The Case for an All-In-One Network Monitoring Platform

There are many famous debates in history: dogs vs cats, vanilla vs chocolate & Coke vs Pepsi just to name a few. In the IT world, one of the more common debates is “single platform vs point solution”. That is, when it comes to the best way to monitor and manage a network, is it better to have a single management platform that can do multiple things, or would it be better to have an array of tools that are each specialized for a job?

The choice can be thought of as being between Multitaskers & Unitaskers. Swiss Army knives, vs dedicated instruments. As for most things in life, the answer can be complex, and probably will never be agreed upon by everyone – but that doesn’t mean we can’t explore the subject and form some opinions of our own.

For this debate, we need to look the major considerations which go into this choice. That is, what key areas need to be addressed by any type of network monitoring and management solution and then how do our two options fair in those spaces? For this post, I will focus on 3 main areas to try to draw some conclusions:

• Initial Cost
• Operations
• Maintenance

1) Initial Cost

This may be one of the more difficult areas to really get a handle on, as costs can vary wildly from one vender to another. Many of the “All-In-One” tools come with a steep entry price, but then do not grow significantly after that. Other AIO tools offer flexible licensing options which allow you to only purchase the particular modules or features that you need, and then easily add-on other features when you want them.

In contrast, the “Point-Solutions” may not come with a large price tag, but you need to purchase multiple tools in order to cover your needs. You can therefore take a piecemeal approach to purchasing which can certainly spread your costs out as long as you don’t leave critical gaps in your monitoring in the meantime. And, over time, the combined costs for many tools can become larger than a single system.

Newer options like pay-as-you-go SaaS models can greatly reduce or even eliminate the upfront costs for both AOI and Point Solutions. It is important to investigate if the vendors you are looking at offer that type of service.

Bottom Line:

Budgets always matter. If your organization is large enough to absorb the initial cost of a larger umbrella NMS, then this typically leads to a lower total cost in the long run, as long as you don’t also need to supplement the AIO solution with too many secondary solutions. SaaS models can be a great way to get going with either option as they reduce the initial Cap-Ex spend necessary.

2) Operations

In some ways, the real heart of the question AIO vs PS comes should come down to this – “which choice will help me solve issues more quickly”? Most monitoring solutions are used to respond when there is an issue with service delivery, and so the first goal of any NMS should be to help the IT team rapidly diagnose and repair problems.

When thought of in the context of the AIO vs PS debate, then you need to think about the workflow involved when an alarm or ticket is raised. With an AIO solution, an IT pro would immediately use that system to try both see the alarm and then to dive into the affected systems or devices to try and understand the root cause of the problem.

If the issue is systemic (meaning that multiple locations/users/services are affected) then an AIO solution has the clear advantage of being able to see a more holistic view of the network as a whole instead of just a small portion as would be the case for many Point Solutions. If the AIO application contains a root cause engine then this can be a huge time saver as it may be able to immediately point the staff in the right direction.

On the other hand, if that AIO solution cannot see deeply enough into the individual systems to pinpoint the issues, then a point solution has an advantage due to its (typically) deeper understanding of the systems it monitors. It may be that only a solution provided directly by the systems manufacturer would have insight into the cause of the problem.

Bottom line

All In One solutions typically work best when problems occur which affect more than one area of the network. Whereas Point Solutions may be required if there are proprietary components that don’t have good support for standards based monitoring like SNMP.

3) Maintenance

The last major consideration is one that I don’t think gets enough attention in this debate- the ongoing maintenance of the solutions themselves i.e. “managing the management solutions”. All solutions require “maintenance” to keep them working optimally. There are upgrades, patches, server moves etc. There are also the training requirements of any staff that need to use these systems. This can add up to significant time and energy “costs”.

This is where AIO solutions can really shine. Instead of having to maintain and upgrade many solutions, your staff can focus on maintaining a single system. The same thing goes for training – think about how hard it can be to really become an expert in anything, then multiply that by the training required to become proficient at X number of tools that your organization has purchased.

