Network health check
by Kay Ewbank
In these days of virtual machines and mobile devices, monitoring your network becomes even more important.
HardCopy Issue: 61 | Published: November 1, 2013
One good thing about the current generation of network servers is their relative robustness. Servers no longer crash on a regular basis, virtual machines are robust and generally trouble free. But this can lull you into a false sense of security: it may appear as though everything’s fine, but can you show that’s really the case?
The trick is to find monitoring and management software that steers the fine line between giving you enough detail to tell what’s going on, and total information overload. You need to be able to view the network health, check specific devices more closely, and run tests on all the elements in your system. This includes not just servers and desktop PCs, but network hardware such as routers and switches, and non-desktop user devices such as notebooks and smartphones. Some network protection and testing software goes further than the hardware with options to monitor the health of key server applications, such as your database and email servers.
If problems are building – CPUs overloaded, networks clogged with traffic – then the console should highlight the problem and, if thresholds are reached, have the option to alert you by email, SMS or instant message.
It’s important to have a good console that gives at-a-glance displays. It’s even better if you can view the details via the Web or on your smartphone, and not just on a console that is only visible from within the network.
Getting started is one of the biggest hurdles to using a network monitoring package, so it’s important that the software automatically identifies the devices on your network and ideally builds a map showing how they fit together. Depending on your infrastructure, the option of building separate sub-maps showing parts of the network may make life easier.
The software you use may influence your choice of package; Windows systems are supported on all the software, but coverage for non-Windows devices such as Linux or UNIX machines, or mobile devices such as iPhones or Blackberries is something to watch. The checks you can run is another element to check; you should find support for Windows Management Instrumentation (WMI), which is used to monitor Windows systems, but it’s worth checking if you can also write your own queries using other methods such as WQL (WMI Query Language).
One final important element is the ability to download a trial version of the software so you can see for yourself whether it meets all your needs and is simple enough so you’re actually going to use it. All the solutions mentioned here offer this option.
Microsoft System Center
Microsoft Systems Center started off as something of a mishmash of separate products, but with the release of System Center 2012 the suite provides excellent coverage no matter how large your network is, with a promise of management from the client to the cloud. The pricing can be scary for smaller companies, and the System Center Essentials product that used to be aimed at this market is no longer being developed. Instead, Microsoft recommends Intune for companies too small to justify System Center.
System Center includes the elements of the old Microsoft Operations Manager (MOM) and Systems Management Server (SMS), as well as Configuration Manager, Capacity Planner, Virtual Machine Manager, and Data Protection Manager. It can be used to manage Windows PCs, internal servers running Windows, Solaris or Linux, and for cloud services hosted in Microsoft’s Windows Azure. The new 2012 version adds the ability to manage mobile devices based on Android, iOS, Symbian and Windows Phone 7.
In terms of network protection and testing, System Center starts by automatically discovering the computers and network devices on your network, and will generate maps showing the layout of your network, both wired and wireless. System Center will identify all SNMP devices. As you might expect from Microsoft, there’s a strong emphasis on Windows, though you can monitor Linux and UNIX systems too.
If you’re running virtual machines, System Center can be used to monitor and manage virtual machines running on Windows Server Hyper-V, VMware vSphere, and Citrix XenServer. System Center Virtual Machine Manager (VMM) 2012 manages more than just individual servers, with tools for managing ‘fabric’ resources as well, which include shared resources like storage and networks.
If a problem occurs on a device being monitored, you can choose to be notified by email, SMS or instant message, or to run a script or executable file. You can control notifications by group membership, object types, and alert criteria such as severity, priority, resolution state and category. You can also configure alert aging.
The products that make up System Center are mature and well tested, and you’re unlikely to run out of features. However, that richness comes at a price – both in terms of the bottom line cost and the work needed to get to grips with everything.
