I'm not sure whether you can collect any metric by using active checks, which would implement the push-from-client mechanics.

However, I'd consider using distributed monitoring techniques for this scenario:

- Deploy a ZABBIX proxy in the client's subnet(s) (probably a small sized Virtual Machine with SQLite DB backend would be sufficient)
- You need a single firewall rule from ZABBIX server to ZABBIX proxy (maybe bi-directional)
- Configure the clients in ZABBIX to be monitored via proxy

If that's not an option, you could check out how far you'll get implementing active-only checks for clients.

Active checks work very well for this. I've done it for a number of our client's servers and for 2 clients I set it up to monitor all pcs as well.

I haven't installed it on any clients that block outgoing traffic though, but you could set the port value to port 80 in the zabbix_agentd.conf file and either port forward to your zabbix server (forward port 80 to port 1050) or set the zabbix server to accept on port 80 if it's connected (bit more complicated as you'll have to change the port for the web access then).

Generally you can just take a normal zabbit template (e.g. windows template) and change all the items to be active.

You will need a zabbix_agentd.conf file for each pc. The config file will need to include the following settinngs at a minimum:

Server=[server ip/hostname]
Hostname=[individual name for each pc you install onto]

The server ip/hostname of the zabbix server is your internet ip or hostname for your zabbix server (dyndns name can work too). Obviously you'll either need the zabbix server directly connected to internet or you'll need ports forwarded on your firewall.

Some tips when doing it this way:

* Don't set intervals too low. Low intervals means more internet traffic and more ports open at a time on your server side. I've experienced an overload on our firewall at the serverside after having over 10,000 incoming connections simultaneously.

For example, monitoring CPU usage on 1,000 pcs set to report back every 1 second is a very very bad idea

* Turn on autodiscover on your zabbix server to automatically add new active hosts. This will greatly reduce frustration when adding new pcs.

* Name your hostname for each pc something descriptive. e.g. [clientname].[pcname] so this might become myclient.reception.
This will also help when using autodiscover to link new pcs with groups.

What about security? I see that some other network monitoring packages (e.g. Pandora) have encryption designed in from the start, while it appears that Zabbix agents in situations such as the one being discussed would always conduct their communications in the clear.

At the moment there's no encryption between zabbix client and server.

You can read more in this post: http://www.zabbix.com/forum/showthre...hlight=encrypt

There are a couple of suggestions for it - 3rd party tools, ssh feature in 1.8 (very limited) or setting up of a VPN.

None of them are particularly great for what you're looking to do. Hopefully encryption will become an option in the near future.