Q. What's the difference between iReasoning Agent Builder and SNMP API?
A. Agent Builder is a tool for SNMP agent development. SNMP API is for SNMP manager application development.
Q. How does iReasoning Agent Builder differentiate from other agent builder products?
A.
Here are just some of the advantages over our competitors.
- High performance agent
- The first Java SNMP product to support both DES and strong 128-bit AES encryption algorithms
- Conform to RFCs. Many competitors' do not really understand RFCs and have incorrect implementations
- Dramatically reduce the complexity of agent development. Most complex agent functionalities already built in
to base classes
- Support master and subagent architecture based on standard AgentX protocol
- Agent has small footprint, compared with other Java based SNMP agents
Q. What are the key features of Agent Builder?
A.
- The first Java SNMP product to support both DES and strong 128-bit AES encryption algorithms
- Complete SNMPv1,v2c and v3 (USM and VACM) support
- Complete SNMPv3 USM support, including HMAC-MD5, HMAC-SHA, CBC-DES,
CFB128-AES-128, CFB128-AES-192, CFB128-AES-256
algorithms
- Support for master/subagent architecture based on standard AgentX technology
- Support for building Windows Extension Agent
- Intuitive GUI tool for automatically generating java source code from MIBs
- Greatly reduces complexity of agent development.
Many tricky SNMP issues are hidden from developers.
- Many optimization techniques are employed to create high performance agents
- Conformance to SNMP RFCs
- Support for dynamic row creation and deletion
- Small-footprint agents
- IPv6 support
- Easy-to-understand configuration file format
- Re-configurable at run time
- Multihome Interfaces support
Q. Do SNMP security vulnerabilities reported by CERT affect
iReasoning Agent Builder?
A.
Q. Which versions of SNMP are supported by iReasoning SNMP Agent Builder?
A. iReasoning SNMP Agent Builder support SNMPv1, SNMPv2c and SNMPv3 ( USM and VACM ).
Q. How's the SNMPv3 support?
A. iReasoning SNMP Agent Builder fully supports SNMPv3, including the complete USM security model
(HMAC-MD5, HMAC-SHA, CBC-DES, CFB128-AES-128, CFB128-AES-192, CFB128-AES-256) and VACM. It has successfully passed a number of interoperability tests with
other SNMPv3 vendors and their SNMPv3 implementations. Now it is used as a de-facto reference SNMPv3
implementation for other implementers.
Q. Is agent compatible with JMX 1.2 spec?
A. Agent is compatible with JMX 1.0, 1.1, and 1.2 specs.
Q. Can I use other JMX implementations?
A. Yes. We currently use MX4J JMX implementation in Agent Builder. But it also works with other JMX
implementations such as SUN JMX reference implementation. To switch to other JMX implementation, you just need to place its jar
file before our snmpagent.jar in your classpath.
Q. Can SNMP agent run as a JMX adaptor?
A. iReasoning Agent architecture is based on JMX technology. Agent can run as a standalone application, an snmp agent service inside
an application, or a JMX adaptor.
Please refer to the example code at
examples/agent/mib2/AgentMX4J.java for details.
You can use web browser connecting to port 8000 to view the currently registered MBeans.
(for instance, if your AgentMX4J runs at localhost, use browser pointing to http://localhost:8000 )
Q. Can I stop/restart agent remotely?/ Can I change agent's port number at runtime?/ Can I change agent's logger's logging level at runtime?
A. Yes to all these questions. First, you need to start a server which makes MBeans remotely accessible.
One approach is to start an http adaptor such as HttpAdaptor (included in MX4J) or HtmlAdaptor (included in SUN's JMX RI),
so you can use a web browser to remotely manage agents.
Check out
AgentMX4J.java and
JMXAdaptor.java examples for details. Another approach is to start JRMP of MX4J
(startJRMPAdaptor method in AgentMX4J.java) ,
and you can use a client such as MC4J to monitor and control agent via RMI.
A screenshot of MC4J is shown below.
Q. What operating systems does iReasoning SNMP Agent Builder run on ?
A. iReasoning SNMP Agent Builder is written in Java, so it can run on any OS
which has JVM support.
Q. What is AgentX technology?
A. Agent eXtensibility (AgentX) is a standard protocol that overcomes a very real need to dynamically extend
the managed objects in a node. The protocol allows you having a single SNMP Agent and several Subagents that can
connect and register several managed objects without having to interrupt the management service.
AgentX is the first IETF standard-track specification for extensible SNMP agents and is expected to gradually
replace all the other open and proprietary agent extensibility solutions (such as SMUX, DPI etc.).
For details about the AgentX, please refer to RFC 2741.
Q. Are master/subagents interoperable with SMUX agents?
A.
No. Our master/subagent are based on AgentX, which is a newer technology and is not interoperable with SMUX.
Q. Are master or subagents interoperable with subagent or master agent from other vendors?
A.
Master or subagent built with agent builder should be able to interoperate with other AgentX based agents, no matter what language (C, Java, ...) they use.
Net-snmp's snmpd verion 5+ are reported to interoperate successfully with our master/subagents. (Note: net-snmp's snmpd is an snmp daemon written in C, available on
Windows and UNIX platforms)
Q. I understand that your agent is written in Java, so can it communicate with C/C++ or VB programs?
A.
Yes, it is independent of language or platform. It is interoperable with other SNMP managers as long as they conform
to SNMP protocol, or other master or subagents as long as they conform to AgentX protocol.
Q. Can a subagent connect to multiple master agents?
A.
Yes, you just need to create a new SubAgentSession for each master agent.
Q. Can multiple subagents run on one machine?
A.
Yes.
Q. How do I migrate code from version 2.x to 3.x?
A.