I have seen many places where the expertise in certain tools becomes specialized – and therefore becomes a single point of failure for the organization. If only “Bob” knows how to use that tool, then what happens when there is a problem and “Bob” in on vacation, or leaves the group?

Bottom Line:

Unless your organization can spend the time and money necessary to keep the entire staff fully trained on all of the critical network tools, then AIO solutions offer a real advantage over point solutions when it comes to maintainability of your IT management systems.

In the end, I suspect that this debate will never completely be decided. There are many valid reasons for organizations to choose one path over another when it comes how to organize their IT monitoring platforms.

In our view, we see some real advantages to the All-In-One solution approach, as long as the platform of choice does not have too many gaps in it which then need to be filled with additional point solutions.

Thanks to NMSaaS for the article.

 

Viavi Solutions Launches GigaStor Software Edition for Virtual and Cloud Environments

Viavi Solutions Launches GigaStor Software Edition for Virtual and Cloud Environments

Solution Delivers Fast and Accurate Troubleshooting and Assurance in Next Generation Network Architecture

(NASDAQ: VIAV) Viavi Solutions Inc. (“Viavi”) today announced it is expanding its portfolio of software-defined network test and monitoring solutions with the new GigaStor Software Edition to manage performance and user experience in virtual and cloud environments. The new software configurations, which Viavi is demonstrating at VMworld, allow network and server teams to capture and save 250 GB or 1 TB of continuous traffic to disk for in-depth performance and forensic analysis.

“IT teams are wasting a lot of time by only tracking virtual server and resource health,” said Charles Thompson, senior director of product management, Viavi Solutions. “These teams can often miss problems associated with applications within the hypervisor with such narrow vision. With GigaStor Software engineers now have the ability to see in real time and historically how users are experiencing applications and services within the virtual environment, saving time and end-user heartache.”

Without GigaStor’s insight, engineers could spend hours replicating a network error before they can diagnose its cause. GigaStor Software captures packet-data from within the virtual switching infrastructure without needing to push data into the physical environment. It can be deployed in any virtual host for the long-term collection and saving of packet-level data, which it can decode, analyze, and display. Additionally, it provides IT teams with greater accuracy and speed in troubleshooting by having all packets available for immediate analysis.

Utilizing the GigaStor Software and appliances, network teams can monitor and analyze all virtual datacenter traffic whether within a VMware ESX host or on 10 and 40 Gigabit Ethernet links. GigaStor Software is available today for purchase, and is being demonstrated during VMworld in San Francisco at Viavi Solutions booth #2235.

Thanks to Viavi for the article.

Ready, Set, Go! Time Synchronization with Sapling Clocks

For high school students, the short break in between classes is no relaxing matter. They have only a few minutes to get from one classroom to the next. If a student needs to pick up their books for the next class and must stop at their locker, this makes the trip even more challenging. Those few minutes in between classes can get hectic with hundreds of students flooding the hallways sharing the common goal of reaching their next destination on time. Most students are even unaware of how much time they have to reach their next class due to the discrepancy between the times their watch or cell phones display and the time the school clocks display.

A synchronized time keeping system can make the trip between classes more efficient for both teachers and students. If the time displayed on the school’s clocks is extremely accurate, then this time discrepancy will have less of an impact of a high school’s overall schedule. Upon eliminating this time dissimilarity, the amount of students late for class can go down and the overall amount of students who are penalized for nocuous activity can go down as well.

Sapling’s master clock can receive accurate time from any NTP server or GPS satellite. Another feature that Sapling’s master clock comes with is the ability to display a countdown in between classes for the roaming students. While the classes of a high school are switching, the time on the clocks will display a countdown on the display instead of the time. This will let student know exactly how long they have to get from one class to another.

Punctual students make it easier for the teachers of the high school to get through their entire lesson plan. They can start their lessons without being interrupted and they do not have to punish the student(s) for being late. With the assistance of The Sapling Company and the addition of their synchronized clock systems, both teachers and students will have a less hectic day.

