Smart Network Management for the SMB

The Shortcut Guide ToThe Shortcut Guide Totmtm

Smart Network Management for the SMB

Chris HamptonNetwork Management Software

The Shortcut Guide to Smart Network Management for the SMB Chris Hampton

i

Introduction to Realtime Publishers by Don Jones, Series Editor For several years now, Realtime has produced dozens and dozens of high‐quality books that just happen to be delivered in electronic format—at no cost to you, the reader. We’ve made this unique publishing model work through the generous support and cooperation of our sponsors, who agree to bear each book’s production expenses for the benefit of our readers.

Although we’ve always offered our publications to you for free, don’t think for a moment that quality is anything less than our top priority. My job is to make sure that our books are as good as—and in most cases better than—any printed book that would cost you $40 or more. Our electronic publishing model offers several advantages over printed books: You receive chapters literally as fast as our authors produce them (hence the “realtime” aspect of our model), and we can update chapters to reflect the latest changes in technology.

I want to point out that our books are by no means paid advertisements or white papers. We’re an independent publishing company, and an important aspect of my job is to make sure that our authors are free to voice their expertise and opinions without reservation or restriction. We maintain complete editorial control of our publications, and I’m proud that we’ve produced so many quality books over the past years.

I want to extend an invitation to visit us at http://nexus.realtimepublishers.com, especially if you’ve received this publication from a friend or colleague. We have a wide variety of additional books on a range of topics, and you’re sure to find something that’s of interest to you—and it won’t cost you a thing. We hope you’ll continue to come to Realtime for your

far into the future. educational needs

enjoy. Until then,

Don Jones

http://nexus.realtimepublishers.com/


ii

Introduction to Realtime Publishers .................................................................................................................

Chapter 1: The Power of Intelligent Network Management through Discovery and Mapping ....

i

...................................................................................................................................................................................... 1

Why Do SMBs Need Network Management? ........................................................................................... 2

Ne twork Discovery ............................................................................................................................................. 4

Types of Discovery ......................................................................................................................................... 5

Power of Scheduled Network Discovery .............................................................................................. 7

Ne twork Mapping ................................................................................................................................................ 8

Creating Topology Maps .............................................................................................................................. 9

Power of Auto‐Created Mapping .............................................................................................................. 9

Relationship Mapping and Layer 2 Visibility ................................................................................... 10

Building Device Inventories .................................................................................................................... 12

Se arching the Network ................................................................................................................................... 13

Layer 2 Traces ............................................................................................................................................... 14

IP and MAC Address Filtering ................................................................................................................ 15

Do cumentation, Documentation ................................................................................................................ 15

Automating Network Discovery ............................................................................................................ 16

Publishing Discovery Maps ..................................................................................................................... 16

Asset and Device Inventory Tracking ................................................................................................. 17

Smart Network Management Empowers an SMB .............................................................................. 18

Ch apter 2: The Importance of Proactive Monitoring and Alerting .................................................. 20

Stop Fighting Fires ........................................................................................................................................... 21

Network Monitoring ........................................................................................................................................ 22

Sy stems Monitoring ......................................................................................................................................... 25

Resource Monitoring .................................................................................................................................. 27

Process Monitoring ..................................................................................................................................... 27

Hardware Monitoring ................................................................................................................................ 27


iii

File System Monitoring ............................................................................................................................. 28

Virtual Machine Monitoring .................................................................................................................... 28

Ap plication Monitoring .................................................................................................................................. 29

IP Services Monitors ................................................................................................................................... 30

Microsoft Exchange Monitors ................................................................................................................. 31

SQL Database Performance Monitors ................................................................................................. 31

Synthetic Transactions .............................................................................................................................. 32

Ale rting ................................................................................................................................................................. 32

Flexible Alerting ........................................................................................................................................... 33

Notification Policies .................................................................................................................................... 33

Re porting ............................................................................................................................................................. 34

Top‐10 Reports ............................................................................................................................................. 34

Report Subscriptions ................................................................................................................................. 35

Dynamic Workspaces ................................................................................................................................. 36

Security Information and Event Monitoring ......................................................................................... 36

Self Monitoring .................................................................................................................................................. 37

Sophisticated Monitoring Changes the Game ....................................................................................... 37

Ch apter 3: The Key to Smart Configuration and Change Management ......................................... 38

Simplify Your SMB’s Network Configuration Management ........................................................... 39

Co nfiguration Management .......................................................................................................................... 40

Centralization of Passwords and Authentication .......................................................................... 42

Centralization of Device Configuration Backups ........................................................................... 43

Secure Configuration and Change Management ............................................................................ 43

De vice Management ........................................................................................................................................ 45

Compare and Contrast Device Configurations ................................................................................ 45

Rapid Recovery of Device Configurations ......................................................................................... 47

Logging of Device Configuration Changes......................................................................................... 47


iv

Notification of Device Configuration Changes ................................................................................ 48

Sc

heduled Tasks and Script Execution .................................................................................................... 49

Automating the Management of Device Configurations ............................................................. 49

The Power of Script Execution ............................................................................................................... 50

Make the Move to Smart Configuration and Change Management ............................................. 51

Ch apter 4: Four Must‐Have Features for a Smart Network Management Solution.................. 52

Ge t Answers When You Need Them ......................................................................................................... 53

Real‐Time Troubleshooting—System and Device ........................................................................ 53

Real‐Time Troubleshooting—Applications ..................................................................................... 55

Fin ally realize the value of log data .......................................................................................................... 56

Sy stem Event Log Management............................................................................................................. 57

Collecting Log Files ................................................................................................................................ 57

Analyzing Log Files ................................................................................................................................ 58

Real‐Time Monitoring of Log Files .................................................................................................. 59

Se rver Virtualization Creates a New Problem ..................................................................................... 60

Virtual Infrastructure Monitoring and Management ................................................................... 61

Th e Network Is Always Open ...................................................................................................................... 63

Network Traffic Monitoring and Management ............................................................................... 64

SMBs Need Smart Network Management .............................................................................................. 65


v

Copyright Statement © 2010 Realtime Publishers. All rights reserved. This site contains materials that have been created, developed, or commissioned by, and published with the permission of, Realtime Publishers (the “Materials”) and this site and any such Materials are protected by international copyright and trademark laws.

THE MATERIALS ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. The Materials are subject to change without notice and do not represent a commitment on the part of Realtime Publishers its web site sponsors. In no event shall Realtime Publishers or its web site sponsors be held liable for technical or editorial errors or omissions contained in the Materials, including without limitation, for any direct, indirect, incidental, special, exemplary or consequential damages whatsoever resulting from the use of any information contained in the Materials.

The Materials (including but not limited to the text, images, audio, and/or video) may not be copied, reproduced, republished, uploaded, posted, transmitted, or distributed in any way, in whole or in part, except that one copy may be downloaded for your personal, non-commercial use on a single computer. In connection with such use, you may not modify or obscure any copyright or other proprietary notice.

The Materials may contain trademarks, services marks and logos that are the property of third parties. You are not permitted to use these trademarks, services marks or logos without prior written consent of such third parties.

Realtime Publishers and the Realtime Publishers logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners.

If you have any questions about these terms, or if you would like information about licensing materials from Realtime Publishers, please contact us via e-mail at [email protected].

mailto:[email protected]


1

[Editor’s Note: This book was downloaded from Realtime Nexus—The Digital Library for IT Professionals. All leading technology books from Realtime Publishers can be found at ttp://nexus.realtimepublishers.comh .]

Chapter 1: The Power of Intelligent Network Management through Discovery and Mapping

You are the owner of a new upandcoming small business. After a long weekend of mapping out the final touches of your new marketing campaign, you enter the office with a sense of completion. You ask yourself, “What could possibly go wrong?” Before taking your first sip of coffee, you receive an urgent email from your marketing director stating that the company’s new Web site is not responding. You promptly head over to IT and find your senior network administrator franticly rebuilding the configuration on the network load balancer—it seems the new network admin applied the wrong patch and did not save the configuration during Friday’s upgrade.

It is later in the afternoon, and your Web site is up and running again. However, it is too late, the damage has been done. The new ad campaign ran, despite your marketing director’s attempts to pull it from today’s broadcast. Your receptionist tells you that she has been receiving a number of calls from customers complaining about the availability of the advertised Internet coupons. These same customers voiced concern over the reliability of your products—based on their experience accessing your Web site.

What went wrong and how can small and midsized businesses (SMBs) avoid these same pitfalls? Network management, and more specifically smart network management, can be the deciding factor. Through the selection and implementation of a smart network management solution, SMBs can gain the needed insight into network performance to proactively monitor the devices and systems within the network to avoid scenarios like the earlier example. Over the next four chapters, we will review the underlying features and enefits that a smart network management solution can provide. b



2

Why Do SMBs Need Network Management? In today’s economy, large corporations are demanding more from their investment in information technology, and SMBs are no different. As an SMB owner, you have to keep an eye on the bottom line while ensuring you are providing key innovations that set your business apart from the competition. Often, information technology becomes that distinctive innovation, and your business’ ability to efficiently manage and utilize a given technology can mean the difference between gaining market share and becoming yesterday’s news.

Network management allows an SMB to efficiently control and monitor the network, which is the very foundation of the business’ information technology. Stop for a moment and think about the importance of the network in relation to your business; email, order processing, Internet access, and critical communications with customers and partners represent the heart of your business operations. In fact, it is difficult to imagine your business operating without the use of technology tools such as these.

Your network is made up of a diverse set of technologies: devices such as routers and switches, server infrastructure systems such as Windows and Linux hosts, and critical business applications such as messaging and database applications. All of these technologies provide some level of management at the individual component level, but the real empowerment comes from the centralization of network management and broad visibility into each technology. A business that understands how to manage these technologies and how to provide optimal performance across all devices, systems, and applications has moved from simple network management to smart network management.

Consider the scenario presented at the beginning of this chapter; if this same business had previously implemented a smart network management solution, the unresponsive Web site could have been proactively detected. In addition, the failed upgrade of the network load balancer would have been quickly recovered by restoring the last known good configuration from a central device configuration backup.

What are the consequences of ignoring the need for a network management solution? The cost to an SMB is visible across many levels of the business from loss of sales and corporate or product image decline to loss of customers and an increased cost of supporting the network due to reactive troubleshooting. Take a look at how this network downtime affected a number of SMBs that were surveyed in 2007.

The data represented in Figure 1.1 was collected from a 2007 survey, sponsored by The Strategy Group, that included 173 SMB respondents from the Ziff Davis Enterprise database. The survey highlights the consequences of network downtime to an SMB. .After reviewing the data in Figure 1.1, the surprising conclusion is the large effect of downtime to loss of customers and decline in corporate image compared with the financial loss experienced. This shows the importance of minimizing downtime, as the effect to the business can be very broad.


3

0%

20%

40%

60%

80%

100%

Proactive Approach Reactive Approach

% of IT Budget spent Maintaining Networkbased on type of Monitoring Approach

3.6%

69%

47%

Negative Consequences of Network Downtime

(173 SMBs surveyed)

Average Financial Loss (Annual Revenue)

Decline in Corporate Image

Source: Ziff Davis survey

Figure 1.1: SMB survey data regarding n ent.

The survey data also indicates that those SMBs that take a proactive approach to network monitoring versus a reactive approach see a significant reduction in IT spending. If you take a step back and look at this data from the perspective of an SMB owner, the picture becomes clear: With rising costs and ever‐shrinking budgets, your revenue margin is becoming very thin. As an SMB owner, you have to minimize the exposure a network

etwork managem

outage can cause to your business while keeping your IT budget under control.

The second portion of the survey indicated the cost benefit to a business of implementing a proactive monitoring approach. Together, this data clearly indicates the importance of minimizing network downtime, and the cost benefit of utilizing a smarter proactive solution for the management of all network‐related devices and systems. The question is, What does a smart network management solution look like and how does it work? At a high level, a network management solution should provide a set of key features and benefits:

• Complete visibility—Before a business can manage the network, you first have to understand what devices, systems, and applications are on your network. Intelligent discovery and mapping is key to having the required visibility into your network.

• Sophisticated monitoring—To truly provide a proactive response to network issues, you need a solution that offers both active and passive monitoring. Simple ping test and Simple Network Management Protocol (SNMP) polling are fine for availability and fault management, but preemptive alerting of network device changes takes network monitoring to the next level.

• Integrated configuration and change management—Your network has many devices each with its own configuration files and passwords. A network management solution should provide the ability to centralize the management of these configurations and automate required changes.


4

• Real‐time troubleshooting, trending, and traffic analysis—This is where the smart in smart network management really pays off. By providing a solution that enables the business to proactively detect and resolve network‐related issues, user interruption and critical business loss will decrease dramatically. Add to this the capability of historical trending of system and application performance, and you have a powerful network management solution.

Together, these four high‐level features form the foundation of a smart network anagement solution, as Figure 1.2 shows. m

Complete Visibility Sophisticated Monitoring

Figure 1.2: Foundation of a smart network management solution.

Let’s break down each of these key features by starting with a detailed look at what is behind the desire to have complete visibility of the network.

