CommandCenter-NOC Product Features

Availability and Performance Monitoring

• Performance thresholds:
  Provides ability to set performance thresholds. Events are generated upon when "High" thresholds are exceeded or when the values fall below "Low" thresholds. You have complete control over these thresholds including their high or low value, their re-arm values, and the number of consecutive data samples which must be exceeded to trigger the generation of an event.
• Network, systems, servers, service fault monitoring:
  Agentlessly monitors for faults on your heterogeneous multi vendor network. The typical network might include a Cisco, HP, or Juniper router; Checkpoint or SonicWall Firewall; Dell, IBM, HP or Sun server running Linux or Microsoft® operating system; running database and web services. CommandCenter NOC is uniquely designed to monitor your complete network. Application/service pollers are available to generate synthetic transactions to simulate actual user activity to alert you of faults such as web site not severing pages or database is not processing transactions. Windows WMI is used to detect faults in your Windows systems such as service stopped. SNMP is leveraged to monitor your network devices and non-windows servers to alert you of faults such as a port is down or a fan has failed. CommandCenter NOC leverages its understanding of the network topology and its correlation engine to present the root fault and suppress secondly events. You can leverage and deploy these three available options in any combination.
• Network, systems, servers, service performance monitoring:
  Agentlessly collects and reports on the performance of your heterogeneous multi vendor network by leveraging the synthetic transactions, WMI, SNMP, Netflow, and Traffic monitoring. Ability to set performance thresholds to alert of performance changes on Windows/Linux/Unix systems and network devices. This data is transformed into information by a common database and reporting engine that produces informative graphs so trends on the following can be easily identified.
  • Network usage by:
    • application protocol
    • IP protocol
    • Ethernet protocol
  • Windows/Linux/Unix Server:
    • Memory utilization
    • Processor queue length
    • Disk utilization
    • Bytes sent/received
    • Network utilization
    • Processor interrupts
    • Processor utilization
    • HTTP Latency (Round Trip Time)
    • ICMP Latency (Round Trip Time)
  • Windows Exchange
    • Messages/sec
    • Bytes/sec
    • User activity
    • Mailbox send queue size
    • Mailbox avg remote delivery time
    • Mailbox messages sent/received
  • Windows Active Directory
    • DNS Full zone Transfers
    • DNS incremental zone transfers
    • DNS Server – Queries
    • DNS Server - Updates
    • DNS Server – WINS Queries
    • DNS Server – Zone transfer failures
  • Windows SQL
    • Ave. wait time
    • Lock req/sec
    • Lock timeouts/sec
    • Lock wait times
    • Lock waits/sec
    • # deadlocks/sec
    • Cache hit ratio
    • Cache object counts
    • Cache use counts/sec
    • Cache page
  • Windows Terminal Server
    • Terminal server sessions
• Start/stop/auto-restart windows services:
  Consolidated access to understand the current state of the services on one or all of your windows systems. The ability to click to start and stop services or set services to automatically restart if that is the standard response to the service fail.
• Preloaded SNMP MIBs with load your own option:
  The CommandCenter NOC allows you to handle traps from your network's devices as normal CommandCenter NOC events. You can configure severities and notifications for these custom traps. You can View All MIBs and see the SNMP MIBs that are currently supported or you can install a MIB if you want to add support for its traps.
• Built-in and custom application/service pollers:
  Using industry standard protocols and ports, CommandCenter NOC can automatically check the status of services on the network at user-specified intervals. Administrators can enable or disable specific pollers and define new custom pollers. Built-in pollers include those that poll for the following services: Citrix, DHCP, DNS, Domino, FTP, HTTP, HTTPS, ICMP, IMAP, Informix, LDAP, MySQL, Oracle, POP3, Postgres, SMTP, SNMP, SQLServer, SSH, Sybase, TFTP, Telnet.
• Easy point and click web interface:
  A simple, intuitive web interface allows access from anywhere with the need for extensive training or a client.
• Consolidated event engine (Windows, Network, Syslog, & Security):
  Events are records of significant occurrences in your network, on your systems, or within your management appliance. By viewing events via the Events Browser, you can gain insight as to what is going on in your network, whether it is network management, Windows management, or intrusion detection information you seek. The Web Console is designed to make it easy for you to quickly navigate to the events in which you are interested. Once there, a suite of search, filter, and sort tools will allow you to manipulate the events you wish to see, and quickly get down to the specific subset of events that outline the network situation you wish to further explore. If you wish to search for particular events, you can either search for events using the Event Text: search box, or by clicking on Advanced Search, which will redirect you to a page populated with various search and filter criteria.
• Per device custom thresholds:
  Provides ability to set per node performance thresholds for alerting.
• Alert via email, SMS, pager:
  When important events are detected, users may receive a notice, a descriptive message sent automatically to a pager, an email address, or both. Once a notice is sent, it is considered outstanding until someone acknowledges receipt of the notice via the Notification interface. If the event that triggered the notice was related to managed network devices or systems, the Network/Systems group will be notified, one by one, with a notice sent to the next member on the list only after 15 minutes has elapsed since the last message was sent. This progression through the list, or escalation, can be stopped at any time by acknowledging the notice. Note that this is not the same as acknowledging the event which triggered the notice. If all members of the group have been notified and the notice has not been acknowledged, the notice will be escalated to the Management group, where all members of that group will be notified at once with no 15 minute escalation interval.
• Integrated troubleshooting tools:
  From the CommandCenter NOC web interface, a suite of tools is available for network troubleshooting, including Ping Host, Port Test, Trace Route to Host, Profile Route to Host, Domain Resolution, and SNMP Walk

