Smart Network Management For The SMB

The Shortcut Guide To
tm
tm
Smart
Network Management
for the SMB
Network Management Software Chris Hampton

The Shortcut Guide to Smart Network Management for the SMB Chris Hampton

Introduction to Realtime Publishers
by Don Jones, Series Editor
For several years now, Realtime has produced dozens and dozens of high‐quality books
that just happen to be delivered in electronic format—at no cost to you, the reader. We’ve
made this unique publishing model work through the generous support and cooperation of
our sponsors, who agree to bear each book’s production expenses for the benefit of our
readers.
Although we’ve always offered our publications to you for free, don’t think for a moment
that quality is anything less than our top priority. My job is to make sure that our books are
as good as—and in most cases better than—any printed book that would cost you $40 or
more. Our electronic publishing model offers several advantages over printed books: You
receive chapters literally as fast as our authors produce them (hence the “realtime” aspect
of our model), and we can update chapters to reflect the latest changes in technology.
I want to point out that our books are by no means paid advertisements or white papers.
We’re an independent publishing company, and an important aspect of my job is to make
sure that our authors are free to voice their expertise and opinions without reservation or
restriction. We maintain complete editorial control of our publications, and I’m proud that
we’ve produced so many quality books over the past years.
I want to extend an invitation to visit us at http://nexus.realtimepublishers.com, especially
if you’ve received this publication from a friend or colleague. We have a wide variety of
additional books on a range of topics, and you’re sure to find something that’s of interest to
you—and it won’t cost you a thing. We hope you’ll continue to come to Realtime for your
educational needs far into the future.
Until then, enjoy.
Don Jones
i

Introduction to Realtime Publishers ................................................................................................................. i
Chapter 1: The Power of Intelligent Network Management through Discovery and Mapping
.......................................................................................................................................................................................... 1
Why Do SMBs Need Network Management? ........................................................................................... 2
Network Discovery ............................................................................................................................................. 4
Types of Discovery ......................................................................................................................................... 5
Power of Scheduled Network Discovery .............................................................................................. 7
Network Mapping ................................................................................................................................................ 8
Creating Topology Maps .............................................................................................................................. 9
Power of Auto‐Created Mapping .............................................................................................................. 9
Relationship Mapping and Layer 2 Visibility ................................................................................... 10
Building Device Inventories .................................................................................................................... 12
Searching the Network ................................................................................................................................... 13
Layer 2 Traces ............................................................................................................................................... 14
IP and MAC Address Filtering ................................................................................................................ 15
Documentation, Documentation ................................................................................................................ 15
Automating Network Discovery ............................................................................................................ 16
Publishing Discovery Maps ..................................................................................................................... 16
Asset and Device Inventory Tracking ................................................................................................. 17
Smart Network Management Empowers an SMB .............................................................................. 18
Chapter 2: The Importance of Proactive Monitoring and Alerting .................................................. 20
Stop Fighting Fires ........................................................................................................................................... 21
Network Monitoring ........................................................................................................................................ 22
Systems Monitoring ......................................................................................................................................... 25
Resource Monitoring .................................................................................................................................. 27
Process Monitoring ..................................................................................................................................... 27
Hardware Monitoring ................................................................................................................................ 27
ii

File System Monitoring ............................................................................................................................. 28
Virtual Machine Monitoring .................................................................................................................... 28
Application Monitoring .................................................................................................................................. 29
IP Services Monitors ................................................................................................................................... 30
Microsoft Exchange Monitors ................................................................................................................. 31
SQL Database Performance Monitors ................................................................................................. 31
Synthetic Transactions .............................................................................................................................. 32
Alerting ................................................................................................................................................................. 32
Flexible Alerting ........................................................................................................................................... 33
Notification Policies .................................................................................................................................... 33
Reporting ............................................................................................................................................................. 34
Top‐10 Reports ............................................................................................................................................. 34
Report Subscriptions ................................................................................................................................. 35
Dynamic Workspaces ................................................................................................................................. 36
Security Information and Event Monitoring ......................................................................................... 36
Self Monitoring .................................................................................................................................................. 37
Sophisticated Monitoring Changes the Game ....................................................................................... 37
Chapter 3: The Key to Smart Configuration and Change Management ......................................... 38
Simplify Your SMB’s Network Configuration Management ........................................................... 39
Configuration Management .......................................................................................................................... 40
Centralization of Passwords and Authentication .......................................................................... 42
Centralization of Device Configuration Backups ........................................................................... 43
Secure Configuration and Change Management ............................................................................ 43
Device Management ........................................................................................................................................ 45
Compare and Contrast Device Configurations ................................................................................ 45
Rapid Recovery of Device Configurations ......................................................................................... 47
Logging of Device Configuration Changes......................................................................................... 47
iii

Notification of Device Configuration Changes ................................................................................ 48
Scheduled Tasks and Script Execution .................................................................................................... 49
Automating the Management of Device Configurations ............................................................. 49
The Power of Script Execution ............................................................................................................... 50
Make the Move to Smart Configuration and Change Management ............................................. 51
Chapter 4: Four Must‐Have Features for a Smart Network Management Solution.................. 52
Get Answers When You Need Them ......................................................................................................... 53
Real‐Time Troubleshooting—System and Device ........................................................................ 53
Real‐Time Troubleshooting—Applications ..................................................................................... 55
Finally realize the value of log data .......................................................................................................... 56
System Event Log Management............................................................................................................. 57
Collecting Log Files ................................................................................................................................ 57
Analyzing Log Files ................................................................................................................................ 58
Real‐Time Monitoring of Log Files .................................................................................................. 59
Server Virtualization Creates a New Problem ..................................................................................... 60
Virtual Infrastructure Monitoring and Management ................................................................... 61
The Network Is Always Open ...................................................................................................................... 63
Network Traffic Monitoring and Management ............................................................................... 64
SMBs Need Smart Network Management .............................................................................................. 65
iv

Copyright Statement
© 2010 Realtime Publishers. All rights reserved. This site contains materials that have
been created, developed, or commissioned by, and published with the permission of,
Realtime Publishers (the “Materials”) and this site and any such Materials are protected
by international copyright and trademark laws.
THE MATERIALS ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND,
EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
TITLE AND NON-INFRINGEMENT. The Materials are subject to change without notice
and do not represent a commitment on the part of Realtime Publishers its web site
sponsors. In no event shall Realtime Publishers or its web site sponsors be held liable for
technical or editorial errors or omissions contained in the Materials, including without
limitation, for any direct, indirect, incidental, special, exemplary or consequential
damages whatsoever resulting from the use of any information contained in the Materials.
The Materials (including but not limited to the text, images, audio, and/or video) may not
be copied, reproduced, republished, uploaded, posted, transmitted, or distributed in any
way, in whole or in part, except that one copy may be downloaded for your personal, non-
commercial use on a single computer. In connection with such use, you may not modify
or obscure any copyright or other proprietary notice.
The Materials may contain trademarks, services marks and logos that are the property of
third parties. You are not permitted to use these trademarks, services marks or logos
without prior written consent of such third parties.
Realtime Publishers and the Realtime Publishers logo are registered in the US Patent &
Trademark Office. All other product or service names are the property of their respective
owners.
If you have any questions about these terms, or if you would like information about
licensing materials from Realtime Publishers, please contact us via e-mail at
info@realtimepublishers.com.
v

[Editor’s Note: This book was downloaded from Realtime Nexus—The Digital Library for IT
Professionals. All leading technology books from Realtime Publishers can be found at
http://nexus.realtimepublishers.com.]
Chapter 1: The Power of Intelligent
Network Management through Discovery
and Mapping
You are the owner of a new upandcoming small business. After a long weekend of mapping
out the final touches of your new marketing campaign, you enter the office with a sense of
completion. You ask yourself, “What could possibly go wrong?” Before taking your first sip of
coffee, you receive an urgent email from your marketing director stating that the company’s
new Web site is not responding. You promptly head over to IT and find your senior network
administrator franticly rebuilding the configuration on the network load balancer—it seems
the new network admin applied the wrong patch and did not save the configuration during
Friday’s upgrade.
It is later in the afternoon, and your Web site is up and running again. However, it is too late,
the damage has been done. The new ad campaign ran, despite your marketing director’s
attempts to pull it from today’s broadcast. Your receptionist tells you that she has been
receiving a number of calls from customers complaining about the availability of the
advertised Internet coupons. These same customers voiced concern over the reliability of your
products—based on their experience accessing your Web site.
What went wrong and how can small and midsized businesses (SMBs) avoid these same
pitfalls? Network management, and more specifically smart network management, can be
the deciding factor. Through the selection and implementation of a smart network
management solution, SMBs can gain the needed insight into network performance to
proactively monitor the devices and systems within the network to avoid scenarios like the
earlier example. Over the next four chapters, we will review the underlying features and
benefits that a smart network management solution can provide.

1

Why Do SMBs Need Network Management?
In today’s economy, large corporations are demanding more from their investment in
information technology, and SMBs are no different. As an SMB owner, you have to keep an
eye on the bottom line while ensuring you are providing key innovations that set your
business apart from the competition. Often, information technology becomes that
distinctive innovation, and your business’ ability to efficiently manage and utilize a given
technology can mean the difference between gaining market share and becoming
yesterday’s news.
Network management allows an SMB to efficiently control and monitor the network, which
is the very foundation of the business’ information technology. Stop for a moment and
think about the importance of the network in relation to your business; email, order
processing, Internet access, and critical communications with customers and partners
represent the heart of your business operations. In fact, it is difficult to imagine your
business operating without the use of technology tools such as these.
Your network is made up of a diverse set of technologies: devices such as routers and
switches, server infrastructure systems such as Windows and Linux hosts, and critical
business applications such as messaging and database applications. All of these
technologies provide some level of management at the individual component level, but the
real empowerment comes from the centralization of network management and broad
visibility into each technology. A business that understands how to manage these
technologies and how to provide optimal performance across all devices, systems, and
applications has moved from simple network management to smart network management.
Consider the scenario presented at the beginning of this chapter; if this same business had
previously implemented a smart network management solution, the unresponsive Web site
could have been proactively detected. In addition, the failed upgrade of the network load
balancer would have been quickly recovered by restoring the last known good
configuration from a central device configuration backup.
What are the consequences of ignoring the need for a network management solution? The
cost to an SMB is visible across many levels of the business from loss of sales and corporate
or product image decline to loss of customers and an increased cost of supporting the
network due to reactive troubleshooting. Take a look at how this network downtime
affected a number of SMBs that were surveyed in 2007.
The data represented in Figure 1.1 was collected from a 2007 survey, sponsored by The
Strategy Group, that included 173 SMB respondents from the Ziff Davis Enterprise
database. The survey highlights the consequences of network downtime to an SMB. .After
reviewing the data in Figure 1.1, the surprising conclusion is the large effect of downtime to
loss of customers and decline in corporate image compared with the financial loss
experienced. This shows the importance of minimizing downtime, as the effect to the
business can be very broad.
2

% of IT Budget spent Maintaining Network
Negative Consequences of Network
based on type of Monitoring Approach
Downtime
(173 SMBs surveyed) 100%
3.6%
80%
Average Financial 47%
60%
Loss (Annual
Revenue) 69%
40%
Decline in 20%
Corporate Image
0%
Source: Ziff Davis survey Proactive Approach Reactive Approach

Figure 1.1: SMB survey data regarding network management.
The survey data also indicates that those SMBs that take a proactive approach to network
monitoring versus a reactive approach see a significant reduction in IT spending. If you take
a step back and look at this data from the perspective of an SMB owner, the picture
becomes clear: With rising costs and ever‐shrinking budgets, your revenue margin is
becoming very thin. As an SMB owner, you have to minimize the exposure a network
outage can cause to your business while keeping your IT budget under control.
The second portion of the survey indicated the cost benefit to a business of implementing a
proactive monitoring approach. Together, this data clearly indicates the importance of
minimizing network downtime, and the cost benefit of utilizing a smarter proactive
solution for the management of all network‐related devices and systems. The question is,
What does a smart network management solution look like and how does it work? At a high
level, a network management solution should provide a set of key features and benefits:
• Complete visibility—Before a business can manage the network, you first have to
understand what devices, systems, and applications are on your network. Intelligent
discovery and mapping is key to having the required visibility into your network.
• Sophisticated monitoring—To truly provide a proactive response to network issues,
you need a solution that offers both active and passive monitoring. Simple ping test
and Simple Network Management Protocol (SNMP) polling are fine for availability
and fault management, but preemptive alerting of network device changes takes
network monitoring to the next level.
• Integrated configuration and change management—Your network has many devices
each with its own configuration files and passwords. A network management
solution should provide the ability to centralize the management of these
configurations and automate required changes.

3

• Real‐time troubleshooting, trending, and traffic analysis—This is where the smart in
smart network management really pays off. By providing a solution that enables the
business to proactively detect and resolve network‐related issues, user interruption
and critical business loss will decrease dramatically. Add to this the capability of
historical trending of system and application performance, and you have a powerful
network management solution.
Together, these four high‐level features form the foundation of a smart network
management solution, as Figure 1.2 shows.