Smart Network Management

Real‐time Troubleshooting, Trending,

and Flow Analysis

Integrated Configuration and Change Management

Network Discovery Before any monitoring, configuration management, or troubleshooting of the network can occur, you must have knowledge of the devices and systems that reside on your network. The importance of having complete visibility into the network cannot be stressed enough. No matter how good the network management solution, if you do not know the device or system exists, you cannot manage it. When looking at network management solutions, the first feature you should focus on is network discovery.

Note Often overlooked are the prerequisites to a successful network discovery process. These include enabling key protocols such as SNMP and standardizing on the SNMP credentials across all network devices (including read community strings for SNMPv1 or SNMPv2 devices and SNMPv3 device usernames and passwords). Smart network management solutions incorporate a credentials library, which allows for centralized management of SNMP credentials across all devices.


5

Types of Discovery The power of a smart network management solution lies in its ability to utilize multiple types of discovery methods. Basic network discovery begins at Layer 2 and Layer 3 of the OSI model—devices at these layers are responsible for providing reliable transit of data across physical links and routing of packets across the network.

Network management solutions must incorporate IP discovery protocols such as:

• Internet Control Message Protocol (ICMP)—This discovery protocol tests the IP address’ active state and responsiveness.

• Address Resolution Protocol (ARP)—This low‐level request and answer protocol is used at the Media Access level.

• SNMP—This protocol allows discovery of detailed device information from each SNMP‐enabled device.

Smart network management solutions should also incorporate advanced methods of discovery such as

• Link Layer Discovery Protocol (LLDP)—This vendor‐neutral protocol is used by network devices for advertising their identity.

• Proprietary vendor protocols such as Cisco Discovery Protocol (CDP) or Microsoft’s Link Layer Topology Discovery (LLTD) Note The use of vendor protocols such as Cisco CDP and Microsoft LLTD provide a richer set of Management Information Database (MIB) attributes for the specific device. These advanced vendor‐specific discovery protocols should be used in place of a general LLDP discovery if possible.

These advanced methods of discovery interrogate the device’s MIB files and gather extensive information that helps build a complete picture of the network. Network vendors provide management information base (MIB) files with each of their hardware devices. A MIB is a type of database used for managing devices in a communications network. It comprises a collection of objects in a (virtual) database that can be used to manage entities (such as routers and switches) in a network.

One example of the use of these advanced methods is the ARP Cache discovery method. This discovery method is highly recommended due to the ability to utilize SNMP information from multiple network devices—it also incorporates the use of proprietary discovery protocols like those discussed earlier.


6

One remaining element of many SMB networks that cannot be overlooked is the virtual machine layer. Virtualization is one of the hottest technologies in the industry and many SMBs are taking advantage of this technology to dramatically reduce the number of physical servers in the data center. Market Research firms such as IDC and the Gartner are predicting rapid adoption of virtualization in the SMB space over the next few years. In a Gartner report from October 2009, Gartner analyst Tom Bittman stated “that SMB adoption of virtualization will drive growth in the virtualization space for the foreseeable future, resulting in more than 50 percent of workloads running on virtual machines by 2012.” As more businesses port their server architecture to a virtual infrastructure, it becomes critical to have visibility into the virtual machine layer.

Smart network management solutions incorporate discovery at the virtual machine layer using protocols such as VMware’s Virtual Infrastructure Management (VIM) or VMware’s vSphere API structure. By utilizing SNMP v3 or SSH credentials, a secure connection can be made from the Network Management System (NMS) to the base ESX hypervisor and discovery can occur at all critical layers within the virtual infrastructure: base hosts, virtual switches, virtual appliances, virtual machines, and guest operating systems (OSs) as Figure 1.3 shows.

Figure 1.3: VMware (VIM) di

scovery.


7

The individual protocols and discovery methods discussed thus far are powerful in their own right. Team these with the ability to build a complete network picture through relationship mapping of each device, and you have yourself one very powerful network discovery solution. What is relationship mapping? Think of a discovery solution that can incorporate Layer 3 device and application mapping with detailed Layer 2 port‐level relationship mapping. Now add to this the ability to gain visibility all the way down to the individual port level connectivity of each router, switch, and server interface on your network and you will begin to see the power behind this type of solution.

Power of Scheduled Network Discovery If you think of network discovery as a one‐time task that is undertaken when building out a network management solution, you are missing the boat. The real power in the use of network discovery tools comes in the ability to incorporate these tools on an ongoing basis. By scheduling a reoccurring network discovery, you will maintain a living picture of your network environment.

Your network is in constant motion: new devices and systems are added, existing systems are moved from one subnet to another, live migrations of virtual machines occur more regularly and older or obsolete devices are removed from the network. You need a way to keep track of these changes and ensure your monitoring is as accurate as possible. Tracking these changes is the goal of a scheduled network discovery.

When a new device comes on the network—let’s say through a vendor demo or proof of concept project—you will immediately be aware of the device and have the ability to map the connectivity, establish monitoring, and manage the device. Equally important is the ability to know when a device or virtual machine is removed from the network. To ensure updated monitoring, and to maintain an accurate overview of the network status, device additions and removals must be captured.

Network discovery encompasses a wide variety of technologies and methods. When evaluating network management solutions, ensure that network discovery tops your list of important features. A rich set of discovery tools will give you peace of mind in knowing that you have a complete picture of your environment, and will bring you one step closer to achieving complete visibility of your network (see Figure 1.4).


8

Figure 1.4: Smart network management solutions offer a rich set of discovery tools to accurately identify, map, and represent your network—devices, interdependencies,

and locations.

Network Mapping When Google released Google Maps in 2005, they provided a rich mapping tool that could be used to quickly locate business and residential addresses at the click of a search button. Just like those old paper maps we all have in our glove compartments, Google Maps helped us understand a specific location in relation to a larger geographical context. Google Maps provided us with a wealth of information about our chosen location: hours of operation, points of interest, and local phone numbers, to name a few. Most importantly, a detailed

t from point A to point B. route to our location was provided showing us how to ge


9

Think of your network as a vast land of locations—let’s call these devices. When it comes to network management, you need a tool much like Google Maps that can provide a location‐based context for your devices. You also need quick access to each device’s discovered information, such as type, manufacturer, model, CPU, memory, and so on. Finally, you need to understand how each device is connected in order to develop a complete context for your network. In network management, we call this process network mapping; it is critical to understanding your network.

Creating Topology Maps When looking for a network management solution, SMBs must focus on those tools that provide the ability to create detailed network topology maps. Network administrators are being asked to do more with less in today’s economy; with so many resources vying for their attention, they need tools that provide a comprehensive view of the network with minimal effort to create. Smart network management solutions incorporate the ability to port the data, from the discovery tools and methods discussed earlier in this chapter, into a detailed hierarchical map of the network.

Remember, within our discovery data we captured full addressing information for each device and system as well as the connectivity between each device at the subnet, virtual LAN (VLAN), and port level. This rich data set when ported into the network mapping tool becomes a detailed network map containing a complete and accurate representation of the live network and application environment.

Once the topology maps are created, they become a central point for visibility into the network. These maps also allow the network administrator to dynamically drill down into specific subnets and VLANs for additional management. Network mapping tools should also provide the ability to drag and drop discovered devices within the map in order to update device positions or create additional relationship mappings. Gaining visibility into the network by using a visual representation, such as a topology map, allows the network administrator to quickly see what is happening and how each device and system is inter‐related. This ability reduces the amount of time needed to troubleshoot issues and helps the network administrator become more proactive.

Power of Auto‐Created Mapping As great as network topology maps are, if it takes a lot of effort to create these maps, the value is diminished over time because the maps will age and the data will become irrelevant. That’s where auto‐creation comes in. Smart network management solutions must have the ability to integrate the captured network discovery data into the mapping process with little effort. By utilizing a topology mapping tool, within the network management solution, the discovered network data can easily be exported into other network management tools or documentation applications. This enables the network administrator to auto‐create topology maps and detailed hierarchical views in a short amount of time.


10

Earlier, the power behind scheduled network discovery was discussed; this process becomes even more powerful when combined with the auto‐creation mapping feature. With this powerful combination, network administrators can keep critical network maps updated and truly rely on them for accurate visibility into the network.

Adding to these processes, smart network management solutions provide the ability to intelligently match the discovered devices with a prebuilt library of role‐based templates such as routers, switches, Web servers, and email servers. Role‐based templates provide an accurate and less time‐consuming method for developing a network topology map of your environment, allowing critical monitoring to be up and operational in a much shorter timeframe. Finally, support for porting of the detailed auto‐created Layer 2 topology maps directly into the integrated monitoring software allows for rapid deployment. With all of this, the network administrator has more than a detailed, accurate network topology map with dynamic drill‐down capabilities; the administrator also gains a real‐time visual troubleshooting tool that provides full monitoring and alerting of all discovered devices and systems within a single pane of glass.

At this point, full addressing and connectivity discovery data has been captured and auto‐creation tools have been utilized to produce a detailed network topology map. However, you may be wondering, “Where is the smart in the smart network management solution?” The real intelligence in these network management solutions lies within the deep integration between features. Chapter 2 of this guide will explore the breadth of network monitoring, but you can already begin to see how the integration of discovery and mapping build a foundation for an intelligent network monitoring solution.

Relationship Mapping and Layer 2 Visibility Relationship mapping was discussed earlier in the chapter, but let’s take a closer look at this process and focus in on the key benefits. Think back to the Google Maps analogy—when we need to travel from point A to point B, we need to understand the route to follow. Within network management, relationship mapping is the tool that provides route information between devices and systems. With the ability of a smart network management solution to provide visibility at Layer 2 down to the individual port level,

etailed connectivity routing. intelligent network topology maps can be created with d


11

The immediate benefit of this ability is visibility into the connectivity and routes between devices and systems. When a device or system reports a network error, the network administrator can step beyond individual device troubleshooting and look at the issue in the context of the entire network (see Figure 1.5). In our introductory example of the SMB business owner and his troubled ad campaign, had the business acquired a network management solution that incorporated relationship mapping and Layer 2 port discovery, the day may have gone much differently: Before the SMB business owner arrives in the office Monday morning, the senior network administrator would have been notified that the Web servers were not responding to an HTTP get request for the new ad campaign Web page. The administrator could have opened the real‐time topology map and saw the failed load balancer appliance interface, including the visual route between the Web servers and the load balancer’s virtual IP address. Proactive steps could have been taken to correct the load balancer’s configuration and reestablish network communication to the Web servers all before Monday morning.

Figure 1.5: Smart network management solutions also offer a highlevel view of errors and problems, so you can quickly ascertain the overall impact of a failure.


12

Building Device Inventories Often overshadowed by other features such as monitoring and alerting, device inventory management is a key feature when looking for a network management solution. The goal of a device inventory management system is to have a complete, up‐to‐date, and accurate view of all network devices, including routers, switches, hubs, systems, printers, and software. At minimum, a device inventory management system should provide basic device class information and capture what is installed on the device through a Layer 3 discovery process. Taken a step further by utilizing a rich data set captured during additional Layer 2 discovery processes, device inventories become an integral part of the overall network management solution.

Without a network management solution, building and maintaining an inventory and asset database is a daunting task involving complicated login scripting, additional vendor software to install and maintain, and more time away from other tasks for your network administrator. Through the integrations of the device inventory management system into the overall network management solution and fully automating the capture, categorization, and reporting of all network assets, the task becomes much easier.

Smart network management solutions capture a wealth of information from every device and system on the network during the discovery process. To do so, they use SNMP queries of the device‐specific MIBs and advanced discovery methods such as Link Layer Topology Discovery (LLTP). In addition, the ability to use intelligent matching against a pre‐built library of vendor‐specific device templates and attributes enhances the inventory management system. The following list highlights key device categories to look for in a network management solution:

• ireless access points Networking devices including routers, switches, hubs, and w

• Server OSs including Windows, Macintosh, Linux, and Unix

• Virtualization infrastructures including VMware vSphere 4, Microsoft Hyper‐V, and Citrix XenServer

• ction copiers, and plotters Printers including network printers, multifun

• IP phones including Cisco, Nortel, and Avaya

• Power/UPS including APC, Belkin, and Liebert Once a device or system is categorized, additional attributes are captured and tracked. When used in conjunction with scheduled network discovery, an automated, complete, and ccurate inventory of each device and system on the network can be easily maintained. a


13

Searching the Network The usability of a network management solution is just as important as the powerful discovery tools or advanced monitoring options. Let’s face it, if you have a system that can capture detailed device information including vendor‐specific attributes and can track connectivity for every device down to the port level but you cannot easily interface with or use this data, then what is the point? Smart network management solutions must provide an intuitive interface and dynamic tools to interact with the captured data (see Figure 1.6).

Figure 1.6: Look for a smart network management solution that will enable you to

document and publish your network topology views to external applications, such as e use. Microsoft Vision, for futur


14

One key point to focus on is the ability to search the network; the network management solution must have the ability to reach into the network and quickly find specific device information and report back using an intelligent interface. Among the many search features, it is important to have wild card search capabilities for device configurations, inventory categories, and device‐specific attributes. This feature simplifies the process of finding devices or systems quickly, especially in network environments that are constantly changing. Two additional search‐based tools are Layer 2 traces and IP/MAC filtering. These tools provide key insight into device connectivity and addressing that can be used by network administrators during troubleshooting.

