Documentation forSolarWinds Platform Self-Hosted

SolarWinds Platform Agent requirements

This topic applies only to the following SolarWinds Platform products:

SolarWinds Observability Self-Hosted

DPAIMLANAMNPMSAMSCMSRMVMAN*

Agent software is free. Licensing occurs through your product and is usually based on the number of monitored elements.

  • Windows agents run as a service.
  • Linux/Unix agents run as a service daemon.

Before you deploy agents to a target computer, review the following system requirements.

System requirements

Type Windows Linux/Unix
Operating System
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022
  • Windows Server 2025
  • Windows 8.x
  • MS Windows 10
  • MS Windows 11

Only Pro, Enterprise, and Ultimate workstation
operating systems editions are supported.
  • Amazon Linux 2, 2023, 64-bit
  • CentOS 7.x, 8.x, and 9.x, 64-bit
  • IBM AIX 7.1, 7.2, and 7.3
  • Oracle Linux 6.x, 7.x, 8.x, 9.x, 64-bit
  • Red Hat Enterprise Linux 8.x, 9.x, and 10.x, 64-bit
  • SUSE Linux Enterprise Server 12.x–15.x, 64-bit
  • Ubuntu 16.x–24.x, 64-bit
  • Ubuntu 16.x, 32-bit

Linux distributions not listed above, such as Debian or Fedora, are not supported.

In a TLS 1.2 only environment, the target agent operating system must support TLS 1.2.

Starting with version 2025.4, TLS 1.3 is supported for server-initiated communication with Agents. However, to use TLS 1.3 for server-initiated communication, your operating system must support it (Windows Server 2022 build 22000 and later).

Starting with version 2026.2, TLS 1.3 is supported for agent-initiated communications.
Hard drive space Approximately 100 MB of hard drive space on the target computer.
Other software

The following software packages are installed by the agent installer if necessary:

  • Microsoft Visual C++ Redistributable packages for Visual Studio 2015, 2017, 2019, and 2022

  • Microsoft Visual C++ 2013 Redistributable Package for 64-bit - only installed and required by QoE Agent plugin (DPI probe) starting with 2024.4

.NET Framework support

  • .NET 4.8.

    .NET 4.0 and 4.5 are not supported.

For Linux, you may need to install the following manually:

  • Python

    Python 3 is deployed automatically to Linux agents. During upgrades, all Linux Agent plugins are migrated to Python 3.

  • The bash shell

For AIX:

  • You don't need to install Python manually. Required packages are distributed and deployed automatically with the agent plug-ins.
  • Bash or korn shell is required.
Security

The DigiCert Root Certificate Authority (CA) must be current. This is required because the agent software is signed using a DigiCert certificate. To install a certificate, see Certificates and the agent in the SolarWinds Platform.

After the agent is installed, it runs as a Local System account and does not require administrative permissions to function.

 After the agent is installed, it runs under dedicated swiagent account. Some actions require root access.

Account privileges

If you want to deploy agents from the SolarWinds Platform server, the following requirements must be met.

Windows

  • The account used for remote deployment must have access to the administrative share on the target computer: \\<hostname_or_ip>\admin$\temp.
  • User Account Control (UAC) must either be disabled on the target computer, or the built-in Administrator account must be used.
  • You may need to disable UAC remote restrictions.
  • Other remote or mass deployment methods do not have the same requirements.

Linux/Unix

To deploy a Linux/Unix agent via pull deployment, make sure that the following conditions are met:

  • SolarWinds Platform Web Console must be accessible from the target Linux computer.
  • Pull deployment uses wget, curl, or perl to download the installation files from the chosen polling engine.

Agent port requirements

The following ports need to be open both to deploy and to update SolarWinds Platform Agents:

Target computer

Port Protocol Service/
Process		 Direction Description Communication
method		 OS
22 TCP

sshd

Agent installer

Inbound

Used to install the agent on Linux/Unix computers through SSH and SFTP or SCP.

Either Linux/Unix
135
TCP

Agent installer

Inbound

(DCE/RPC Locator service) Microsoft EPMAP. This port must be open on the target computer for remote deployment.

WMI is only needed for deploying the agent to a Windows server with the Add Node or Add Agent wizard. If you do not want to open WMI ports required for software deployment, you can use another deployment method for the Agent.

