Monitoring the system

 By Peter Worlock

Keeping an eye on how your system is performing can alert you to potential disasters before they happen. Peter Worlock takes a look at the tools available.

HardCopy Issue: 47 | Found In: Systems | Published: 01/02/2010 | Last Revision: 07/07/2010

For organisations of almost any size, IT is now mission-critical. It should, therefore, be obvious that the continuing health of your IT systems is also critical. As with human beings, the best way to ensure you stay trouble-free is through regular checkups. You don’t want a heart attack to be your first warning of a problem; similarly, waiting for a server or network crash is a poor way to uncover an IT issue. For the smallest and largest organisations, IT systems monitoring is rarely an issue. For the smallest, perhaps running a few PCs and a printer on a LAN with a broadband connection, monitoring is relatively simple and there are many tools available, either built in to the operating system or free from third-parties, that can do the job. For the largest organisations, systems monitoring is such a vital function that it is designed in from the start, with dedicated support staff to manage it. It is mid-size organisations that find systems monitoring a challenge. The free and readily-available tools are usually limited in features and often only add to the burden of IT management. On the other hand, large-scale solutions can be overly complex and expensive. Fortunately, there are now a number of mid-range solutions better-suited to the mid-size enterprise.

What to monitor

A Systems Monitoring Solution (SMS) lets you monitor, examine and test the health of all the components in your IT infrastructure: the servers, routers and switches, as well as the devices attached to them including the now-ubiquitous Blackberries and iPhones. More than a simple health check, an SMS allows you to identify network bottlenecks, overloaded or under-used servers, and flaky connections. It can also help you improve availability and performance, and plan for future growth. It is important to recognise that an SMS is not primarily a security system, and should be working alongside a separate intrusion detection or prevention system. However, an SMS can uncover unauthorised use and help to ensure that users are complying with company IT policy. Note also that, while many solutions are primarily or even exclusively focused on the hardware and the network, several also allow you to monitor mainstay software including databases, email, core Windows processes and applications. What an SMS will do is fulfil a number of tasks and answer key questions, such as: l Identification of weak network links and other bottlenecks; • Identification of overloaded equipment before it becomes critical; • Discovery of under-used resources and whether they can be eliminated or redeployed; • Identification of which operating systems and applications are on which servers, and whether they are necessary; • Identification of power users and what they are doing; • Monitor remote devices, such as laptops, as they attach to the network; • Confirm policy compliance.

What to look for

Before you begin looking for a specific solution you should consider your own IT infrastructure and conduct an audit of what you have, and what you plan to have. You should also decide what events and metrics are essential versus those that are worthwhile extras, and how you want alerts to be delivered. It’s worth noting that all of the solutions considered in this article have trial versions available for download so you can test the features, device support and interface design before you commit. A key feature is an auto-discovery tool which will automatically identify all of the devices on your network, often including some you didn’t know existed. Most commercial SMSs run on a Windows platform, but support for other operating systems and devices does vary. SNMP support is commonplace, but if you have a number of non-SNMP devices, PCs running Linux or Unix, or mobile devices such as Blackberries, iPhones or PDAs, you should factor that into your purchasing decision. Most SMSs use Windows Management Instrumentation (WMI) for monitoring Windows systems, but only some allow you to create your own queries using WQL (WMI Query Language) to monitor unsupported metrics or applications. For more complex IT infrastructures, the ability to generate a graphical map of the network can be invaluable. The solutions vary in the number and type of monitoring tools they provide, and you need to determine which metrics are of most importance to you. They include hardware-specific details such as CPU temperatures; operating parameters including processor load and application response times; and network operation such as round-trip times, packet loss and unauthorised access attempts. Since monitoring is not a once-a-year activity, data logging and the ability to track performance over time is also a key requirement in identifying problems before they become critical, as well as providing a picture of activity that can help in planning future investment. Alerting and reporting is also important and different SMSs provide different kinds of alerts, from messages on an administrator’s console to remote alerts via email, and increasingly via text and voice messages to mobile devices. While many systems now provide the ability to monitor and manage the SMS remotely via a Web interface, some also support the iPhone and other devices. Scalability may also be a significant factor for some administrators. Although the leading solutions will support thousands of devices, scalability often comes at a cost and licensing can prove expensive if you buy more than you need, or if you need to expand beyond the initial levels of support. Perhaps above all else, you should be looking for simplicity. Managing your IT infrastructure is already complex enough, which is why you need an SMS in the first place, so you don’t need a solution that is more complex than necessary. Look for a system that does as much as possible out of the box: while most SMSs will provide the same features and levels of support, some require additional components to achieve the aims. For example, many require an installation of Microsoft SQL Server, if you don’t already run one. Some will monitor your entire network infrastructure; others require additional installations if your network is segmented behind a number of firewalls. Some have limited support for wireless networks and devices, again imposing extra expense for the necessary functionality. A detailed comparison of the competing SMS solutions is beyond the scope of this article. What follows is an overview of the products available from the leading vendors.

