How to achieve Windows Server SNMP v3 Security Compliance
Technology world keep changing, so do security compliance requirement. More and more enterprise customer required to migrated from existing SNMP v2 to SNMP v3 monitoring for server.
Since Windows doesn’t support SNMPv3 inherently (that is, you will encounter SNMP v3 agent issue matter);SNMP is actually being depreciated in Windows server 2012; you’ll need a 3rd party solution.
For the quick how to, following the rest of the topic to get it supported.
1. First, you need to decide which 3rd party solution to go about. Below listed three.
3rd Party Solutions:
- MG-SOFT – Commercial
- SNMP-Informant – Commercial
- Net-SNMP – Open Source
For the above two commercial 3rd party and one Open Source solutions, E-SPIN can supply if required, as part of the project bundled, or add on after post project basis (together with implementation, configuration, testing and commissioning), just let us know, we have our commercial team, follow with technical team to assist you.
Once the SNMP v3 agent portion is resolved.
Then you can configure your existing Network Management System (NMS) or System Management System (SMS) to support Windows Server SNMP v3 Monitoring.
Below is one of the example you can use for reference:
WhatsUp Gold (WUG) configuration how to.
Add SNMPv3 protocol credentials:
- From the main menu of the WhatsConnected console, select Configure > Protocol Settings/Credentials. The Protocol Settings/Credentials dialog appears.
- Click New.
- Select SNMPv3, then click OK. The protocol properties dialog appears.
- Enter a Name for the set of SNMPv3 credentials.
- Enter the Username that is configured for the SNMP agent. This username is included in every SNMP packet in the authentication header. An SNMP device, upon reception of a packet, uses this username to look for configured authentication and encryption parameters and applies them to the received message.
- Optionally, enter the Context needed to identify specific SNMP instances on your network.
- If required, select the Protocol used for Authentication. Additionally, enter thePassword used for authentication.
- If supported, select the Protocol used for Encryption. Additionally, enter the Password used for encryption.
- Increase or decrease the SNMP Timeout. This setting is dependent on the latency and load on your network devices. Longer timeouts can cause discovery to slow down. However, if the network is experiencing a lot of network traffic, a longer timeout is recommended. A default of 1000 milliseconds is recommended for small to medium size networks. Note: If you are discovering across a WAN link, allow for a longer timeout.
- Increase or decrease the SNMP Retry count. This setting is dependent on the latency and load on your network devices. More retries allow for SNMP failures or heavy network loads. However, more retries slow down the discovery process. One or two retries is recommended for small to medium size networks.
Then Done. Your Windows Server is right now running under SNMP v3 for the latest security compliance.