To see how these tools work in the real world, the following section offers a short troubleshooting scenario that uses the Layer 2 trace. Additionally, the IP and MAC filtering tool is highlighted for it’s ability to resolve IP addressing issues.

Layer 2 Traces Network administrators often need immediate route information between network devices when troubleshooting connectivity issues. Having a tool that provides a visual reporting of the network data path is critical. Layer 2 traces allow the administrator to input a source and destination device, by IP address or hostname, and the tool will actively trace the network path. A visual representation of the network path is displayed showing each device, IP address, and interface name along the path.

By using a Layer 2 trace, the network administrator can easily build a complete picture of the current network connectivity between devices and see in a single view the status of each point in the connection path. Figure 1.7 shows a simple network configuration between two server devices. Without a Layer 2 trace, it would be hard to see that the communication issue was a failed port on the workgroup switch on the destination LAN.

Figure 1.7: Basic network d

iagram.


15

Table 1.1 shows the output from a Layer 2 trace clearly indicating the failed switch port. This capability to quickly see the status across all connectivity points is very powerful.

Device IP Address Interface Name Status Server A 192.168.2.100 e1 Up WGSW1 192.168.2.1 e10 Up WGSW1 192.168.2.1 e2 Up Router1 192.168.2.254 s0 Up Router1 192.168.3.254 s1 Up WGSW2 192.168.3.1 e2 Up WGSW2 192.168.3.1 e8 Down Server B 192.168.3.120 e1 Down

Table 1.1: Layer 2 trace report.

IP and MAC Address Filtering Another key search tool to assist the network administrator is IP and MAC filtering. Often, within network environments, the assignment of IP addressing is not carefully managed. This may be caused by inefficient practices or shared management of large IP address ranges. This problem manifests itself in the form of duplicate IP address assignments, thus causing network conflicts as multiple devices are responding on the same IP address.

Network management solutions that incorporate an IP and MAC address filtering tool allow the administrator to query the discovered network devices and list each device that has reported associations with the specified IP address or MAC address. The returned data should include the device name, IP address, and interface name. In addition, the filter can list those devices that are currently linked to the IP or MAC address. This ability allows the administrator to quickly narrow in on rogue IP addresses and resolve network conflicts. Search tools such as Layer 2 tracing and IP address filtering enhance the network management solution, giving the administrator additional troubleshooting capabilities.

Documentation, Documentation Documentation conjures up negative thoughts in the minds of most network administrators. Memories come rushing back of late nights in a cold data center tracing cables and logging port numbers. Those of us that have spent time working in large IT organizations understand the importance of documenting the network. Networks are becoming more and more complex, involving multiple layers of devices and systems. Having up‐to‐date and accurate documentation for the entire network—from edge network devices such as routers, firewalls, and gateway appliances to core server network devices such as layer 3 and layer 2 switches, and finally the systems themselves and their associated applications—is critical. Add to this the complexity of virtual infrastructures including their own switching, systems, and applications, and the importance of having good documentation becomes even clearer.


16

If documenting the network is so important, why do many organizations fail to produce or refresh their network documentation? The problem is that documentation is usually an afterthought in many organizations; most network administrators do not have the time to capture all the required device information, network connectivity, and relationship mapping to properly document their network. Within today’s SMB network environments, there is no less complexity and the need for documentation of the network is just as relevant.

Smart network management solutions can solve this problem by addressing two core issues: discovery of network devices and documentation of the network. Let’s take a look at how a network management solution solves these issues.

Automating Network Discovery This chapter discusses the features and benefits of automated discovery of network devices. The ability to discover Layer 3 and Layer 2 devices and systems on the network has been highlighted. Also, the ability to provide a complete picture of the network by using relationship mapping and Layer 2 port‐level connectivity discovery is detailed. Finally, we explored the power behind a scheduled network discovery process through which, on a regular basis, the captured network device data can be updated to account for device adds and removals. When looking at these features again from a documentation perspective, you can see how the same automated discovery process and collected data that is easily ported into detailed network topology maps can benefit the documentation process. The key here for network administrators is that smart network management solutions automate this entire process and simplify the collection of the required network information to complete their documentation initiatives.

Publishing Discovery Maps With the ability to automatically discover a wide variety of network devices, classify these devices, and port the discovery data into highly detailed topology maps, there is only one step remaining for completing documentation. Network management solutions that incorporate the ability to automatically generate network maps or custom map views and publish these maps into popular documentation tools, such as Microsoft Visio, help achieve that final step for network administrators.

The added benefit of running scheduled discovery allows administrators to easily refresh their network documentation. They also gain insight into the impact, if any, that design hanges or device additions had on the network. c


17

Asset and Device Inventory Tracking Another important area of documentation revolves around asset and device inventory tracking. Many businesses are under a mandate to keep close records of their computing and network resources for accounting purposes, such as depreciation tracking. As with general network documentation, the process of gathering asset information is very labor intensive if not automated. Network management solutions that provide the ability to automate the collection of asset information and then export the collected device inventory information gathered adds significant value. Through support for export to either CSV or Excel formats (see Figure 1.8), the inventory data can be easily imported into other inventory‐tracking systems. By integrating the scheduled discovery process into the asset and inventory management tracking, inventory databases will be kept current and accurate.

Figure 1.8: With smart network management solutions, you can collect and export network asset information in CSV or Excel formats to seamless integrate with other

ms. inventory‐tracking syste


18

Just as important as data collection is the data itself. If the network management solution only provides very basic information, the inventory tracking system will be limited in value. Smart network management solutions must incorporate platform identification and vendor‐based classification. These two methods within the discovery process provide the rich set of device‐specific data that a good inventory management system needs. When looking for a network management solution, make certain that the inventory discovery capability provides platform identification and classification for devices across the following areas:

• Vendors including Cisco/Linksys, Foundry, HP, Nortel, 3COM, Extreme, Netgear, Dell, SMC, VMware, and Alcatel

• Device types including routers, core switches, distribution switches, firewalls and servers

• k interfaces Hardware specifications including model, CPU, memory, and networ

• applications, and service packs Software information including OSs,

• Network including ports and VLANS

Smart Network Management Empowers an SMB This first chapter outlines the value that a smart network management solution provides to an SMB through intelligent network discovery and mapping. This chapter introduces the first foundational feature, complete visibility, and highlights that through the use of key features such as Layer 2 port‐level discovery and virtual infrastructure discovery you can build a complete picture of the network. In addition, this chapter discusses detailed

discovered information. topology mapping and asset inventories that capture the


19

Chapter 2 covers the second foundational feature, sophisticated monitoring. In this chapter, we go into detail about the importance of proactive monitoring and alerting, provide insight into the most desired monitoring technologies, and review the useful reports to look for in a network management solution.

Chapter 3 continues the conversation by discussing the third foundational feature, integrated configuration and change management. Here, we cover the benefit of centralizing device configuration and password management. Chapter 3 also takes a look at the ability to compare device configurations and recover from failed device configurations.

Chapter 4 concludes the discussion by focusing on the final foundational feature, realtime troubleshooting, trending, and network traffic analysis. This is where the smart in smart network management really pays off. By providing a solution that enables the business to proactively detect and resolve network‐related issues, you will dramatically reduce user interruption and critical business loss. With the addition of historical trending of system

etwork management solution. and application performance, you will have a powerful n


20

Chapter 2: The Importance of Proactive Monitoring and Alerting

I have spent a good portion of my career as a consultant working with businesses both large and small. One consistent problem I have seen is the inability of network administrators to focus and dedicate the necessary time to the project at hand. The projects are fully funded and backed by the correct stakeholders, yet the designated administrators are missing in action for a large portion of the project.

As I worked alongside these administrators on projects, I began to understand the core problem. Many spend the majority of their day jumping from support call to support call. They are constantly interrupted by having to chase down system‐ or network‐related issues. These minor interruptions cause delays and often the entire project is put on hold to address a major IT crisis. The issues commonly begin as a small blip on the network radar, but as they go unnoticed, that small blip grows into a major outage.

The cost to the business for these delays can be critical to the project timeline and achieving planned milestones. The cost to the administrator is manifested in frustration that they cannot focus on key project tasks and they find themselves missing opportunities for knowledge transfer and training during the project.

The fault is not with the administrator for a lack of skills or knowledge; the problem is the network itself and how minor issues are reported. In network environments that lack an intelligent network management solution, key server metrics and network device alerts never leave the confines of the individual system or device. This means the administrator has no visibility into the issue.

In such an environment, the administrator is required to log in to each system or device, review event logs, and manually monitor each system metric. Multiply this process times 10 or 20 systems, and the time to undertake such tasks is impractical. With pressure from the company to do more with less, administrators fall back into a pattern of break‐fix administration. This is due to a lack of time to properly monitor the network.

In Chapter 1, the importance of complete visibility was outlined—speaking to overall awareness of every system and device on the network. Although awareness is important, without the ability to reach into each device and monitor key metrics and alerts, the administrator is still left in the dark with regard to specific issues.

What’s needed is a network management solution that closely watches individual systems and devices looking for minor threshold changes or event entries that indicate a potential problem. The individual changes and entries are then pooled together, prioritized, and reported to the administrator in a central console. This functionality is referred to as sophisticated monitoring.


21

Stop Fighting Fires How are the network administrators within your SMB spending their days? Do they find themselves pulled in multiple directions attempting to respond to the most recent pressing issue? Have you been forced to delay important internal projects because your IT staff does not have the time to dedicate to new initiatives? Are you tired of constantly working in a reactive mode and being interrupt driven?

Unfortunately, this is how a large number of SMBs operate. With limited time and budgets, along with an increasing number of IT projects, SMB’s demand more from their network administrators. If there was a “wonder product” out there to give back control of their day to the network administrator, the product name would include the word proactive.

In Chapter 1, survey data from a 2007 study by the Strategy Group of 173 SMBs was reviewed. Almost half of the SMBs surveyed (46 percent) had a reactive approach to network monitoring and problem solving. It is interesting to note that companies with a more proactive or strategic approach spend a smaller percentage of their budget just keeping things running (60 to 65 percent) compared with those with a reactive or chaotic approach (75 to 80 percent). SMBs need a network management solution that allows them to become more proactive in support of their network.

Proactive management of the network also requires a change in mindset. For the business, this requires a structural change in the way IT approaches network monitoring. Within most SMBs today, the network administrators often wear many hats—they are required to cover tasks ranging from hooking up a new printer to deploying a company‐wide messaging system. In this busy environment, the administrator does not have the time to spend establishing a planned monitoring, alerting, and reporting system.

The network management solution needs to align with this model by providing a number of time‐saving features such as single pane of glass alerting across all devices, automated monitor creation based on discovered devices, and built‐in tracking and reporting of performance trend data. Figure 2.1 presents the concept of a single pane of glass for all notifications, alerts, and acknowledgements within a network management system.


22

Figure 2.1: Consolidated notifications, alerts, and acknowledgements.

Network Monitoring To make the transition from a reactive approach to more proactive network monitoring, the network management solution you implement must provide the ability to gain immediate insight into the health, status, and performance of every device on the network. With today’s complex networks, not every device has the same priority; from high‐profile messaging systems to low‐priority test labs, your network requires specific levels of monitoring. High‐profile systems and devices have a high level of visibility and any downtime is unacceptable, while the lower‐priority lab devices are important but can tolerate more downtime.

In addition to the level of monitoring required, the systems and devices on your network require different monitoring technologies and speak different languages. The routers and switches need to speak Simple Network Management Protocol (SNMP) while the Windows‐based hosts require Windows Management Instrumentation (WMI) interrogation; Unix and Linux systems will require communication via SSH protocol.

What Is WMI? WMI is the underlying protocol for publishing management and operations data on Windows‐based operating systems (OSs) and applications. WMI is a specific set of extensions to the Windows Driver Model that provides an OS interface through which instrumented components provide information and notification.


23

The network management solution selected should incorporate multiple types of monitors that give the administrator the flexibility to select the right monitoring level for the right device at the right time. The monitors also must support a broad set of network technologies allowing visibility into all systems and devices.

The following list highlights the specific types of network monitors to look for:

• Active monitors have the ability to communicate with, track, and alert you in real time when devices or systems are down.

• Passive monitors “listen” for external signals such as SNMP traps or log messages, allowing network issues to be identified and altered.

• Performance monitors track the health of the network devices and systems over time, and are crucial to proactive troubleshooting and planning.

• Custom monitors can be configured to track individual performance metrics for network devices and systems as required.

• Threshold monitors alert you when minimum or maximum values have been reached on a specific device or system.

• Active script performance monitors support additional customization through JScript and VBScript.

To better understand how these network monitors can be used within a proactive network monitoring solution, it helps to see them in action. Figure 2.2 highlights a high‐profile application server; this server is very important to the operation of the business and any un‐alerted interruption or downtime would be costly.

Figure 2.2: Proactive network

monitors.


24

The SMB in this example has employed three network monitors for a critical application server. Individually, each of these network monitors provides important feedback into the health of the application server:

• Active monitor (ping test)—A simple ping test can confirm basic network connectivity with the host system.

• Threshold monitor (C drive free space)—A threshold monitor provides polling of the free drive space on the system partition.

