Health check

 By Kay Ewbank

Prevention is better than cure: Kay Ewbank looks at a selection of tools that can give your network a health check.

HardCopy Issue: 53 | Found In: Systems | Published: 14/09/2011 | Last Revision: 14/09/2011

Do you know if your network is healthy? It’s tempting to ignore such questions while your servers seem to start and your users can log on, but it makes more sense to periodically test the health of your network and take action before any problems get out of hand. The trick is to find monitoring and management software that steers the fine line between keeping you informed and total information overload. You need to be able to view the network health, check specific devices more closely, and run tests on all the elements in your system. This includes not just servers and desktop PCs, but network hardware such as routers and switches, and non-desktop clients such as laptops and smartphones. Some network protection and testing software goes further, with options to monitor the health of key application software servers such as your database and email servers. If problems are building - CPUs overloaded, networks clogged with traffic – then the console should highlight the problem, and if thresholds are reached, you should have the option of being alerted by email, SMS or instant message. It’s also important to have a console that gives useful at-a-glance displays, and being able to view the details via the Web or on your smartphone can give you more freedom than a console that is only visible from within the network. Getting started is one of the biggest hurdles to using a network monitoring package, so it’s important that the software automatically identifies the devices on your network and ideally build a map showing how they fit together. Depending on your infrastructure, the option of building separate sub-maps showing parts of the network may make life easier. The software you use also influences your choice of package: Windows systems are supported on all the software we discuss here; but coverage for non-Windows devices such as Linux or UNIX machines, and mobile devices such as iPhones or BlackBerries, is something to check for. The range of checks it can perform is something else to look out for: you should find support for Windows Management Instrumentation (WMI), which is used to monitor Windows systems, but it’s worth finding out if you can also write your own queries using other methods such as WQL (WMI Query Language). Finally, look for a trial version of the software so that you can find out for yourself whether it meets all your needs, and is simple enough for you actually to use it regularly. All the software mentioned here offers this option.

Microsoft System Center

Microsoft System Center is often chosen because of the company that makes it, but until relatively recently it was restricted to big business. This changed with the advent of System Center Essentials, a cut-down version aimed at smaller and medium sized companies. All versions of System Center, including Essentials, are designed to let you monitor and manage your network and to help with the everyday tasks of software installation and upgrades. Away from the Essentials version, System Center includes the elements of the old Microsoft Operations Manager (MOM) and Systems Management Server (SMS), as well as Configuration Manager, Capacity Planner, Virtual Machine Manager and Data Protection Manager. You don’t have to use all the elements, but they all work together under the umbrella of System Center.

In terms of network protection and testing, System Center starts by automatically discovering the computers and network devices on your network, and will generate maps showing the layout of your network, both wired and wireless. System Center will identify all SNMP devices. As you might expect from Microsoft, there’s a strong emphasis on Windows. In the past, this meant you couldn’t monitor Linux and UNIX systems, but full System Center will now monitor and manage these systems, and System Center Essentials 2010 has also added this support. If you’re running virtual machines then the full System Center can be used to monitor and manage virtual machines running on Windows Server 2008 with Hyper-V, Microsoft Virtual Server, and VMware ESX. Essentials 2010 has also added support for virtual machines running Microsoft Virtualisation, though you need full System Center to get VMware support. If you’re using System Center Essentials 2010, the console is Windows based and will be familiar to anyone used to Microsoft Outlook, with overview panes and separate workspaces for each element. The workspaces show the tasks for that element, reports of current status, and where to look for help. There’s a Web console you can use if you have Remote Operations Manager. If a problem occurs on a device that is being monitored, you can choose to be notified by email, SMS or instant message, or to run a script or executable file. You can control the notifications by group membership, by object types, by alert criteria such as severity, priority, resolution state, and by category of alert, and you can also configure alert aging. You are unlikely to run out of features if you go for Microsoft System Center, but that richness does require work learning how to get the best out of it all.

