There are significant advantages and disadvantages with SNMP and WMI affecting operational functionality in specific ways. If you’re considering using one or the other with SAM, here’s what you should know:
WMI polling is a web-based data extraction method used to monitor functionality and administer data for devices and platforms running on the Windows built-in management interface. It allows remote access to user activity on a shared network through agents communicating via XML and HTTP. WMI polling gives authorized users insight into the workings of their network and the devices, applications, and software using it with greater flexibility and customization. Additionally, WMI polling directs managers to changes as they happen for real-time visibility and regulatory control.
WMI polling is straightforward. It’s built-in for Windows systems and automatically integrates settings with SAM templates for a more user-friendly experience, and includes real-time reboots for reliable and updated metrics. It has no impact on RAM or CPU compared with ping monitoring.
However, WMI polling does involve an average increase of 12 Kbps in general (only 4 Kbps more than SNMP). Overall, it doesn’t work well with latency, making it best suited to LANs instead of congested or long-distance WAN links, which may better serve SNMP monitoring. WMI requires more firewall ports, is inoperable across network address translation (NAT)-ed WAN connections, and can encounter disruptions due to Application Directory (AD) credential changes. A single password change can disrupt monitoring if you’re not careful. Also, WMI doesn’t offer topology monitoring.
Simple Network Management Protocol (SNMP) polling is known as an application-layer engine for monitoring hardware and software from a majority of vendor types, including Cisco, VMware, Microsoft, and more. Since the 1980s, SNMP has been a common and reliable method for monitoring network activity across long distances. By collecting Management Information Base (MIB) information from devices, SNMP polling facilitates automatic multi-user monitoring through a universal interface without constant manual upkeep. While SNMP is pre-installed in most devices, it’s often turned off by default. Once configured and activated, the latest SNMP version (SNMP v3) offers robust security measures to protect transmitted and stored data.
In terms of hardware energy and storage expenditure, SNMP polling is 2-6% more efficient than WMI polling. With SNMP, there’s generally better protection and security through limited firewall ports and no single point of failure for access. It uses CPU, RAM, and bandwidth efficiently, both on target and poller.
On the other hand, SNMP has a few limitations. Its substantial configurations must be set prior to use, and compatibility is restricted with older Windows OSes (like NT and 2000). Plus, changing an SNMP string requires enterprise-wide adjustments.