Purpose of this Document

This Cloudmon Communication Matrix explains the communication flow, its technical significance, and the essential configurations required to maintain secure and uninterrupted monitoring.

Technical Importance of the Communication Matrix

1. Secured Communication

All critical interactions—such as between Controller, Probes, and Agents—utilize encrypted HTTPS (port 443) channels. This protects configuration data, credentials, and monitoring information from unauthorized access or interception.

2. No Inbound Exposure for Probes

Probes (both Linux and Windows) operate in outbound-only communication mode for reaching monitored devices. They do not require inbound ports to be exposed, significantly reducing the attack surface within secured networks.

3. Protocol-Specific Requirements

Different devices and services require protocol-specific access to enable comprehensive monitoring:

• SNMP (UDP/161) for network device monitoring

• SNMP Traps (UDP/162), Syslog (UDP/514), and NetFlow (UDP/2055) must be allowed from devices towards Probes

• SSH (22) or Telnet (23) is essential for network device configuration backups

• ICMP and application-specific TCP ports are required for availability and service monitoring

These ports and protocols must be permitted for accurate performance insights, fault detection, and security event collection.

4. Cloud and Virtualization Monitoring

vCenter, AWS, Azure, and Websites monitoring rely on HTTPS (443) communication.
Probes must be allowed to establish outbound HTTPS sessions to the respective platforms for inventory collection, health monitoring, and metric gathering.

Cloudmon Communication Flow – Reference Diagram

The diagram below illustrates the communication paths, protocols, and required ports between Cloudmon components (Controller, Probes, Agents) and monitored infrastructure, including network devices, servers, and cloud platforms.

Best Practices to Follow

To guarantee Cloudmon operates effectively, the following technical configurations should be reviewed and implemented:

✅ Firewall Rules

• Ensure outbound access is allowed from Probes to monitored targets over required ports (ICMP, TCP, SNMP, HTTPS, etc.).

• Block unnecessary inbound traffic to Probes and Agents where possible.

✅ Device Configurations

• SNMP devices should be configured to respond to queries from Probe IP addresses.

• Syslog, SNMP Traps, and NetFlow sources must be directed to the Probe IPs on designated ports.

• Network devices requiring configuration backup should allow SSH or Telnet access from Probes.

✅ Cloud API Permissions

• Probes connecting to AWS, Azure, or vCenter require valid API credentials and network access over HTTPS (443).

• Credentials and connectivity should be validated during setup.

✅ Controller-Probe Connectivity

• Controller must be reachable over HTTPS (443) by Probes and Agents.

• No inbound ports are required on Agents or Probes, simplifying deployment within secure environments.

Conclusion

The Cloudmon Communication Matrix is a foundational element to ensure comprehensive visibility, performance insights, and secure monitoring across your infrastructure.

Understanding and implementing the recommended configurations is essential for:
✔️ Seamless operations
✔️ Proactive issue detection
✔️ Maintaining the integrity and security of your monitoring environment

For further guidance or deployment consultations, please contact the Cloudmon Support Team.