Paessler’s PRTG Network Monitor proactively alerts administrators of issues in the network, thereby informing them of problemsbefore they arise. The solutionincludes more than 130 sensortypes, which are designed to monitor parameters such as the processor load of individual systems, free disk space and network interface utilization. Sensors are also available for network services, such as HTTP,SMTP, POP3, FTP, etc. The term‘sensor’ is not to be taken literally in this context: PRTG workswithout agents – that is, withoutsoftware components on the client systems that are being monitored. The sensors run on a central ‘probe’ (where necessary,multiple probes can be set up inthe network) and, from there,query the clients’ statuses regularly via the abovementionedprotocols, for example, WMI,SNMP or SSH. These findingsare stored in the central databaseand can be used for extensiveanalyses, which can in turn beused to optimize the network. Ifany difficulties arise, PRTG is also able to send alerts via email,text message or pager, amongother methods.
Tested: PRTG Network Monitor 12.2
The Entire Network in SightDr. Götz Güttich
The PRTG Network Monitor by Paessler AG runs on Windows and collects data usagefrom computers, applications and other infrastructure components within thenetwork. All information is stored in a central database and can be used at anytime for comprehensive analyses. The tool administrator runs on a powerfulweb interface or a native Windows application. PRTG draws upon severaldifferent technologies for data collection, namely WMI, SSH, SNMP, NetFlow,jFlow and sFlow, as well as packet sniffing. IAIT took a look at thehandling and performance of the solution in daily operations.
1
The license model is dependenton the number of sensors. Up toten sensors are free of charge.Additional sensors can be boughtas they are needed. With PRTG,all functions are included in every license, regardless of the license size. A 30day test version isavailable with an unlimited number of sensors.ArchitecturePRTG operates using a core server that works with an Ajax Webinterface. This interface constitutes the main management tooland offers the most extensivefunction range. A Windows administration tool called Enterprise Console is an alternative that
offers a nearly complete range offunctionalities (according to themanufacturer, 95%). A MobileWeb GUI, which provides data inan optimized form for mobile devices, is included as well.Apps for iOS and Android complete the palette of access optionsfor the network monitoring system. The Android app (PRTGdroid) provides users with simple
access to the Paessler software’smobile web interface and can inform administrators of any errorsdirectly.The iOS app (iPRTG) calls upthe data from the web server viathe API and displays them in native iPhone style. PRTG recommends Chrome and Firefoxbrowsers for daily desktop use,and we even used Internet Explorer for the test, which workedperfectly.Besides the Core Server, PRTGalso uses probes, as mentionedabove, which pull informationfrom the clients. Multiple distributed probes can be used, if desi
red, and are especially usefulwhen monitoring remote installations in addition to the local network, while still reviewing all information from a central position.Multiple PRTG installations canalso be managed centrally usingthe Enterprise Console.The sensors have socalled channels that can gather informationon individual parameters. With
memory sensors, for example,these are the total memory andavailable memory in percent.Dependencies can be definedbetween sensors. This makes itpossible to use both a Ping sensorand an HTTP sensor, for example, to monitor a web server. Ifthe Ping sensor reports an error,the system will pause the corresponding HTTP sensor. This isbeneficial because the HTTP service will not be available if theaffected server is not respondingover the network. The administrator thus only receives a singleerror message that indicates thatthe web server is not responding,not two. This improves clarity significantly, especially when monitoring systems with many sensors.As a general rule, the sensors –according to the area of application – are very powerful. For example, not only is it possible todetermine the fact that a webserver responds on request, but theIT administrator can configurethe system in such a way that itqueries specific content or evensimulates a purchase in an onlineshop, in order to guarantee thatthe service is actually running asdesired. If a website is hacked,for example, the web server stillcontinues to work, although theshown contents might be completely different from those thatthe affected company actually intends to show. This can only bediscovered if the monitoringsoftware evaluates the web service’s content as well as its response.Custom scripts can be integratedas sensor types in PRTG at anytime. All found data are saved forup to a year by default, and lon
2
The PRTG Network Monitor at startup
ger time spans can be set up asneeded.The TestFor our test, we installed version12.2 of the PRTG Network Monitor on a Windows Server 2008R2 system in our network andsubsequently used the solution tomonitor computers running Windows XP, Windows Server 2008,Windows 7, Windows Server2008 R2, Red Hat and Fedora Li