Paessler PRTG Network Monitor

German vendor Paessler’s solution runs on any flavour of Windows from XP onward, either server or workstation. It provides more than 50 types of sensor covering NetFlow, SNMP and WMI, as well as common network services such as ping, HTTP, SMTP, POP3, SQL, file and mail server performance, and a host of hardware-specific metrics including processor, memory, disk and network activity. Paessler’s licensing scheme is based on the number of sensors used rather than number of devices, and is available in a freeware version for very small networks (up to 10 sensors, or 20 if you register the product), with commercial versions supporting 100, 500, 1,000 or an unlimited Enterprise edition supporting up to 30,000 sensors.

Paessler’s PRTG Network Monitor provides a dashboard view of the network.

Essential features include auto-discovery on installation, a flexible mapping system, and the choice of three interfaces: an Ajax-based Web console, a native Windows application, and an iPhone app (at additional cost). In addition to basic alerting to the admin console, alerts can also be sent via email or SMS/pager. It provides more than 30 standard report templates including Top 100 reports for bandwidth and CPU use, ping times, disk space and uptime/downtime, and a customisable dashboard for easy access to key information. Noteworthy features include the ability to monitor performance against SLA compliance, and the use of a proprietary database which eliminates the need for a SQL Server installation, and which the company says is much faster. Significantly, PRTG Network Monitor also supports multiple locations and remote networks out of the box. This is down to its design which consists of the core server and remote probes. The remote probes let you monitor devices on LANs separated by firewalls, and across VPNs. A standard installation supports up to four remote probes without additional costs. A further benefit of this architecture is that it can be installed on a modest server and still monitor large networks. PRTG also supports the development of custom sensors using WQL or SQL queries or a simple file API. These features facilitate monitoring of bespoke applications or key business metrics (such as sales per person per day) and generating alerts for values that are outside tolerance. Also worth noting is Paessler’s support for virtualisation, as some solutions monitor only the physical server and not the virtual machines. PRTG Network Monitor includes the ability to monitor virtual servers based on leading virtualisation technologies including VMware, Microsoft’s Hyper-V and Xen.

Ipswitch WhatsUp Gold

Arguably the most comprehensive of the SMSs aimed at the mid-size enterprise, WhatsUp Gold may also be the most complex. Available in three editions – Standard, Premium and Distributed – each with different feature sets, it is also broken down by a licensing scheme based on the number of supported devices from 100 to 2,500. The picture is further complicated by the availability of four separate plug-ins, at additional cost, for features such as extended network mapping, VOIP monitoring, and support for segmented networks. The result is a curious mix of advanced features and surprising limitations, depending on which version you acquire. For example, support for Linux/Unix devices and virtual machines is available across the board, yet the Standard edition lacks out-of-the-box support for Microsoft’s WMI protocol.

At-a-glance network mapping and alerts in WhatsUp Gold from Ipswitch.

Running on any version of Windows from XP SP2 or Windows Server 2003 SP2 on, WhatsUp Gold requires Microsoft SQL Server, but will install the Express Edition if necessary. All versions provide auto-detection, a comprehensive range of monitors and reporting via a Windows GUI or Web console. However, the Standard edition lacks support for application monitoring, which requires the Premium edition or better. Also missing from the Standard Edition is wireless network monitoring, and operation on remote sites is only a feature of the Distributed edition. Netflow monitoring and reporting also requires the separate Flow Monitor plug-in. Notable features include support in the Premium and Distributed editions for application monitoring. WhatsUp Gold has built-in support for monitoring all versions of Microsoft Exchange including 2010 Beta, Microsoft SQL Server, and any application that supports the WMI protocol, although there is no built-in support for WQL.