WMI also uses any random TCP port greater than 1024. See WMI portocalypse on THWACK.

 Either Windows
445
TCP Agent installer

Inbound

Microsoft-DS SMB file sharing. This port must be open on the target computer (inbound) for remote deployment.

 Either Windows
17778
 TCP

SolarWinds Agent

Outbound

 Used continuously by the agent to communicate back to the SolarWinds Platform server. Also used to deploy the agent. Agent-initiated

All

17790

 TCP

SolarWinds Agent

Inbound

 Used to communicate with the SolarWinds Platform server. Server-initiated All
Dynamic UDP SolarWinds.ServiceHost.Process.exe Outbound SolarWinds Cortex utilizes two dynamic UDP listening ports from dynamic range (assigned by OS) for SNMP polling. One port is for IPv4 and the second one is for IPv6 (if enabled). Either Windows

SolarWinds Platform server

Port Protocol Service/
Process		 Direction Description Communication
method		 OS
22 TCP n/a

Outbound

Used to install the agent on Linux/Unix computers through SSH and SFTP or SCP.

Either Linux/Unix
17778
 TCP

Orion Module Engine

SolarWinds Agent

Inbound

 Used continuously by the agent to communicate back to the SolarWinds Platform server. Also used to deploy the agent. Agent-initiated

All

17790

 TCP

Orion Module Engine

SolarWinds Agent

Outbound

 Used to communicate with the SolarWinds Platform server. Server-initiated All

Local Agent ports

The following ports are required for local communication inside the server or agent. Do not open them in the firewall; they are used only by local services.

Windows

Port Protocol Direction Description
17775 TCP Inbound (on agents) RestAPI forwarder for Cortex
17798 TCP Inbound (on servers) Cortex Diagnostics API
Dynamic (49152 - 65535) TCP Inbound (on agents) A port from the range 49152 to 65535 is used for communication between the JobEngine and its workers.

Linux/AIX

Port Protocol Direction Description
Dynamic UDP Inbound (on agents)

Python scripts in the Agent installation directory use a port from the dynamic range for SNMP-based polling.

SolarWinds Platform Agent resource consumption

Agent resource consumption is variable and depends on what information is collected and how often the information is collected. This is the same as when the data is polled agentlessly, because in most cases, Agents use the same methods for collecting data as agentless polling.

Some Linux distributions, such as CentOS, log all cron jobs, including jobs that ensure the agent service is still up and responding. The log file can become large quickly. If your distribution logs all cron jobs, ensure that you use a tool such as logrotate to keep your log files to a manageable size.

Resource Consumption
CPU Under normal operating conditions, SolarWinds Platform Agent monitoring consumes less than 1% more resources than what would be consumed by monitoring the same node agentlessly.
Memory 10 - 100 MB, depending on the number and types of jobs.
Bandwidth

Roughly 20% (on average) of the bandwidth consumed by the WMI protocol for transmission of the same information.

For example, agents use approximately 1.3 kB/s versus WMI at 5.3 kB/s.

SolarWinds Platform Agent scalability

SolarWinds Platform Agents Scalability Engine Guidelines

Scalability options

You can deploy up to 1000 agents per polling engine.

  • The achievable SolarWinds Platform Agent scalability varies with actual usage and configuration.

  • Using Agent features, such as ADM, SCM, or NetPath, might change scalability limits. For details, see scalability details for individual features.

  • Combining Agents with SolarWinds Platform Remote Collectors reduces the total number of SolarWinds Platform Agents supported per polling engine. For each Collector you use, the Agent scalability is reduced by ten SolarWinds Platform Agents (1 Collector = 10 SolarWinds Platform Agents).

FIPS support

SolarWinds Platform Agents support FIPS.

To run FIPS-compliant SolarWinds Platform Agents, enable FIPS on the target computer. FIPS is configured both on the main polling engine and on the polled agent computer so all communication between them is FIPS-compliant.

Remote deployment in FIPS mode is disabled. To run SolarWinds Platform Agents in FIPS-compliant mode, deploy agents manually (Windows or Linux/Unix).

FAQs about agent requirements

What authentication method is used by the SolarWinds Platform Agent?

The SolarWinds Platform Agent uses RSA certificate-based authentication.