nux, Ubuntu Linux, MacOS andSolaris. We also monitored diverse network components including, for example, Cisco switches and routers from Netgearand Lancom, and even includedseveral websites, for example theIAIT website, and the online services Dropbox, Twitter and Skype in the monitoring as well. Because PRTG supports IPv6, wealso monitored various systemsusing this protocol.After installing the software andsetting up the sensors we needed,we put special focus on monitoring our Exchange server and our
virtualization environment (basedon VMware). We examined theentire feature set of the monitoring software, including devicetrees, libraries, maps, reports andalarms. Last but not least, weused the app PRTGdroid for remote access to our installation.InstallationThe ideal environment for thenetwork monitor is an uptodateWindows operating system on a
dedicated host. Paessler recommends not installing the PRTGNetwork Monitor on a virtualmachine for performance reasons.A system with four GB RAM anda few hundred GB of availablehard drive should be used for thebest possible performance. Thecomputer used for monitoringmust be equipped with .NET Framework 4.0.The installation of the product iscontrolled by the Wizard – just like any other Windows installation – and would pose no problems
for any administrator. The administrator simply needs to choosethe right language, enter his license key and define his mail account. A failover cluster can beset up later, if desired.After completing the setup, thebrowser with the PRTG loginscreen opened on our system andwe could log in to the monitoringproduct for the first time. Normally, the Configuration Guruappears at this point to supportthe administrator with the initialconfiguration of the system. However, because we used a Windows server with Internet Explorer and enhanced security configuration, we first had to add thePRTG page as a trusted site toensure that the system displayedeverything correctly.The Configuration GuruThe Configuration Guru helpsadministrators with basic PRTGconfiguration. In the first step, itsuggests encrypting the access tothe solution’s web interface withSSL. The user is given the optionto activate the SSL encryption orto skip this step. These options –executing the recommended taskor skipping to the next step – areavailable for all steps with theConfiguration Guru.After setting up the SSL encryption, we set up our administratorpassword with the ConfigurationGuru’s help and entered the credentials for the Windows systems– including our network domain.This step is mandatory, so thatPRTG can access the appropriatecomputers to query information.Finally, the guru asked about credentials for SNMP, VMware andXen, as well as Linux systems,and offered to monitor the Internet connection with Gateway and
3
The device overview presents users with the status of individual sensors
DNS servers. The next step wasto specify the servers that PRTGshould keep an eye on in the network. For this, the guru offeredus domain controllers, Exchangeor other mail servers, as well asother servers, by name or address. We entered our domaincontroller and Exchange server,as we wanted to use a generalnetwork search in the PRTG environment to add our other systems later.The server monitoring setup wascompleted, and it was time to setup monitoring for websites andonline shops and to activate monitoring of cloud services, suchas Google (search, drive andmail), Office 365, Salesforce,Dropbox, iCloud, Facebook,Twitter and Skype. Finally, theConfiguration Guru ran the Network AutoDiscovery, an automatic network search for all systems in our LAN. This processinstantly found all active components. With the VMware systems, PRTG also recognized thatit was dealing with hosts of virtual machines (VMs), and immediately listed the VMs installedon these hosts as sensors.Network AutoDiscoveryThe automatic network searchcan be started manually at any time, or can be executed automatically according to a schedule.This search presents a sound method of keeping the configurationup to date and incorporating newsystems in the PRTG environment. If a user would like tocreate a new group with all Windows servers, for example, all hehas to do is create an automaticnetwork search, select the appropriate probe, enter a group nameand determine how the sensorcreation should occur. There are
four options: manual creation,automatic creation according todevice, detailed automatic creation according to device (this method can create a lot of sensors)and sensor creation using devicetemplates.The last method is especially beneficial if multiple identical systems with specific componentsare part of the network. In mostcases, normal automatic sensorcreation is sufficient, and the sensors that are found can be addedto manually if desired, for exam
ple with monitoring functions forspecific server types.The next step was to decide on aschedule for the autodiscoveryand to specify the address rangethat should be searched. Thereare several options, namely ClassC IP address ranges (IPv4), a listof individual IP addresses orDNS names (IPv4 or IPv6), anetwork address with a subnetwork (IPv4) or IP with an octetrange (IPv4). With these options,
