/
Physical and Virtual Servers

Physical and Virtual Servers

Owned by Steve Baer (Unlicensed)
Last updated: Jan 30, 2025 by Dave Laing
12 min read

Q: What specific information does the Cloudamize agent collect?

A: The Cloudamize agent collects system and application-related performance and usage metrics such as CPU, memory, disk, network, and running applications.

 

Q: How does the Cloudamize agent connect to the Cloudamize server?

A: The Cloudamize agent sends data to the Cloudamize server over SSL (TCP port 443).

 

Q: Do I need to open a firewall to send data to the Cloudamize server?

A: Yes, the Cloudamize agents send data to Cloudamize servers over SSL (TCP port 443). You need to make sure that outbound SSL (TCP port 443) access is permitted from the Agent server to the chosen Cloudamize endpoint.

 

Q: What if my physical/virtual servers do not have direct access to the Internet?

A: If your physical/virtual servers have access to an internet proxy server, Cloudamize agents will still be able to relay data via the internet proxy to the Cloudamize servers. This is configured during installation.

 

Q: Is there a proxy available to forward data from the physical/virtual machines that are not directly accessible by Internet?

A: No, Cloudamize does not provide a proxy server to forward data from the physical machines that are not directly accessible by Internet, but this is a use-case for the Cloudamize Agentless Data Collector.

 

Q: Is the Cloudamize agent a standalone executable (i.e. libc) or does it need Java or another framework preinstalled?

A: For Linux server hosts and virtual machines, the Cloudamize agent is a standalone binary executable. For Windows servers and virtual machines, the Cloudamize agent requires .NET framework 3.5 or greater.

 

Q: What is the performance overhead of running agents on physical/virtual servers?

A: The Cloudamize agents are lightweight. Typically the agent uses less than 0.5% CPU utilization. Cloudamize Agents are Smart Agents: they run two processes. One is the data-collection agent and the other is the watchdog agent. Watchdog agent monitors the data-collection agent and makes sure the data-collection agent is behaving correctly. The watchdog agent monitors every system metric and caps the data-collection agent if it goes beyond expected consumption. If any of the metrics exceed the threshold, then the data-collection agent sleeps and waits until it can start collecting again. For example, typically, our agents take less than 0.5% CPU utilization. However, if CPU utilization goes higher than 2%, the data-collection agent sleeps and waits for the watchdog-agents to tell them when to start collection again.

 

Q: What is the data collection frequency?

A: Cloudamize agents collect data every 30 seconds and pushes it out to the Cloudamize servers every 5 minutes.

 

Q: Can agents be installed on virtual machines (VMs) without also collecting data from the hypervisor such as vCenter or the Hyper-V host machine?

A: Most performance metrics can be collected from the agent even when the agent is running on a VM and no data is being collected from the hypervisor. However, there can be some inaccuracy when estimating the CPU utilization. This inaccuracy can lead to an overestimate of the required computational needs, and can result in Cloudamize recommending a larger machine than necessary. However, this is only an issue when the physical server is under provisioned. In any case, memory and IO requirements are estimated correctly. To understand the issue, suppose that two VMs are running on a physical server that has a single CPU with a single one hardware thread. If both VMs are demanding the entire CPU, the hypervisor will allocate 50% of the compute time to each VM. However, from the perspective of a the VM and our agent on the VM, the CPU is 100% utilized. Since the agent sees the CPU 100% utilized, while the CPU is actually only 50% utilized, the Cloudamize agent will over estimate the computational requirements of the VMs. If this scenario occurs frequently, then it could lead to Cloudamize recommended a larger machine than is necessary. On the other hand, if CPU utilization data is collected from the hypervisor, then the actual CPU utilization is measured and an accurate estimate of compute requirements is made.

 

Q: How much bandwidth is used when the data is transported from Cloudamize agents?

A: Windows/Linux agents are approximately 5KB to 40KB per 10 minutes.

