Network Monitoring

Network Monitoring Introduction

The objective of Network monitoring is to improve the amount of time a node or service is ready for processing transactions and improve the performance of a network node or service. Being able to monitor these attributes is a required part of effective network monitoring. Without a view of a network's availability and performance it is virtually impossible to effectively monitor the network for efficient day-to-day operations, let alone effectively planning for network upgrades and changes.

Raritan's approach to network monitoring is based on the following principles. First, monitoring should be robust. You should have access to all the information needed to make the right decisions. Second, the actual users' real-world needs should be considered so that what is provided is useable information, not a lot of raw data. And finally, network monitoring tools should be simple to deploy. IT administrators and directors have lots of complexity with which to deal. The deployment of a network monitoring solution to make life easier and more efficient ought not to be so complicated that the remedy is worse than the problem.

Network Monitoring with CommandCenter NOC

Enter CommandCenter NOC. It is designed to provide you with the information necessary to support critical decisions in your environment. Depending on your role, the nature of those decisions may vary from a help desk technician analyzing memory usage to determine if upgrades are appropriate, to a network designer using router buffer failures to support sizing decisions in equipment acquisitions.

The Raritan® CommandCenter® NOC performs network monitoring with a powerful polling engine, keeping close watch on your Windows® servers, Linux®/UNIX® servers, network devices and applications. It can also continually monitor the performance of your network using configurable thresholds. If an outage is detected, or a threshold is crossed, the appropriate staff members can be alerted with e-mail or pager-based notifications. Problems can then be corrected before an outage occurs, increasing uptime and enhancing your company's productivity. Escalation groups can also be configured, ensuring that problems receive prompt attention.

CommandCenter NOC gives you a way to consolidate and manage event log files. It collects event logs and syslog from Windows, UNIX and Linux servers; network devices and from CommandCenter NOC itself at five-minute intervals. The collected logs can be viewed from the event browser, searched by keyword, queried using a variety of criteria or exported into comma separated values (CSV) files. The CommandCenter NOC can even notify you when events of a certain severity level get logged on these servers.

How is Network Monitoring Performed

CommandCenter NOC discovers devices in the network using the ICMP protocol. Once discovered, further data such as the operating system, is collected from the device and the device is then assigned a license – an Infrastructure Device license for UNIX/Linux servers and network devices, a Server license, or a Workstation license.

Infrastructure Device license: An infrastructure device is eligible for the following functionality:

• Capability scans once every 24 hours for new services and/or inventory information
• Service availability polling
• SNMP performance data collection
• SNMP performance thresholding
• Syslog event collection
• Notifications

Sever license: Windows systems which support Windows Management Instrumentation (WMI) are eligible to be assigned a Server license. In order to be auto-licensed as a server, WMI must retrieve an operating system role indicating a server. A server device is eligible for the following functionality:

• Capability scans once every 24 hours for new services and/or inventory information
• Service availability polling
• SNMP performance data collection
• Windows performance data collection
• SNMP performance thresholding
• Windows performance thresholding
• Windows event collection
• Notifications

Workstation license: A Workstation license can be assigned to any type of device. For example, a Linux box which is discovered as a node and which does not support any of the infrastructure services, as well as a desktop Windows system, will be assigned a Workstation license. A workstation device is eligible for the following functionality:

• Capability scans once every 24 hours for new services and/or inventory information

A device with a Workstation license may be converted to any of the following licensed states:

• Server (if the device is a Windows system which supports WMI)
• Infrastructure Device (if the device is SNMP enabled)
• Unmanaged

Network Monitoring Notifications

Network monitoring requires an effective notification service that listens to every event generated and, depending upon the configuration, notifies the concerned users. These notifications are performed via e-mail, BlackBerry, Cell Phone, or a paging service.

The notifications service evaluates each event against the notifications rules you configured in the administrative interface. If an event fits one or more rules, CommandCenter NOC will perform a notification and then schedule itself for the next escalation in the escalation path. If no one has confirmed the notification before the scheduled time, it will notify the next person in the escalation. The notifications service does not generate any events; it only reacts to them. It does, however, save its history in the database so that you can review past notifications.

CommandCenter NOC can be configured to automatically send and escalate to an e-mail address, cell phone, a pager, or any combination, notices with descriptive messages when specific events occur. To receive notices, a user must have their notification information configured in their user profile, notices must be turned on and an important event must be received.