every administrator should beable to find something that suitshis network.As soon as the administrator enters the required information forthe address range, he can activatename resolution using DNS,WMI or SNMP and skip the automatic search for the addressesof already recognized devices inorder to speed up the process.The final steps included enteringthe credentials for the Windows,Linux, VMware/Xen and SNMP
systems, as well as settings andaccess information for the HTTPproxy. All of this information canbe inherited from the existingconfigurations, so that auto discovery can use the credentialsentered via the ConfigurationGuru, if applicable. The accessrights determine which PRTGuser accounts are granted accessto the resulting objects of thecurrent search. After the search iscomplete, the new sensors appearautomatically in the device over
4
Icons can be selected when adding devices, under which the devices will appearin the overview
view, which we will address indetail in a moment.The Web InterfaceNow that the installation and initial configuration were complete, we turned to the feature set ofthe monitoring tool. After logging in to the operating web interface, the administrator isshown a welcome screen, whichpresents the option to call up theConfiguration Guru again, startthe Network AutoDiscovery,switch to the device overview,download the Enterprise Console, install smartphone apps, callup the help function or contactsupport.The top part of the configurationtool’s window presents a menubar, which leads directly to themost important entries, includingthe device overview, library,alarms, etc. Further options forthe user are included under thesemain menus, which can be accessed by hovering the cursor overthe menu titles.The ‘Home’ menu, for example,contains four subentries leadingto different overview pages. These – just like any other page –can be set as the homepage, if desired, and will then appear directly after login. The overview pages present a summary of data,containing the most importantsensors (these can be marked as“favorites” by the user), the log,todos, alarms, warnings, groups,devices, sensors, sensors with thestatus “unusual” and recent logentries.A sitemap containing all linksavailable for the active user account is also available, as well asthe option to call the mobile WebGUI and the abovementioned
welcome screen. The Home menu thus contains a wide range ofoptions to configure the PRTG
Network Monitor to deliver extensive information about thenetwork directly after login.An indepth, contextbased helpfunction is located on the right side, which explains nearly all ofthe available configuration options. This help is included on every page of the configuration tool.The Device OverviewThe second menu entry leads tothe device overview mentionedabove. This is the core of theNetwork Monitor and displayseach monitored system with itssensors in a tree structure in therespective groups. Users can seewhere errors, warnings, etc. haveoccurred at first glance, as sensors with errors appear red, thosewith warnings are yellow, andproblemfree sensors are shownin green. The device overview isnot only for data display; remote
probes as well as new groups,devices and sensors can be addedas they become necessary. In ad
dition, a geo map shows whereeach monitored system is locatedin the world, and overview chartsdisplay information regardingalarms, processor usage, datatraffic and response times. Instandard configuration, theseoverviews each show the statusfrom the past two, 30 and 365days.Clicking on a group, computer orprobe opens a correspondingdrilldown overview. If a company has all Windows servers summarized to one group, for example, clicking on this group willonly display the systems assignedto the group. In this way, IT staffis able to limit the display to individual computers or even singlesensors.If the system displays the datafrom a single computer, all sensors found on this computer are
5
The drilldown view of individual systems presents a list of all monitored services on the system
displayed in a list. This list contains small charts, in addition tosensorspecific data including name and status, which show important information (e.g.: capacity utilization) at a glance.The individual sensor displaypresents detailed information, in
cluding 2day and 30day overviews and live data. In addition,users can set sensor parametersand modify names, scanning intervals, priority (this determinesthe order of objects in list views)and access rights.It is also possible to configure thesensors in such a way that theysend notifications upon crossingcertain thresholds or attainingcertain statuses. If a sensor statusis ‘down’, for example, a message can be sent to the administrator after a specific time period.Individual channels within thesensors can be assigned limits,
and they can be configured toshow up in charts and tables. Lastbut not least, administrators areable to insert comments here, andreview the history of each sensor.In addition to the points mentioned above, tabs are available inthe device and group views, with