 

Q: Can I import the data rather than run an agent?

A. No, Cloudamize collects performance data from physical/virtual machines and uses that data to provide accurate cloud infrastructure sizing recommendations. Cloudamize provides a proprietary agent that can be installed for data collection and can be removed after the data collection period is completed. There is also an option to run an agentless data collector.

 

Q: What is the methodology in obtaining the ‘Software Installed’ on each node? Is the Cloudamize Agent or Agentless Data Collector looking for EXE files, running processes, or other methods?

A. The installed app list comes from the registry in Windows, basically, the list of apps that appear when you open add/remove programs. We use the rpm/deb database on Linux to list all packages installed on the system.

 

Q: Will Cloudamize continue using Admin to operate during assessment duration?

A. Yes, the Cloudamize Windows Agent will continue to use the SYSTEM account whenever it is running.

 

Q: Can a user provide a custom role for necessary permissions?

A. No, the Cloudamize Windows Agent will only use the SYSTEM account.

 

Q: Can all update, install and download functions be deactivated in the agents?

A. Agents do not automatically update, download, or install once installed. This must be triggered manually.

 

Q: How does the distribution of the agents work? Which accounts and rights are used?

A. Agent software is provided as-is, our guides can be used. Mass-installation is not supported by Cloudamize, but commonly done by scripting, SCCM, and similar methods.

 

Q: Will Cloudamize help to discover the MS SQL database and application mapping? (When I discover the database name, will I be able to get the Application details running on the database, for eg: Application Host Name, Application IP address)?

A. Yes, you can find details of what MS SQL data is collected by Cloudamize on our Knowledge base at https://support.cloudamize.com/kb/basic-and-advanced-ms-sql-collected-by-agent-based

 

Q: What is the minimum version on OpenSSL/TLS that is supported by the current Cloudamize agent?

A. Cloudamize supports TLS 1.2 and above versions, though 1.3 is preferred where available. TLS versions below 1.2 are not supported in order to keep data transmissions secure. The minimum required version of openSSL is 3.0.0 or higher.

 

Q: Does the watchdog restart the agents too or does it only kill the agents?

A. The watchdog will restart the Agent on a periodic basis if it determines the environment has enough resources for the Agent to run without interfering in normal operations.

 

Q: Would it be possible to download the actual agent installers prior (Windows and Linux) since our ops team wants to distribute the install packages early?

A. Installation of actual agents to collect data for an assessment requires a customer key that is only issued upon the opening of the console account. The software is available with a no-op key for the purposes of testing system impact and viewing captured data, covered in this article: Analyzing Data Collected by Agents

 

Q: Agentless data collector is limited to 500 hosts per subnet. How would you scale the data collector to deal with a larger subnet? Is it a vertical scale, or a horizontal scale?

A. We recommend increasing the number of Agentless Data Collectors as best practise. Each data collector can monitor up to 500 hosts by default, so for larger environments, it is highly recommended to deploy multiple data collectors across different machines. There is an option to expand the maximum number of hosts on a single ADC, however be aware that doing do without also scaling system resources may result in instability in the ADC.

 

Q: Can we schedule the data upload from data collector server to cloudamize SaaS server on any time which clients wish to schedule?

A. Cloudamize does not support a data upload schedule that the user can set up. ADC has its own schedule and sends data with best effort.

 

Q: Can we use Agent or Agentless in Nutanix environment?

A. For the Nutanix hypervisor environment, Cloudamize supports Agent and Agentless data collection methods. If the Nutanix hypervisor hides the CPU model for VMs where data is collected using Cloudamize Agent or ADC, the user will have to specify the CPU details manually.

 

Q: Can we change the Installation Drive for Agent?

A. No, the Agent relies on being installed in the default drive where Windows in installed as it sits in the Program Files (x86) directory and utilises several Windows features from the OS drive. The GUI installer will not prompt for an install location and the usual .msi options that would change the location are disabled.