• Passive monitor (application event errors)—A passive monitor listens for specific application log event errors, indicating an issue with the application.

Although each of these individual monitors provides key metric data with regard to the application, the power is in grouping these individual monitors to create a proactive monitoring set. To highlight the benefits of grouping monitors, first think about what type of overall system status profile can be attained by using each monitor separately.

If only one of these monitors were employed, for example the active monitor ping test, a false positive monitoring profile would be generated for the application server. The ping test would be successful, and the flagged application event error would go unnoticed within the network management console.

Together these three network monitors can provide a full picture of the profile status for the critical application server. Use of a well‐planned grouping of individual monitors provides a complete proactive monitoring solution for the application server.

Additional extensibility of network monitoring really comes into play when active script monitors are incorporated with traditional monitoring. These powerful monitors allow the introduction of specific customized checks of a device or system that can provide deeper visibility into the status of the device.

Active script monitors allow the use of custom code written in a variety of scripting languages such as JScript or VBScript. In the following example, a script excerpt shows a database being opened and the number of rows being checked. If the SELECT statement

ailable. returns more than 0 rows, the database is considered av


25

objConnection.ConnectionString = "Driver={SQL Server};" & _ "Server=SQLSERVER;" & _ "Database=DBName;" & _ "uid=username ;"&_ "pwd=password;" objConnection.Open objRecordset.CursorLocation = adUseClient objRecordset.Open "SELECT * FROM TableName" , objConnection 'adOpenStatic, adLockOptimistic If objRecordset.recordcount < 1 Then 'Set the result code of the check (0=Success, 1=Error) Context.SetResult 1, "Error" Context.LogMessage "Checking Address=" & Context.GetProperty("Address")

As powerful as these network monitors are, they still fall short of providing the SMB the ability to understand the ebb and flow of the network. SMBs in today’s economy are under pressure to cut expenses—IT budgets are being tightened and CIOs and directors within SMBs are having a difficult time justifying additional purchases. Many business owners are demanding detailed capacity and forecasting reports, requiring detailed return on investment (ROI) information before IT budget dollars are spent.

Network monitoring alone cannot provide the required information for these types of reports. What is needed is a network management solution that offers an integrated systems monitoring capability.

Systems Monitoring Chapter 1 discussed the importance of network discovery. The ability to know when a new device or system comes onto the network is important. Although important, discovery of the device is really just the beginning—smart network management solutions extend the discovery process by including the ability to establish automated monitoring of each device’s Layer 2 connectivity. Beyond this functionality, smart network management solutions ensure the health and performance of each system is tracked through its life ycle. c


26

What Is Layer 2? Layer 2 refers to the data link layer of the commonly‐referenced multilayered communication model, Open Systems Interconnection (OSI). The data link layer is concerned with moving data across the physical links in the network. In a network, the switch is the device that redirects data messages at the layer 2 level, using the Media Access Control (MAC) address for each device to determine where to direct the message. Layer 2 monitoring and management within a network management system focuses on the basic connectivity of each device to the network.

Systems monitoring extends beyond the initial discovery process and Layer 2 connectivity monitors to provide full life cycle management of the system. Think for a moment about the cycle a new system follows within your network environment (see Figure 2.3).

Test and Development

Production Release

and Support

Upgrades and Maintenance

System Refresh and Migration

Decommission and Retire

Figure 2.3: System life cycle.

As a system moves from development into production, its monitoring requirements change. The priority of the system is elevated, calling for additional system‐level monitoring to ensure performance is maintained. As new upgrades are applied or maintenance patches are released, the monitoring profile must be adjusted and key metrics need to be tracked to validate the upgrade benefits. Trending data becomes important as the system ages to determine system refresh intervals and to contrast performance after a migration to new a platform. Once a system is prepared for decommissioning, active

d. monitoring must be removed and alert priorities adjuste


27

At each stage of the life cycle, systems monitoring utilizes key features that provide the required level of monitoring for the specific system. In addition to the monitoring requirements for an individual system’s life cycle, the systems management solution also needs to address the different types of systems within the network. From demanding database systems spanning clustered server nodes to virtual hypervisors hosting numerous virtual machines, the challenges of monitoring a diverse systems environment are many. SMBs need a holistic systems monitoring option that includes resource monitoring, process monitoring, hardware monitoring, file system monitoring, and virtual machine monitoring. In today’s SMB environment, many technologies that were once only attainable at the large corporate level are now making their way into the SMB network. One example of this progression is server virtualization. With the huge cost advantage of consolidation through virtualization, many SMBs are introducing this technology into the data center.

Resource Monitoring Utilizing application layer protocols like WMI and SNMP among others, the basic systems monitoring capability is extended into the Windows or Linux OSs allowing availability monitoring of system and application services. Additionally, performance monitoring of CPU, memory and disk statistics can help to identify under or over utilized systems, easing capacity planning initiatives.

A prime example of the power of implementing a resource monitor is the use of SNMP to reference the management information base (MIB) of a router to monitor the port link status for a critical Internet‐facing port.

How Does SNMP Monitoring Work? SNMP does not define which information or variables are available from a network device. Rather, SNMP uses an extensible design that allows the reading or setting of a variable as defined within the MIB for the specific device. SNMP is the protocol used to access the information on the device.

Process Monitoring Further insight into system availability can be tracked by monitoring the individual processes associated with a specific service. Each application and service that is running on a system spans an individual process that can be monitored by a defined process monitor. This is helpful when a system service is not exposed within the vendor’s MIB. For example, in the case of the antivirus software installed on a critical email server, there is no defined MIB to reference. With a process monitor, the antivirus’ executable can be monitored to ensure it is running on the email server.

Hardware Monitoring Often, early indications of a system failure come in the form of hardware‐level warnings. Hardware monitors that provide visibility into fan, power supply, and temperature status can give the administrator the advanced notice needed to proactively avoid a system failure.


28

File System Monitoring Many applications utilize temporary directories or cache directories during application execution. The presence of files within these directories often indicates the health of the application. By using file system monitoring, key directories can be watched and alerts can be set indicating a hung or failed application. Specific tracking of file‐ and folder‐level information enhances the basic systems monitoring capability. By monitoring file existence, file size changes, or file counts within important log directories, proactive management of applications can be provided. For example, with Microsoft Exchange Server 2010, a large file count of transaction log files for a specific mailbox database can indicate an issue with the backup environment for the entire Exchange messaging system.

Virtual Machine Monitoring With the wider adoption of virtual infrastructures, many SMBs are facing a new problem with regard to virtual machine or server sprawl. With the ease of server creation offered by virtualization, many businesses have the tendency to create additional virtual machines with little thought as to the performance monitoring of each virtual host and its related virtual machines.

The systems monitoring solution must extend into the virtual environment to provide the same level of granular performance monitoring capabilities delivered at the physical server level. Key to the SMB is a network management solution that provides a single pane of glass for monitoring the virtual infrastructure and the physical network.

To accomplish this, a network management system must support direct connectivity at the hypervisor level using technologies such as VMware’s vSphere application programming interface (API). Through the integration with the hypervisor’s API, the network management system provides full visibility into monitoring metrics at both the virtual machine and host level.

With advanced visibility at the vendor‐specific hypervisor level, important performance thresholds can be monitored on host and virtual machines. Real‐time alerts can be set for notification of utilization breaches across virtual machines and hosts. An important monitoring change to understand with regard to virtualization vendors is the lack of support for SNMP data collection within the virtual infrastructure. Vendors such as VMware are moving away from providing any level of performance information via SNMP (one reason for doing so is security considerations). This makes the search for a smart network management solution that provides full system monitoring of the virtual infrastructure that much more critical.

In addition, industry analyst are calling for the growth in multi‐vendor virtualization environments due to the cost advantage and differing performance profiles for the application workloads across the business. The systems monitoring solution must support multiple hypervisors.


29

When these systems monitoring options are used together, the complete life cycle of each device and system is monitored and tracked. Within a smart network management solution, the systems monitoring data is pooled into a central database. The use of historical trending of all monitoring data allows SMBs to gain access to the information required to compile detailed performance trending reports and build capacity planning forecasts.

Application Monitoring Applications make your business work—users rely on consistent performance across an ever‐growing set of applications. Because of the high‐visibility aspect of applications, if there is an outage or degradation of performance,. your users will be knocking on your door.

When it comes to proactive monitoring and awareness, application monitoring is at the top of the list of importance. Your SMB needs a network management solution that gives you visibility into application performance and provides advanced notification of stability issues before they affect the end users.

Another problem facing SMBs is the introduction of more complex applications. These applications span multiple servers each with critical services and processes. For example, take the recent change in architecture introduced within Microsoft Exchange 2010. As Figure 2.4 shows, Exchange 2010 utilizes a distributed role architecture, which separates key mail flow, processing, and storage into designated components. These components are modular, allowing the use of multiple server platforms to provide more flexibility in performance, availability, and scalability.

Figure 2.4: Microsoft Exchange 2010 ti

ered architecture.


30

You need a way to tie these tiered applications together and bring them under the network management environment. Smart network management solutions utilize a combination of IP service monitors with application monitors to tie everything together within a tiered application architecture. Looking at the Microsoft Exchange 2010 example again, you can see how the use of each type of monitor enhances the overall application monitoring of the Exchange 2010 architecture:

• IP services HTTPS monitor—By monitoring the health and status of the HTTPS services on the Client Access role server, Outlook Web Access (OWA) availability can be closely tracked.

• Application threshold monitor—By utilizing a specific Exchange 2010 Hub Transport threshold monitor for the Active Mailbox Delivery queue, delivery issues can be quickly alerted and acted upon.

• Application service monitor—By utilizing a specific Exchange 2010 Mailbox service monitor for the MAPI Information Store service, critical mailbox database access can be monitored.

Figure 2.5: Microsoft Exchange 2010 tiered monitoring.

When evaluating a network management solution, be sure to check for a solution that provides a good contrast of basic IP services monitors including FTP, HTTP, telnet, and SMTP as well as complex application monitors such as Microsoft Exchange or SQL Server. This richness in application monitoring features will give you the tools needed to closely monitor each application.

IP Services Monitors IP service monitors play an important role in the ability to proactively monitor the network. To track and confirm access to important FTP sites across your business, utilize an FTP service monitor for upload, download, and deletion of test transactions.

You can also ensure critical Web sites are responding and correct content is returned by using HTTP monitors. Further validation of your businesses messaging system can be accomplished by implementing an SMTP monitor to test send and receive request.


31

Microsoft Exchange Monitors Of all the applications running in your environment, the messaging system has the highest visibility to the user community. Beyond simple SMTP testing, application‐specific monitors like MS Exchange can provide complete monitoring coverage of key messaging application roles and features. Exchange 2007 server roles such as Hub Transport Server, Client Access Server, and Mailbox Server each have unique monitoring requirements. The network management solution should address each of these roles and provide the ability to test mail flow, monitor delivery queues, and track performance.

Figure 2.6: Rich Exchange Rolebased threshold monitoring.

SQL Database Performance Monitors Larger enterprise‐level applications use a tiered application architecture. Many of these complex applications are making their way into the SMB network. These applications typically incorporate a multi‐tier approach. The tiered approach to application architecture allows for better scalability and distribution of application workloads across more platforms. The tiered architecture is commonly made up of a number of Web‐based tiers, application services tiers, and backend database tiers. The key component in a multi‐tiered architecture is the database tier. SQL databases dominate the x86 server space and as such

lity deep within the SQL platform. you will need a solution that provides monitoring capabi


32

SQL database monitors give you the ability to configure SQL query monitors that can execute active queries against a SQL database using known record values to ensure database integrity and performance. Thus, you will be able to go beyond simply knowing the SQL service is running and ensure that critical application databases are accessible and returning valid data.

Synthetic Transactions In the realm of application monitoring, there is key technology to look for in your network management solution: synthetic transactions. Synthetic transactions are actions, run in real time, that are performed on monitored objects. You can use synthetic transactions to measure the performance of a monitored object and to see how the object reacts when synthetic stress is placed on your monitoring settings.

For example, for a Web site, you can create a synthetic transaction that performs the actions of a customer connecting to the site and browsing through its pages. For databases, you can create transactions that connect to the database. You can then schedule these actions to occur at regular intervals to see how the database or Web site reacts and to see whether your monitoring settings also react as expected.

Application monitoring is all about ensuring you can achieve greater visibility into application performance and provide reliable access to your business applications. By using a combination of IP services monitors, vendor‐specific monitors, and supported MIB files, you will be able to deliver higher service levels across all your applications.

Alerting So far in this chapter, the discussion has focused heavily on the types of monitoring capabilities that a smart network management solution should provide. Although monitoring is very important, without a way to aggregate the flow of information into a usable tool that centralizes all notifications and alerts, the collected performance data or captured events are wasted.

The alerting component of the network management solution is there to provide you with that centralized tool—a tool that informs you of real‐time failures and impending issues. The goal behind a well‐designed alerting component is to provide you timely information

n which yin an easy‐to‐understand format o ou can take immediate action.

Remember, the word of the day is proactive. The purpose of spending all this time researching and implementing a network management solution is to change the way your SMB addresses network management—by giving your business the ability to move away from a reactive chaotic method of troubleshooting to a proactive method of intelligent management of the network. Alerts and notifications are the frontline of network management. To be proactive, you must have timely and accurate data with regard to the state of devices and systems on your network.


