I work for an IT service provider - we support a range of Windows and Linux servers/PC's on our customer sites. I'm looking for a way to monitor basic stuff on these devices (e.g. disk space usage, CPU utilisation, uptime etc) and collect the data in a central interface.
I've looked at Zabbix and read up on Nagios. However, both seem to require that our customer's have a static external IP address, and that a particular port is opened on the customer's firewall to allow two way traffic. It isn't possible to do this for the majority of customers.
Is there a way to configure Zabbix or Nagios to send data from their Windows agents to our central server (with the relevant incoming port opened), without having the two way communication that would require a port opening on the customer's firewall? I tried out Pandora FMS and it was able to do this, but I didn't like the product overall. As far as I can tell, this would require the agents to be pre-configured with what data they should send, but I'm not 100% sure from reading the documentation.
Thanks in advance for any advice,
Matt
As a solution that would allow you to use any agent software you wanted you might consider using a VPN technology to initiate connections from the Customer's network to your monitoring network. Since the connection would be originating from behind the Customer's firewall no forwarded external port should be necessary. Likewise, since the Customer is initiating the connection no static IP address or dynamic DNS should be needed on the Customer end.
You could do something like this fairly easily and cheaply with OpenVPN. You could elect an individual host on each Customer's network to act as the monitoring VPN gateway and put a route in the Customer's edge router to send management traffic to that VPN gateway host.
At your head-end you could use firewall rules to limit the traffic coming in from the Customer sites to just your monitoring / management traffic (since your Customers could, potentially, start poking around your management network from their LAN). Using a stateful firewall like iptables would allow you to permit connections into the Customers' networks originating from inside the management network while denying incoming connection attempts to non-management-related hosts / ports that originate from inside the Customers' networks.
Assuming you addressed all your Customers LANs with different IP subnets (something I always did when I worked for a "managed services"-style company) you could do everything I'm describing here without any funny NAT games, etc.
options available to you with zabbix :
use active agents. native zabbix agents can run on most platforms, including linux and windows. in active mode, they connect to server on port 10051, ask for things to check and then send in any collected data. no connections from server to agents are made.
use zabbix proxy. in this case a dedicated purpose system would collect all data and transmit it to zabbix server. in the normal, active mode, only zabbix proxy connects to the zabbix server (again, on port 10051) - so there is no need to allow connections from all the zabbix agents, only from the proxy. additional benefit is the ability to monitor agent-less systems like switches, routers, printers and anything else.
starting with zabbix 1.8.3, you also have an option of zabbix server connecting to the zabbix proxy instead (still port 10051) if the opposite direction is not possible.
in your case active zabbix proxy would probably be the best choice given that it also preserves collected data locally if network connection to the zabbix server is down. proxy only runs on unix-like systems, so you probably have a couple of options - either installing the proxy on one of the existing linux machines, or setting up a dedicated one.
given that those are customers' systems, i would suggest going with a dedicated one. you could have a small, embedded system running zabbix proxies. you could hand them out to customers as monitoring appliances, they would only have to plug them in, allow outgoing connection to zabbix server from proxy on port 10051 - and that's it. no more configuration on the proxy end required.
Zabbix Agents have an active mode where they actively connect to the server to send data. It's not very well documented but it's worth a try. All the configuration is done on the agent config file. Here is a link to the relevant configuration options. You still have to have the hostname configured on zabbix server.
EDIT: Apparently it only works on linux agents :\
EDIT 2: Zabbix Proxy also seems like a good solution for your problem, if you can at least get a single machine running it inside the client's network.