Complete Visibility Sophisticated Monitoring

Smart Network

Management

Real‐time
Integrated Configuration
Troubleshooting, Trending,
and Change Management
and Flow Analysis
Figure 1.2: Foundation of a smart network management solution.
Let’s break down each of these key features by starting with a detailed look at what is
behind the desire to have complete visibility of the network.
Network Discovery
Before any monitoring, configuration management, or troubleshooting of the network can
occur, you must have knowledge of the devices and systems that reside on your network.
The importance of having complete visibility into the network cannot be stressed enough.
No matter how good the network management solution, if you do not know the device or
system exists, you cannot manage it. When looking at network management solutions, the
first feature you should focus on is network discovery.
Note
Often overlooked are the prerequisites to a successful network discovery
process. These include enabling key protocols such as SNMP and
standardizing on the SNMP credentials across all network devices (including
read community strings for SNMPv1 or SNMPv2 devices and SNMPv3 device
usernames and passwords). Smart network management solutions
incorporate a credentials library, which allows for centralized management
of SNMP credentials across all devices.
4

Types of Discovery
The power of a smart network management solution lies in its ability to utilize multiple
types of discovery methods. Basic network discovery begins at Layer 2 and Layer 3 of the
OSI model—devices at these layers are responsible for providing reliable transit of data
across physical links and routing of packets across the network.
Network management solutions must incorporate IP discovery protocols such as:
• Internet Control Message Protocol (ICMP)—This discovery protocol tests the IP
address’ active state and responsiveness.
• Address Resolution Protocol (ARP)—This low‐level request and answer protocol is
used at the Media Access level.
• SNMP—This protocol allows discovery of detailed device information from each
SNMP‐enabled device.
Smart network management solutions should also incorporate advanced methods of
discovery such as
• Link Layer Discovery Protocol (LLDP)—This vendor‐neutral protocol is used by
network devices for advertising their identity.
• Proprietary vendor protocols such as Cisco Discovery Protocol (CDP) or Microsoft’s
Link Layer Topology Discovery (LLTD)
Note
The use of vendor protocols such as Cisco CDP and Microsoft LLTD provide a
richer set of Management Information Database (MIB) attributes for the
specific device. These advanced vendor‐specific discovery protocols should
be used in place of a general LLDP discovery if possible.
These advanced methods of discovery interrogate the device’s MIB files and gather
extensive information that helps build a complete picture of the network. Network vendors
provide management information base (MIB) files with each of their hardware devices. A
MIB is a type of database used for managing devices in a communications network. It
comprises a collection of objects in a (virtual) database that can be used to manage entities
(such as routers and switches) in a network.
One example of the use of these advanced methods is the ARP Cache discovery method.
This discovery method is highly recommended due to the ability to utilize SNMP
information from multiple network devices—it also incorporates the use of proprietary
discovery protocols like those discussed earlier.

5

One remaining element of many SMB networks that cannot be overlooked is the virtual
machine layer. Virtualization is one of the hottest technologies in the industry and many
SMBs are taking advantage of this technology to dramatically reduce the number of
physical servers in the data center. Market Research firms such as IDC and the Gartner are
predicting rapid adoption of virtualization in the SMB space over the next few years. In a
Gartner report from October 2009, Gartner analyst Tom Bittman stated “that SMB adoption
of virtualization will drive growth in the virtualization space for the foreseeable future,
resulting in more than 50 percent of workloads running on virtual machines by 2012.” As
more businesses port their server architecture to a virtual infrastructure, it becomes
critical to have visibility into the virtual machine layer.
Smart network management solutions incorporate discovery at the virtual machine layer
using protocols such as VMware’s Virtual Infrastructure Management (VIM) or VMware’s
vSphere API structure. By utilizing SNMP v3 or SSH credentials, a secure connection can be
made from the Network Management System (NMS) to the base ESX hypervisor and
discovery can occur at all critical layers within the virtual infrastructure: base hosts, virtual
switches, virtual appliances, virtual machines, and guest operating systems (OSs) as Figure
1.3 shows.

Figure 1.3: VMware (VIM) discovery.

6

The individual protocols and discovery methods discussed thus far are powerful in their
own right. Team these with the ability to build a complete network picture through
relationship mapping of each device, and you have yourself one very powerful network
discovery solution. What is relationship mapping? Think of a discovery solution that can
incorporate Layer 3 device and application mapping with detailed Layer 2 port‐level
relationship mapping. Now add to this the ability to gain visibility all the way down to the
individual port level connectivity of each router, switch, and server interface on your
network and you will begin to see the power behind this type of solution.
Power of Scheduled Network Discovery
If you think of network discovery as a one‐time task that is undertaken when building out a
network management solution, you are missing the boat. The real power in the use of
network discovery tools comes in the ability to incorporate these tools on an ongoing basis.
By scheduling a reoccurring network discovery, you will maintain a living picture of your
network environment.
Your network is in constant motion: new devices and systems are added, existing systems
are moved from one subnet to another, live migrations of virtual machines occur more
regularly and older or obsolete devices are removed from the network. You need a way to
keep track of these changes and ensure your monitoring is as accurate as possible. Tracking
these changes is the goal of a scheduled network discovery.
When a new device comes on the network—let’s say through a vendor demo or proof of
concept project—you will immediately be aware of the device and have the ability to map
the connectivity, establish monitoring, and manage the device. Equally important is the
ability to know when a device or virtual machine is removed from the network. To ensure
updated monitoring, and to maintain an accurate overview of the network status, device
additions and removals must be captured.
Network discovery encompasses a wide variety of technologies and methods. When
evaluating network management solutions, ensure that network discovery tops your list of
important features. A rich set of discovery tools will give you peace of mind in knowing that
you have a complete picture of your environment, and will bring you one step closer to
achieving complete visibility of your network (see Figure 1.4).
7

Figure 1.4: Smart network management solutions offer a rich set of discovery tools to
accurately identify, map, and represent your network—devices, interdependencies,
and locations.
Network Mapping
When Google released Google Maps in 2005, they provided a rich mapping tool that could
be used to quickly locate business and residential addresses at the click of a search button.
Just like those old paper maps we all have in our glove compartments, Google Maps helped
us understand a specific location in relation to a larger geographical context. Google Maps
provided us with a wealth of information about our chosen location: hours of operation,
points of interest, and local phone numbers, to name a few. Most importantly, a detailed
route to our location was provided showing us how to get from point A to point B.

8

Think of your network as a vast land of locations—let’s call these devices. When it comes to
network management, you need a tool much like Google Maps that can provide a location‐
based context for your devices. You also need quick access to each device’s discovered
information, such as type, manufacturer, model, CPU, memory, and so on. Finally, you need
to understand how each device is connected in order to develop a complete context for
your network. In network management, we call this process network mapping; it is critical
to understanding your network.
Creating Topology Maps
When looking for a network management solution, SMBs must focus on those tools that
provide the ability to create detailed network topology maps. Network administrators are
being asked to do more with less in today’s economy; with so many resources vying for
their attention, they need tools that provide a comprehensive view of the network with
minimal effort to create. Smart network management solutions incorporate the ability to
port the data, from the discovery tools and methods discussed earlier in this chapter, into a
detailed hierarchical map of the network.
Remember, within our discovery data we captured full addressing information for each
device and system as well as the connectivity between each device at the subnet, virtual
LAN (VLAN), and port level. This rich data set when ported into the network mapping tool
becomes a detailed network map containing a complete and accurate representation of the
live network and application environment.
Once the topology maps are created, they become a central point for visibility into the
network. These maps also allow the network administrator to dynamically drill down into
specific subnets and VLANs for additional management. Network mapping tools should
also provide the ability to drag and drop discovered devices within the map in order to
update device positions or create additional relationship mappings. Gaining visibility into
the network by using a visual representation, such as a topology map, allows the network
administrator to quickly see what is happening and how each device and system is inter‐
related. This ability reduces the amount of time needed to troubleshoot issues and helps
the network administrator become more proactive.
Power of Auto‐Created Mapping
As great as network topology maps are, if it takes a lot of effort to create these maps, the
value is diminished over time because the maps will age and the data will become
irrelevant. That’s where auto‐creation comes in. Smart network management solutions
must have the ability to integrate the captured network discovery data into the mapping
process with little effort. By utilizing a topology mapping tool, within the network
management solution, the discovered network data can easily be exported into other
network management tools or documentation applications. This enables the network
administrator to auto‐create topology maps and detailed hierarchical views in a short
amount of time.

9

Earlier, the power behind scheduled network discovery was discussed; this process
becomes even more powerful when combined with the auto‐creation mapping feature.
With this powerful combination, network administrators can keep critical network maps
updated and truly rely on them for accurate visibility into the network.
Adding to these processes, smart network management solutions provide the ability to
intelligently match the discovered devices with a prebuilt library of role‐based templates
such as routers, switches, Web servers, and email servers. Role‐based templates provide an
accurate and less time‐consuming method for developing a network topology map of your
environment, allowing critical monitoring to be up and operational in a much shorter
timeframe. Finally, support for porting of the detailed auto‐created Layer 2 topology maps
directly into the integrated monitoring software allows for rapid deployment. With all of
this, the network administrator has more than a detailed, accurate network topology map
with dynamic drill‐down capabilities; the administrator also gains a real‐time visual
troubleshooting tool that provides full monitoring and alerting of all discovered devices
and systems within a single pane of glass.
At this point, full addressing and connectivity discovery data has been captured and auto‐
creation tools have been utilized to produce a detailed network topology map. However,
you may be wondering, “Where is the smart in the smart network management solution?”
The real intelligence in these network management solutions lies within the deep
integration between features. Chapter 2 of this guide will explore the breadth of network
monitoring, but you can already begin to see how the integration of discovery and mapping
build a foundation for an intelligent network monitoring solution.
Relationship Mapping and Layer 2 Visibility
Relationship mapping was discussed earlier in the chapter, but let’s take a closer look at
this process and focus in on the key benefits. Think back to the Google Maps analogy—
when we need to travel from point A to point B, we need to understand the route to follow.
Within network management, relationship mapping is the tool that provides route
information between devices and systems. With the ability of a smart network
management solution to provide visibility at Layer 2 down to the individual port level,
intelligent network topology maps can be created with detailed connectivity routing.

10

The immediate benefit of this ability is visibility into the connectivity and routes between
devices and systems. When a device or system reports a network error, the network
administrator can step beyond individual device troubleshooting and look at the issue in
the context of the entire network (see Figure 1.5). In our introductory example of the SMB
business owner and his troubled ad campaign, had the business acquired a network
management solution that incorporated relationship mapping and Layer 2 port discovery,
the day may have gone much differently: Before the SMB business owner arrives in the
office Monday morning, the senior network administrator would have been notified that
the Web servers were not responding to an HTTP get request for the new ad campaign Web
page. The administrator could have opened the real‐time topology map and saw the failed
load balancer appliance interface, including the visual route between the Web servers and
the load balancer’s virtual IP address. Proactive steps could have been taken to correct the
load balancer’s configuration and reestablish network communication to the Web servers
all before Monday morning.

Figure 1.5: Smart network management solutions also offer a highlevel view of
errors and problems, so you can quickly ascertain the overall impact of a failure.

11

Building Device Inventories
Often overshadowed by other features such as monitoring and alerting, device inventory
management is a key feature when looking for a network management solution. The goal of
a device inventory management system is to have a complete, up‐to‐date, and accurate
view of all network devices, including routers, switches, hubs, systems, printers, and
software. At minimum, a device inventory management system should provide basic device
class information and capture what is installed on the device through a Layer 3 discovery
process. Taken a step further by utilizing a rich data set captured during additional Layer 2
discovery processes, device inventories become an integral part of the overall network
management solution.
Without a network management solution, building and maintaining an inventory and asset
database is a daunting task involving complicated login scripting, additional vendor
software to install and maintain, and more time away from other tasks for your network
administrator. Through the integrations of the device inventory management system into
the overall network management solution and fully automating the capture, categorization,
and reporting of all network assets, the task becomes much easier.
Smart network management solutions capture a wealth of information from every device
and system on the network during the discovery process. To do so, they use SNMP queries
of the device‐specific MIBs and advanced discovery methods such as Link Layer Topology
Discovery (LLTP). In addition, the ability to use intelligent matching against a pre‐built
library of vendor‐specific device templates and attributes enhances the inventory
management system. The following list highlights key device categories to look for in a
network management solution:
• Networking devices including routers, switches, hubs, and wireless access points
• Server OSs including Windows, Macintosh, Linux, and Unix
• Virtualization infrastructures including VMware vSphere 4, Microsoft Hyper‐V, and
Citrix XenServer
• Printers including network printers, multifunction copiers, and plotters
• IP phones including Cisco, Nortel, and Avaya
• Power/UPS including APC, Belkin, and Liebert
Once a device or system is categorized, additional attributes are captured and tracked.
When used in conjunction with scheduled network discovery, an automated, complete, and
accurate inventory of each device and system on the network can be easily maintained.

12

Searching the Network
The usability of a network management solution is just as important as the powerful
discovery tools or advanced monitoring options. Let’s face it, if you have a system that can
capture detailed device information including vendor‐specific attributes and can track
connectivity for every device down to the port level but you cannot easily interface with or
use this data, then what is the point? Smart network management solutions must provide
an intuitive interface and dynamic tools to interact with the captured data (see Figure 1.6).

Figure 1.6: Look for a smart network management solution that will enable you to
document and publish your network topology views to external applications, such as
Microsoft Vision, for future use.

13

One key point to focus on is the ability to search the network; the network management
solution must have the ability to reach into the network and quickly find specific device
information and report back using an intelligent interface. Among the many search
features, it is important to have wild card search capabilities for device configurations,
inventory categories, and device‐specific attributes. This feature simplifies the process of
finding devices or systems quickly, especially in network environments that are constantly
changing. Two additional search‐based tools are Layer 2 traces and IP/MAC filtering. These
tools provide key insight into device connectivity and addressing that can be used by
network administrators during troubleshooting.
To see how these tools work in the real world, the following section offers a short
troubleshooting scenario that uses the Layer 2 trace. Additionally, the IP and MAC filtering
tool is highlighted for it’s ability to resolve IP addressing issues.
Layer 2 Traces
Network administrators often need immediate route information between network devices
when troubleshooting connectivity issues. Having a tool that provides a visual reporting of
the network data path is critical. Layer 2 traces allow the administrator to input a source
and destination device, by IP address or hostname, and the tool will actively trace the
network path. A visual representation of the network path is displayed showing each
device, IP address, and interface name along the path.
By using a Layer 2 trace, the network administrator can easily build a complete picture of
the current network connectivity between devices and see in a single view the status of
each point in the connection path. Figure 1.7 shows a simple network configuration
between two server devices. Without a Layer 2 trace, it would be hard to see that the
communication issue was a failed port on the workgroup switch on the destination LAN.