The agent retains the SolarWinds Platform server’s public certificate and uses it ti validate the server's identity. Each agent is provisioned with its own RSA certificate for regular operation. The server maintains each agent’s RSA certificate and uses it to verify agent identities.

As a result, RSA authentication must be enabled on SolarWinds Platform servers utilizing agent-based communication.

How is agent-based communication secured?

The SolarWinds Platform Agent secures its communication using TLS 1.2 or TLS 1.3 with FIPS-compliant cipher suites.

For agent-based communication to succeed, SolarWinds Platform servers must have at least one TLS cipher suite enabled that is also supported by the agent.

The following sections list the supported TLS 1.2 and TLS 1.3 cipher suites.

TLS 1.2 ciphers

For TLS 1.2, the communication can be securing using one of the following FIPS-compliant ciphers:

ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256)            Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384    TLSv1.2 Kx=ECDH     Au=RSA   Enc=AESGCM(256)            Mac=AEAD
DHE-RSA-AES256-GCM-SHA384      TLSv1.2 Kx=DH       Au=RSA   Enc=AESGCM(256)            Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128)            Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256    TLSv1.2 Kx=ECDH     Au=RSA   Enc=AESGCM(128)            Mac=AEAD
DHE-RSA-AES128-GCM-SHA256      TLSv1.2 Kx=DH       Au=RSA   Enc=AESGCM(128)            Mac=AEAD
ECDHE-ECDSA-AES256-SHA384      TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)               Mac=SHA384
ECDHE-RSA-AES256-SHA384        TLSv1.2 Kx=ECDH     Au=RSA   Enc=AES(256)               Mac=SHA384
DHE-RSA-AES256-SHA256          TLSv1.2 Kx=DH       Au=RSA   Enc=AES(256)               Mac=SHA256
ECDHE-ECDSA-AES128-SHA256      TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)               Mac=SHA256
ECDHE-RSA-AES128-SHA256        TLSv1.2 Kx=ECDH     Au=RSA   Enc=AES(128)               Mac=SHA256
DHE-RSA-AES128-SHA256          TLSv1.2 Kx=DH       Au=RSA   Enc=AES(128)               Mac=SHA256
ECDHE-ECDSA-AES256-SHA         TLSv1   Kx=ECDH     Au=ECDSA Enc=AES(256)               Mac=SHA1
ECDHE-RSA-AES256-SHA           TLSv1   Kx=ECDH     Au=RSA   Enc=AES(256)               Mac=SHA1
DHE-RSA-AES256-SHA             SSLv3   Kx=DH       Au=RSA   Enc=AES(256)               Mac=SHA1
ECDHE-ECDSA-AES128-SHA         TLSv1   Kx=ECDH     Au=ECDSA Enc=AES(128)               Mac=SHA1
ECDHE-RSA-AES128-SHA           TLSv1   Kx=ECDH     Au=RSA   Enc=AES(128)               Mac=SHA1
DHE-RSA-AES128-SHA             SSLv3   Kx=DH       Au=RSA   Enc=AES(128)               Mac=SHA1
AES256-GCM-SHA384              TLSv1.2 Kx=RSA      Au=RSA   Enc=AESGCM(256)            Mac=AEAD
AES128-GCM-SHA256              TLSv1.2 Kx=RSA      Au=RSA   Enc=AESGCM(128)            Mac=AEAD
AES256-SHA256                  TLSv1.2 Kx=RSA      Au=RSA   Enc=AES(256)               Mac=SHA256
AES128-SHA256                  TLSv1.2 Kx=RSA      Au=RSA   Enc=AES(128)               Mac=SHA256
AES256-SHA                     SSLv3   Kx=RSA      Au=RSA   Enc=AES(256)               Mac=SHA1
AES128-SHA                     SSLv3   Kx=RSA      Au=RSA   Enc=AES(128)               Mac=SHA1

TLS 1.3 ciphers

For TLS 1.3 following FIPS-compliant ciphers suites are available:

TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD
TLS_AES_128_GCM_SHA256         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(128)            Mac=AEAD

How do we ensure that only the SolarWinds Platform server can initiate communication to the SolarWinds Platform Agent?

The agent retains a copy of the public Orion certificate obtained during provisioning. Passive mode uses this to authenticate the server.