which live data can be viewed ingraphs and tables, and the historycan be called up. Twoday,monthly and yearly overviewsare available, as well as the option to query “historical” data according to freely definable timeperiods.The menu item ‘Management’ isalso available in the group anddevice overviews. Here, eachuser can arrange the sensors as hepleases using drag & drop.In the settings tab, users can pause all sensors in a group or on adevice and determine the type of
sensor management (automatic,manual, etc.). It is also possibleto change device credentials, define schedules and modify otherparameters that were preset during the original network search.Tabs for creating notifications,entering comments and viewingthe history complete the featureset for group and device configuration.One more thing worth mentioning: the multiedit function canbe used to select and edit multiple objects in the sensor and device lists simultaneously. This isespecially beneficial when configuring or pausing multiple sensors at once.During the test, we noticed thatadministrating the network according to groups, devices andsensors helped us to keep a clearoverview even when working inan environment with numerouscomponents. On one hand, analarm can be configured so that itis activated by an error anywherewithin an entire computer group.On the other hand, notificationscan be set up in such a way thatonly a single sensor in a singlesystem is recognized as a trigger.The alert and analysis options arethus minutely customizable to fitthe requirements of specific situations and staff, without reducing the clarity of the entire system.LibrariesContrary to the device overview,libraries allow the user to createcustomized views according tovarious criteria. Environmentsthat are listed in the device overview according to technicalaspects, like operating systems orroles in networks, can be arran
6
The ‘sunburst view’ provides information regarding the status of monitoredcomponents at a glance. The overview becomes more detailed as one movesoutward, and individual systems pass on their status to the inside. This way,Paessler ensures that the inner ring, which represents the entire network, isonly displayed errorfree when none of the outer systems shows an error.
ged in such a way as to reflectthe organizational structure of thecompany and its departments(marketing, accounting, IT, management, etc.). The individuallibrary views can be generatedand modified directly in thebrowser using drag & drop.To insert a library, the user mustsimply enter a name and the ac
cess rights for the object; the library is then immediately available for further application. Existing libraries can be changed atany time. We had no difficultiesworking with libraries during thetest.SensorsThe sensor overview comprises alist of all sensors with their statuses and a small chart, which displays capacity usage and otherimportant information. Whencreating a new sensor, PRTGNetwork Monitor first asks theadministrator if the sensor shouldbelong to a new or an existing
device, what the device symbolis, whether the connection runsover IPv4 or IPv6, what the credentials are and whether sensorcreation should occur manuallyor via automatic search.If the administrator decides formanual sensor creation, he canchoose from an array of 131 predefined sensor types. Paessler of
fers categorized decision supportto simplify this process.The user can answer questions tofind appropriate sensor types.These questions are: “Monitorwhat?” (availability/uptime,bandwidth/ traffic, speed/performance, CPU usage, disk usage,memory usage, hardware parameters, network infrastructure,custom sensors), “Target SystemType?” (Windows, Linux/MacOS, Virtualization OS, File Server, Email Server, SQL Server),“Technology Used?” (Ping,SNMP, WMI, HTTP, SSH,packet sniffing, NetFlow, sFlow,
jFlow). With the help of thesecategories, we were able toquickly and efficiently set up thesensors we needed to monitor ourExchange systems and our vSphere environment.Various options are available inthe Sensors menu to provide theuser with an overview of the sensor data and results. These include top10 lists for various attributes including “Best Availability”, “Fastest Ping”, “Worst Downtimes”, “Slowest Ping”, “Lowest Bandwidth Usage”, “FastestWebsite”, etc. Overviews organized according to current status,uptime/downtime, group and typeare available as well. It is evenpossible to compare sensors andview historical data. This provided us with very interesting insight in our network during ourtest.AlarmsThe PRTG Network Monitor offers extensive alarm functions.The alarms can even be used toautomate restarts and to executePowershell scripts, batch files,and DLLs. PRTG also includes alist of current alarms and warnings. Hovering the mouse overthe list (this applies for otheroverviews as well), the web interface blends in an overviewwindow with the most importantdata and charts for the respectiveentry. This is very helpful whenlooking to attain a quick impression of multiple entries withouthaving to open each one individually.MapsMaps offer a graphical networkoverview that can be enhancedwith background images. A location map can be created for allcomputers in the building, for
The monitoring software presents the data and measurements for each sensorin a chart. Here, the CPU usage of a server is displayed over the time span ofone month.
