"off-box" really just means the collector and agent don't run on a SSIM software appliance. There are a couple reasons for this.

1. You can't install some of the collectors on the appliance, for example the Vista/2008 collector must be installed on a Windows machine. The Cisco ACS collector is installed right on the Cisco ACS box.
2. For performance reasons, you may also choose to have a collector off-box.  For example, we have chosen to move our firewall collector to a dedicated system.

Hi Utkarsh,

Generally following are the reaosns why we use OFFBOX approach:

1. If some application or servers are real critical for you to monitor but due to some reasons you are not able to install the agent & collector on the box, then you will use OFFBOX collection scenario.

2. OFFBOX collectors are remotely logs fetching Agent & collectors.

3. Due considering the performance issues.

4. High java utilization issue, if another java application is also running & imp.

5. Centralized Agent & collector managemt for bunch of servers which will reduce your efforts at some extent.

6. In case OnBox integration is not supported for the product.

Please look for the attached diagram for OFFBOX integration approach.

Sorry missed the attachement.