Best practices¶

General recommendations¶

Only configure protocols that are supported for the devices you intend to discover.
Wherever possible, avoid configuring discoveries with large IP address ranges. Instead, configure smaller IP address ranges to keep the potential number of scanned devices manageable.
If you know the exact devices you want to discover and monitor within a specific discovery, use the list option to add the exact IP addresses.
Data Collector servers should be located in, or as geographically close as possible to, the data centers they are covering.
Ensure that NTP time synchronization is enabled on the machine running the Data Collector software. An incorrect clock can cause monitoring and API authentication issues.

Discovering Linux hosts¶

Please ensure the following programs are installed on your machines

dmidecode
ip
OpenSSH server
sudo
sed
awk

Ensure that hosts are allowing SSH connections from the Data Collector.

Create a dedicated user for the Data Collector to use, e.g., datacollector.

The Data Collector user will need to be able to run dmidecode to gather structured hardware information from the host. This command must be run as root using sudo. To allow the Data Collector user to run dmidecode, please add the configuration below to /etc/sudoers.d/datacollector

# Allow Data Collector to execute dmidecode without needing a password
datacollector ALL=(ALL) NOPASSWD: /usr/sbin/dmidecode

Consider using an automation tool such as Ansible if you have a large number of Linux hosts to configure.

Using SSH keys for discovery¶

If you plan to use a username and private key instead username and password for Data Collector authentication, generate the private key in RSA format.

ssh-keygen -m PEM -t rsa -b 4096

Note

Private keys used for discovery cannot be encrypted with a passphrase.