articles for more information on the requirements for the setup. Mass-installation is not supported by Cloudamize , but is commonly done by scripting, SCCM, etc.