Figure 1.7: Basic network diagram.

14

Table 1.1 shows the output from a Layer 2 trace clearly indicating the failed switch port.
This capability to quickly see the status across all connectivity points is very powerful.
Device IP Address Interface Name Status

Server A 192.168.2.100 e1 Up
WGSW1 192.168.2.1 e10 Up
WGSW1 192.168.2.1 e2 Up
Router1 192.168.2.254 s0 Up
Router1 192.168.3.254 s1 Up
WGSW2 192.168.3.1 e2 Up
WGSW2 192.168.3.1 e8 Down
Server B 192.168.3.120 e1 Down
Table 1.1: Layer 2 trace report.
IP and MAC Address Filtering
Another key search tool to assist the network administrator is IP and MAC filtering. Often,
within network environments, the assignment of IP addressing is not carefully managed.
This may be caused by inefficient practices or shared management of large IP address
ranges. This problem manifests itself in the form of duplicate IP address assignments, thus
causing network conflicts as multiple devices are responding on the same IP address.
Network management solutions that incorporate an IP and MAC address filtering tool allow
the administrator to query the discovered network devices and list each device that has
reported associations with the specified IP address or MAC address. The returned data
should include the device name, IP address, and interface name. In addition, the filter can
list those devices that are currently linked to the IP or MAC address. This ability allows the
administrator to quickly narrow in on rogue IP addresses and resolve network conflicts.
Search tools such as Layer 2 tracing and IP address filtering enhance the network
management solution, giving the administrator additional troubleshooting capabilities.
Documentation, Documentation
Documentation conjures up negative thoughts in the minds of most network
administrators. Memories come rushing back of late nights in a cold data center tracing
cables and logging port numbers. Those of us that have spent time working in large IT
organizations understand the importance of documenting the network. Networks are
becoming more and more complex, involving multiple layers of devices and systems.
Having up‐to‐date and accurate documentation for the entire network—from edge
network devices such as routers, firewalls, and gateway appliances to core server network
devices such as layer 3 and layer 2 switches, and finally the systems themselves and their
associated applications—is critical. Add to this the complexity of virtual infrastructures
including their own switching, systems, and applications, and the importance of having
good documentation becomes even clearer.
15

If documenting the network is so important, why do many organizations fail to produce or
refresh their network documentation? The problem is that documentation is usually an
afterthought in many organizations; most network administrators do not have the time to
capture all the required device information, network connectivity, and relationship
mapping to properly document their network. Within today’s SMB network environments,
there is no less complexity and the need for documentation of the network is just as
relevant.
Smart network management solutions can solve this problem by addressing two core
issues: discovery of network devices and documentation of the network. Let’s take a look at
how a network management solution solves these issues.
Automating Network Discovery
This chapter discusses the features and benefits of automated discovery of network
devices. The ability to discover Layer 3 and Layer 2 devices and systems on the network
has been highlighted. Also, the ability to provide a complete picture of the network by using
relationship mapping and Layer 2 port‐level connectivity discovery is detailed. Finally, we
explored the power behind a scheduled network discovery process through which, on a
regular basis, the captured network device data can be updated to account for device adds
and removals. When looking at these features again from a documentation perspective, you
can see how the same automated discovery process and collected data that is easily ported
into detailed network topology maps can benefit the documentation process. The key here
for network administrators is that smart network management solutions automate this
entire process and simplify the collection of the required network information to complete
their documentation initiatives.
Publishing Discovery Maps
With the ability to automatically discover a wide variety of network devices, classify these
devices, and port the discovery data into highly detailed topology maps, there is only one
step remaining for completing documentation. Network management solutions that
incorporate the ability to automatically generate network maps or custom map views and
publish these maps into popular documentation tools, such as Microsoft Visio, help achieve
that final step for network administrators.
The added benefit of running scheduled discovery allows administrators to easily refresh
their network documentation. They also gain insight into the impact, if any, that design
changes or device additions had on the network.

16

Asset and Device Inventory Tracking
Another important area of documentation revolves around asset and device inventory
tracking. Many businesses are under a mandate to keep close records of their computing
and network resources for accounting purposes, such as depreciation tracking. As with
general network documentation, the process of gathering asset information is very labor
intensive if not automated. Network management solutions that provide the ability to
automate the collection of asset information and then export the collected device inventory
information gathered adds significant value. Through support for export to either CSV or
Excel formats (see Figure 1.8), the inventory data can be easily imported into other
inventory‐tracking systems. By integrating the scheduled discovery process into the asset
and inventory management tracking, inventory databases will be kept current and
accurate.

Figure 1.8: With smart network management solutions, you can collect and export
network asset information in CSV or Excel formats to seamless integrate with other
inventory‐tracking systems.

17

Just as important as data collection is the data itself. If the network management solution
only provides very basic information, the inventory tracking system will be limited in
value. Smart network management solutions must incorporate platform identification and
vendor‐based classification. These two methods within the discovery process provide the
rich set of device‐specific data that a good inventory management system needs. When
looking for a network management solution, make certain that the inventory discovery
capability provides platform identification and classification for devices across the
following areas:
• Vendors including Cisco/Linksys, Foundry, HP, Nortel, 3COM, Extreme, Netgear,
Dell, SMC, VMware, and Alcatel
• Device types including routers, core switches, distribution switches, firewalls and
servers
• Hardware specifications including model, CPU, memory, and network interfaces
• Software information including OSs, applications, and service packs
• Network including ports and VLANS
Smart Network Management Empowers an SMB
This first chapter outlines the value that a smart network management solution provides to
an SMB through intelligent network discovery and mapping. This chapter introduces the
first foundational feature, complete visibility, and highlights that through the use of key
features such as Layer 2 port‐level discovery and virtual infrastructure discovery you can
build a complete picture of the network. In addition, this chapter discusses detailed
topology mapping and asset inventories that capture the discovered information.

18

Chapter 2 covers the second foundational feature, sophisticated monitoring. In this chapter,
we go into detail about the importance of proactive monitoring and alerting, provide
insight into the most desired monitoring technologies, and review the useful reports to
look for in a network management solution.
Chapter 3 continues the conversation by discussing the third foundational feature,
integrated configuration and change management. Here, we cover the benefit of centralizing
device configuration and password management. Chapter 3 also takes a look at the ability
to compare device configurations and recover from failed device configurations.
Chapter 4 concludes the discussion by focusing on the final foundational feature, realtime
troubleshooting, trending, and network traffic analysis. This is where the smart in smart
network management really pays off. By providing a solution that enables the business to
proactively detect and resolve network‐related issues, you will dramatically reduce user
interruption and critical business loss. With the addition of historical trending of system
and application performance, you will have a powerful network management solution.

19

Chapter 2: The Importance of Proactive
Monitoring and Alerting
I have spent a good portion of my career as a consultant working with businesses both
large and small. One consistent problem I have seen is the inability of network
administrators to focus and dedicate the necessary time to the project at hand. The projects
are fully funded and backed by the correct stakeholders, yet the designated administrators
are missing in action for a large portion of the project.
As I worked alongside these administrators on projects, I began to understand the core
problem. Many spend the majority of their day jumping from support call to support call.
They are constantly interrupted by having to chase down system‐ or network‐related
issues. These minor interruptions cause delays and often the entire project is put on hold to
address a major IT crisis. The issues commonly begin as a small blip on the network radar,
but as they go unnoticed, that small blip grows into a major outage.
The cost to the business for these delays can be critical to the project timeline and
achieving planned milestones. The cost to the administrator is manifested in frustration
that they cannot focus on key project tasks and they find themselves missing opportunities
for knowledge transfer and training during the project.
The fault is not with the administrator for a lack of skills or knowledge; the problem is the
network itself and how minor issues are reported. In network environments that lack an
intelligent network management solution, key server metrics and network device alerts
never leave the confines of the individual system or device. This means the administrator
has no visibility into the issue.
In such an environment, the administrator is required to log in to each system or device,
review event logs, and manually monitor each system metric. Multiply this process times
10 or 20 systems, and the time to undertake such tasks is impractical. With pressure from
the company to do more with less, administrators fall back into a pattern of break‐fix
administration. This is due to a lack of time to properly monitor the network.
In Chapter 1, the importance of complete visibility was outlined—speaking to overall
awareness of every system and device on the network. Although awareness is important,
without the ability to reach into each device and monitor key metrics and alerts, the
administrator is still left in the dark with regard to specific issues.
What’s needed is a network management solution that closely watches individual systems
and devices looking for minor threshold changes or event entries that indicate a potential
problem. The individual changes and entries are then pooled together, prioritized, and
reported to the administrator in a central console. This functionality is referred to as
sophisticated monitoring.
20

Stop Fighting Fires
How are the network administrators within your SMB spending their days? Do they find
themselves pulled in multiple directions attempting to respond to the most recent pressing
issue? Have you been forced to delay important internal projects because your IT staff does
not have the time to dedicate to new initiatives? Are you tired of constantly working in a
reactive mode and being interrupt driven?
Unfortunately, this is how a large number of SMBs operate. With limited time and budgets,
along with an increasing number of IT projects, SMB’s demand more from their network
administrators. If there was a “wonder product” out there to give back control of their day
to the network administrator, the product name would include the word proactive.
In Chapter 1, survey data from a 2007 study by the Strategy Group of 173 SMBs was
reviewed. Almost half of the SMBs surveyed (46 percent) had a reactive approach to
network monitoring and problem solving. It is interesting to note that companies with a
more proactive or strategic approach spend a smaller percentage of their budget just
keeping things running (60 to 65 percent) compared with those with a reactive or chaotic
approach (75 to 80 percent). SMBs need a network management solution that allows them
to become more proactive in support of their network.
Proactive management of the network also requires a change in mindset. For the business,
this requires a structural change in the way IT approaches network monitoring. Within
most SMBs today, the network administrators often wear many hats—they are required to
cover tasks ranging from hooking up a new printer to deploying a company‐wide
messaging system. In this busy environment, the administrator does not have the time to
spend establishing a planned monitoring, alerting, and reporting system.
The network management solution needs to align with this model by providing a number
of time‐saving features such as single pane of glass alerting across all devices, automated
monitor creation based on discovered devices, and built‐in tracking and reporting of
performance trend data. Figure 2.1 presents the concept of a single pane of glass for all
notifications, alerts, and acknowledgements within a network management system.
21

Figure 2.1: Consolidated notifications, alerts, and acknowledgements.
Network Monitoring
To make the transition from a reactive approach to more proactive network monitoring,
the network management solution you implement must provide the ability to gain
immediate insight into the health, status, and performance of every device on the network.
With today’s complex networks, not every device has the same priority; from high‐profile
messaging systems to low‐priority test labs, your network requires specific levels of
monitoring. High‐profile systems and devices have a high level of visibility and any
downtime is unacceptable, while the lower‐priority lab devices are important but can
tolerate more downtime.
In addition to the level of monitoring required, the systems and devices on your network
require different monitoring technologies and speak different languages. The routers and
switches need to speak Simple Network Management Protocol (SNMP) while the Windows‐
based hosts require Windows Management Instrumentation (WMI) interrogation; Unix and
Linux systems will require communication via SSH protocol.
What Is WMI?
WMI is the underlying protocol for publishing management and operations
data on Windows‐based operating systems (OSs) and applications. WMI is a
specific set of extensions to the Windows Driver Model that provides an OS
interface through which instrumented components provide information and
notification.

22

The network management solution selected should incorporate multiple types of monitors
that give the administrator the flexibility to select the right monitoring level for the right
device at the right time. The monitors also must support a broad set of network
technologies allowing visibility into all systems and devices.
The following list highlights the specific types of network monitors to look for:
• Active monitors have the ability to communicate with, track, and alert you in real
time when devices or systems are down.
• Passive monitors “listen” for external signals such as SNMP traps or log messages,
allowing network issues to be identified and altered.
• Performance monitors track the health of the network devices and systems over
time, and are crucial to proactive troubleshooting and planning.
• Custom monitors can be configured to track individual performance metrics for
network devices and systems as required.
• Threshold monitors alert you when minimum or maximum values have been
reached on a specific device or system.
• Active script performance monitors support additional customization through
JScript and VBScript.
To better understand how these network monitors can be used within a proactive network
monitoring solution, it helps to see them in action. Figure 2.2 highlights a high‐profile
application server; this server is very important to the operation of the business and any
un‐alerted interruption or downtime would be costly.

Figure 2.2: Proactive network monitors.