33

To start with, you need a solution that delivers all notifications, alerts, and alert acknowledgements into a single pane of glass. This means that with a quick glance, at a single screen, you have immediate feedback on the health of your network. Additionally, flexible alerting and notification policies are important when it comes to proactive management of the network.

Flexible Alerting No two devices or systems are alike; thus, you need an alerting tool that offers a high amount of flexibility in the types of alerting options supported. The flexibility you should look for in a smart network management solution allows for alerting based on multiple metrics such as configurable thresholds, specific monitors, traffic flows, and configuration changes.

For example, you can configure a threshold alert for a critical point‐of‐sale Web server that is triggered based on a maximum CPU value over 80% for specified timeframe and a configurable traffic flow alert for increased HTTP traffic flow. This will give you the ability to build an intelligent alert that helps you proactively manage the performance of the point‐of‐sale Web server.

Notification Policies The second component of proactive management relates to the notification framework within the network management solution. As a device or system alert is received by the alerting tool, you need an intelligent way of deciding the importance of that alert and what the response should be. Notification policies provide a framework that allows you to define the severity level of an alert, then create a workflow for notification of the alert to the correct individuals within your IT organization and ultimately resolution of the event(s) generating the alert.

The network administrators within your SMB are spread across multiple tasks each day. With a shortage of time, you may have elected to delegate the job of managing the response of network alerts to a tier‐1 Help desk technician. Although this is fine for low‐level systems or informational‐type alerts, when it comes to a critical system or device failure, the alert requires a higher level of attention and response.

For these types of alerts, a notification policy should be created that includes multiple levels of escalation based on determined intervals. This setup will ensure the alert is getting the attention it demands and a small issue does not grow into major outage. Notification policies should also integrate with existing Help desk systems to allow for automatic ticket generation.

After an alert has been handled and the issue addressed, the notification policy can also include a process of updating the effected users, notifying them that the issue has been corrected as well as providing acknowledgement that the alert can be completed, halting further escalation. And notifications framework should support critical monitors that prevent alert storms from occurring by only alerting on critical monitors and not all downstream monitors.


34

Reporting Some would say that the way to judge the power of a network management solution is by its reporting capabilities. Taken a step further, you could say that the success of a network management solution is dependent on the depth and quality of the reports and reporting options included.

Few businesses have the time to dedicate to collating and analyzing the vast amount of monitoring data captured by the network management solution. The reporting tool of a smart network management solution must include a broad set of built‐in reports broken into usable categories. The reports themselves should also provide dynamic data with drill‐down support and interactive metrics.

Think of the power of having a report that lists the memory utilization across each of your data center servers in an interactive bar chart. With a single click, you can see in real time the systems that are under a heavy load that may require immediate action to ensure performance levels remain high.

The same reporting tool can provide detailed trending data on that same set of data center servers. You can run historical reports spanning the past 6 months, enabling you to quickly know which systems are consistently overloaded and recognize potential targets for load balancing or clustering. Just as important, you will uncover those under‐utilized systems that are taking up valuable rack space and heating and cooling costs; these systems become great targets for server consolidation through virtualization.

Top‐10 Reports This category of network monitor reporting will become invaluable to the business owner, CIO, or IT director within the SMB. Top‐10 reports are a great way to quickly contrast your network systems and devices across a set of standard metrics. You can select a subset of similar servers in your environment and measure the utilization of key metrics—such as processor, memory, network, and disk utilization—across the selected set. This will give you insight into potential configuration issues, under‐ or over‐utilization, and unbalanced application usage.

Top‐10 reports are also great for gaining visibility into network bandwidth issues by observing the amount of data each user’s workstation is transmitting or receiving. You will be able to see what system is monopolizing the bandwidth. When looking for a network management solution, make sure top‐10 reports are high on your priority list. Figure 2.7 highlights an example of a top‐10 report, showing the power of contrasting a set of metrics across multiple devices on the network.


35

Figure 2.7: Top10 reports quickly contrast network device metrics.

Report Subscriptions It is getting tougher to justify additional spending because business owners are tightening the belt and reviewing every request for funding with more scrutiny. Many IT directors within SMBs have recently found themselves on the losing end of a budget debate. They did their due diligence and crossed all the Ts and dotted all the Is, yet the answer was no.

If only the business owner had seen the trending data across the messaging systems over the past months, she would have understood the need for additional memory and storage capacity or bandwidth. What about that virtualization project that is currently being proposed? Does the business owner have a historical understanding of the under‐

ment and test lab servers? utilization being seen across many of the develop

With a network management solution that offers report subscriptions and report exporting, business owners will have access to key reports that highlight the trending data and performance data needed to make a more informed decision. With report subscriptions, the owner’s email address can simply be added to a key report and an interval can be selected for when the report will run and be delivered. The next time a budget request occurs, the owner will already have knowledge of key monitoring and bandwidth utilization data, which provides additional leverage during negotiations. Using options like report subscriptions and report exporting, you can give non‐technical users and anagement direct access to valuable data that can immediately effect business decisions. m


36

Dynamic Workspaces When it comes to reporting, SMB’s administrators and IT staff have different ways they consume data. Some administrators prefer to have a narrow focus on a specific system with details on every metric under monitoring; others prefer to contrast a broad set of systems with a single metric.

This requirement changes as your priorities change for availability and performance. The network management solution should provide a reporting tool that offers a dynamic capability of selecting and grouping the various report displays. The idea is to have a dynamic workspace where each administrator can drag and drop selected report data to organize the report console in the way that makes sense to them. This gives each user a personalized view into the network management environment and allows them to focus on the report data that is relevant to their position and areas of responsibility. Once a specific workspace is created, the user can save the view and create additional workspaces that logically group related report data by business unit, applications, or device types.

Security Information and Event Monitoring More businesses are coming under some type of industry‐based compliance requirement; from PCI, HIPAA, or Sarbanes Oxley, many SMBs are having to align their security practices with the requirements of a given compliance standard. To meet the ever‐rising demand on businesses for security compliance, there is a need to aggregate, display, and alert key security logs across all systems and devices on the network.

Security Information and Event Management (SIEM) automates the analysis process of security, network, and application logs. A SIEM solution provides the foundation for establishing processes for linking system access to individual users. According to most of today’s regulations, tracking and reviewing access is a primary audit requirement, especially concerning access granted with administrative privileges. The current trend across many businesses implementing SIEM technologies is to leverage the log collection and log management features of the network management solution. Log management and SIEM‐correlation technologies can work together to provide more comprehensive views to help your company satisfy regulatory compliance requirements.

When looking for a network management solution that supports SIEM technology, the following features are critical:

• Event archiving for automated collection, centralization, and secure storage of log data

• Event analysis for event examination, correlation, and comprehensive reporting for audit and compliance

• y defined events Event alarms for monitoring, alerting, and notification on ke

• Event crawling for on‐the‐fly forensics and log data mining


37

In addition to these advanced features, ensure the network management solution can capture and aggregate security logs from both Windows systems and Syslog supported devices.

In short, by integrating SIEM and log management, it is easy to see how a business can save by de‐duplicating efforts and functionality. The functions of collecting, archiving, indexing, and correlating log data can be collapsed into a single solution, which will also lead to savings in the resources required for the maintenance of the tools.

Self Monitoring Due to the importance of network management with regards to security, compliance, performance, and health monitoring, the network management system should be considered a highly critical component in the organization’s infrastructure. A key monitoring feature in a smart network management solution is the ability for self monitoring. By incorporating key service monitors and alerts along with database‐specific queries, the health and performance of the network management system can be monitored at the same level as any other critical component.

High availability is also very important; consider a solution that incorporates advanced database clustering and automated failover technologies.

Sophisticated Monitoring Changes the Game In today’s volatile economy, SMBs are looking for ways to cut costs and increase the value derived from the current technologies within the business. At the same time, more complex applications are being introduced that require advanced monitoring. As the business owner for an SMB, you are faced with a challenge: how do you provide a higher level of service to the business while operating under a constrained budget with less IT staff and more complex applications to manage?

A network management solution that incorporates a sophisticated framework of monitoring technologies can dramatically affect the operation of key systems and devices within your network. Sophisticated monitoring includes technologies that provide a proactive response to network issues. Instead of waiting for end users to report issues, your IT staff can proactively manage the performance and availability of every device and system on the network.

Sophisticated monitoring options allow you to gain immediate visibility into the status of every device and application. With advanced alerting and notification policies, no issue will go unnoticed. You will also be able to look at your network in a whole new light: with historical trending, you will be able to produce accurate capacity planning reports and detailed forecasting. With this information, as you plan your technology budget for the coming quarter or year, you will have accurate and detailed data with regard to the

d device on your network. utilization, performance, and capacity of every system an


38

Chapter 3: The Key to Smart Configuration and Change Management

An increase in the use of diverse network technologies, plus the introduction of virtualization throughout the network architecture, multiplied by the number of users demanding flexible access to the network equals what? The answer is complexity. No, this is not a child’s homework problems—this is reality for many SMBs. If you have not felt the pain of this scenario within your SMB, it may just be around the corner.

Today’s network environments are becoming more complex. SMBs are seeing the introduction of additional types of network devices that were typically relegated to the larger corporations. More applications are moving to tiered architectures with multiple load‐balanced systems. SSL/VPN solutions are becoming more critical to production as more of the workforce goes mobile. The use of layer 3 core switches with added routing

ork. functionality and the wide use of VLANs present additional complexity into the netw

For years, SMBs have manually managed the devices across the network, including firmware upgrades, patches, VLAN provisioning, ACL updates, and configuration updates and changes. This method worked fine when the number and type of devices stayed small, but such is not the case today. The process of manual configuration and tracking all network devices adds an unnecessary burden, wastes time, and introduces risk with common errors such as typographical mistakes or incorrect cut and paste tasks.

Virtualization is becoming the hottest trend in the IT industry and many SMBs are seeing the business value in moving to a virtual server infrastructure. From the network management perspective, virtualization brings a new layer of complexity with the blending of physical and virtual networks. Also, the use of virtual network appliances is growing and adding to the list of devices that require configuration and management.

Users are also changing the way they interact with the network; the days of rows of cubicles populated by employees working an 8‐hour shift safely behind the corporate firewall are gone. Today, businesses are adjusting to end users that are demanding anytime, anywhere access to the network. The network architecture that supports this business model is more complex. Stable access and high performance of the network becomes more critical to the business as more users move to a flexible access model.

As the types of network technologies increase and reliance on the network becomes more critical to the business, you need a solution that will ease the administration of the network while providing a higher level of consistency. When evaluating a network management system, the benefit of a smart configuration and change management option cannot be overlooked.


39

Simplify Your SMB’s Network Configuration Management It’s late Friday afternoon and IT just found out that the Western regional network administrator has left the company and they must change passwords on all routers and network switches across the company’s 20 branch locations before they can leave for the weekend. This task may not sound too cumbersome initially, but as you begin to understand how most small businesses currently manage their network devices, it will become clear that the task is a very difficult process.

Such an SMB with 20 branch locations might have a firewall device, a WAN router, and a pair of network switches per location. Most of the time, these devices are obtained from different vendors (3Com, Cisco, HP, Fortinet, and so on)—different vendors often means different configuration environments. The process of changing the password on each type of device requires differently structured command syntax. Now multiply those four devices in each branch location by 20 branches, and there are at least 80 devices to log into, determine the correct syntax to change the password, and save the configuration.

That is, if IT even has record of the current passwords on each device in the network. Without a consistent way to track passwords across devices, many businesses face the ugly proposition of recovering lost passwords before even beginning this process, especially when key IT employees leave and important passwords were never documented. The simple task of changing the password on each device across branch locations just got a whole lot more difficult.

A smart network management system can dramatically change the way an SMB approaches configuration and change management. In this chapter, the following key features and benefits of a smart network management system with regard to configuration and change management are presented:

• Centralized configuration management—By centralizing all device configurations, management of the network becomes much easier. More importantly, by centralizing device configurations, standardization and adherence to compliance standards become possible.

• Secure configuration and change management—With a diverse infrastructure including different types of network devices and multiple vendors, the process of providing secure configuration updates is difficult. Broad support for multiple secure protocols and centralized mapping of device security information eases this process.


40

• Power of integrated alerting and reporting—Through integration with the alerting and monitoring technologies within the smart network management system, configuration management changes can be tracked. This feature will help to minimize unplanned changes and detect unauth ices. orized access to network dev

• Automated configuration task and monitoring—The automation of repetitive configuration tasks across multiple devices makes possible significant reduction in configuration errors. Standardization of device configurations can also be achieved. Integrated monitoring of configuration task executions will simplify tracking of changes and troubleshooting.

Configuration Management The scenario outlined earlier occurs across many SMBs every day. The core problem lies in the decentralized configuration management of the network. Networks within most SMBs have grown over time. Initially, the SMB had a single location with a router, a couple of switches, and a few workstations. In the beginning, managing these few devices manually made sense. As the network grows and additional locations come online, the practice of using a decentralized manual approach to device management falls short.