CommandCenter NOC provides default event notifications grouped by Event Label. Each event is listed in its own panel and may be turned on or off. The columns are as follows:

• The Notice Name column identifies the unique name of the notice and reflects the event that will trigger the notice. Click on the name to obtain details.
• The Match Rule column shows which IP addresses and/or services are associated with a notification. It is an interface/service rule that will be matched against data to validate if the notification should be sent. The order of the notices with the same Event Label is important. Notices with more specific rules should be placed before those that are more general to ensure that the correct notice is chosen.
• The Send To column shows the notification path. Notification paths determine to whom and how the notice is sent.
• The User Rollup column shows if this feature is on or off. The user rollup feature prevents a user's e-mail or pager from being overloaded by simultaneous notifications. The feature "rolls up" into a single e-mail or pager message all the notifications that occur over a short period with summary information about each individual notification.
• The Status column shows whether or not a particular event notification is currently being sent, provided notifications are turned on for the whole system. If you want to control the notifications sent out for a particular event, use its turn on/off toggle button. The text on the button will show the action that will be taken when pressed.

Notification Interface/Service Rule

You can decide to build a rule based on filtering the interface and service information contained in an event. If a match occurs, the rule determines that the notification is to be sent.

Notification Groups

You have the ability to assign users to a group of people who should receive certain notifications or create additional groups. Notification groups are used when defining a notification path. CommandCenter NOC provides a default set of notification groups as listed below.

Notification Paths

Notification paths define the users or groups who will receive notifications, how the notifications will be sent, e.g., numeric or text pages, SMS or e-mail, and who to notify if escalation is needed. Notification paths are selected when configuring an event notification. CommandCenter NOC can be configured to send a subsequent escalation notification. This escalation can be sent to an individual user, a group, or an e-mail address.

Thresholding

Thresholding allows notification of potential problems proactively, before they occur, based on performance metrics. CommandCenter NOC gathers performance data directly from managed devices using SNMP, and through a proxy system for Windows Servers and workstations. Each time data is collected or reported, CommandCenter NOC compares certain data points against configurable threshold values. If the value is higher than the threshold value (or lower depending on the threshold) an event will be generated and can be configured for notification.

Create Modify and Delete Users, Build Views and Create Categories

You have the ability to add, delete and modify users; build views and create categories. You can build customized ways of looking at your network, called views, and assign them to users. Categories allow you to define specific groups of systems and/or services. The rules created when defining categories are used in the user interface, reports and availability calculations.

Views allow you to create a mapping between users and views, or the combination of categories they will see when logging into CommandCenter NOC. You can create new views, assign views to specific users by using map users, or set the default views used by the Web interface, as well as the default view used by the reporting subsystem. New views can be modified.

Only those with administrative privileges can add, modify or delete existing users. Users provide a way for you to control access to the appliance's Web interface, as well as map e-mail and pager destination addresses and duty schedules to individual technicians.

• Operators – access to everything on CommandCenter NOC except administrative configurations.
• Executive User – read-only access to a few reports that show network health at a high level.
• Admin – configuration access to the CommandCenter NOC.

Duty Schedule

Duty Schedules allow you to determine when users receive notifications. A duty schedule consists of a time range, in five minute increments, and a list of days. The time range is valid for the days checked.

Categories

Categories define specific groups of systems and/or services by rules that will be used in the user interface, reports and availability calculations. Categories are logical groupings of devices based on filters that you create. Categories can then be combined into views, providing you the ability to focus users on the nodes that are pertinent to their role. You have the ability to create, modify and delete categories and the filters that populate them. Using CommandCenter NOC's TCP/IP address matching functionality, powerful filters can be created quickly and easily.

CommandCenter NOC provides these default categories:

Events, Historic Data, and Graphs

All events and historic data are stored or summarized in one or more database. This is so that you can analyze the history of troubled network nodes or provide reports to demonstrate certain behaviors. Some data is summarized over time to keep disk utilization consistent. Most of the data that is summarized comes from sources such as the SNMP data collection service or the system management subsystem.

Network Monitoring Conclusion

Effective network monitoring begins with your desire to improve your network availability and performance. This desire combined with implementing a robust easy to deploy tool set that will provide you usable information will quickly put you on the right path to achieving your objective.