7
example, on which the status ofeach system appears next to itslocation on the map. New mapscan be created at any time andcan even be published, so thatthird parties can gain access to
the included information. A mapis also an ideal option for the homepage that is presented directlyafter login. Maps can also be effortlessly integrated in externalwebsites. Maps can be created –just like libraries – via drag &drop from the device tree.Paessler provides additional symbols for the maps, which symbolize transparent components, likeunmanaged switches, and external abstract systems, like the Internet. It’s no problem to incorporate connections between individual systems in the map, either.We found one overview map ofour LAN to be so useful in ourtest that we set it up as our homepage.ReportsThe monitoring system enablesdata and graphics to be combined
in reports. Onetime and recurring reports are both available.The time frame for which a report should be issued can be defined manually, and reports can bedisplayed as HTML, generated as
PDFs and sent per email. Variousreports are included in the software, like the “100 Fastest HTTPSensors”, “100 Slowest PingSensors”, etc. Reports on bandwidth, CPU usage, memory usage, disk space and availability areavailable as well. All reports arefully customizable.Reports can be saved and calledup again at any time. The sensorsthat the report is based upon canbe selected manually or according to tags. Selection by tagcreates dynamic reports: if an administrator assigns one of thesetags to a sensor or group, it willbe included in the appropriate report.To delete a component from thereport, the administrator mustsimply delete the tag. Reportscan also be created and sent out
according to a predefined schedule. We encountered no difficulties here in our test.LogsPRTG displays its log in listform. The time frame and number of rows that should be displayed in the list of log entriescan be specified at any time. Allentries can be displayed, or theycan be filtered according togroup, system events or statuschange (ie: OK, down, paused/resumed, acknowledged orunusual).ToDosThe todos act as a notificationservice for the user. They includeinformation that the administratormust confirm, including theavailability of new program versions or activation of new sensors. The system also uses theseto advise users of newly createdreports.SetupThe Setup menu contains all entries for managing the PRTG Network Monitor. The account settings (name, password, time zone, email address, notificationsettings, etc.) are included aswell. The PRTG status, on theother hand, contains informationregarding the software version,operating system, time, CPUusage, license, etc.Administrators can use the PRTGstatus to create a snapshot of thedatabase, in case they require assistance from the Paessler support team, to restart all probesand to write a probe status file.The ‘autoupdate’ function ensures the PRTG Network Monitoris always up to date. This workedflawlessly in the test. Also interesting: the system administrati
8
A network map set up as the homepage
on. Here, the administrator canconfigure diagrams and colors,define the name of the PRTGwebsite and select a map provider (MapQuest, Nokia Maps,CloudMade or Google). The monitoring tool can even be integrated in the Windows domain sothat existing user accounts withinthe company can be used forPRTG as well. Apart from that,threshold values can be set hereto distinguish unusual incidents.The next entries deal with thesettings for sending notifications(via an internal or external mailserver), communicating with external probes and working withuser accounts. Various user accounts can be set up for differentmonitoring tasks. Users can beassigned to groups, alarm settings can be made and rights can
be assigned (“read/write” or“read only”). Command menusfor managing clusters, downloading additional software (Enterprise Console, apps for mobiledevices and installation files forremote probes) and entering the
license round out the configuration tool’s feature set, along with adocumentation of the PRTG API.The tool has been set up in a clear manner and – often thanks tothe good help function – requiredonly a short familiarization phase.The Android AppPRTGdroid afforded us secureaccess to the information fromthe PRTG Network Monitor,anytime and anywhere. The configuration effort was minimaland the mobile web interface iswell suited to viewing data. Large icons make the interface especially ‘thumb friendly’. Becauseit can be used with any browser,the app does not necessarily haveto be installed, but it does expandthe feature set of the Mobile WebGUI with the very handy oppor
tunity to display notifications onthe mobile device.Exchange MonitoringThe monitoring options Paesslerprovides for the Exchange Serverare extensive. The system places
