Because you want to keep your servers as firewalled off as possible a solution if you want to use monitoting tools and whatnot is to deploy a Linux Desktop Machine into the same subnet as your server machines. What you could then do is deploy whatever monitoring software you want onto your remote desktop machine and it will be able to interrogate your servers because it is on the same subnet as them.