23

The SMB in this example has employed three network monitors for a critical application
server. Individually, each of these network monitors provides important feedback into the
health of the application server:
• Active monitor (ping test)—A simple ping test can confirm basic network
connectivity with the host system.
• Threshold monitor (C drive free space)—A threshold monitor provides polling of
the free drive space on the system partition.
• Passive monitor (application event errors)—A passive monitor listens for specific
application log event errors, indicating an issue with the application.
Although each of these individual monitors provides key metric data with regard to the
application, the power is in grouping these individual monitors to create a proactive
monitoring set. To highlight the benefits of grouping monitors, first think about what type
of overall system status profile can be attained by using each monitor separately.
If only one of these monitors were employed, for example the active monitor ping test, a
false positive monitoring profile would be generated for the application server. The ping
test would be successful, and the flagged application event error would go unnoticed within
the network management console.
Together these three network monitors can provide a full picture of the profile status for
the critical application server. Use of a well‐planned grouping of individual monitors
provides a complete proactive monitoring solution for the application server.
Additional extensibility of network monitoring really comes into play when active script
monitors are incorporated with traditional monitoring. These powerful monitors allow the
introduction of specific customized checks of a device or system that can provide deeper
visibility into the status of the device.
Active script monitors allow the use of custom code written in a variety of scripting
languages such as JScript or VBScript. In the following example, a script excerpt shows a
database being opened and the number of rows being checked. If the SELECT statement
returns more than 0 rows, the database is considered available.

24

objConnection.ConnectionString = "Driver={SQL Server};" & _
"Server=SQLSERVER;" & _

"Database=DBName;" & _

"uid=username ;"&_

"pwd=password;"
objConnection.Open

objRecordset.CursorLocation = adUseClient

objRecordset.Open "SELECT * FROM TableName" , objConnection

'adOpenStatic, adLockOptimistic

If objRecordset.recordcount < 1 Then

'Set the result code of the check (0=Success, 1=Error)

Context.SetResult 1, "Error"

Context.LogMessage "Checking Address=" & Context.GetProperty("Address")
As powerful as these network monitors are, they still fall short of providing the SMB the
ability to understand the ebb and flow of the network. SMBs in today’s economy are under
pressure to cut expenses—IT budgets are being tightened and CIOs and directors within
SMBs are having a difficult time justifying additional purchases. Many business owners are
demanding detailed capacity and forecasting reports, requiring detailed return on
investment (ROI) information before IT budget dollars are spent.
Network monitoring alone cannot provide the required information for these types of
reports. What is needed is a network management solution that offers an integrated
systems monitoring capability.
Systems Monitoring
Chapter 1 discussed the importance of network discovery. The ability to know when a new
device or system comes onto the network is important. Although important, discovery of
the device is really just the beginning—smart network management solutions extend the
discovery process by including the ability to establish automated monitoring of each
device’s Layer 2 connectivity. Beyond this functionality, smart network management
solutions ensure the health and performance of each system is tracked through its life
cycle.
25

What Is Layer 2?
Layer 2 refers to the data link layer of the commonly‐referenced
multilayered communication model, Open Systems Interconnection (OSI).
The data link layer is concerned with moving data across the physical links in
the network. In a network, the switch is the device that redirects data
messages at the layer 2 level, using the Media Access Control (MAC) address
for each device to determine where to direct the message. Layer 2
monitoring and management within a network management system focuses
on the basic connectivity of each device to the network.
Systems monitoring extends beyond the initial discovery process and Layer 2 connectivity
monitors to provide full life cycle management of the system. Think for a moment about the
cycle a new system follows within your network environment (see Figure 2.3).
Decommission Test and
and Retire Development
System Refresh Production Release
and Migration and Support
Upgrades and
Maintenance

Figure 2.3: System life cycle.
As a system moves from development into production, its monitoring requirements
change. The priority of the system is elevated, calling for additional system‐level
monitoring to ensure performance is maintained. As new upgrades are applied or
maintenance patches are released, the monitoring profile must be adjusted and key metrics
need to be tracked to validate the upgrade benefits. Trending data becomes important as
the system ages to determine system refresh intervals and to contrast performance after a
migration to new a platform. Once a system is prepared for decommissioning, active
monitoring must be removed and alert priorities adjusted.

26

At each stage of the life cycle, systems monitoring utilizes key features that provide the
required level of monitoring for the specific system. In addition to the monitoring
requirements for an individual system’s life cycle, the systems management solution also
needs to address the different types of systems within the network. From demanding
database systems spanning clustered server nodes to virtual hypervisors hosting
numerous virtual machines, the challenges of monitoring a diverse systems environment
are many. SMBs need a holistic systems monitoring option that includes resource
monitoring, process monitoring, hardware monitoring, file system monitoring, and virtual
machine monitoring. In today’s SMB environment, many technologies that were once only
attainable at the large corporate level are now making their way into the SMB network. One
example of this progression is server virtualization. With the huge cost advantage of
consolidation through virtualization, many SMBs are introducing this technology into the
data center.
Resource Monitoring
Utilizing application layer protocols like WMI and SNMP among others, the basic systems
monitoring capability is extended into the Windows or Linux OSs allowing availability
monitoring of system and application services. Additionally, performance monitoring of
CPU, memory and disk statistics can help to identify under or over utilized systems, easing
capacity planning initiatives.
A prime example of the power of implementing a resource monitor is the use of SNMP to
reference the management information base (MIB) of a router to monitor the port link
status for a critical Internet‐facing port.
How Does SNMP Monitoring Work?
SNMP does not define which information or variables are available from a
network device. Rather, SNMP uses an extensible design that allows the
reading or setting of a variable as defined within the MIB for the specific
device. SNMP is the protocol used to access the information on the device.
Process Monitoring
Further insight into system availability can be tracked by monitoring the individual
processes associated with a specific service. Each application and service that is running on
a system spans an individual process that can be monitored by a defined process monitor.
This is helpful when a system service is not exposed within the vendor’s MIB. For example,
in the case of the antivirus software installed on a critical email server, there is no defined
MIB to reference. With a process monitor, the antivirus’ executable can be monitored to
ensure it is running on the email server.
Hardware Monitoring
Often, early indications of a system failure come in the form of hardware‐level warnings.
Hardware monitors that provide visibility into fan, power supply, and temperature status
can give the administrator the advanced notice needed to proactively avoid a system
failure.
27

File System Monitoring
Many applications utilize temporary directories or cache directories during application
execution. The presence of files within these directories often indicates the health of the
application. By using file system monitoring, key directories can be watched and alerts can
be set indicating a hung or failed application. Specific tracking of file‐ and folder‐level
information enhances the basic systems monitoring capability. By monitoring file existence,
file size changes, or file counts within important log directories, proactive management of
applications can be provided. For example, with Microsoft Exchange Server 2010, a large
file count of transaction log files for a specific mailbox database can indicate an issue with
the backup environment for the entire Exchange messaging system.
Virtual Machine Monitoring
With the wider adoption of virtual infrastructures, many SMBs are facing a new problem
with regard to virtual machine or server sprawl. With the ease of server creation offered by
virtualization, many businesses have the tendency to create additional virtual machines
with little thought as to the performance monitoring of each virtual host and its related
virtual machines.
The systems monitoring solution must extend into the virtual environment to provide the
same level of granular performance monitoring capabilities delivered at the physical server
level. Key to the SMB is a network management solution that provides a single pane of glass
for monitoring the virtual infrastructure and the physical network.
To accomplish this, a network management system must support direct connectivity at the
hypervisor level using technologies such as VMware’s vSphere application programming
interface (API). Through the integration with the hypervisor’s API, the network
management system provides full visibility into monitoring metrics at both the virtual
machine and host level.
With advanced visibility at the vendor‐specific hypervisor level, important performance
thresholds can be monitored on host and virtual machines. Real‐time alerts can be set for
notification of utilization breaches across virtual machines and hosts. An important
monitoring change to understand with regard to virtualization vendors is the lack of
support for SNMP data collection within the virtual infrastructure. Vendors such as
VMware are moving away from providing any level of performance information via SNMP
(one reason for doing so is security considerations). This makes the search for a smart
network management solution that provides full system monitoring of the virtual
infrastructure that much more critical.
In addition, industry analyst are calling for the growth in multi‐vendor virtualization
environments due to the cost advantage and differing performance profiles for the
application workloads across the business. The systems monitoring solution must support
multiple hypervisors.

28

When these systems monitoring options are used together, the complete life cycle of each
device and system is monitored and tracked. Within a smart network management
solution, the systems monitoring data is pooled into a central database. The use of
historical trending of all monitoring data allows SMBs to gain access to the information
required to compile detailed performance trending reports and build capacity planning
forecasts.
Application Monitoring
Applications make your business work—users rely on consistent performance across an
ever‐growing set of applications. Because of the high‐visibility aspect of applications, if
there is an outage or degradation of performance,. your users will be knocking on your
door.
When it comes to proactive monitoring and awareness, application monitoring is at the top
of the list of importance. Your SMB needs a network management solution that gives you
visibility into application performance and provides advanced notification of stability
issues before they affect the end users.
Another problem facing SMBs is the introduction of more complex applications. These
applications span multiple servers each with critical services and processes. For example,
take the recent change in architecture introduced within Microsoft Exchange 2010. As
Figure 2.4 shows, Exchange 2010 utilizes a distributed role architecture, which separates
key mail flow, processing, and storage into designated components. These components are
modular, allowing the use of multiple server platforms to provide more flexibility in
performance, availability, and scalability.

Figure 2.4: Microsoft Exchange 2010 tiered architecture.

29

You need a way to tie these tiered applications together and bring them under the network
management environment. Smart network management solutions utilize a combination of
IP service monitors with application monitors to tie everything together within a tiered
application architecture. Looking at the Microsoft Exchange 2010 example again, you can
see how the use of each type of monitor enhances the overall application monitoring of the
Exchange 2010 architecture:
• IP services HTTPS monitor—By monitoring the health and status of the HTTPS
services on the Client Access role server, Outlook Web Access (OWA) availability can
be closely tracked.
• Application threshold monitor—By utilizing a specific Exchange 2010 Hub
Transport threshold monitor for the Active Mailbox Delivery queue, delivery issues
can be quickly alerted and acted upon.
• Application service monitor—By utilizing a specific Exchange 2010 Mailbox service
monitor for the MAPI Information Store service, critical mailbox database access can
be monitored.

Figure 2.5: Microsoft Exchange 2010 tiered monitoring.
When evaluating a network management solution, be sure to check for a solution that
provides a good contrast of basic IP services monitors including FTP, HTTP, telnet, and
SMTP as well as complex application monitors such as Microsoft Exchange or SQL Server.
This richness in application monitoring features will give you the tools needed to closely
monitor each application.
IP Services Monitors
IP service monitors play an important role in the ability to proactively monitor the
network. To track and confirm access to important FTP sites across your business, utilize
an FTP service monitor for upload, download, and deletion of test transactions.
You can also ensure critical Web sites are responding and correct content is returned by
using HTTP monitors. Further validation of your businesses messaging system can be
accomplished by implementing an SMTP monitor to test send and receive request.
30

Microsoft Exchange Monitors
Of all the applications running in your environment, the messaging system has the highest
visibility to the user community. Beyond simple SMTP testing, application‐specific
monitors like MS Exchange can provide complete monitoring coverage of key messaging
application roles and features. Exchange 2007 server roles such as Hub Transport Server,
Client Access Server, and Mailbox Server each have unique monitoring requirements. The
network management solution should address each of these roles and provide the ability to
test mail flow, monitor delivery queues, and track performance.

Figure 2.6: Rich Exchange Rolebased threshold monitoring.
SQL Database Performance Monitors
Larger enterprise‐level applications use a tiered application architecture. Many of these
complex applications are making their way into the SMB network. These applications
typically incorporate a multi‐tier approach. The tiered approach to application architecture
allows for better scalability and distribution of application workloads across more
platforms. The tiered architecture is commonly made up of a number of Web‐based tiers,
application services tiers, and backend database tiers. The key component in a multi‐tiered
architecture is the database tier. SQL databases dominate the x86 server space and as such
you will need a solution that provides monitoring capability deep within the SQL platform.

31

SQL database monitors give you the ability to configure SQL query monitors that can
execute active queries against a SQL database using known record values to ensure
database integrity and performance. Thus, you will be able to go beyond simply knowing
the SQL service is running and ensure that critical application databases are accessible and
returning valid data.
Synthetic Transactions
In the realm of application monitoring, there is key technology to look for in your network
management solution: synthetic transactions. Synthetic transactions are actions, run in real
time, that are performed on monitored objects. You can use synthetic transactions to
measure the performance of a monitored object and to see how the object reacts when
synthetic stress is placed on your monitoring settings.
For example, for a Web site, you can create a synthetic transaction that performs the
actions of a customer connecting to the site and browsing through its pages. For databases,
you can create transactions that connect to the database. You can then schedule these
actions to occur at regular intervals to see how the database or Web site reacts and to see
whether your monitoring settings also react as expected.
Application monitoring is all about ensuring you can achieve greater visibility into
application performance and provide reliable access to your business applications. By
using a combination of IP services monitors, vendor‐specific monitors, and supported MIB
files, you will be able to deliver higher service levels across all your applications.
Alerting
So far in this chapter, the discussion has focused heavily on the types of monitoring
capabilities that a smart network management solution should provide. Although
monitoring is very important, without a way to aggregate the flow of information into a
usable tool that centralizes all notifications and alerts, the collected performance data or
captured events are wasted.
The alerting component of the network management solution is there to provide you with
that centralized tool—a tool that informs you of real‐time failures and impending issues.
The goal behind a well‐designed alerting component is to provide you timely information
in an easy‐to‐understand format on which you can take immediate action.
Remember, the word of the day is proactive. The purpose of spending all this time
researching and implementing a network management solution is to change the way your
SMB addresses network management—by giving your business the ability to move away
from a reactive chaotic method of troubleshooting to a proactive method of intelligent
management of the network. Alerts and notifications are the frontline of network
management. To be proactive, you must have timely and accurate data with regard to the
state of devices and systems on your network.