 

Q: Is the traffic from the agent to the Central collector encrypted and how (if applicable)?

A. All data from the Agent to our cloudamize servers is encrypted using TLS 1.2 as a minimum (1.3 is preferred where available).

 

Q: What is the list of servers that must be reachable for the agents? am-de.cloudamize.commonly?

A. The list of servers that must be reachable from the Cloudamize agents to our servers depends on the chosen endpoint: am.cloudamize.com for the US endpoint, am-de.cloudamize.com for the EU endpoint, or am-ae.cloudamize.com for the UAE endpoint, all using TCP port 443, either directly or through a corporate proxy.

 

Q: When installing the Linux agent packages, does the install process use the os package installer and will there be additional dependencies (packages) installed?

A. The Install script requires wget to retrieve content and curl to test/verify access to our data collection servers, both of which come packaged with the installer. No additional packages are used beyond these.

 

Q: When deploying using agentless approach where Windows and linux servers are located in the same subnet, can we add a whole IP subnet / range containing both operating system types to "Add Windows Hosts" and exclude linux operating systems afterwards?

A. The subnet will have to be scanned twice, once for Windows and once for Linux. If the user adds a subnet using the “Add Windows Hosts” function, the ADC will attempt to connect to any servers it finds in that subnet with the provided credentials using WMI over RPC. Since Linux servers don’t use these protocols, they would not be added by this sweep of the subnet. Using “Add Linux Hosts” attempts the same thing but using SSH instead, so Linux hosts would be responsive to this. Assuming all servers on the subnet have a single login that has been enabled specifically for Cloudamize, another precaution that can be in this scenario is to use one login for Windows servers and another for Linux servers.

 

Q: The Linux install recommends installing via online shell script that dynamically downloads a compressed tarball. Are agent install binaries static/self-contained without external dependencies? Is a packaged installer available for all platforms without manually maintaining the installCloudamizeAgentV2.sh script and ccagent-v2.tgz tarball?

A. The linux agent does not use static linking for the C/C++ runtime, and that is one of the reasons we have minimum OS versions. We do use static link for some other libraries though (libpcap, static link openssl, and zlib). We do have a packaged installer available - cloudamize_agent.tgz.. It is used by extracting and running the install.sh script it contains. It is platform independent, but still has our minimum OS requirements (rhel 7 or later).

 

Q: How are the credentials protected when ADC is used for the data collection(encryption\obfuscation\hash)?

A. Passwords are encrypted, and no credentials are transmitted outside of the customer’s network.

 

Q: For Agentless Data collector, where will the credentials be stored which are used for systems discovery?

A. Credentials are stored in C:\Program Files (x86)\CloudamizeAgentlessDC\HostInfo.xml and HostInfoBackup.xml, only on the data collector VM with the passwords being encrypted. They are not transmitted to Cloudamize at any time.

 

Q: Agentless - Are there any domain-join requirements for the discovery server, or can it be standalone? When we have multiple domains, will remote discovery work to domain-joined Windows servers if the discovery server is off domain or on a different domain to the targets, and domain accounts are used to connect?

A. The Agentless Data Collector can collect from multiple domains with proper setup, though we usually recommend using one ADC per domain, hosted on a server within the domain, to simplify the process. For Windows servers, the ADC uses remote WMI over RPC so going cross-domain may require remote DCOM privileges be configured separately depending on the current setup; this may not be an issue though, so it may be the simplest to install, test and only deploy multiple ADCs if there are issues adding hosts to the one.

 

Q: Is there a way for Cloudamize to use SSH keys vs. passing credentials? when we use Duo MFA?

A. The Cloudamize Agentless Data Collector is not designed to use public keys, and only supports the username/password method for now. If the servers cannot support username/password authentication at all then data can still be collected from them using the Cloudamize Agent instead of the Agentless Data Collector.

 

Q: Does Agent support use of an aggregator proxy like a syslog server in between the On Prem server and Cloudamize server?