Paessler PRTG Network Monitor

PRTG Network Monitor is designed to be easy to use, lightweight on resources, and to let you keep track of your network, which it does by monitoring using various methods from simply pinging devices through to SNMP and WMI tests. You can check on elements such as HTTP, Remote Desktop, and DNS using specific checks, as well as monitoring applications such as Exchange and SQL Server. You can also monitor virtual environments running VMware, Microsoft Hyper-V or Xen.

A comprehensive display from the Paessler PRTG console.

There’s a choice of interface for PRTG Network Monitor, from a standard desktop application to Ajax Web-based and Android and iOS smartphone consoles that allow you to keep track no matter where you’re working. The Web-based and mobile consoles are limited in features, but at least let you see the basics. All the user interfaces allow SSL-secured local and remote access and can be used simultaneously. There’s a network mapping option so you can see problems in the context of where they occur on your infrastructure. PRTG uses ‘sensors’ to monitor network devices, and comes with over 100 sensors for keeping track of your network, with options for monitoring downtime and bandwidth using SNMP, WMI, NetFlow, sFlow, jFlow, and packet sniffing. You can monitor virtual servers and carry out monitoring without installing local agents, though there is an optional agent that gives you more information if it is used. You can develop your own custom sensors using WQL or SQL queries. If a problem or event occurs, you can choose to be notified by email, SMS or pager, or by instant messenger. You can choose to play alarms or to run a script to trigger some external technology. You can make use of escalation and threshold alerts, as well as multiple conditions that are only triggered when more than one problem has been found. You can also set up dependencies so you don’t get hundreds of emails telling you about all the other problems triggered when a particularly major event has occurred. Other options include stopping alarms once you’ve acknowledged the problem, and alert scheduling so you don’t – for example – get disturbed at night by low priority alarms. Paessler has a new version 9 of PRTG due this month, but details were unavailable at the time of writing.

Ipswitch WhatsUp Gold

Ipswitch WhatsUp Gold lets you identify all the devices on your network so you can monitor them, receive alerts and updates when things happen, and view reports on their overall health. The administration console lets you map and monitor network devices, and will find all the devices on your network. Network traffic and bandwidth usage can be monitored, and devices can be grouped and managed together in logical units. WhatsUp Gold will automatically create certain groups, such as Cisco devices and those with SNMP credentials. You can then monitor by group, give permission by group, and produce reports on the network health of particular groups of device. You get a choice of three ways to monitor and manage what’s happening: on a schedule, in response to an event such as a network device becoming unavailable, or according to some performance criteria you’ve defined (CPU usage, for example). If problems occur, administrators can be notified by SMS, email or pop-up messages.

Viewing alerts in Ipswitch WhatsUp Gold, including the Map View.

In addition to the basic editions, WhatsUp Gold has plug-ins for options including extended network mapping, VOIP monitoring and support for segmented networks. Flow Monitor is another plug-in that can be used to show where network bandwidth is being used in terms of users, applications and protocols. The more comprehensive editions of WhatsUp Gold come with application monitoring support so you can monitor the health of applications including Microsoft Exchange and SQL Server.

GFI Network Server Monitor

GFI Network Server Monitor can keep track of servers, desktop PCs, devices such as routers, and application servers such as Microsoft Exchange and SQL Server. Network Server Monitor carries out automatic scans for potential problems or failures and will alert you by email, pager or SMS if a problem is detected. You can also set Network Server Monitor to carry out corrective actions automatically, such as restarting a service or services, rebooting a server, launching an executable program or running a script. The software comes with built in monitoring rules for network features, including disk space, services and processes on both servers and workstations, and you can create your own custom monitoring functions in VBScript, ADSI and WMI. In some cases, the monitoring is more extensive than that of other products; for example, the terminal server check involves the software actually logging onto the server and checking to see that the session is established correctly. The checks on email services such as POP3 and SMTP go further in not just logging on but also carrying out a task.

Monitoring status with the GFI Network Server Monitor.

GFI Network Server Monitor can be used to monitor both Windows and Linux servers, and lets you monitor CPU usage, file existence, what processes are running, folder size, file size, users and groups membership, disk partition check and disk space. While Network Server Monitor comes with a console for local network use, there’s also a Web monitor for checking system status from anywhere with Web coverage. The remote Web monitor is configured for both normal Web browsers and mobile phones or handheld devices such as a BlackBerry or a Palm.