32

To start with, you need a solution that delivers all notifications, alerts, and alert
acknowledgements into a single pane of glass. This means that with a quick glance, at a
single screen, you have immediate feedback on the health of your network. Additionally,
flexible alerting and notification policies are important when it comes to proactive
management of the network.
Flexible Alerting
No two devices or systems are alike; thus, you need an alerting tool that offers a high
amount of flexibility in the types of alerting options supported. The flexibility you should
look for in a smart network management solution allows for alerting based on multiple
metrics such as configurable thresholds, specific monitors, traffic flows, and configuration
changes.
For example, you can configure a threshold alert for a critical point‐of‐sale Web server that
is triggered based on a maximum CPU value over 80% for specified timeframe and a
configurable traffic flow alert for increased HTTP traffic flow. This will give you the ability
to build an intelligent alert that helps you proactively manage the performance of the
point‐of‐sale Web server.
Notification Policies
The second component of proactive management relates to the notification framework
within the network management solution. As a device or system alert is received by the
alerting tool, you need an intelligent way of deciding the importance of that alert and what
the response should be. Notification policies provide a framework that allows you to define
the severity level of an alert, then create a workflow for notification of the alert to the
correct individuals within your IT organization and ultimately resolution of the event(s)
generating the alert.
The network administrators within your SMB are spread across multiple tasks each day.
With a shortage of time, you may have elected to delegate the job of managing the response
of network alerts to a tier‐1 Help desk technician. Although this is fine for low‐level
systems or informational‐type alerts, when it comes to a critical system or device failure,
the alert requires a higher level of attention and response.
For these types of alerts, a notification policy should be created that includes multiple
levels of escalation based on determined intervals. This setup will ensure the alert is
getting the attention it demands and a small issue does not grow into major outage.
Notification policies should also integrate with existing Help desk systems to allow for
automatic ticket generation.
After an alert has been handled and the issue addressed, the notification policy can also
include a process of updating the effected users, notifying them that the issue has been
corrected as well as providing acknowledgement that the alert can be completed, halting
further escalation. And notifications framework should support critical monitors that
prevent alert storms from occurring by only alerting on critical monitors and not all
downstream monitors.
33

Reporting
Some would say that the way to judge the power of a network management solution is by
its reporting capabilities. Taken a step further, you could say that the success of a network
management solution is dependent on the depth and quality of the reports and reporting
options included.
Few businesses have the time to dedicate to collating and analyzing the vast amount of
monitoring data captured by the network management solution. The reporting tool of a
smart network management solution must include a broad set of built‐in reports broken
into usable categories. The reports themselves should also provide dynamic data with drill‐
down support and interactive metrics.
Think of the power of having a report that lists the memory utilization across each of your
data center servers in an interactive bar chart. With a single click, you can see in real time
the systems that are under a heavy load that may require immediate action to ensure
performance levels remain high.
The same reporting tool can provide detailed trending data on that same set of data center
servers. You can run historical reports spanning the past 6 months, enabling you to quickly
know which systems are consistently overloaded and recognize potential targets for load
balancing or clustering. Just as important, you will uncover those under‐utilized systems
that are taking up valuable rack space and heating and cooling costs; these systems become
great targets for server consolidation through virtualization.
Top‐10 Reports
This category of network monitor reporting will become invaluable to the business owner,
CIO, or IT director within the SMB. Top‐10 reports are a great way to quickly contrast your
network systems and devices across a set of standard metrics. You can select a subset of
similar servers in your environment and measure the utilization of key metrics—such as
processor, memory, network, and disk utilization—across the selected set. This will give
you insight into potential configuration issues, under‐ or over‐utilization, and unbalanced
application usage.
Top‐10 reports are also great for gaining visibility into network bandwidth issues by
observing the amount of data each user’s workstation is transmitting or receiving. You will
be able to see what system is monopolizing the bandwidth. When looking for a network
management solution, make sure top‐10 reports are high on your priority list. Figure 2.7
highlights an example of a top‐10 report, showing the power of contrasting a set of metrics
across multiple devices on the network.
34

Figure 2.7: Top10 reports quickly contrast network device metrics.
Report Subscriptions
It is getting tougher to justify additional spending because business owners are tightening
the belt and reviewing every request for funding with more scrutiny. Many IT directors
within SMBs have recently found themselves on the losing end of a budget debate. They did
their due diligence and crossed all the Ts and dotted all the Is, yet the answer was no.
If only the business owner had seen the trending data across the messaging systems over
the past months, she would have understood the need for additional memory and storage
capacity or bandwidth. What about that virtualization project that is currently being
proposed? Does the business owner have a historical understanding of the under‐
utilization being seen across many of the development and test lab servers?
With a network management solution that offers report subscriptions and report exporting,
business owners will have access to key reports that highlight the trending data and
performance data needed to make a more informed decision. With report subscriptions,
the owner’s email address can simply be added to a key report and an interval can be
selected for when the report will run and be delivered. The next time a budget request
occurs, the owner will already have knowledge of key monitoring and bandwidth
utilization data, which provides additional leverage during negotiations. Using options like
report subscriptions and report exporting, you can give non‐technical users and
management direct access to valuable data that can immediately effect business decisions.

35

Dynamic Workspaces
When it comes to reporting, SMB’s administrators and IT staff have different ways they
consume data. Some administrators prefer to have a narrow focus on a specific system with
details on every metric under monitoring; others prefer to contrast a broad set of systems
with a single metric.
This requirement changes as your priorities change for availability and performance. The
network management solution should provide a reporting tool that offers a dynamic
capability of selecting and grouping the various report displays. The idea is to have a
dynamic workspace where each administrator can drag and drop selected report data to
organize the report console in the way that makes sense to them. This gives each user a
personalized view into the network management environment and allows them to focus on
the report data that is relevant to their position and areas of responsibility. Once a specific
workspace is created, the user can save the view and create additional workspaces that
logically group related report data by business unit, applications, or device types.
Security Information and Event Monitoring
More businesses are coming under some type of industry‐based compliance requirement;
from PCI, HIPAA, or Sarbanes Oxley, many SMBs are having to align their security practices
with the requirements of a given compliance standard. To meet the ever‐rising demand on
businesses for security compliance, there is a need to aggregate, display, and alert key
security logs across all systems and devices on the network.
Security Information and Event Management (SIEM) automates the analysis process of
security, network, and application logs. A SIEM solution provides the foundation for
establishing processes for linking system access to individual users. According to most of
today’s regulations, tracking and reviewing access is a primary audit requirement,
especially concerning access granted with administrative privileges. The current trend
across many businesses implementing SIEM technologies is to leverage the log collection
and log management features of the network management solution. Log management and
SIEM‐correlation technologies can work together to provide more comprehensive views to
help your company satisfy regulatory compliance requirements.
When looking for a network management solution that supports SIEM technology, the
following features are critical:
• Event archiving for automated collection, centralization, and secure storage of log
data
• Event analysis for event examination, correlation, and comprehensive reporting for
audit and compliance
• Event alarms for monitoring, alerting, and notification on key defined events
• Event crawling for on‐the‐fly forensics and log data mining
36

In addition to these advanced features, ensure the network management solution can
capture and aggregate security logs from both Windows systems and Syslog supported
devices.
In short, by integrating SIEM and log management, it is easy to see how a business can save
by de‐duplicating efforts and functionality. The functions of collecting, archiving, indexing,
and correlating log data can be collapsed into a single solution, which will also lead to
savings in the resources required for the maintenance of the tools.
Self Monitoring
Due to the importance of network management with regards to security, compliance,
performance, and health monitoring, the network management system should be
considered a highly critical component in the organization’s infrastructure. A key
monitoring feature in a smart network management solution is the ability for self
monitoring. By incorporating key service monitors and alerts along with database‐specific
queries, the health and performance of the network management system can be monitored
at the same level as any other critical component.
High availability is also very important; consider a solution that incorporates advanced
database clustering and automated failover technologies.
Sophisticated Monitoring Changes the Game
In today’s volatile economy, SMBs are looking for ways to cut costs and increase the value
derived from the current technologies within the business. At the same time, more complex
applications are being introduced that require advanced monitoring. As the business owner
for an SMB, you are faced with a challenge: how do you provide a higher level of service to
the business while operating under a constrained budget with less IT staff and more
complex applications to manage?
A network management solution that incorporates a sophisticated framework of
monitoring technologies can dramatically affect the operation of key systems and devices
within your network. Sophisticated monitoring includes technologies that provide a
proactive response to network issues. Instead of waiting for end users to report issues,
your IT staff can proactively manage the performance and availability of every device and
system on the network.
Sophisticated monitoring options allow you to gain immediate visibility into the status of
every device and application. With advanced alerting and notification policies, no issue will
go unnoticed. You will also be able to look at your network in a whole new light: with
historical trending, you will be able to produce accurate capacity planning reports and
detailed forecasting. With this information, as you plan your technology budget for the
coming quarter or year, you will have accurate and detailed data with regard to the
utilization, performance, and capacity of every system and device on your network.

37

Chapter 3: The Key to Smart Configuration
and Change Management
An increase in the use of diverse network technologies, plus the introduction of
virtualization throughout the network architecture, multiplied by the number of users
demanding flexible access to the network equals what? The answer is complexity. No, this is
not a child’s homework problems—this is reality for many SMBs. If you have not felt the
pain of this scenario within your SMB, it may just be around the corner.
Today’s network environments are becoming more complex. SMBs are seeing the
introduction of additional types of network devices that were typically relegated to the
larger corporations. More applications are moving to tiered architectures with multiple
load‐balanced systems. SSL/VPN solutions are becoming more critical to production as
more of the workforce goes mobile. The use of layer 3 core switches with added routing
functionality and the wide use of VLANs present additional complexity into the network.
For years, SMBs have manually managed the devices across the network, including
firmware upgrades, patches, VLAN provisioning, ACL updates, and configuration updates
and changes. This method worked fine when the number and type of devices stayed small,
but such is not the case today. The process of manual configuration and tracking all
network devices adds an unnecessary burden, wastes time, and introduces risk with
common errors such as typographical mistakes or incorrect cut and paste tasks.
Virtualization is becoming the hottest trend in the IT industry and many SMBs are seeing
the business value in moving to a virtual server infrastructure. From the network
management perspective, virtualization brings a new layer of complexity with the blending
of physical and virtual networks. Also, the use of virtual network appliances is growing and
adding to the list of devices that require configuration and management.
Users are also changing the way they interact with the network; the days of rows of
cubicles populated by employees working an 8‐hour shift safely behind the corporate
firewall are gone. Today, businesses are adjusting to end users that are demanding
anytime, anywhere access to the network. The network architecture that supports this
business model is more complex. Stable access and high performance of the network
becomes more critical to the business as more users move to a flexible access model.
As the types of network technologies increase and reliance on the network becomes more
critical to the business, you need a solution that will ease the administration of the network
while providing a higher level of consistency. When evaluating a network management
system, the benefit of a smart configuration and change management option cannot be
overlooked.
38

Simplify Your SMB’s Network Configuration Management
It’s late Friday afternoon and IT just found out that the Western regional network
administrator has left the company and they must change passwords on all routers and
network switches across the company’s 20 branch locations before they can leave for the
weekend. This task may not sound too cumbersome initially, but as you begin to
understand how most small businesses currently manage their network devices, it will
become clear that the task is a very difficult process.
Such an SMB with 20 branch locations might have a firewall device, a WAN router, and a
pair of network switches per location. Most of the time, these devices are obtained from
different vendors (3Com, Cisco, HP, Fortinet, and so on)—different vendors often means
different configuration environments. The process of changing the password on each type
of device requires differently structured command syntax. Now multiply those four devices
in each branch location by 20 branches, and there are at least 80 devices to log into,
determine the correct syntax to change the password, and save the configuration.
That is, if IT even has record of the current passwords on each device in the network.
Without a consistent way to track passwords across devices, many businesses face the ugly
proposition of recovering lost passwords before even beginning this process, especially
when key IT employees leave and important passwords were never documented. The
simple task of changing the password on each device across branch locations just got a
whole lot more difficult.
A smart network management system can dramatically change the way an SMB approaches
configuration and change management. In this chapter, the following key features and
benefits of a smart network management system with regard to configuration and change
management are presented:
• Centralized configuration management—By centralizing all device configurations,
management of the network becomes much easier. More importantly, by
centralizing device configurations, standardization and adherence to compliance
standards become possible.
• Secure configuration and change management—With a diverse infrastructure
including different types of network devices and multiple vendors, the process of
providing secure configuration updates is difficult. Broad support for multiple
secure protocols and centralized mapping of device security information eases this
process.

39

• Power of integrated alerting and reporting—Through integration with the alerting
and monitoring technologies within the smart network management system,
configuration management changes can be tracked. This feature will help to
minimize unplanned changes and detect unauthorized access to network devices.
• Automated configuration task and monitoring—The automation of repetitive
configuration tasks across multiple devices makes possible significant reduction in
configuration errors. Standardization of device configurations can also be achieved.
Integrated monitoring of configuration task executions will simplify tracking of
changes and troubleshooting.
Configuration Management
The scenario outlined earlier occurs across many SMBs every day. The core problem lies in
the decentralized configuration management of the network. Networks within most SMBs
have grown over time. Initially, the SMB had a single location with a router, a couple of
switches, and a few workstations. In the beginning, managing these few devices manually
made sense. As the network grows and additional locations come online, the practice of
using a decentralized manual approach to device management falls short.
As Figure 3.1 shows, manual configuration and change management requires the
painstaking task of touching each device to update the configuration file and then moving
on to the next device. Often the devices have different login credentials, each requiring
additional manual tracking. In a decentralized configuration management environment,
network administrators have to refer to saved spreadsheets for credentials, manually login
into each device, copy configuration files back and forth between text files, make manual
changes, and finally upload the text files to the device to submit the changes. This process is
timely and prone to errors.