Thanks to Sapling Clocks for the article.

Ixia Taps into Hybrid Cloud Visibility

One of the major issues that IT organizations have with any form of external cloud computing is that they don’t have much visibility into what is occurring within any of those environments.

To help address that specific issue, Ixia created its Net Tool Optimizer, which makes use of virtual and physical taps to provide visibility into cloud computing environments. Now via the latest upgrade to that software, Ixia is providing support for both virtual and physical networks while doubling the number of interconnects the hardware upon which Net Tool Optimizer runs can support.

Deepesh Arora, vice president of product management for Ixia, says providing real-time visibility into both virtual and physical networks is critical, because in the age of the cloud, the number of virtual networks being employed has expanded considerably. For many IT organizations, this means they have no visibility into either the external cloud or the virtual networks that are being used to connect them.

The end goal, says Arora, should be to use Net Tool Optimizer to predict what will occur across those hybrid cloud computing environments, but also to enable IT organizations to use that data to programmatically automate responses to changes in those environments.

Most IT organizations find managing the network inside the data center to be challenging enough. With the additional of virtual networks that span multiple cloud computing environments running inside and outside of the data center, that job is more difficult than ever. Of course, no one can manage what they can’t measure, so the first step toward gaining visibility into hybrid cloud computing environments starts with something as comparatively simple as a virtual network tap.

Thanks to IT Business Edge for the article.

What’s new in LANGuardian v12?

LANGuardian version 12 is a major new release that contains significant new traffic analysis and user interface features.

The new features include Content-Based Application Recognition (CBAR), a new approach to deep packet inspection that generates more accurate reports, a new rendering engine that displays the data in clickable drilldown graphs and charts, hundreds of new built-in reports that reflect common forensics and monitoring tasks, and significant user interface improvements.

Content-based application recognition (CBAR)

Content-Based Application Recognition (CBAR) is a new LANGuardian feature that takes traffic-based application recognition to a new level. With support for hundreds of the most common applications and protocols, and a unique deep packet inspection algorithm, CBAR delivers greater accuracy and fewer false positives than other approaches to application recognition.

New graphics rendering engine

Previous versions of LANGuardian displayed traffic data visually but LANGuardian v12 goes a step further! Its new rendering engine replaces static graphs and charts with interactive versions that enable you to drill down to greater levels of detail.

Application-aware drilldown

By combining CBAR and the new graphics rendering engine, LANGuardian now offers application-aware drilldown to provide you with the right information at the right time. For example, if you drill down on HTTP traffic, you will see a breakdown of the traffic by website domain, but if you drill down on SMTP traffic you will see a breakdown of traffic by message subject line.

Top Website Domains report

The new Top Website Domains report gives an overview of the website domains that have consumed the most bandwidth in a specified time period. You can drill down on the top-level report for a breakdown of the traffic by user and client, and then drill down again to see the individual web pages or resources accessed.

Top Applications report

The new Top Applications report gives a consolidated view of all traffic associated with a specific application or protocol, regardless of the ports involved. You can drill down on the traffic for a breakdown by application or protocol, and then drill further down into details for each user, client, domain, and IP address.

Top Fileservers report

The new Top Fileservers report gives an overview of fileservers and files accessed, along with cumulative bandwidth consumed by accesses to the files during the specified time period. You can drill down on the top-level report for a breakdown of the traffic by user and by accesses to individual files.

User interface improvements

LANGuardian v12 contains many user interface improvements, including:

• Dashboard reports now include drilldown graphs and charts
• Bandwidth consumption data incorporated in web domain reports
• File size data incorporated in file share reports
• Revised report designs make it easier to access DPI information with fewer drilldown levels

More about network traffic monitoring

If you have any questions about how LANGuardian can meet your requirements, please contact us. If you would like to see LANGuardian network monitoring software in action, please try our online demo system or download a free 30-day trial to try it on your own network with your own data.

