NMS: Enhanced Security, Better Defaults & Advanced Polling Settings
Coming Wednesday (July 16, 2025):
We are excited to announce powerful new enhancements to our NMS product, bringing more security and flexibility to your SNMP data collection. You now have access to stronger encryption for SNMPv3, better polling setting defaults and advanced controls to fine-tune polling behavior for every device in your network.
Enhanced SNMPv3 Security
Security is paramount, which is why we’ve added support for the following, more secure SNMPv3 protocols:
- Authentication Protocols: SHA-512 & SHA-128
- Privacy (Encryption) Protocol: AES-256
SHA (Secure Hash Algorithm) and AES (Advanced Encryption Standard) are both cryptographic algorithms, but they serve different purposes. SHA is a hashing algorithm used for creating a unique fingerprint of data, while AES is an encryption algorithm used to scramble data so it can only be read with a key.
This allows you to secure your network management traffic with the latest standards.
Important: Please note that these new security protocols are available for NMS data collection performed by the Universal Agent (UA). They do not apply to KProxy-based flow enrichment.
A Look Ahead: Our Unified Agent Strategy
The Universal Agent (UA) is the future of data collection at Kentik. Our long-term plan is to consolidate all SNMP and Streaming Telemetry collection into the Universal Agent, which will handle both NMS metric collection and flow enrichment. Features such as our topology maps, capacity planning, cost analysis, and traffic engineering are currently powered by our KProxy agent only, but will be served by Universal Agent’s NMS capability in the future. By focusing our development on the UA, we can deliver enhancements like these new security protocols more quickly and efficiently. It will also importantly resolve issues with double-polling currently caused by separate agents for flow enrichment and NMS collection.
Granular Control Over Polling
Now available when configuring NMS Monitoring Templates, Polling Options gives you gives you the flexibility to fine-tune polling behavior, balancing performance and speed of telemetry to your specific needs:
- Max OIDs per Request: Adjust the number of OIDs (Object Identifiers) the agent requests at one time. This applies to SNMP v2c and v3 only.
- Request Retries: Set how many times the agent will retry a failed request.
- Timeout: Define how long the agent will wait for a response before timing out.
- Parallel Requests: Control the number of simultaneous polling requests (workers) for a single device.
Sensible New Defaults
Based on extensive real-world testing, we’ve also updated the default polling configuration for both existing and newly added devices. Our new approach favors pulling more data in a single request while reducing the number of parallel requests. This has proven to be a more efficient method for the vast majority of network hardware.
Why We Made This Change
Every network is unique, and some devices can be more sensitive to polling than others. While our default settings are designed to work brilliantly for most hardware, these new controls give you the power to ease the polling impact on devices with limited resources or unique configurations. It’s all about providing a powerful, flexible monitoring solution that adapts to your environment.
We're Here to Help!
Not sure what settings are right for your devices? Our Product Support team is ready to assist you in optimizing your new polling configurations. Please don't hesitate to reach out for guidance.