Figure 3.1: Decentralized configuration management.
In contrast, a centralized configuration management environment (see Figure 3.2) entails
copying the individual device passwords and configurations to a central database within
the network management system. A centralized configuration management environment
greatly reduces the time involved in saving and changing network configurations. Accuracy
of the configuration changes is also increased, and a higher level of consistency can be
achieved.
40

Figure 3.2: Centralized configuration management.
A major advantage in a centralized configuration management environment is the ease at
which large‐scale device updates can be completed. Looking at the earlier example, Figure
3.3 depicts a decentralized configuration management environment. The network
administrator has to access each router login (device 1), change the password, save the
configuration, and log out of the device, and then complete the same set of steps for each
switch (device 2) and each firewall (device 3). This process is then repeated across every
device at each location for a total of 80 devices. Even in a case where the network devices
are from the same vendor and same model, the need to manually access each device and
execute the four simple commands still requires significant effort and time to complete.

Figure 3.3: Decentralized configuration changes.

41

Smart network management systems incorporate centralized configuration management.
Instead of manually copying device configurations into text files and tracking device
passwords in multiple spreadsheets; a central database is used to store the configurations,
passwords, and device information. With the centralization of configuration data and
passwords, the process of updating multiple devices becomes a much easier task. As Figure
3.4 shows, centralized configuration management reduces the time and effort by leveraging
the central database and using scripted or schedule updates. In this example, the network
administrator completes a configuration update across multiple devices in a single step,
reducing the effort needed to touch 80 devices. With configuration data and passwords
stored centrally, synchronization of like device types and models can be used to speed
configuration changes.

Figure 3.4: Centralized configuration changes.
Centralization of Passwords and Authentication
In many SMBs, as the number of devices continues to increase, the overwhelming task of
tracking passwords and secondary authentication credentials can be daunting. Utilizing a
smart network management system, IT can configure a centralized library of device
credentials and passwords that are stored in a secure central database. The database can
then be referenced when access to the device is required. Automation scripts and
scheduled tasks can also reference the saved authentication credentials to speed the
configuration update process.
By centralizing device authentication credentials for every device, an SMB can rest assured
knowing that unexpected turnover or absence of a key employee will not cause a major
interruption of network configuration management. Additionally, by storing authentication
credentials in a secure database, alignment with industry compliance standards can be
maintained.

42

Centralization of Device Configuration Backups
Network device configurations can be complex, involving hundreds of lines of text. If a
device experiences a hardware failure, or if by human error a configuration becomes
corrupt, having a recent and known good backup is critical. Many devices also maintain a
running and saved configuration; these may be different depending on the status of the
device changes applied.
An additional benefit of centralization within the network management system is central
configuration backup. The scheduling and collection of each device configuration and
storage in a central database increases the overall network availability. Prior to
implementing a smart network management system, if a device failure or configuration
corruption were to occur, the SMB would have to manually reenter the configuration by
relying on saved text files and installation notes.
This process is slow and fraught with possible errors. With the use of centralized
configuration backup, if a device failure occurs, the process of retrieving a known‐good
configuration from the central database and applying the saved configuration to the device
reduces the amount of time the device is down and ensures accuracy in the re‐
configuration.
Scheduled Backups
Network device configurations can be negatively affected by any type of
change. Add‐hoc configuration changes, vendor firmware updates, or
unplanned power outages—each of these scenarios can cause a device
outage. To offset the effect of these types of outages, regular scheduled
configuration backups should be completed on every device. Performing
configuration backups at scheduled intervals such as weekly or monthly will
ensure a recent backup is available for recovery if needed.
When evaluating a network management system, ensure the device
configuration backup feature allows for scheduled backups on a daily,
weekly, and monthly basis.
Secure Configuration and Change Management
Making the tasks of configuration and change management easier by saving and tracking
device configurations centrally is only half the picture. Security of device access and
configuration changes is very important. Think of a network environment where
configuration and change management is approached in an ad‐hoc manner. In such an
environment, device logins and passwords may be stored in text documents or
spreadsheets on a network share, no access control is in place to manage who has rights to
change configurations, no support for secure network access to devices for updates is
provided, and configuration changes are made in clear text across unsecure Internet
connections.

43

The security risks introduced as part of an ad‐hoc configuration management environment
are many. As previously mentioned, the use of text documents and spreadsheets to store
and track device credentials is one of the primary concerns. Although this solution seems to
work fine for the first few devices, as the network grows, this manual process of securing
logins, passwords, and configuration data becomes unwieldy. The centralization of
passwords in a secure database provides the scalability and security required for network
device password management. In like fashion, the centralization of device configuration
data provides a secure and retrievable location for important configurations. With no
support for secure protocol access to network devices, the SMB risks compromising device
logins and passwords.
A smart network management system should include security features that address these
areas of concern. Among the features to look for:
• Secure protocol support—By incorporating protocol access via SNMP v2, v3, SSH2,
and TFTP, SMBs can maintain secure access to network devices, reducing the
exposure of sensitive login and password information.
• Centralized authentication management—Centralization of critical device login and
password information in a secure database is a very important security feature.
• Centralized device configuration management—Automated or scheduled backup of
device configurations within a secure centralized database will help speed recovery
during device failure and assist with standardization of configurations.

Is a Centralized Database More or Less Secure?
You may be asking yourself, “If all the network device authentication
credentials and passwords are stored in one location, isn’t the network even
more vulnerable to attack? A would‐be attacker would simply need to access
the central database to gain access to every device on the network, right?”
With today’s relational database software, the ability to access the central
database is not as easy as it seems. With fully‐integrated Active Directory
(AD) authentication, strong password policy enforcement, password
expiration enforcement, and SSL‐secured network connections during
authentication, it is not an easy task to gain access to the database
credentials.
After authentication comes authorization. Relational database software uses
a granular permissions model. Login accounts are only granted specific rights
to the databases required.

44

The final layer of defense in a secure relational database is encryption of the
data itself. Utilizing encryption technologies such as Transparent Data
Encryption, critical data can be encrypted as it is written to the database and
unencrypted when read from the database. These technologies utilize a
secure system of encryption keys generated and managed at multiple levels
within the relational database software.
Together, these three layers of defense authentication, authorization, and
encryption provide a highly secure environment for the centralized storage
of network device credentials and passwords.
Device Management
To this point in the chapter, the discussion has focused on high‐level features a network
management system should include with regard to configuration and change management.
Where the “rubber meets the road” during day‐to‐day operations of the network, success is
measured at the individual device level. When it comes to device configuration
management, there are four key areas of focus:
• Compare and contrast device configurations—Provide quick and accurate
troubleshooting of configuration data
• Rapid recovery of device configurations—Apply or repair device configuration files
from central backups
• Logging of device configuration changes—Provide centralized logging of changes for
audit and control
• Notification of device configuration changes—Enable proactive alerting of device
configuration changes
Compare and Contrast Device Configurations
As mentioned earlier in this chapter, the backup of device configurations in a central
database is critical to daily device operations. By utilizing the saved configurations, an
administrator can conduct a compare and contrast between the saved configuration and the
current running configuration to assist with diagnosing a device failure or related network
failure.
To highlight this feature, consider the following example in which a network edge router
was recently edited and configuration changes were implemented. After the configuration
changes were made, connectivity to the Branch2 office was down. By using the compare
and contrast functionality of the network management system, the administrator can
quickly see where the configuration has been altered (see Figure 3.5).

45

Saved Configuration: Running Configuration:
Current configuration: Current configuration:
! !
version 12.1 version 12.1
! !
hostname HQEdge hostname HQEdge
! !
interface Serial0/1.1 point‐to‐point interface Serial0/1.1 point‐to‐point
description link to Branch1 description link to Branch1
ip address 10.1.1.2 255.255.255.252 ip address 10.1.1.2 255.255.255.252
ip router isis ip router isis
tag‐switching ip tag‐switching ip
frame‐relay interface‐dlci 201 frame‐relay interface‐dlci 201
! !
interface Serial0/1.2 point‐to‐point interface Serial0/1.2 point‐to‐point
description link to Branch2 description link to Branch2
ip address 10.1.1.10 255.255.255.252 ip address 10.1.1.10 255.255.252.252
ip router isis ip router isis
tag‐switching ip no tag‐switching ip
frame‐relay interface‐dlci 203 frame‐relay interface‐dlci 203
! !
end end
Figure 3.5: Example of compare and contrast device configuration.
After reviewing the saved and currently running configurations, the administrator can
quickly see that the IP address subnet masking was set incorrectly and the tag switching
for forwarding of IP packet data has been disabled. The administrator can take immediate
action to correct the running configuration and reestablish connectivity to the Branch 2
office.
Without this type of configuration tracking and visibility, troubleshooting an issue like this
would take significantly longer. The administrator would have to hope that documentation
of the frame relay network is up to date, then spend time going through the router
configuration file line by line evaluating every setting. For many devices, this could mean
hundreds if not thousands of lines of configurations.
Additional Benefit of Compare and Contrast
A secondary benefit of the compare and contrast feature is the ability to
review the configuration files from two devices. For example, if your SMB is
in the process of implementing a Voice over IP (VoIP) phone system, each
branch location will require a separate network switch for the VoIP phones.
The switch configurations will be very similar, and the switch hardware
utilized is often from the same vendor and model. Once the switches are
deployed and the VoIP system is up and running, incorrect configuration
changes can cause the loss of communication across the entire organization.
The compare and contrast feature is beneficial in environments that utilize
the same hardware type or model across many locations. By reviewing
device configurations side by side, a quick determination can be made into
which devices may have been misconfigured.
46

Rapid Recovery of Device Configurations
If a device failure occurs due to configuration corruption or unplanned configuration
changes like the earlier example, the administrator needs a way to recover the device
quickly. Traditionally, the process of recovery is more of a manual task; if the administrator
was cautious, she may have taken the time to copy the configuration of the device to a text
file before making changes. Many times, the administrator will sidetrack this step and make
the configuration changes in the running configuration, test the changes, then commit the
running configuration to the device’s non‐volatile memory (NVRAM).
What Is the Running Configuration?
On network devices, such as a router or switch, there are two areas of
memory where configuration data can reside. The first area is the volatile
memory; the running configuration is loaded in this memory area and any
changes made at this level are lost if the device is powered down. The second
area is the NVRAM, the saved or startup configuration data is loaded in this
memory area. Once the configuration data is saved in NVRAM, the device can
be powered down and restarted and the saved configuration will load back
into volatile memory.
The problem with this approach is that some configuration changes cannot be fully tested
in the running configuration and issues will only come to light during a device restart. At
this point, the administrator can fall back to the text document with the copied
configuration data for recovery. That is, if he took the time to create the text document
before making any changes to the device.
By utilizing a scheduled backup of device configuration data to a central database, the
administrator can easily select a known‐good version of the device configuration and apply
the saved configuration to the device, allowing for rapid recovery. This capability
dramatically lowers the risk to the business for unplanned downtime and reduces the
effects of human error.
Logging of Device Configuration Changes
Increasingly important to SMBs in a competitive market is the ability to ensure
accountability and compliance with industry standards. A number of industry compliance
standards such ISO27K’s Information Security Management System and the Sarbanes‐Oxley
(SOX) Act call for a proven system of change auditing across each network device.
By leveraging a smart network management system that monitors each device, a detailed
audit trail of configuration change data is logged to a central database. The log data
includes such details as the exact configuration file that was changed, the date and time of
the change, and what user account made the change. This data also helps to ensure that
only authorized personnel are making changes to the network devices. Unauthorized
configuration changes can be detected through this process by working in conjunction with
alerting and notification, and can then be rolled back to maintain compliance.
47

Notification of Device Configuration Changes
Unauthorized configuration changes can cause major outages across the network and
negatively affect business continuity. With that said, it is critical to proactively detect
unauthorized changes before they become a major issue.
Many network devices generate syslog messages whenever their configuration undergoes a
change. By listening to these messages, administrators can detect any configuration change
in the device. A good example of the power of this feature is the management of edge
devices such as Internet‐facing routers. These devices are critical to the connectivity of the
business network to the Internet, and any unplanned outages of these devices can be very
disruptive to the business, affecting employees and customers.
Through the implementation of a device configuration change monitor that uses syslog
alerts, a device change event can be flagged and alerted. IT personnel can then take action
by initiating a device configuration comparison of the saved device configuration within the
system management database and the device’s running configuration. IT personnel can
then roll back the unauthorized change. This process is depicted in Figure 3.6:
• Step 1—An unauthorized change is made.
• Step 2—A syslog alert is captured and sent to the network management console.
• Step 3—IT staff complete a device configuration comparison and initiate a
configuration roll back by applying the saved configuration from the network
management database.

Figure 3.6: Device configuration monitoring.
The network management system should provide monitoring and alerting of key
configuration change logging. In addition, intelligent notification should be available to
allow for escalation of alerts to key personnel.