SolarWinds Orion NPM

Orion Network Performance Monitor is focused entirely on network monitoring and many aspects of the system follow from that. Unlike the Paessler and Ipswitch solutions, it runs on Windows Server 2003 or 2008 rather than a workstation OS, and requires SQL Server 2005 or better, installing SQL Server Express if necessary. Like WhatsUp Gold, it is available on a per-device licensing scheme with breakpoints at 100, 250, 500, 2,000 and unlimited numbers of devices. The exclusive focus on networking also determines the available features. For example, Orion NPM includes support for wireless and remote networks as standard, but lacks application monitoring, although this is available through a separate product. Orion NPM provides a single interface via a Web console, including built-in reports and Top 10 lists for network traffic, response times, CPU and memory loads, disk use and more. Reporting is highly flexible thanks to the ability to customise the Web interface. Also notable is SolarWinds’ mapping feature, Network Atlas, which lets you create nested maps showing network infrastructure by location, building, floor or department, with real-time display of device status. Support for Netflow is not standard but SolarWinds makes it available in two different ways: either through the commercial Orion Netflow Traffic Analyzer; or via two free tools in Netflow Configurator for setup and Realtime Netflow Analyzer for monitoring and reporting. The picture is similar for WMI support where SolarWinds makes available the free WMI Monitor. It lacks WQL, but SolarWinds’ own SWQL (SolarWinds Query Language) and extensive customisable templates provide much of the functionality. SolarWinds also provides comprehensive support for virtualisation – as long as your virtualisation technology is VMware. Within that limitation, Orion NPM monitors host servers and virtual machines for availability and performance, including CPU and memory use, disk space and network bandwidth.

Microsoft System Center

For many IT departments, Microsoft is the natural choice, but the company was late to the party where mid-size organisations are concerned. Its System Center tools were historically targeted at large enterprise IT departments and only with the introduction of System Center Essentials 2007 did it address the mid-market. It is therefore no surprise that Essentials 2007 provides a much broader view of systems management, covering not just servers and the network but also providing the most comprehensive set of tools for monitoring and managing software and services, including remote management, installation and upgrades. Essentials 2007 is a server-based system and requires Windows Server 2003 or 2008, as well as SQL Server 2005 (which can reside on a different server), but it will install SQL Server Express if necessary. A single licence allows for management of 30 servers and 500 clients, and there is no licensing restriction on the number of network devices. However, Microsoft does note that performance “may limit you to approximately 75 network devices”. On installation it provides auto-discovery of computers and devices on the network and can generate maps of network topography. All SNMP devices are supported, including wireless devices as standard, and WQL is fully integrated. Essentials 2007 also has the ability to monitor across VLANs and WANs.

Microsoft System Center Essentials gives you access to networked servers, clients and devices, and to remotely manage software installations and upgrades.

While Essentials 2007 provides the core set of monitoring and management abilities a mid-size IT department might require, there are some potential problems. For example, although you can monitor across a distributed network, Essentials 2007 is limited to a single server installation, so if remote offices have complex IT configurations you may hit performance limits. Also, data storage is limited to 40 days, which means you will need a separate application to compile and maintain historical reports. Other limitations include no support for Linux or Unix clients and servers, nor can you manage or monitor mobile devices. Support for such devices can be added through third-party management packs but at additional cost. Support is also lacking for Netflow monitoring, although you can use the free tools from SolarWinds mentioned above, as well as the commercial Orion Management Pack for Microsoft System Center. Essentials 2007 also lacks the ability to monitor and manage virtualised environments - a key feature in the forthcoming Essentials 2010 which is currently in beta. This will add a scaled down version of System Center Virtual Machine Manager (SCVMM) to provide support for both Windows Server 2003 with Microsoft Virtual Server 2005, and Windows Server 2008 with Hyper-V, and allows full monitoring and management of virtual machines as though they were physical systems. There is still no support for other virtualisation platforms such as VMware, which requires the full SCVMM.

Be the first to comment about this article...