Asset Management

• Network discovery:
  Allows for global or single device discovery of network assets, e.g. servers, desktops, network infrastructure devices.
• Hardware inventory:
  Thru the use of industry standard protocols, CommandCenter NOC can provide hardware information on discovered assets. For example, CC-NOC can provide Windows server information around manufacturer, physical memory, physical disk, processor, network adapters.
• Software inventory:
  Thru the use of industry standard protocols, CommandCenter NOC can provide software information on discovered assets. For example, CC-NOC can provide Windows server information around operating system versions, service pack, builds, serial numbers, applications installed, and systems services installed.
• Import and export data:
  The asset import function imports a comma-separated value file (.csv), (probably exported from spreadsheet) into the assets database. All asset records can be exported to a comma-separated value file (.csv), which is suitable for use in a spreadsheet application.

Security Monitoring

• Built-in SNORT® intrusion detection and prevention engine: Snort is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. With millions of downloads to date, Snort is the most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry.
• Built-in vulnerability scanning engine: Scans the network for vulnerabilities and assists network administrators in resolving security concerns. No requirement for deployment of agents on the target systems allows for rapid deployment and eliminates the need for agent patching.

Traffic/Bandwidth Analysis

• Constantly monitors the bandwidth usage of your network and sorts the network traffic by ethernet protocol, internet protocol, and application protocol. This gives you a quick and accurate analysis of how your network is being used.
• Monitors the most frequently requested web sites and domain names on your network and tells you which nodes are using the most bandwidth (e.g. Top IP Talkers) and which connections between nodes are experiencing the most traffic (e.g. Top Sessions).

Reporting

• Service level availability & outage reports:
  Provides a graphical or numeric view of your service level metrics for the current month-to-date, previous month, and last twelve months by categories.
• Inventory reports:
  Generates an HTML or XML report that contains all inventory information that has been collected about nodes on your network. This report can be used for software license auditing or asset tracking. If you would like to create custom inventory reports, the XML format can be transformed into any number of formats using standard XML tools.
• Intrusion detection reports:
  Generates detailed HTML reports about security events on your network over the past week, including top signatures detected by the selected appliance and breakdowns of the signatures by severity and signature type.
• Vulnerability report:
  Allows you to generate an HTML report with the descriptions, severities, suggested solutions, and impacted node lists of vulnerabilities that were discovered during recent vulnerability scans.
• Performance reports:
  A way to easily visualize the critical SNMP and WMI data collected from managed nodes throughout your network. Provides a way to see how particular devices in your environment are performing through a graphical visualization of historic CPU, RAM, disk, and network statistics. The types and time spans of the graphs included in this report are configurable.
• Delta inventory reports:
  Generates an HTML report that documents the inventory changes that have occurred on the network. For a given timeframe, the report will show devices that have been added or removed from the network and software that has been installed or removed from managed systems.