Paessler PRTG Network Monitor
PRTG Network Monitor does what it says on the tin: it monitors the health of your network using a set of network sensors. The management interface lets you see information on bandwidth use, uptime and performance. Some information is returned using SNMP and WMI tests that ping devices to see whether they respond. Other checks are more specific to particular devices or network elements such as HTTP, DNS or remote desktops. You can also monitor server applications such as SQL Server and Exchange, and virtual environments based on Windows Hyper-V, Citrix Xen and VMware. PRTG comes with over 100 sensors, and can also use WMI, NetFlow, sFlow, JFlow, and packet sniffing. You can also develop your own custom sensors using WQL or SQL queries.
You get a choice of management interface including a standard desktop app; a full featured AJAX based Website; HTML-only minimal Web browser interface for older browsers and mobile devices; and apps for iOS and Android smartphones and tablets. All user interfaces allow SSL-secured local and remote access and can be used simultaneously. You can also view your network as a map so you can see where problems have happened.
If a problem or event occurs then you can choose to be notified by email, SMS, pager or instant messenger. You can choose to play alarms, or to run a script to trigger some external technology. You can make use of escalation and threshold alerts, as well as multiple conditions that are only triggered when more than one problem has been found. You can also set up dependencies so you don’t get hundreds of emails telling you about all the other problems that trigger when a particular event occurs. Other options include stopping alarms once you’ve acknowledged the problem, and alert scheduling so you don’t get disturbed at night for low priority alarms, for example.
Ipswitch WhatsUp Gold
WhatsUp Gold is designed to make it easy to manage your network, and starts by working out what’s actually on the network. Once you’ve identified the devices you can monitor them, receive alerts and updates when things happen, and view reports on their overall health. You can monitor both wired and wireless devices, operating systems and applications. Network traffic and bandwidth usage can be monitored, and devices can be grouped and managed together in logical units.
WhatsUp Gold will automatically create certain groups, such as Cisco or Aruba devices and those with SNMP credentials. You can then monitor and give permission by group, and produce reports on the network health of particular groups. You can use formatted WMI counters to check performance, and SQL query performance monitors to monitor what’s happening on your SQL servers, including Oracle servers. There’s also PowerShell scripting support for tracking Active Directory, Exchange, SQL Server and other Windows services.
GlobalScape EFT Server
EFT Server isn’t a complete network protection and monitoring solution. However it does cover the protection of file transfers very effectively. This is a secure FTP server that lets you manage file transfers securely to your customers and business partners, or between offices in your organisation. The security features mean companies can prove compliance to standards such as PCI, FIPS and HIPAA.
The basic server supports secure access and flexible authentication, while add-ons provide auditing and reporting and extra transfer facilities for more specialised cases. There’s an AS2 module that lets your business users exchange data or EDI messages using the Applicability Statement 2 (AS2) protocol. You can also set up automated file transfer systems using the Advanced Workflow Engine (AWE) Module which lets you combine actions from a set of 200 possible choices to create an event-driven file transfer process.
A multi-platform DMZ Gateway can be used for greater security, while the High Security Module (HSM) module complies with FIPS 140-2 and PCI DSS 1.2. There’s a Web client that can be used by business partners who don’t have EFT Server or suitable other software, and a PGP module encrypts data using OpenPGP encryption.
The wireless monitoring features in WhatsUp Gold Premium let you see if any devices are using excessive bandwidth, where signals are not strong enough, and the saturation level of access points. You can also view any unauthorised activity, and any rogue wireless access points.
You get a choice of ways to monitor your network and manage what’s happening. This can be on a schedule, in response to an event such as a device becoming unavailable, or according to some performance criteria you’ve defined, such as CPU usage. If problems occur, administrators can be notified by SMS, email, or pop-up messages.
GFI Network Server Monitor
GFI’s Network Server Monitor claims to provide “automated server and network monitoring made easy” and offers features such as a Quickstart wizard to guide you through setting up a series of checks to monitor all the important services on your network, including Exchange Server and SQL Server. The software can be used to keep track of servers, desktop PCs, devices such as routers, and application servers. Network Server Monitor carries out automatic scans for potential problems or failures, and if a problem is detected, will alert you by email, pager or SMS.