48

Scheduled Tasks and Script Execution
For an SMB, the responsibility of managing the configuration changes across an increasing
variety of network devices can be a challenge. Often, with multiple vendor devices, the
configuration file format, command syntax, and access credentials vary. With the
importance of standardization and industry compliance—consistent and validated
configuration changes must be maintained.
As the network grows in complexity and the number of devices increases, the use of simple
manual configuration changes becomes too difficult and time consuming. What is required
is a network management system that offers advanced features in the areas of scheduled
tasks, automated configuration, and scripted execution. These features allow the
administrator to focus on network optimization, trending, and growth planning instead of
wasting time on repetitive configuration tasks across multiple devices.
Automating the Management of Device Configurations
Making a configuration error is easy when managing multiple devices through a manual
process. Most configuration changes must be coordinated across multiple devices. For
example, when a new VLAN is implemented within the network, each related network
switch configuration must be updated with the correct VLAN ID, port number assignments,
and required VLAN trunking. An error on a single switch configuration can affect the entire
network.
Connectivity errors are obvious, but other configuration mistakes can introduce more
subtle errors, such as reduced performance or a security vulnerability, which may persist
for weeks or months until discovered. The use of automated configuration management
can substantially reduce the percentage of outages caused by configuration errors. Through
the use of automation, manual and repetitive tasks are eliminated, greatly reducing the
time and man‐hour cost of configuration management. Network administrators and
managers can set up scheduled tasks to roll out configuration or password changes to
existing devices; provision a new device with a standardized configuration; or restore
baseline configurations to one or more devices if changes need to be rolled back.
When automated configuration management is used to complete the VLAN addition in the
previous example, the opportunity for errors is reduced and standardization of
configurations is guaranteed. As Figure 3.7 shows, a single configuration update is made by
the administrator within the central network management system, then a scheduled task is
assigned to each switch to complete the update.
49

Figure 3.7: Automated configuration management.
The Power of Script Execution
When attempting to implement an automated configuration process, a key requirement is
the need to execute a series of tasks in a specific order. Think for a moment about the
overall process involved in updating the Internet‐facing firewall to allow https traffic flow
to a new set of point‐of‐sale Web servers:
1. Access the firewall device and complete a backup task to the centralized database.
2. Create a new Network Address Translation (NAT) rule for each Web server.
3. Create a new access rule for the https traffic flow from the source outside address to
the destination NAT address for each Web server.
4. Complete the manual process of testing https access to the Web servers to validate
the change.
5. Commit the configuration change to NVRAM once validated.
6. Complete a second‐versioned backup task to the centralized database.
7. Complete manual notification to the application manager for the point‐of‐sale
system that the change is complete.
As you follow the required steps for a simple firewall change, you begin to see the need to
apply controlled script execution throughout the automated configuration change. Each of
the steps or tasks described has to be executed in the proper order. It is also important that
the success of each task is monitored to ensure the overall configuration process is halted if
a critical step is not completed—such as the initial backup task. An additional element to
consider is the inclusion of manual tasks within the automated process. These manual tasks
help to ensure external testing and notification processes are not overlooked. Scripted
tasks in conjunction with the automated scheduling of configuration updates is a powerful
tool and should be part of any smart network management system.
50

Make the Move to Smart Configuration and Change Management
SMBs often lack a full‐time network configuration manager. It is not unusual for the role of
“network manager” to be added to an employee’s real title and responsibilities—as in
President/Network Manager, Sales Rep/Network Manager, or Administrative
Assistant/Network Manager.
Regardless of the size, businesses need networks that operate 24/7, providing secure and
reliable access to resources, applications, and data required to function. Unfortunately,
many network managers do not have the time to properly plan or execute configuration
changes, and ad‐hoc configuration changes usually translate into network outages.
Change the way your business approaches network management by evaluating the use of a
fully integrated configuration and change management system. With the power of
centralization, all device configuration data and access information is secure and readily
available for recovery. Through the process of automation, major network upgrades or
configuration changes can be made with confidence and completed on time. Network
outage by human error is greatly reduced by scripted execution of configuration changes
across multiple devices.
In a competitive environment, alignment with industry compliance standards can help to
differentiate your business from competitors. An integrated configuration and change
management system provides full auditing and logging of all device configuration changes
helping to ensure your business stays in compliance.
Your network is growing and changing along with your business. As the network becomes
more complex, the manual process of configuration and change management breaks down.
Shouldn’t your network management capabilities grow along with your network? Take a
step in the right direction by moving your business into an integrated configuration and
change management solution powered by a smart network management system.

51

Chapter 4: Four Must‐Have Features for a
Smart Network Management Solution
In a small to midsize business, you are faced with making tough decisions every day: how
to control cost, how to increase revenue, and which technologies will really help your
business. Technology is transforming the way business is conducted, and the technology
trends faced by an SMB are numerous:
• Flexible workforce—Users are demanding remote access to network resources from
anywhere, anytime
• Internet access—Fast and reliable access to the Internet is no longer a luxury; it is
vital to any business model
• Virtualization—Virtualization of the server infrastructure and network appliances is
spreading like wildfire across the data center
• Complex applications and systems—More complex multi‐tiered systems are being
introduced into the network requiring advanced performance monitoring and
troubleshooting
Each of these technology trends presents a significant challenge to any SMB. How can your
business make smart technology decisions that will be effective in meeting these
challenges?
Core to each of these technology trends is the network, making this the logical place to start
when evaluating technologies that can really have an impact on your business. Throughout
this guide, there has been much discussion around the topic of network management.
When you look across the breadth of network management, there are core functions that
must exist in any solution: discovery, mapping, monitoring, alerting, and reporting to name
a few. To address the previously presented challenges, the network management solution
must extend beyond these core functions and provide truly intelligent features.

52

This final chapter will focus on four must‐have features that take the network management
solution beyond basic requirements and provide a truly smart network management
solution:
• Real‐time troubleshooting and analysis—Troubleshooting capabilities are at the
heart of a smart network management solution. By leveraging the richness of the
discovery, mapping, and monitoring data, real‐time troubleshooting becomes a
reality.
• System event log management—With the addition of each new system or device
into the network comes a plethora of log data, application events, system events,
error logs, and Syslog data. Without a way to intelligently manage the overwhelming
amount of data generated by each system or device, the data becomes useless.
• Virtual infrastructure monitoring and management—Monitoring and managing a
virtual infrastructure presents different challenges than does a physical
environment. For example, virtualized systems typically do not support standard
Simple Network Management Protocol (SNMP) mode of data collection and often
the performance or monitoring data collected directly from a virtualized system is
inaccurate due to the underlying hypervisor integration. What is needed is a
virtualization‐aware management solution that fully integrates with the virtual
infrastructure.
• Network traffic monitoring and management—Consistent performance of the
network is vital to any business and is even more important for an SMB because
many aspects of an SMB’s business model rely on the Internet. From key business‐
to‐business partnerships to an ever‐growing telecommuting workforce, network
utilization and performance must be closely monitored and maintained.
Get Answers When You Need Them
When a business experiences a network outage, a device failure, application performance
loss, or a sudden bandwidth constraint, the consequences can be costly. For an SMB,
interruptions such as these can impact the business at a much faster pace. SMBs need a way
to quickly detect the impending problem before it effects the business as well as to
accurately troubleshoot the problem when it does occur.
Real‐Time Troubleshooting—System and Device
As discussed in previous chapters, the use of proactive monitoring of all systems and
devices ensures the network administrator is notified when a problem occurs on the
network. Once a problem is identified, the network administrator must take immediate
action to resolve the problem to minimize the impact on the business. A smart network
management solution must provide a rich set of real‐time troubleshooting and analysis
tools to assist the network administrator.

53

By leveraging the richness of the discovery and mapping tools within a smart network
management solution, troubleshooting system and device connectivity failures is greatly
enhanced. Intelligent discovery of systems and devices at layer 2 and layer 3 of the network
means the network management solution is fully aware of how each system and device is
connected to the network and, more importantly, how each system and device is inter‐
connected. Figure 4.1 highlights an example of a network topology map generated during
the discovery process of a smart network management solution. With the ability to
automatically enable active monitoring of each discovered system and device interface, the
network management solution can provide proactive notification of any connectivity
failure.

Figure 4.1: Network active monitor map.
The active monitoring in Figure 4.1 indicates a connectivity alarm for the DMZ switch and
Web server A. At this point, more information is required to determine the actual cause of
the connectivity failure. By drilling down into the active monitor map, the cause of the
failure is quickly discovered when the layer 2 switch port data for the DMZ switch is
reviewed.
Figure 4.2 indicates port 10 on the switch has failed, causing the connectivity alarms seen
on the initial network monitor map. The power of using the topology maps in combination
with the active monitoring data for real‐time troubleshooting is evident.

Figure 4.2: DMZ switch port monitor.
54

Layer 2 vs. Layer 3 Addressing
An IP address is a layer 3 (network layer) address. The MAC address is a
layer 2 (data link) address. Layer 3 addresses are logical addresses that
pertain to a single protocol (such as IP, IPX, or AppleTalk). Layer 2 addresses
are physical addresses that pertain to the actual hardware interface (NIC) in
the computer. A computer can have any number of layer 3 addresses, but it
will only have one layer 2 address per LAN interface. At layer 3, the data is
addressed to the host for which the data is destined. At layer 2, though, the
data is addressed to the next hop.
Real‐Time Troubleshooting—Applications
Although immediate response and resolution of connectivity issues is important,
application access and performance is really the key to any business. Without reliable
access to core point‐of‐sale Web applications, customers will quickly move onto
competitors sites. If employees cannot access company resources when needed, critical
business transactions are delayed. An SMB must have the ability to quickly detect and
resolve any application failure or performance loss.
Smart network management solutions incorporate a number of features to assist with
detection of application‐related issues: IP services monitoring, Microsoft Exchange
Monitoring, SQL Database Performance Monitoring, and Windows Process Monitoring, to
name a few. These features were detailed in Chapter 2 and a short summary of the benefit
of each feature with regard to application failure detection follows:
• IP services monitoring—Provides broad support for monitoring IP services and
Web applications
• Microsoft Exchange monitoring—Allows for monitoring and tracking of Exchange
2007/2010 server roles including all related Exchange services
• SQL database performance monitoring—Provides real‐time SQL‐based queries
against monitored databases and integrated SQL Server monitoring of key internal
processes
• Windows process monitoring—Provides preconfigured and custom Windows
Management Instrumentation (WMI) monitors for broad support of process
monitoring
When it comes to troubleshooting application performance in real‐time, a must‐have
feature is synthetic transaction monitoring. This feature was also introduced in Chapter 2
but is worthy of additional attention.
The idea behind synthetic transactions is to allow the network administrator to fully
simulate a prospective Web transaction against a production Web server environment in
real‐time. This ability provides immediate feedback into the performance and status of
critical Web server farms. In Figure 4.3, an example of a synthetic transaction is shown; a
typical user transaction is completed by accessing the default home page, navigating to the
Contact Us page, and completing data entry in a form for submission.
55

Figure 4.3: Synthetic transaction.
If a failure occurs along the prescribed transaction path, an alert monitor can be triggered
providing notification of the failure. By utilizing real‐time troubleshooting features such as
layer 3 protocol addressing and layer 2 MAC or port‐level addressing, network connectivity
monitoring, and application‐level synthetic transaction monitoring, an SMB can achieve a
higher level of network performance and readiness.
Finally realize the value of log data
As your network environment grows with the addition of new devices, systems, and
applications, so does the amount of log data. Each device, system, or application generates a
large amount of logging and event data. In a typical network environment, this data is
decentralized and resides on each individual device or system—making it very difficult to
realize the value of the data.
Who has time to visit each device or system and open every log file? Not many
administrators make this task a top priority and most often only review log files after an
outage or failure has occurred. Even if this was a top priority, the vast amount of log data
generated in a typical environment makes the task of analyzing the data virtually
impossible. For example, in a large SMB with 20 Microsoft Windows servers (assuming
three log file types per server) multiplied by the amount of log data generated over a 24
hour period by each server, times the number of total log files, the amount of data to review
for a single day can be overwhelming.
The process of manually reviewing log data may be overwhelming, but there is enormous
value in gaining visibility of log data across the entire network. Windows event log files and
device Syslog information files hold very valuable information. Complete historical records
for each system and device can be constructed from these log files and used during forensic
analysis after a major outage or failure. More importantly, these log files can provide
critical proactive information to help avoid a major outage.

56

For example, within a Microsoft Exchange 2010 environment, the Client Access Server
(CAS) role utilizes the Autodiscover service to provide Microsoft Outlook 2007 with
configuration information that’s needed to connect to Exchange. If this service were
unavailable, users’ Outlook clients would fail to connect to Exchange. By proactively
monitoring the Windows Application event log for any MSExchange Availability related
events, the administrator will be made aware of a potential failure of this important
service.
System Event Log Management
The previous example highlights the importance of proactive event log management and
real‐time monitoring. Being able to monitor event logs gives an administrator a substantial
advantage in identifying failures early on—rather than investigating them after the fact.
The presence of a well‐planned event log monitoring strategy is the cornerstone to a
proactive network management plan.
To establish an event log monitoring strategy, the current problem inherent with
traditional event logging must be addressed—most notably, the decentralization of the log
file data. By centralizing the collection of log files from each server and device within the
network management solution, the first hurdle in log file management is overcome.
Centralizing all log file data in a secure database within the network management solution
ensures visibility across all logging data for every Windows system on the network.
Collecting Log Files
To accomplish the centralization of log data, the network management solution must have
support for the collection of multiple types of Windows event log data.
Log File Types
When looking for a log management solution, ensure the solution has
visibility and collection capabilities into the following types of log data:
system, security, administrative, operational, and application logs across
both EVT formatted logs (Windows NT, 2003, XP) and EVTX formatted logs
(Windows Vista, Windows 7, Windows 2008) for Microsoft Windows servers.
A manual solution for the collection of log data across multiple Windows servers is difficult
to achieve using manual scripting, and the storage options do not scale very well, making
the task of centralization of log data difficult. Additionally, the very nature of manual script
creation and management is proprietary to the specific administrator, and when the SMB
experiences turn over, often the knowledge of administrating the manual scripts is lost.

