There are two main options for deploying LeanSentry in your environment. The LeanSentry environment creation wizard will walk you through the available options, and the steps required for each option.
These options are both safe for a production environment, but offer slightly different benefits depending on your situations:
Install LeanSentry locally on each server you want to monitor.
Local deployment is fast, easy, and does not have any network/security requirements.
Install the LeanSentry Monitoring service on a single VM in your environment, and use it to monitor one or many production servers in your environment remotely.
Remote deployment is best for long-term production monitoring, because it offers the lowest monitoring overhead. It does however require slightly more preparation in order to correctly set up remote monitoring between the Monitoring service and your servers.
NOTE: Both options are fast to set up, are safe for production monitoring, and enable all LeanSentry features.
When should I chose Local or Remote deployment?
Chose Local monitoring when:
- You want to test LeanSentry quickly
- You only have 1 server and do not have a separate utility VM for the LeanSentry Monitoring service
- You are run low or medium traffic production servers
- You review the Remote monitoring option, but are unable to meet its requirements
Chose Remote monitoring when:
- You run a hosting server with 200+ websites
- You are deploying LeanSentry for long-term monitoring
- You run very high traffic production servers and would like to reduce monitoring overhead on them
- You have a separate non-production VM where you can run the LeanSentry Monitoring service
- You can meet the requirements for setting up remote monitoring
What are the requirements of Local and Remote deployment?
1. Install LeanSentry on each server to be monitored
1. Install LeanSentry on a separate VM in your environment
2. A domain service account, with Administrative privileges on both the Monitoring service and each server being monitored.
NOTE: If the servers are not on a domain, a local password-synced account with Administrative priviledges on both the Monitoring service and the servers being monitored.
Additionally, the UAC remote logon token filtering must be disabled.
3. Run a prepserver.bat batch file on each server being monitored to create firewall rules
4. Configure your network to allow communication between the Monitoring service and the servers being monitored. If the Monitoring service and the servers are on the same network, and no network firewall is present, this is sufficient. Otherwise, network firewall configuration changes may need to be made.
Remote monitoring requires the Monitoring service to have network connectivity to the following ports on each server:
RPC: 135, 139, 445
DCOM Dynamic Ports: 49152 - 65535
NOTE: LeanSentry provides an option for configuring a restricted port range for 6000-6200, but a reboot is required.
LeanSentry Agent: 48911-48915
For more information, please see the deployment wizard, or email us!