One nice touch is a set of checks that mimic administrator operations to verify that the services offered by various applications are actually running. If a problem is detected, you can set Network Server Monitor to automatically carry out corrective actions such as restarting a service or services, rebooting a server, launching an executable program, or running a script.
System Center is a great option for larger organisations, but overkill and overpriced for smaller companies. For these, Microsoft recommends Windows Intune, a cloud-based system that can be used to manage Windows machines along with mobile devices running iOS, Windows RT or Windows Phone 8. You pay for Intune as a subscription service with a fee per month per machine.
Intune is managed from a Web-based console and has tools, reports, and the ability to upgrade licences to the latest version of Windows. The machines being managed each run a mini Intune Center app that shows the health of the PC in terms of updates and antivirus protection. On the central console you can carry out tasks remotely such as restarting or carrying out a malware scan. Tasks are split into a number of areas including system overview, computers, updates, endpoint protection, alerts, software, licences, policy and administration.
You can manage both Microsoft and third party updates and deploy service packs. You can also monitor your PCs in terms of updates and potential threats, and provide remote assistance to end users.
You can set global security policies for firewall and malware protection settings, and these policies can include machines that are outside your corporate network. There’s good support for security management and licence compliance with the ability to monitor hardware and software to ensure you are compliant and using what you’ve paid for.
You can have multiple administrators and the work of management can be split so you receive notifications only for your particular set of machines. Machines can be organised into groups, and you can set policies by group specifying how frequently the machines in the group check for updates, and what happens if malware is discovered on a machine.
Intune is a good product if you want to avoid the need for a server specifically dedicated to systems management, while the pay-per-machine model makes it cost effective as you only pay for what you actually use.
The software comes with built in monitoring rules for network features including disk space, services and processes on both servers and workstations, and you can create your own custom monitoring functions in VBScript, ADSI and WMI. The administrator mimic checks does mean that some of the checks carried out by Network Server Monitor go further than other products, logging on to a server to see whether a session is running, and even carrying out tasks in POP3, SMTP Server and email servers. You can monitor Windows and Linux servers with checks including CPU usage, what processes are running, folder size, file size, users and groups membership, disk partition check and disk space.
You can manage Network Server Monitor either locally on the network from its console, or remotely using the Web monitor which has options for normal Web browsers and mobile phones or handheld devices such as a BlackBerry or a Palm.
Foglight Network Management
The Foglight Network Management System (NMS) consists of a number of modules for servers and applications including Oracle, DB2, Active Directory and Storage Management. Traditionally Foglight has concentrated on application monitoring and management, and its modular design and pricing means you can buy just the modules you need. Alongside the applications management modules there’s Foglight for Virtualization which comes in free, standard and enterprise editions, and provides performance monitoring and capacity management of VMware ESX and Windows Hyper-V environments.
The software automatically discovers virtual switches and network devices and lets you monitor and view reports. You can view network traffic patterns and usage using NetFlow, JFlow and sFlow traffic protocols. You can make use of SNMP traps and receive real-time notifications about potential issues, as well as monitoring all SNMP variables.
The software lets you track the movement of VMs and their configuration changes from one physical server to another so you can see how changes affect system performance and availability. The console lets you view capacity trends, forecasts and alerts. If you need to chargeback infrastructure costs you can allocate them to groups.
If problems occur and you receive an alarm notification, you can launch automated workflows to put things right as quickly as possible. The alarms show recommended actions alongside detailed information so you can work out what’s causing the problem and put it right. It’s also possible to view and analyse running processes so you can work out which processes are having an impact on virtual machine performance or which VMs are not using resources effectively. Scenario modelling is included so you can model both virtual and physical workload placement on the available hosts to test what the effects would be of moving workloads.