57

What is needed is a more consistent and reliable method of collection—look for a solution
that provides the following capabilities:
• Automated collection and storage of Windows event log data—Enables the
scheduling, collection, and centralized storage of Windows event log data; also
provides the ability to leave and active copy of the log data on the source server
• Flexible remote and agent‐based collection of Windows event log data—Provides
collection of Windows event log data from both local LAN‐based and remote WAN‐
based systems. Also provides support for agent‐based architectures within
restricted security environments
• Automatic database maintenance—Automates the process of managing quickly‐
growing Windows event log data collection utilizing built‐in database maintenance
capabilities to archive files and purge data
Syslog data residing on Linux, Unix, and network devices such as routers is equally
important in the overall log management solution. The centralization of Syslog data relates
to the ability to centrally analyze and monitor the data along with Windows event log data
but does not pertain to the collection of Syslog data in a centralized database.
What Is Syslog Data?
Syslog is a client‐server protocol with an associated logging application used
to transmit a small text message to a Syslog receiver or server. These
messages may be sent via the User Datagram Protocol (UDP) or the
Transmission Control Protocol (TCP).
Analyzing Log Files
The second hurdle to overcome with regards to log file management is the centralization of
log data analysis. As mentioned earlier, system and device log file data holds a wealth of
information that is crucial to the proactive management of the network. Once the Windows
log file data has been collected and normalized, you need a tool that allows filtering,
correlation, and reporting on log data across all Windows systems and Syslog information
devices.
The normalization of Windows event log data refers to the process of providing consistent
field‐level data representation in the generated event logs between Windows EVT and
EVTX formatted files. An example of this type of normalization can be seen when
comparing Windows 7 Security event log entries with Windows XP. The Windows 7
security log does not provide information about the user performing the action or affected
by the action in the User field, as was the case with Windows XP. Instead, the information is
placed in the Description field of the event. The technology used for the normalization of
Windows event log data adds the ability to place the most relevant user information back
into the User field as the logs are processed. This helps to maintain consistency across all
log data for quicker analysis.

58

The log management solution should provide the ability to easily filter through the vast
amounts of log file data for specific logs and then provide the ability to view and further
filter at the specific event level. Some of the key features to look for in a log file
management solution with regard to analysis are:
• Event log correlation and analysis—Provides a powerful ‘windowing’ technology
that gives network administrators the ability to correlate different cross sections of
event log records from multiple sources; also allows administrators to quickly jump
to specific dates, event IDs, and source types
• Prepackaged and custom event log reporting—Allows network administrators to
quickly produce HTML or CSV formatted reports based on multiple types of event
log entries—providing immediate feedback to the business on network issues and
security compliance.
Real‐Time Monitoring of Log Files
The final hurdle is the ability to provide real‐time visibility of Windows event log and
Syslog file entries across the entire network. The real power in a centralized log file
management solution lies in its ability to provide targeted monitoring of event log data
across multiple Windows systems or network devices using a single alarm setting. Think
back to our example regarding Microsoft Exchange 2010 CAS; in a larger Exchange
environment that spans multiple locations, an SMB will have an Exchange 2010 CAS
installed at each location in‐line with the Active Directory (AD) site architecture. To
proactively monitor the Exchange 2010 Autodiscover Service, an alarm must be created to
monitor each server’s Application event log for MSExchange Availability event entries.
In an environment that does not have a centralized log management solution, the network
administrator would have to visit each Exchange 2010 CAS manually and review the
Application event logs on a regular basis to determine the health of the Autodiscover
service. Utilizing the real‐time monitoring capabilities of a centralized log file management
solution, the network administrator can create a single alarm that polls every Exchange
2010 CAS on a regular basis for a Warning or Error event entry with the Source type of
MSExchange Availability (see Figure 4.4). In this example, three Exchange 2010 CAS are
monitored for an MSExchange Availability warning or error event entry. The CAS at AD Site
1 has logged an Event Error with the Event ID of 4002, matching the alarm source type set
on the network management system.

59

Figure 4.4: Exchange 2010 CAS event log monitoring.
The log file management solution must provide for the real‐time automation of log file
monitoring across Windows event logs and Syslog files with key capabilities in the
following areas:
• Broad range of event notification types—Including options for email alerts, network
popups, pager calls, Syslog server forwarding, database insertion, and broadcast
notifications to administrators
• Combined Windows event and Syslog support—The ability to monitor standard
Windows event logs for application, security, system, and Syslog files generated by
network devices, Unix, and Linux systems
• Dual mode support for remote and agent‐based monitoring—Provides the flexibility
to monitor remote systems and devices without the requirement for agent‐based
installs; when necessary, due to security compliance restrictions, allow for full
agent‐based monitoring of remote systems and devices.
When evaluating a network management solution, consideration of an event log
management feature must be high on the list.
Server Virtualization Creates a New Problem
Virtualization is sweeping across data centers. SMBs are seeing the value in making the
move to server virtualization for the reduction in hardware cost and maintenance.
Although server virtualization and consolidation make perfect sense for most SMBs, there
are common pitfalls related to network management and server virtualization.

60

Some of the common difficulties experienced by SMBs that attempt to utilize legacy
network management software include hardware inventories that do not accurately reflect
the environment, server performance monitoring data that is skewed, automated alerting
and remediate tasks that fail or cause virtual infrastructure host issues, no reporting of
virtual machine placement within the virtual infrastructure, and lack of visibility into
virtual infrastructure host performance. This list highlights just a few of the problems
legacy network management software encounters due to its lack of virtualization
awareness.
One good example of the difficulties encountered by SMBs when attempting to utilize
traditional methods of network monitoring and management of a virtualized server
environment is the shortcomings of SNMP monitoring as it relates to virtual machines.
SNMP was originally designed to manage hardware devices with a well‐defined MIB
structure and definitive resource capacities. In a virtualized infrastructure, capacities are
elastic (they can be made to grow or shrink dynamically) and full virtual machines can be
started/stopped or migrated from one hardware to another while maintaining their system
state. In this dynamic environment, the rigid MIB and OID structure of SNMP is not suitable.
Virtual Infrastructure Monitoring and Management
To overcome these issues, an SMB needs to ensure the network management solution
incorporates a fully integrated virtual server monitoring and management feature. By
providing a virtualization‐aware solution, the network management environment gains
visibility at the hypervisor level of the virtual infrastructure. This is critical for accurate
awareness of the virtualized servers and associated applications.
What Is a Hypervisor?
A hypervisor, also called virtual machine monitor (VMM), allows multiple
operating systems (OSs) to run concurrently on a single host computer—a
feature called hardware virtualization. The hypervisor presents the guest OSs
with a virtual platform and monitors the execution of the guest OSs. In that
way, multiple OSs, including multiple instances of the same OS, can share
hardware resources.
By integrating the monitoring and management of the virtual infrastructure into the
network management solution, the SMB can utilize a single solution to discover, map, and
monitor both physical and virtual server and network resources. One of the top vendors in
the virtualization space is VMware Inc.; according to IDC’s Q4 2009 reporting (IDC, 2010),
VMware’s ESX and ESXi hypervisors continue to hold the number one position across
virtualization platforms. Because of the large market share, it is very important that the
network management solution fully supports integration with VMware’s hypervisors.
VMware with the release of vSphere and the associated ESX 4 and ESXi 4 hypervisors has
moved to a new open Application Programming Interface (API) architecture. This new Web
service, running on vSphere server systems, provides direct access to the ESX management
components. The management components can be used to manage, monitor, and control
virtual machine operations and other virtual infrastructure components (data stores,
networks and, appliances).
61

A smart network management solution should make full use of the API architecture within
vSphere and should provide a rich set of tools for virtual machine management and
monitoring. The advantages of a network management solution that integrates at this level
are many:
• Discovery and mapping—Automatically discover and map VMware ESX and ESXi
hosts and their associated guest systems
• Resource utilization—Collect accurate utilization and resource consumption metrics
from the virtual infrastructure
• Real‐time alerting—Receive real‐time alerts when utilization on host systems or
virtual machines reach established thresholds
• Management integration—Utilize VMware tools to actively manage virtual machines
on demand or on a scheduled basis
• Centralized management—Manage the entire data center infrastructure including;
hosts, virtual machines, virtual appliances and, applications all from a single console
Figure 4.5 details the visibility a smart network management solution can provide when
supporting direct integration with the hypervisor’s API architecture. This figure presents
the performance visibility into a VMware ESXi environment provided by the network
management system.

Figure 4.5: Manage virtualized servers’ performance.
62

Figure 4.6 highlights the type of powerful integration and control a network management
solution can provide when able to utilize the VMware API architecture. This image shows
the virtual machine management options accessible from within the network management
console. This ability allows the network administrators to work within a single pane of
glass for all server management (physical and virtual).

Figure 4.6: Virtual machine management.
Equally important in today’s virtualization landscape is the ability to support multiple
vendors’ hypervisor products. Referencing the same IDC report from Q4 2009, Microsoft’s
Hyper‐V and Citrix’s XenServer platforms are also showing impressive growth: 200% and
300%, respectively, year‐over‐year. When evaluating a network management solution,
planning for the management and monitoring of a multi‐vendor virtual infrastructure
makes sense.
The Network Is Always Open
Much like the corner convenience store in your local neighborhood, the network within
your SMB is always expected to be available and ready for business. With current trends
towards telecommuting and a geographically dispersed workforce, your business
resources must be accessible over the Internet 24 hours a day, 365 days a year. Combine
this requirement with the increasing dependence on high‐speed access to the Internet from
within your business for access to critical business‐to‐business partner Web sites, and the
need to closely monitor and manage your SMB’s network utilization and bandwidth is
apparent.
63

When evaluating a network management solution, a must‐have feature that provides the
ability to gain insight into the utilization and performance of network bandwidth is
network traffic monitoring and management.
Network Traffic Monitoring and Management
The key technology underlying a network traffic monitoring solution is flow‐level visibility.
In a packet switching network such as TCP /IP, network traffic is comprised of a sequence
of packets traveling from a source to a destination. This sequence of packets is termed
network flow. Network traffic monitoring tools allow for the gathering, analyzing, and
reporting of the network flow data or IP packets passing from the source to the destination.
The power of this feature is the ability to analyze and report on network traffic patterns
and bandwidth utilization in real‐time. With network flow monitoring, the network
administrator can quickly determine overall utilization for the LAN or WAN and specific
devices or interfaces. Network flow monitoring also indicates users, applications, and
protocols that are consuming abnormal amounts of bandwidth.
In Figure 4.7, an example of a network flow monitor console is highlighted, providing
visibility of inbound and outbound traffic across the edge router’s external interface. By
utilizing easy to understand top‐based graphs, the network administrator can identify
those protocols, applications, and users that are consuming bandwidth and causing
performance issues.

Figure 4.7: Network flow monitor.
64

To accomplish the level of visibility required into the network, the network flow
monitoring solution must support a wide variety of flow protocols including NetFlow,
sFlow, and J‐Flow. The flow monitor works by collecting and summarizing data that is
carried over a device and then transmitting that summary to a centralized collector for
storage and analysis.
What Type of Flow Protocol Do I Need?
Flow protocols such as NetFlow and J‐Flow track every packet as it travels
across the monitored interface, while sFlow protocol uses a sampling
algorithm where every nth packet is recorded. Which type should you use?
For high security and compliance environments, NetFlow and J‐Flow is
where you need to be. If all you need is a way to determine who is hogging
the network bandwidth, the sFlow protocol will suffice.
Some key use cases for a network flow monitoring and management solution are:
• Maintain required level of network capacity—Review network usage trends and
determine when to increase the network capacity to maintain the required level of
performance
• Identify network configuration issues—Recognize and correct configuration issues
that are consuming network resources or introducing security vulnerabilities
• Target unwanted traffic—Identify traffic patterns that may indicate undesired
network usage, such as peer‐to‐peer file‐sharing applications
• Proactive bandwidth management—Troubleshoot and correct bandwidth spikes in
network traffic before they become a major problem
Network management solutions incorporating network flow monitoring and management
take management of the network to a new level.
These four must‐have features greatly enhance a network management solution by
providing capabilities that extend the basic requirements of a network management
system. When evaluating a network management solution for your SMB, ensure these
features are included and take the management of your network to a new level.
SMBs Need Smart Network Management
Over the past four chapters, a clear vision has been established of what is required by SMBs
in today’s economy with regard to network management. Gone are the days of simple peer‐
level networks that safely operate within the confines of a business’ brick walls. Today
SMBs, much like their corporate counterparts, are having to build and maintain very
complex network environments including high‐speed Internet, advanced routing, layer 2
and layer 3 switching, VLANS, multi‐tiered applications, virtualization of servers and
network appliances, and an ever demanding flexible workforce.

65

The monitoring and management of these complex networks requires a robust network
management solution that can provide a rich set of features and tools to address the
challenges inherent in a complex network. The blueprint for such a network management
solution focuses on four key features: complete visibility, sophisticated monitoring,
integrated configuration and change management, and realtime troubleshooting, trending,
and flow analysis. Together these features form the foundation of what is called a smart
network management solution.
Download Additional Books from Realtime Nexus!
Realtime Nexus—The Digital Library provides world‐class expert resources that IT
professionals depend on to learn about the newest technologies. If you found this book to
be informative, we encourage you to download more of our industry‐leading technology
books and video guides at Realtime Nexus. Please visit
http://nexus.realtimepublishers.com.
66

Smart Network Management For The SMB

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Smart Network Management For The SMB

Uploaded by

Copyright:

Available Formats

The Shortcut Guide To

Network Management Software Chris Hampton

Source: Ziff Davis survey Proactive Approach Reactive Approach

Device IP Address Interface Name Status

You might also like