As Figure 3.1 shows, manual configuration and change management requires the painstaking task of touching each device to update the configuration file and then moving on to the next device. Often the devices have different login credentials, each requiring additional manual tracking. In a decentralized configuration management environment, network administrators have to refer to saved spreadsheets for credentials, manually login into each device, copy configuration files back and forth between text files, make manual changes, and finally upload the text files to the device to submit the changes. This process is timely and prone to errors.

Figure 3.1: Decentralized configuration management.

In contrast, a centralized configuration management environment (see Figure 3.2) entails copying the individual device passwords and configurations to a central database within the network management system. A centralized configuration management environment greatly reduces the time involved in saving and changing network configurations. Accuracy of the configuration changes is also increased, and a higher level of consistency can be achieved.


41

Figure 3.2: Centralized configuration management.

A major advantage in a centralized configuration management environment is the ease at which large‐scale device updates can be completed. Looking at the earlier example, Figure 3.3 depicts a decentralized configuration management environment. The network administrator has to access each router login (device 1), change the password, save the configuration, and log out of the device, and then complete the same set of steps for each switch (device 2) and each firewall (device 3). This process is then repeated across every device at each location for a total of 80 devices. Even in a case where the network devices are from the same vendor and same model, the need to manually access each device and execute the four simple commands still requires significant effort and time to complete.

Figure 3.3: Decentralized configur

ation changes.


42

Smart network management systems incorporate centralized configuration management. Instead of manually copying device configurations into text files and tracking device passwords in multiple spreadsheets; a central database is used to store the configurations, passwords, and device information. With the centralization of configuration data and passwords, the process of updating multiple devices becomes a much easier task. As Figure 3.4 shows, centralized configuration management reduces the time and effort by leveraging the central database and using scripted or schedule updates. In this example, the network administrator completes a configuration update across multiple devices in a single step, reducing the effort needed to touch 80 devices. With configuration data and passwords stored centrally, synchronization of like device types and models can be used to speed configuration changes.

Figure 3.4: Centralized configuration changes.

Centralization of Passwords and Authentication In many SMBs, as the number of devices continues to increase, the overwhelming task of tracking passwords and secondary authentication credentials can be daunting. Utilizing a smart network management system, IT can configure a centralized library of device credentials and passwords that are stored in a secure central database. The database can then be referenced when access to the device is required. Automation scripts and scheduled tasks can also reference the saved authentication credentials to speed the configuration update process.

By centralizing device authentication credentials for every device, an SMB can rest assured knowing that unexpected turnover or absence of a key employee will not cause a major interruption of network configuration management. Additionally, by storing authentication credentials in a secure database, alignment with industry compliance standards can be aintained. m


43

Centralization of Device Configuration Backups Network device configurations can be complex, involving hundreds of lines of text. If a device experiences a hardware failure, or if by human error a configuration becomes corrupt, having a recent and known good backup is critical. Many devices also maintain a running and saved configuration; these may be different depending on the status of the device changes applied.

An additional benefit of centralization within the network management system is central configuration backup. The scheduling and collection of each device configuration and storage in a central database increases the overall network availability. Prior to implementing a smart network management system, if a device failure or configuration corruption were to occur, the SMB would have to manually reenter the configuration by relying on saved text files and installation notes.

This process is slow and fraught with possible errors. With the use of centralized configuration backup, if a device failure occurs, the process of retrieving a known‐good configuration from the central database and applying the saved configuration to the device reduces the amount of time the device is down and ensures accuracy in the re‐configuration.

Scheduled Backups Network device configurations can be negatively affected by any type of change. Add‐hoc configuration changes, vendor firmware updates, or unplanned power outages—each of these scenarios can cause a device outage. To offset the effect of these types of outages, regular scheduled configuration backups should be completed on every device. Performing configuration backups at scheduled intervals such as weekly or monthly will ensure a recent backup is available for recovery if needed.

When evaluating a network management system, ensure the device configuration backup feature allows for scheduled backups on a daily, weekly, and monthly basis.

Secure Configuration and Change Management Making the tasks of configuration and change management easier by saving and tracking device configurations centrally is only half the picture. Security of device access and configuration changes is very important. Think of a network environment where configuration and change management is approached in an ad‐hoc manner. In such an environment, device logins and passwords may be stored in text documents or spreadsheets on a network share, no access control is in place to manage who has rights to change configurations, no support for secure network access to devices for updates is provided, and configuration changes are made in clear text across unsecure Internet connections.


44

The security risks introduced as part of an ad‐hoc configuration management environment are many. As previously mentioned, the use of text documents and spreadsheets to store and track device credentials is one of the primary concerns. Although this solution seems to work fine for the first few devices, as the network grows, this manual process of securing logins, passwords, and configuration data becomes unwieldy. The centralization of passwords in a secure database provides the scalability and security required for network device password management. In like fashion, the centralization of device configuration data provides a secure and retrievable location for important configurations. With no support for secure protocol access to network devices, the SMB risks compromising device logins and passwords.

A smart network management system should include security features that address these areas of concern. Among the features to look for:

• Secure protocol support—By incorporating protocol access via SNMP v2, v3, SSH2, and TFTP, SMBs can maintain secure access to network devices, reducing the exposure of sensitive login and password information.

• Centralized authentication management—Centralization of critical device login and password information in a secure database is a very important security feature.

• Centralized device configuration management—Automated or scheduled backup of device configurations within a secure centralized database will help speed recovery during device failure and assist with standardization of configurations.

Is a Centralized Database More or Less Secure? You may be asking yourself, “If all the network device authentication credentials and passwords are stored in one location, isn’t the network even more vulnerable to attack? A would‐be attacker would simply need to access the central database to gain access to every device on the network, right?” With today’s relational database software, the ability to access the central database is not as easy as it seems. With fully‐integrated Active Directory (AD) authentication, strong password policy enforcement, password expiration enforcement, and SSL‐secured network connections during authentication, it is not an easy task to gain access to the database credentials. After authentication comes authorization. Relational database software uses a granular permissions model. Login accounts are only granted specific rights to the databases required.


45

The final layer of defense in a secure relational database is encryption of the data itself. Utilizing encryption technologies such as Transparent Data Encryption, critical data can be encrypted as it is written to the database and unencrypted when read from the database. These technologies utilize a secure system of encryption keys generated and managed at multiple levels within the relational database software. Together, these three layers of defense authentication, authorization, and encryption provide a highly secure environment for the centralized storage of network device credentials and passwords.

Device Management To this point in the chapter, the discussion has focused on high‐level features a network management system should include with regard to configuration and change management. Where the “rubber meets the road” during day‐to‐day operations of the network, success is measured at the individual device level. When it comes to device configuration management, there are four key areas of focus:

• Compare and contrast device configurations—Provide quick and accurate troubleshooting of configuration data

• Rapid recovery of device configurations—Apply or repair device configuration files from central backups

• Logging of device configuration changes—Provide centralized logging of changes for audit and control

• Notification of device configuration changes—Enable proactive alerting of device configuration changes

Compare and Contrast Device Configurations As mentioned earlier in this chapter, the backup of device configurations in a central database is critical to daily device operations. By utilizing the saved configurations, an administrator can conduct a compare and contrast between the saved configuration and the current running configuration to assist with diagnosing a device failure or related network failure.

To highlight this feature, consider the following example in which a network edge router was recently edited and configuration changes were implemented. After the configuration changes were made, connectivity to the Branch2 office was down. By using the compare and contrast functionality of the network management system, the administrator can

e Figure 3.5). quickly see where the configuration has been altered (se


46

Saved Configuration: Running Configuration: Current configuration: ! version 12.1 ! hostname HQEdge ! interface Serial0/1.1 point‐to‐point

k to Branch1 2 255.255.255.252

description lin ip address 10.1.1. ip router isis ag‐switching ip t frame‐relay interface‐dlci 201 ! interface Serial0/1.2 point‐to‐point

k to Branch2 10 255.255.255.252

description lin ip address 10.1.1. ip router isis ag‐switching ip

e‐relay interface‐dlci 203 t fram! end

Current configuration:! version 12.1 ! hostname HQEdge ! interface Serial0/1.1 point‐to‐point

k to Branch1 2 255.255.255.252

description lin ip address 10.1.1. ip router isis ag‐switching ip t frame‐relay interface‐dlci 201 ! interface Serial0/1.2 point‐to‐point

k to Branch2 description lin ip address 10.1.1.10 255.255.252.252 ip router isis no tag‐switching ip

e‐relay interface‐dlci 203 fram! end

Figure 3.5: Example of compare and contrast device configuration.

After reviewing the saved and currently running configurations, the administrator can quickly see that the IP address subnet masking was set incorrectly and the tag switching for forwarding of IP packet data has been disabled. The administrator can take immediate action to correct the running configuration and reestablish connectivity to the Branch 2 office.

Without this type of configuration tracking and visibility, troubleshooting an issue like this would take significantly longer. The administrator would have to hope that documentation of the frame relay network is up to date, then spend time going through the router configuration file line by line evaluating every setting. For many devices, this could mean hundreds if not thousands of lines of configurations.

Additional Benefit of Compare and Contrast A secondary benefit of the compare and contrast feature is the ability to review the configuration files from two devices. For example, if your SMB is in the process of implementing a Voice over IP (VoIP) phone system, each branch location will require a separate network switch for the VoIP phones. The switch configurations will be very similar, and the switch hardware utilized is often from the same vendor and model. Once the switches are deployed and the VoIP system is up and running, incorrect configuration changes can cause the loss of communication across the entire organization. The compare and contrast feature is beneficial in environments that utilize the same hardware type or model across many locations. By reviewing device configurations side by side, a quick determination can be made into which devices may have been misconfigured.


47

Rapid Recovery of Device Configurations If a device failure occurs due to configuration corruption or unplanned configuration changes like the earlier example, the administrator needs a way to recover the device quickly. Traditionally, the process of recovery is more of a manual task; if the administrator was cautious, she may have taken the time to copy the configuration of the device to a text file before making changes. Many times, the administrator will sidetrack this step and make the configuration changes in the running configuration, test the changes, then commit the running configuration to the device’s non‐volatile memory (NVRAM).

What Is the Running Configuration? On network devices, such as a router or switch, there are two areas of memory where configuration data can reside. The first area is the volatile memory; the running configuration is loaded in this memory area and any changes made at this level are lost if the device is powered down. The second area is the NVRAM, the saved or startup configuration data is loaded in this memory area. Once the configuration data is saved in NVRAM, the device can be powered down and restarted and the saved configuration will load back into volatile memory.

The problem with this approach is that some configuration changes cannot be fully tested in the running configuration and issues will only come to light during a device restart. At this point, the administrator can fall back to the text document with the copied configuration data for recovery. That is, if he took the time to create the text document before making any changes to the device.

By utilizing a scheduled backup of device configuration data to a central database, the administrator can easily select a known‐good version of the device configuration and apply the saved configuration to the device, allowing for rapid recovery. This capability dramatically lowers the risk to the business for unplanned downtime and reduces the effects of human error.

Logging of Device Configuration Changes Increasingly important to SMBs in a competitive market is the ability to ensure accountability and compliance with industry standards. A number of industry compliance standards such ISO27K’s Information Security Management System and the Sarbanes‐Oxley (SOX) Act call for a proven system of change auditing across each network device.

By leveraging a smart network management system that monitors each device, a detailed audit trail of configuration change data is logged to a central database. The log data includes such details as the exact configuration file that was changed, the date and time of the change, and what user account made the change. This data also helps to ensure that only authorized personnel are making changes to the network devices. Unauthorized configuration changes can be detected through this process by working in conjunction with alerting and notification, and can then be rolled back to maintain compliance.


48

Notification of Device Configuration Changes Unauthorized configuration changes can cause major outages across the network and negatively affect business continuity. With that said, it is critical to proactively detect unauthorized changes before they become a major issue.

Many network devices generate syslog messages whenever their configuration undergoes a change. By listening to these messages, administrators can detect any configuration change in the device. A good example of the power of this feature is the management of edge devices such as Internet‐facing routers. These devices are critical to the connectivity of the business network to the Internet, and any unplanned outages of these devices can be very disruptive to the business, affecting employees and customers.

Through the implementation of a device configuration change monitor that uses syslog alerts, a device change event can be flagged and alerted. IT personnel can then take action by initiating a device configuration comparison of the saved device configuration within the system management database and the device’s running configuration. IT personnel can then ro ess is depicted in Figure 3.6: ll back the unauthorized change. This proc

• Step 1—An unauthorized change is made.

• sole. Step 2—A syslog alert is captured and sent to the network management con

• Step 3—IT staff complete a device configuration comparison and initiate a configuration roll back by applying the saved configuration from the network management database.

Figure 3.6: Device configuration monitoring.

The network management system should provide monitoring and alerting of key configuration change logging. In addition, intelligent notification should be available to llow for escalation of alerts to key personnel. a


49

Scheduled Tasks and Script Execution For an SMB, the responsibility of managing the configuration changes across an increasing variety of network devices can be a challenge. Often, with multiple vendor devices, the configuration file format, command syntax, and access credentials vary. With the importance of standardization and industry compliance—consistent and validated configuration changes must be maintained.