Quest Big Brother

Big Brother is a Web-based product that lets you monitor system and network information on Windows, Unix and Linux. It can be used with agents running on the systems being monitored if you need detailed information, or you can run it without agents for a more ad-hoc approach to network testing. Big Brother was originally developed by a systems administrator who didn’t like the options he was offered by existing software, and many of its plus points reflect this: for example, if your network is heavily protected by firewalls, you can set up Big Brother to route messages to an internal display server that relays to an external display server, so minimising the need to open up your firewall and the amount of traffic across the firewall. The displays use colours to signal at top-level any servers that have problems. If a problem occurs, the notification can be set to show what test failed, on what machine and at what time. Data can be displayed by geographic location and you can view data from multiple consoles in a single view. You can set up groups who should be paged, and make use of notification features such as acknowledgments and escalations. You can also choose to set a delay before paging to avoid being notified of problems that might be resolved automatically. Big Brother is set up to test FTP, HTTP, SMTP, POP3, DNS, Telnet, IMAP, NNTP and SSH servers, and you can add additional tests as required. When installed on a local machine, Big Brother tracks disk space, CPU usage, messages, and the existence of user-defined processes. Big Brother was written with the idea that it could be extended, and there’s a thriving culture with more than 1,000 free third-party add-ons available covering everything from VMS and AS/400 clients to CPU temperature on Solaris machines.

SolarWinds Orion NPM

As the name suggests, Orion Network Performance Manager (NPM) concentrates on monitoring network performance. If you need application monitoring then SolarWinds’ Application Performance Manager is the sister product to NPM. Network Performance Monitor lets you keep track of the performance of wired and wireless networks both locally and remotely. Network Performance Manager has some nice touches when it comes to viewing your network graphically. A feature called Network Atlas shows you a picture of your network and lets you track performance statistics on the maps in real time, while ConnectNow lets you automatically display the connections between network devices on your maps. The software comes with built-in geographic map templates or you can import a logical image of your own network based on floor, building, department or geographic location. You can also nest network maps within maps so users can drill-down to see greater detail. You drag and drop network devices onto your maps, then click a ‘Connect Now’ button to have Network Performance Manager discover the connections and add them to the display. The maps can also take account of the authorisation level of the user, so someone in the Manchester office wouldn’t be shown the network details from Edinburgh, for example. If you’re running VMware vSphere, ESX or ESXi, then Network Performance Manager can also monitor your virtual environments. If you want to monitor Netflow traffic you’ll need another SolarWinds add-on: either the Orion NetFlow Traffic Analyzer or SolarWinds’ free Realtime Netflow Analyzer. NPM comes with a range of pre-defined reports, and there’s also a report writer so you can create your own custom reports if the supplied options don’t meet your needs. You can view Top 10 lists for network traffic, CPU and memory use, disk use, and network response times.

GlobalScape EFT Server

Network management isn’t just a matter of keeping track of software licences and updates: you also need to make sure activity on the network happens in a secure and appropriate way. If your users transfer files in and out of your network, part of your role may be to ensure the transfers happen securely. EFT Server is a secure FTP server that allows supports multiple transfer protocols, secure access, and flexible authentication. Authentication formats include PCI, FIPS, and HIPAA. The basic server has the protocol support with add-ons providing auditing and reporting and extra transfer facilities for more specialised cases. There’s an AS2 module that lets your business users exchange data or EDI messages using the Applicability Statement 2 (AS2) protocol, and an Advanced Workflow Engine (AWE) Module lets you automate file transfers by putting together event-driven file transfer processes based on real-time processing of 200 automated actions. You can make use of a multi-platform DMZ Gateway for greater security, while the High Security Module (HSM) module complies with FIPS 140-2 and PCI DSS 1.2. There’s a Web client that gives an easier option and that can be used by business partners who don’t have EFT Server or suitable other software, and a PGP module encrypts data using OpenPGP encryption. EFT Server isn’t a complete network protection and monitoring solution, but it does cover the protection of file transfers very effectively.

Be the first to comment about this article...