a total of 97 sensors at the user’sdisposal that are specially designed for Exchange systems andenable monitoring of variousareas including memory, the database and the number of activeusers.Several sensors are very straightforward and selfexplanatory, like the sensor that counts thenumber of notifications sent persecond or the sensor that informsadministrators of logon operations per second. Others are notquite as simple, like the “Database Cache % Hit edgetransport”.Keeping an eye on individualmail queues is generally important when monitoring Exchangeservers, as it makes it easy to determine if email sending starts topile up. The number of emailssent per second is just as important: this sensor can be used todetermine if a computer in thenetwork is being misused to sendspam.Apart from that, the CPU andmemory usage should be monitored, as well as the mail servicesPOP3, IMAP4, SMTP and thequeues for internal redistributionof emails to email inboxes. Ifthere are no problems here, thereis a good chance that the Exchange Server is in good shape.The “Roundtrip Sensor”shouldn’t be forgotten here, either. It sends an email to an external service, which the administrator must configure in advanceto instantly and automatically return the email. This enables theadministrator to determine howlong it takes to send the messageto the selected service and back.In our test, monitoring of our Exchange 2010 servers workedflawlessly.
9
The Exchange monitoring function comes with a large number of sensors
Monitoring vSphereWhen monitoring virtualizationenvironments based on VMware(we used vSphere 5 and ESXi 5systems for our test), the following points should be kept in mind:if the credentials for the virtualization hosts are entered correctly,the Network AutoDiscovery willfind the system, recognize it asan ESXi host and instantly set upsensors to monitor the VMs running on the system. This entireprocess is incredibly simple andruns out of the box. When working with vSphere servers thatmanage multiple ESXi systemsand Vmotion, which is used tomove VMs from one host to another according to capacity utilization, the procedure describedabove cannot be used. If Vmotion shifts a VM from one host toanother, this process sets off analarm in PRTG, as the VM suddenly ceases to exist on the corresponding host.In this case, the ESXi hostsshould be monitored over the vSphere server instead of being monitored directly. PRTG thusviews the ESXi hosts from thevSphere’s perspective and recognizes that the VM is still running, just on a different host. Alittle bit of handiwork is requiredin order to realize this. The vSphere server is Windows software that runs on a Windows server.When searching this server withNetwork AutoDiscovery, thePaessler product sets up standardWindows sensors, but does notset up the VMware sensors; theadministrator must do this manually. In this case, the login datafor the ESXi server cannot beused as credentials for the VMware environment; instead, oneof the Windows user accountsthat have access to the vSphere
server must be used. This processposed no problems for us duringour test.ConclusionThe PRTG Network Monitorcompletely convinced us. Thesystem is easy to install and canbe set up quickly and seamlessly,
thanks to the Configuration Guru. A major feature is that thesoftware operates without agentson the monitored systems. Thisnot only saves the IT department’s time, but even preventshaving to touch systems in thenetwork, which is very appealing, especially with critical installations.We also have to emphasize thesoftware’s incredible range offunctions. Paessler put a lot of effort into providing effective,highcapacity sensors for all servers generally found in modernIT environments. This appliesnot only for Cloud services likeDropbox and Salesforce, but also
for the monitoring of virtual environments and standard applications like Exchange. The administrator can even keep track ofnetwork traffic using NetFlow,sFlow, jFlow and packet sniffing.In most cases, the Network AutoDiscovery sets up all necessarysensors on its own. In the event
additional sensors must be manually integrated in the environment, this procedure is quick andshouldn’t cause any problems fornetwork specialists. Other positive points are the libraries andmaps. These provide flexibleperspectives that are not onlymeaningful for technicians, butthat are clearly understandablefor staff from other departmentsas well. The required effort forthese views is low and it is evenpossible to publish maps on external sites. The comprehensive,highperformance alarm and report functions complete the positive overall impression we received from the PRTG NetworkMonitor.
It’s important to keep an eye on the vSphere server as well as the individualhosts when monitoring VMware environments
10
Top Related