A. The Agent requires direct communication to Cloudamize endpoint servers, or communication via an http proxy. No other setup is currently supported.

 

Q. Can the agents be uninstalled without leaving any residue?

A. Yes, normal uninstallation procedures will normally suffice, plus removing any remaining Cloudamize install directory. System restart is almost never required for either installation or uninstallation of Cloudamize software.

 

Q: Are there functional differences in the implementation with agents or agentless?

A. Yes, due to the remote aspect of the agentless; Agentless requires additional firewall rules and additional permissions on both Windows and Linux (Eg:- on Windows a Domain Admin account is required and remote DCOM permissions may need to be enabled, on Linux an account that allows commands to be run remotely via SSH is required, usually set up via sudoers). However, results are almost entirely the same.

 

Q: If I have a server, let's take the case the server has a name (server 01) and an IP address, is moved during a discovery period with Cloudamize to another place and the server name stays the same (Server 01) but due to the replacement receives a new IP. How does Cloudamize handle such a situation. Is it a new server or does it simple continue with monitoring? with the Agent Based solution?

A. The server will be considered as a new server only if the UUID changes. Cloudamize will still consider it as the same if there is any change in the IP or hostname and can be updated later on from the backend.

 

Q: Does Cloudamize require Domain admin access user, or domain user added to local admins?

A. If a Domain Administrator account is not used but another account in the host Administrators group (a local account) is used, remote WMI access will be denied due to Remote UAC. Disabling Remote UAC is not recommended due to security reasons.

The account created should be a part of the Domain Admin account as the admin access is required to run the WMI Queries which are used to collect the data in the assessment.

 

Q: The Windows agent implementation seems to be .NET. What about the Linux agents? Mono?

A. The Linux agent is implemented using C++, and statically links against various Linux system libraries like libpthread, libc, libm, librt, libstdc++, and libgcc, which are licensed under the GNU Lesser General Public License.

 

Q: How do the agents communicate with the cloud service? We have an enterprise gateway with TLS interception for outgoing connections. Is this technically possible? Is certificate pinning used?

A. HTTPS or SSH (OS dependent) with TLS encryption (v1.2 minimum, v1.3 preferred). Certificate pinning is not used.

 

Q: What is the impact on the machine’s CPU/Memory usage?

A. It will be Minimal and monitored by the Watchdog service/process. The Cloudamize Linux Agent requires 3% of CPU and 5% of memory while running. The Cloudamize windows Machine Agent requires 2% of available CPU and 3% of memory while running.

 

Q: If a machine has multiple IP addresses, how does the Cloudamize agent know which IP to use?

A. We choose the numerically lowest private IP address of those returned by the query to display on the portal. So eg:, if one is 169.254.x.x and another is 169.254.x.x+1, we will display 169.254.x.x in the portal.

 

Q: Is there a specific port needed for linux machines to communicate with an ADC?

A. Yes, for each Linux endpoint that needs to communicate with the Cloudamize Agentless Data Collector (ADC), TCP port 22 needs to be opened inbound. This is required for the ADC to access the Linux servers over SSH.

 

Q: Does Cloudamize support IBM AS400 servers while scanning over ADC?

A. IBM servers are not supported for data collection with Cloudamize software.

 

Q: Is there an AIX version of the agent? If not, is it possible to leverage agentless monitoring to cover IBM workloads?

A. Cloudamize currently does not support IBM workloads for data collection, only Windows and Linux.

 

Q. How to avoid ADC processes on the servers are being picked up by Cybereason XDR?

A. The way to avoid this is to whitelist the Cloudamize processes using Cybereason’s whitelisting method.

 

Q. How does the distribution of the agents work? Which accounts and rights are used?

A. This is up to the customer. Agent software is provided as-is, customer can use our guides/KB articles for more information on the requirements for the setup. Mass-installation is not supported by Cloudamize, but commonly done by scripting, SCCM, etc.