AgentX support is one of the major new features in 3.x. If you don't need AgentX support, no code change is required. If you plan to add
master or subagent support, just need to make Agent class extend SnmpAgentX instead of SnmpBaseAgent, and add a few lines
of code to the main method. Check master and subagent sample code for details.
There are some minor changes in SnmpConfig.xml file. If you need to dynamically update config file, you have to replace "trapd" with
"trapSink" and "snmpV3Trapd" with "snmpV3TrapSink".
Q. How do I migrate code from version 3.x to 4.0?
A.
Agent Builder 4.0 is compatible with 3.x. There's no need to change your existing code.
Q. What's the difference between master agent and proxy forwarder?
A.
An SNMP master agent can route parts of an SNMP request to multiple subagents. The subagents are completely hidden from the
SNMP manager. The manager only sees a single SNMP entity, the master agent. On the contrary, in a proxy forwarder application,
the manager needs to be aware of all the proxied agents. It needs to build a request targeted to a single specific
subagent, and it needs to include in the request some information that enables the proxy forwarder application to
determine which subagent is the targeted of the request.
Q. I don't want to see log message, can I disable Logger?
A.
Yes. Add one line of code like the following:
Logger.setLevel(Logger.NONE);
Q. Can I put config files in a directory other than "./config"?
A.
Yes. For instance, you want config files in "d:\config", just add one more java environment variable:
java -Dcom.ireasoning.configDir=d:\config ...
Q. I want to use agent config to persist more info. Can I add more entries to agent config file?
A.
Yes. You can add more entries to properties, trapSink and snmpV3TrapSink sections. New entries will be loaded and saved automatically. You
can use SnmpAgentConfig.getProperty and TrapSink.getProperty methods to retrieve those entries.
Q. When I ran an SNMP agent built with agent builder on Solaris, I got "BindException: Permission denied
", why?
A.
The default agent port number is 161. You need root privilege on UNIX to run agent on this port. Or you can modify port number in agent config file.
Q. Can I use log4j
for logging instead of your Logger?
A.
Yes, please refer to Logger javadoc for details and usage example.
Q. How can I integrate iReasoning SNMP agent with JBoss?
A.
Check out java code and jboss config file (jboss-service.xml) contained in jboss.zip.
Basically, a MBean is created and then registered during jboss startup. And SNMP agent is started in this MBean's start
method. snmpagent.jar needs to be included in the classpath of JBoss, for example, it can be put in the .../server/default/lib directory.
The MBeanServer object ("server") must be passed to Agent's constructor. Otherwise
a new MBeanServer will be created during agent startup and it will cause JBoss to behave differently.
Q. The passwords are
stored in plain text in the config file, this could pose a security risk if
someone were to casually open them up or break into a machine that was the
DMZ host and also running an agent. So how can I make passwords encrypted in config file?
A.
All the passwords and community names can be optionally encrypted. To do that, you need to set "encryptPasswordAndCommunity" to
"yes" in config file. Enter your desired unencrypted passwords and community names. When the agent starts, all those values will be encrypted
and saved to config file, so now all passwords and community names are secure in config file.
Q. Does your SNMP Agent Builder support IPv6?
A. Yes, if it's used with J2SDK/JRE 1.4. See "Networking IPv6 User Guide for J2SDK/JRE 1.4" for more information.
As of JVM 1.4.2, supported operating systems are Solaris (ver 8 and up) and Linux (kernel 2.1.2 and up).
Q. What is AES standard? And how does 128-bit AES encryption compare to DES?
A.
Excerpt from NIST (National Institute of Standards and Technology) website:
"The Advanced Encryption Standard (AES) is a new Federal Information Processing Standard (FIPS) Publication that will specify
a cryptographic algorithm for use by U.S. Government organizations to protect sensitive (unclassified) information. NIST
also anticipates that the AES will be widely used on a voluntary basis by organizations, institutions, and individuals
outside of the U.S. Government - and outside of the United States - in some cases.
The AES is being developed to replace DES, but NIST anticipates that Triple DES will remain an approved algorithm (for U.S. Government use) for the foreseeable future.
Single DES is being phased out of use, and is currently permitted in legacy systems, only.
Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old."
See "The AES Cipher Algorithm in the SNMP User-based Security Model" for more details on AES in SNMP.
Q. How can I store config settings in database?
A.
Config settings can be stored in XML file, database, or other datasources. You just need to create a sub class of
DefaultAgentConfig.java
and implement all the abstract methods.
We provide a reference implementation of storing config settings in dababase at
DbConfig.java. Config settings are stored in 8 tables:
properties, trapsink, snmpv3trapsink, proxy, trapproxy, user, v3group, view.
The column names are the same as the ones in the XML config file.
The data types of all those columns are varchar for simplicity considerations.
Q. I have a MIB table which can grow to thousands of rows so it can potentially use up all the memory. How can I handle it?
A.
For huge tables, it'd consume too much memory if all rows are stored in memory. Firstly, call
setProcessSnmpRequestDirectly(true) to make this table handle SNMP requests itself. Then this
table needs to implement getOID and getNextOID methods to tell base class the information about
the OID tree. No corresponding table entry objects is created for each row. Each getter method
in the table class fetches data from somewhere else and returns appropriate results.
Please refer to the example code at
examples/agent/mib2/AtTable.java.
Q. Do I have to write C/C++ code if I want to build a Windows Extension Agent?
A.
No. You only need to write Java code to implement a Java SNMP agent. The subagent.dll module delegates SNMP requests from
Windows SNMP service to your Java agent.
Q. Why sometimes java.lang.IllegalAccessError exception occurs if I put SNMP API and Agent Builder's jar files in the classpath?
A.
All the jar files have been obfuscated so conflicts may occur if they are all present in the classpath.
If you need both SNMP API and Agent Builder, we will send you a special edition that contains all the classes.