As the network grows in complexity and the number of devices increases, the use of simple manual configuration changes becomes too difficult and time consuming. What is required is a network management system that offers advanced features in the areas of scheduled tasks, automated configuration, and scripted execution. These features allow the administrator to focus on network optimization, trending, and growth planning instead of wasting time on repetitive configuration tasks across multiple devices.

Automating the Management of Device Configurations Making a configuration error is easy when managing multiple devices through a manual process. Most configuration changes must be coordinated across multiple devices. For example, when a new VLAN is implemented within the network, each related network switch configuration must be updated with the correct VLAN ID, port number assignments, and required VLAN trunking. An error on a single switch configuration can affect the entire network.

Connectivity errors are obvious, but other configuration mistakes can introduce more subtle errors, such as reduced performance or a security vulnerability, which may persist for weeks or months until discovered. The use of automated configuration management can substantially reduce the percentage of outages caused by configuration errors. Through the use of automation, manual and repetitive tasks are eliminated, greatly reducing the time and man‐hour cost of configuration management. Network administrators and managers can set up scheduled tasks to roll out configuration or password changes to existing devices; provision a new device with a standardized configuration; or restore baseline configurations to one or more devices if changes need to be rolled back.

When automated configuration management is used to complete the VLAN addition in the previous example, the opportunity for errors is reduced and standardization of configurations is guaranteed. As Figure 3.7 shows, a single configuration update is made by the administrator within the central network management system, then a scheduled task is assigned to each switch to complete the update.


50

Figure 3.7: Automated configuration management.

The Power of Script Execution When attempting to implement an automated configuration process, a key requirement is the need to execute a series of tasks in a specific order. Think for a moment about the overall process involved in updating the Internet‐facing firewall to allow https traffic flow to a ew n set of point‐of‐sale Web servers:

base. 1. Access the firewall device and complete a backup task to the centralized data 2. Create a new Network Address Translation (NAT) rule for each Web server.

3. Create a new access rule for the https traffic flow from the source outside address to the destination NAT address for each Web server.

4. Complete the manual process of testing https access to the Web servers to validate the change.

5. Commit the configuration change to NVRAM once validated. 6. Complete a second‐versioned backup task to the centralized database.

7. Complete manual notification to the application manager for the point‐of‐sale system that the change is complete.

As you follow the required steps for a simple firewall change, you begin to see the need to apply controlled script execution throughout the automated configuration change. Each of the steps or tasks described has to be executed in the proper order. It is also important that the success of each task is monitored to ensure the overall configuration process is halted if a critical step is not completed—such as the initial backup task. An additional element to consider is the inclusion of manual tasks within the automated process. These manual tasks help to ensure external testing and notification processes are not overlooked. Scripted tasks in conjunction with the automated scheduling of configuration updates is a powerful tool and should be part of any smart network management system.


51

Make the Move to Smart Configuration and Change Management SMBs often lack a full‐time network configuration manager. It is not unusual for the role of “network manager” to be added to an employee’s real title and responsibilities—as in President/Network Manager, Sales Rep/Network Manager, or Administrative Assistant/Network Manager.

Regardless of the size, businesses need networks that operate 24/7, providing secure and reliable access to resources, applications, and data required to function. Unfortunately, many network managers do not have the time to properly plan or execute configuration changes, and ad‐hoc configuration changes usually translate into network outages.

Change the way your business approaches network management by evaluating the use of a fully integrated configuration and change management system. With the power of centralization, all device configuration data and access information is secure and readily available for recovery. Through the process of automation, major network upgrades or configuration changes can be made with confidence and completed on time. Network outage by human error is greatly reduced by scripted execution of configuration changes across multiple devices.

In a competitive environment, alignment with industry compliance standards can help to differentiate your business from competitors. An integrated configuration and change management system provides full auditing and logging of all device configuration changes helping to ensure your business stays in compliance.

Your network is growing and changing along with your business. As the network becomes more complex, the manual process of configuration and change management breaks down. Shouldn’t your network management capabilities grow along with your network? Take a step in the right direction by moving your business into an integrated configuration and

rk management system. change management solution powered by a smart netwo


52

Chapter 4: Four Must‐Have Features for a Smart Network Management Solution

In a small to midsize business, you are faced with making tough decisions every day: how to control cost, how to increase revenue, and which technologies will really help your business. Technology is transforming the way business is conducted, and the technology trends faced by an SMB are numerous:

• Flexible workforce—Users are demanding remote access to network resources from anywhere, anytime

• Internet access—Fast and reliable access to the Internet is no longer a luxury; it is vital to any business model

• Virtualization—Virtualization of the server infrastructure and network appliances is spreading like wildfire across the data center

• Complex applications and systems—More complex multi‐tiered systems are being introduced into the network requiring advanced performance monitoring and troubleshooting

Each of these technology trends presents a significant challenge to any SMB. How can your business make smart technology decisions that will be effective in meeting these challenges?

Core to each of these technology trends is the network, making this the logical place to start when evaluating technologies that can really have an impact on your business. Throughout this guide, there has been much discussion around the topic of network management. When you look across the breadth of network management, there are core functions that must exist in any solution: discovery, mapping, monitoring, alerting, and reporting to name a few. To address the previously presented challenges, the network management solution

ly intelligent features. must extend beyond these core functions and provide tru


53

This final chapter will focus on four must‐have features that take the network management solution beyond basic requirements and provide a truly smart network management solution:

• Real‐time troubleshooting and analysis—Troubleshooting capabilities are at the heart of a smart network management solution. By leveraging the richness of the discovery, mapping, and monitoring data, real‐time troubleshooting becomes a reality.

• System event log management—With the addition of each new system or device into the network comes a plethora of log data, application events, system events, error logs, and Syslog data. Without a way to intelligently manage the overwhelming amount of data generated by each system or device, the data becomes useless.

• Virtual infrastructure monitoring and management—Monitoring and managing a virtual infrastructure presents different challenges than does a physical environment. For example, virtualized systems typically do not support standard Simple Network Management Protocol (SNMP) mode of data collection and often the performance or monitoring data collected directly from a virtualized system is inaccurate due to the underlying hypervisor integration. What is needed is a virtualization‐aware management solution that fully integrates with the virtual infrastructure.

• Network traffic monitoring and management—Consistent performance of the network is vital to any business and is even more important for an SMB because many aspects of an SMB’s business model rely on the Internet. From key business‐to‐business partnerships to an ever‐growing telecommuting workforce, network utilization and performance must be closely monitored and maintained.

Get Answers When You Need Them When a business experiences a network outage, a device failure, application performance loss, or a sudden bandwidth constraint, the consequences can be costly. For an SMB, interruptions such as these can impact the business at a much faster pace. SMBs need a way to quickly detect the impending problem before it effects the business as well as to accurately troubleshoot the problem when it does occur.

Real‐Time Troubleshooting—System and Device As discussed in previous chapters, the use of proactive monitoring of all systems and devices ensures the network administrator is notified when a problem occurs on the network. Once a problem is identified, the network administrator must take immediate action to resolve the problem to minimize the impact on the business. A smart network management solution must provide a rich set of real‐time troubleshooting and analysis tools to assist the network administrator.


54

By leveraging the richness of the discovery and mapping tools within a smart network management solution, troubleshooting system and device connectivity failures is greatly enhanced. Intelligent discovery of systems and devices at layer 2 and layer 3 of the network means the network management solution is fully aware of how each system and device is connected to the network and, more importantly, how each system and device is inter‐connected. Figure 4.1 highlights an example of a network topology map generated during the discovery process of a smart network management solution. With the ability to automatically enable active monitoring of each discovered system and device interface, the network management solution can provide proactive notification of any connectivity failure.

Figure 4.1: Network active monitor map.

The active monitoring in Figure 4.1 indicates a connectivity alarm for the DMZ switch and Web server A. At this point, more information is required to determine the actual cause of the connectivity failure. By drilling down into the active monitor map, the cause of the failure is quickly discovered when the layer 2 switch port data for the DMZ switch is reviewed.

Figure 4.2 indicates port 10 on the switch has failed, causing the connectivity alarms seen on the initial network monitor map. The power of using the topology maps in combination with the active monitoring data for real‐time troubleshooting is evident.

Figure 4.2: DMZ switch port monitor.


55

Layer 2 vs. Layer 3 Addressing An IP address is a layer 3 (network layer) address. The MAC address is a layer 2 (data link) address. Layer 3 addresses are logical addresses that pertain to a single protocol (such as IP, IPX, or AppleTalk). Layer 2 addresses are physical addresses that pertain to the actual hardware interface (NIC) in the computer. A computer can have any number of layer 3 addresses, but it will only have one layer 2 address per LAN interface. At layer 3, the data is addressed to the host for which the data is destined. At layer 2, though, the data is addressed to the next hop.

Real‐Time Troubleshooting—Applications Although immediate response and resolution of connectivity issues is important, application access and performance is really the key to any business. Without reliable access to core point‐of‐sale Web applications, customers will quickly move onto competitors sites. If employees cannot access company resources when needed, critical business transactions are delayed. An SMB must have the ability to quickly detect and resolve any application failure or performance loss.

Smart network management solutions incorporate a number of features to assist with detection of application‐related issues: IP services monitoring, Microsoft Exchange Monitoring, SQL Database Performance Monitoring, and Windows Process Monitoring, to name a few. These features were detailed in Chapter 2 and a short summary of the benefit of each feature with regard to application failure detection follows:

• IP services monitoring—Provides broad support for monitoring IP services and Web applications

• Microsoft Exchange monitoring—Allows for monitoring and tracking of Exchange 2007/2010 server roles including all related Exchange services

• SQL database performance monitoring—Provides real‐time SQL‐based queries against monitored databases and integrated SQL Server monitoring of key internal processes

• Windows process monitoring—Provides preconfigured and custom Windows Management Instrumentation (WMI) monitors for broad support of process monitoring

When it comes to troubleshooting application performance in real‐time, a must‐have feature is synthetic transaction monitoring. This feature was also introduced in Chapter 2

but is worthy of additional attention.

The idea behind synthetic transactions is to allow the network administrator to fully simulate a prospective Web transaction against a production Web server environment in real‐time. This ability provides immediate feedback into the performance and status of critical Web server farms. In Figure 4.3, an example of a synthetic transaction is shown; a typical user transaction is completed by accessing the default home page, navigating to the Contact Us page, and completing data entry in a form for submission.


56

Figure 4.3: Synthetic transaction.

If a failure occurs along the prescribed transaction path, an alert monitor can be triggered providing notification of the failure. By utilizing real‐time troubleshooting features such as layer 3 protocol addressing and layer 2 MAC or port‐level addressing, network connectivity monitoring, and application‐level synthetic transaction monitoring, an SMB can achieve a higher level of network performance and readiness.

Finally realize the value of log data As your network environment grows with the addition of new devices, systems, and applications, so does the amount of log data. Each device, system, or application generates a large amount of logging and event data. In a typical network environment, this data is decentralized and resides on each individual device or system—making it very difficult to realize the value of the data.

Who has time to visit each device or system and open every log file? Not many administrators make this task a top priority and most often only review log files after an outage or failure has occurred. Even if this was a top priority, the vast amount of log data generated in a typical environment makes the task of analyzing the data virtually impossible. For example, in a large SMB with 20 Microsoft Windows servers (assuming three log file types per server) multiplied by the amount of log data generated over a 24 hour period by each server, times the number of total log files, the amount of data to review for a single day can be overwhelming.

The process of manually reviewing log data may be overwhelming, but there is enormous value in gaining visibility of log data across the entire network. Windows event log files and device Syslog information files hold very valuable information. Complete historical records for each system and device can be constructed from these log files and used during forensic analysis after a major outage or failure. More importantly, these log files can provide

e. critical proactive information to help avoid a major outag


57

For example, within a Microsoft Exchange 2010 environment, the Client Access Server (CAS) role utilizes the Autodiscover service to provide Microsoft Outlook 2007 with configuration information that’s needed to connect to Exchange. If this service were unavailable, users’ Outlook clients would fail to connect to Exchange. By proactively monitoring the Windows Application event log for any MSExchange Availability related events, the administrator will be made aware of a potential failure of this important service.

System Event Log Management The previous example highlights the importance of proactive event log management and real‐time monitoring. Being able to monitor event logs gives an administrator a substantial advantage in identifying failures early on—rather than investigating them after the fact. The presence of a well‐planned event log monitoring strategy is the cornerstone to a proactive network management plan.

To establish an event log monitoring strategy, the current problem inherent with traditional event logging must be addressed—most notably, the decentralization of the log file data. By centralizing the collection of log files from each server and device within the network management solution, the first hurdle in log file management is overcome. Centralizing all log file data in a secure database within the network management solution ensures visibility across all logging data for every Windows system on the network.

Collecting Log Files To accomplish the centralization of log data, the network management solution must have support for the collection of multiple types of Windows event log data.

Log File Types When looking for a log management solution, ensure the solution has visibility and collection capabilities into the following types of log data: system, security, administrative, operational, and application logs across both EVT formatted logs (Windows NT, 2003, XP) and EVTX formatted logs (Windows Vista, Windows 7, Windows 2008) for Microsoft Windows servers.

A manual solution for the collection of log data across multiple Windows servers is difficult to achieve using manual scripting, and the storage options do not scale very well, making the task of centralization of log data difficult. Additionally, the very nature of manual script creation and management is proprietary to the specific administrator, and when the SMB

ating the manual scripts is lost. experiences turn over, often the knowledge of administr


58

What is needed is a more consistent and reliable method of collection—look for a solution that provides the following capabilities:

• Automated collection and storage of Windows event log data—Enables the scheduling, collection, and centralized storage of Windows event log data; also provides the ability to leave and active copy of the log data on the source server

• Flexible remote and agent‐based collection of Windows event log data—Provides collection of Windows event log data from both local LAN‐based and remote WAN‐based systems. Also provides support for agent‐based architectures within restricted security environments

• Automatic database maintenance—Automates the process of managing quickly‐nance growing Windows event log data collection utilizing built‐in database mainte

capabilities to archive files and purge data Syslog data residing on Linux, Unix, and network devices such as routers is equally important in the overall log management solution. The centralization of Syslog data relates to the ability to centrally analyze and monitor the data along with Windows event log data but does not pertain to the collection of Syslog data in a centralized database.

What Is Syslog Data? Syslog is a client‐server protocol with an associated logging application used to transmit a small text message to a Syslog receiver or server. These messages may be sent via the User Datagram Protocol (UDP) or the Transmission Control Protocol (TCP).

Analyzing Log Files The second hurdle to overcome with regards to log file management is the centralization of log data analysis. As mentioned earlier, system and device log file data holds a wealth of information that is crucial to the proactive management of the network. Once the Windows log file data has been collected and normalized, you need a tool that allows filtering, correlation, and reporting on log data across all Windows systems and Syslog information devices.

The normalization of Windows event log data refers to the process of providing consistent field‐level data representation in the generated event logs between Windows EVT and EVTX formatted files. An example of this type of normalization can be seen when comparing Windows 7 Security event log entries with Windows XP. The Windows 7 security log does not provide information about the user performing the action or affected by the action in the User field, as was the case with Windows XP. Instead, the information is placed in the Description field of the event. The technology used for the normalization of Windows event log data adds the ability to place the most relevant user information back into the User field as the logs are processed. This helps to maintain consistency across all log data for quicker analysis.


59

The log management solution should provide the ability to easily filter through the vast amounts of log file data for specific logs and then provide the ability to view and further filter at the specific event level. Some of the key features to look for in a log file management solution with regard to analysis are:

• Event log correlation and analysis—Provides a powerful ‘windowing’ technology that gives network administrators the ability to correlate different cross sections of event log records from multiple sources; also allows administrators to quickly jump to specific dates, event IDs, and source types

• Prepackaged and custom event log reporting—Allows network administrators to quickly produce HTML or CSV formatted reports based on multiple types of event log entries—providing immediate feedback to the business on network issues and security compliance.

Real‐Time Monitoring of Log Files The final hurdle is the ability to provide real‐time visibility of Windows event log and Syslog file entries across the entire network. The real power in a centralized log file management solution lies in its ability to provide targeted monitoring of event log data across multiple Windows systems or network devices using a single alarm setting. Think back to our example regarding Microsoft Exchange 2010 CAS; in a larger Exchange environment that spans multiple locations, an SMB will have an Exchange 2010 CAS installed at each location in‐line with the Active Directory (AD) site architecture. To proactively monitor the Exchange 2010 Autodiscover Service, an alarm must be created to monitor each server’s Application event log for MSExchange Availability event entries.

In an environment that does not have a centralized log management solution, the network administrator would have to visit each Exchange 2010 CAS manually and review the Application event logs on a regular basis to determine the health of the Autodiscover service. Utilizing the real‐time monitoring capabilities of a centralized log file management solution, the network administrator can create a single alarm that polls every Exchange 2010 CAS on a regular basis for a Warning or Error event entry with the Source type of MSExchange Availability (see Figure 4.4). In this example, three Exchange 2010 CAS are monitored for an MSExchange Availability warning or error event entry. The CAS at AD Site 1 has logged an Event Error with the Event ID of 4002, matching the alarm source type set on the network management system.


60

Figure 4.4: Exchange 2010 CAS event log monitoring.

The log file management solution must provide for the real‐time automation of log file monitoring across Windows event logs and Syslog files with key capabilities in the following areas:

• Broad range of event notification types—Including options for email alerts, network popups, pager calls, Syslog server forwarding, database insertion, and broadcast notifications to administrators

• Combined Windows event and Syslog support—The ability to monitor standard Windows event logs for application, security, system, and Syslog files generated by network devices, Unix, and Linux systems

• Dual mode support for remote and agent‐based monitoring—Provides the flexibility to monitor remote systems and devices without the requirement for agent‐based installs; when necessary, due to security compliance restrictions, allow for full agent‐based monitoring of remote systems and devices.

When evaluating a network management solution, consideration of an event log management feature must be high on the list.

Server Virtualization Creates a New Problem Virtualization is sweeping across data centers. SMBs are seeing the value in making the move to server virtualization for the reduction in hardware cost and maintenance. Although server virtualization and consolidation make perfect sense for most SMBs, there

server virtualization. are common pitfalls related to network management and


61

Some of the common difficulties experienced by SMBs that attempt to utilize legacy network management software include hardware inventories that do not accurately reflect the environment, server performance monitoring data that is skewed, automated alerting and remediate tasks that fail or cause virtual infrastructure host issues, no reporting of virtual machine placement within the virtual infrastructure, and lack of visibility into virtual infrastructure host performance. This list highlights just a few of the problems legacy network management software encounters due to its lack of virtualization awareness.

One good example of the difficulties encountered by SMBs when attempting to utilize traditional methods of network monitoring and management of a virtualized server environment is the shortcomings of SNMP monitoring as it relates to virtual machines. SNMP was originally designed to manage hardware devices with a well‐defined MIB structure and definitive resource capacities. In a virtualized infrastructure, capacities are elastic (they can be made to grow or shrink dynamically) and full virtual machines can be started/stopped or migrated from one hardware to another while maintaining their system state. In this dynamic environment, the rigid MIB and OID structure of SNMP is not suitable.

Virtual Infrastructure Monitoring and Management To overcome these issues, an SMB needs to ensure the network management solution incorporates a fully integrated virtual server monitoring and management feature. By providing a virtualization‐aware solution, the network management environment gains visibility at the hypervisor level of the virtual infrastructure. This is critical for accurate awareness of the virtualized servers and associated applications.

What Is a Hypervisor? A hypervisor, also called virtual machine monitor (VMM), allows multiple operating systems (OSs) to run concurrently on a single host computer—a feature called hardware virtualization. The hypervisor presents the guest OSs with a virtual platform and monitors the execution of the guest OSs. In that way, multiple OSs, including multiple instances of the same OS, can share hardware resources.

By integrating the monitoring and management of the virtual infrastructure into the network management solution, the SMB can utilize a single solution to discover, map, and monitor both physical and virtual server and network resources. One of the top vendors in the virtualization space is VMware Inc.; according to IDC’s Q4 2009 reporting (IDC, 2010), VMware’s ESX and ESXi hypervisors continue to hold the number one position across virtualization platforms. Because of the large market share, it is very important that the network management solution fully supports integration with VMware’s hypervisors.

VMware with the release of vSphere and the associated ESX 4 and ESXi 4 hypervisors has moved to a new open Application Programming Interface (API) architecture. This new Web service, running on vSphere server systems, provides direct access to the ESX management components. The management components can be used to manage, monitor, and control virtual machine operations and other virtual infrastructure components (data stores, networks and, appliances).


62

A smart network management solution should make full use of the API architecture within vSphere and should provide a rich set of tools for virtual machine management and monitoring. The advantages of a network management solution that integrates at this level are many:

• Discovery and mapping—Automatically discover and map VMware ESX and ESXi hosts and their associated guest systems

• Resource utilization—Collect accurate utilization and resource consumption metrics from the virtual infrastructure

• Real‐time alerting—Receive real‐time alerts when utilization on host systems or virtual machines reach established thresholds

• Management integration—Utilize VMware tools to actively manage virtual machines on demand or on a scheduled basis

• Centralized management—Manage the entire data center infrastructure including; le hosts, virtual machines, virtual appliances and, applications all from a single conso

Figure 4.5 details the visibility a smart network management solution can provide when supporting direct integration with the hypervisor’s API architecture. This figure presents the performance visibility into a VMware ESXi environment provided by the network management system.

Figure 4.5: Manage virtualized servers’ performance.


63

Figure 4.6 highlights the type of powerful integration and control a network management solution can provide when able to utilize the VMware API architecture. This image shows the virtual machine management options accessible from within the network management console. This ability allows the network administrators to work within a single pane of glass for all server management (physical and virtual).

Figure 4.6: Virtual machine management.

Equally important in today’s virtualization landscape is the ability to support multiple vendors’ hypervisor products. Referencing the same IDC report from Q4 2009, Microsoft’s Hyper‐V and Citrix’s XenServer platforms are also showing impressive growth: 200% and 300%, respectively, year‐over‐year. When evaluating a network management solution, planning for the management and monitoring of a multi‐vendor virtual infrastructure makes sense.

The Network Is Always Open Much like the corner convenience store in your local neighborhood, the network within your SMB is always expected to be available and ready for business. With current trends towards telecommuting and a geographically dispersed workforce, your business resources must be accessible over the Internet 24 hours a day, 365 days a year. Combine this requirement with the increasing dependence on high‐speed access to the Internet from within your business for access to critical business‐to‐business partner Web sites, and the need to closely monitor and manage your SMB’s network utilization and bandwidth is apparent.


64

When evaluating a network management solution, a must‐have feature that provides the ability to gain insight into the utilization and performance of network bandwidth is network traffic monitoring and management.

Network Traffic Monitoring and Management The key technology underlying a network traffic monitoring solution is flow‐level visibility. In a packet switching network such as TCP /IP, network traffic is comprised of a sequence of packets traveling from a source to a destination. This sequence of packets is termed network flow. Network traffic monitoring tools allow for the gathering, analyzing, and

on. reporting of the network flow data or IP packets passing from the source to the destinati

The power of this feature is the ability to analyze and report on network traffic patterns and bandwidth utilization in real‐time. With network flow monitoring, the network administrator can quickly determine overall utilization for the LAN or WAN and specific devices or interfaces. Network flow monitoring also indicates users, applications, and protocols that are consuming abnormal amounts of bandwidth.

In Figure 4.7, an example of a network flow monitor console is highlighted, providing visibility of inbound and outbound traffic across the edge router’s external interface. By utilizing easy to understand top‐based graphs, the network administrator can identify those protocols, applications, and users that are consuming bandwidth and causing performance issues.

Figure 4.7: Network flow monitor.


65

To accomplish the level of visibility required into the network, the network flow monitoring solution must support a wide variety of flow protocols including NetFlow, sFlow, and J‐Flow. The flow monitor works by collecting and summarizing data that is carried over a device and then transmitting that summary to a centralized collector for storage and analysis.

What Type of Flow Protocol Do I Need? Flow protocols such as NetFlow and J‐Flow track every packet as it travels across the monitored interface, while sFlow protocol uses a sampling algorithm where every nth packet is recorded. Which type should you use? For high security and compliance environments, NetFlow and J‐Flow is where you need to be. If all you need is a way to determine who is hogging the network bandwidth, the sFlow protocol will suffice.

Some key use cases for a network flow monitoring and management solution are:

• Maintain required level of network capacity—Review network usage trends and determine when to increase the network capacity to maintain the required level of performance

• Identify network configuration issues—Recognize and correct configuration issues that are consuming network resources or introducing security vulnerabilities

• Target unwanted traffic—Identify traffic patterns that may indicate undesired network usage, such as peer‐to‐peer file‐sharing applications

• Proactive bandwidth management—Troubleshoot and correct bandwidth spikes in network traffic before they become a major problem

Network management solutions incorporating network flow monitoring and management take management of the network to a new level.

These four must‐have features greatly enhance a network management solution by providing capabilities that extend the basic requirements of a network management system. When evaluating a network management solution for your SMB, ensure these features are included and take the management of your network to a new level.

SMBs Need Smart Network Management Over the past four chapters, a clear vision has been established of what is required by SMBs in today’s economy with regard to network management. Gone are the days of simple peer‐level networks that safely operate within the confines of a business’ brick walls. Today SMBs, much like their corporate counterparts, are having to build and maintain very complex network environments including high‐speed Internet, advanced routing, layer 2 and layer 3 switching, VLANS, multi‐tiered applications, virtualization of servers and

kforce. network appliances, and an ever demanding flexible wor


66

The monitoring and management of these complex networks requires a robust network management solution that can provide a rich set of features and tools to address the challenges inherent in a complex network. The blueprint for such a network management solution focuses on four key features: complete visibility, sophisticated monitoring, integrated configuration and change management, and realtime troubleshooting, trending, and flow analysis. Together these features form the foundation of what is called a smart etwork management solution. n

Download Additional Books from Realtime Nexus! Realtime Nexus—The Digital Library provides world‐class expert resources that IT professionals depend on to learn about the newest technologies. If you found this book to be informative, we encourage you to download more of our industry‐leading technology books and video guides at Realtime Nexus. Please visit http://nexus.realtimepublishers.com.


Smart Network Management for the SMB

Documents

Transcript of Smart Network Management for the SMB