Find out more

If you have any questions about how LANGuardian can meet your requirements, please contact us. If you would like to see LANGuardian in action, please try our online demo system or download a free 30-day trial to try it on your own network with your own data.

Thanks to NetFort for the article.

External Availability Monitoring – Why it Matters

Remember the “good old days” when everyone that worked got in their car and drove to a big office building every day? And any application that a user needed was housed completely within the walls of the corporate datacenter? And partners / customers had to dial a phone to get a price or place an order? Well, if you are as old as I am, you may remember those days – but for the vast majority you reading this, you may think of what I just described as being about as common as a black and white TV.

The simple fact is that as the availability and ubiquity of the Internet has transformed the lives of people, it has equally (if not more dramatically) transformed IT departments.In some way this has been an incredible boon, for example, I can now download and install new software in a fraction of the time it used to take to purchase and receive that same software on CD’s (look it up kids).

Users can now login to almost any critical business application from anywhere there is a Wi-Fi connection. They can probably perform their job function to nearly 100% from their phone….in a Starbucks…. or on an airplane…..But of course, with all of the good, comes (some) of the bad – or at least difficult challenges for the IT staff whose job it is to keep all of those applications available to everyone , everywhere, all of the time. The (relatively) simple “rules” for IT monitoring need to be re-thought and extended for the modern work place. This is where External Availability Monitoring comes in.

We define External Availability Monitoring (EAM) as the process through which your critical network services and the applications that run over them are continuously tested from multiple test points which simulate real world geo-diversity and connectivity options. Simply put, you need to constantly monitor the availability and performance of any public facing services. This could be your corporate website, VPN termination servers, public cloud based applications and more.

This type of testing matters, because the most likely cause of service issues today is not call from Bob on the 3rd floor, but rather Jane who is currently in a hotel in South America and is having trouble downloading the latest presentation from the corporate intranet which she needs to deliver tomorrow morning.

Without a proactive approach to continuous service monitoring, you are flying blind as to issues that impact the global availability – and therefore operations- of your business.

So, how is this type of monitoring delivered? We think the best approach is to setup multiple types of tests such as:

• ICMP Availability
• TCP Connects
• DNS Tests
• URL Downloads
• Multimedia (VoIP and Video) tests (from external agent to internal agent)
• Customized application tests

These tests should be performed from multiple global locations (especially from anywhere your users commonly travel). This could even include work from home locations. At a base level, even a few test points can alert you quickly to availability issues.

More test points can increase the accuracy with which you can pinpoint some problems. It may be that the incident seems to be isolated to users in the Midwest or is only being seen on apps that reside on a particular cloud provider. The more diverse data you collect, the swifter and more intelligent your response can be.

Alerts should be enabled so that you can be notified immediately if there is an issue with application degradation, or “service down” situation. The last piece to the puzzle is to quickly be able to correlate these issues with underlying internal network or external service provider problems.

We see this trend of an “any application, anywhere, anytime” service model becoming the standard for IT departments large and small. With this shift comes an even greater need for continuous & proactive External Availability Monitoring.

Thanks to NMSaaS for the article.

Manufacturing Made Easy with Sapling’s Synchronized Clock Systems

The production department in any company typically runs hand in hand with the company’s overall success. If the manufactures cannot produce goods fast enough then the company’s customer satisfaction will plummet if demand is not met in a timely fashion. The speed in which these manufacturers can produce a product relies heavily on their time management skills. If a manufacturer is not efficient in his or her time management then they will simply fall behind schedule. Emerging technologies has provided new growth for the efficiency of manufacturing plants. With the help of a synchronized time keeping system, a manufacturing plant can become more efficient than ever.

A hold up in production is a recurring problem faced by manufacturers today. A bottleneck in the line can backup each subdivision of the plant. This can be detrimental to the quota that must be met for any particular day. In order to help avoid backup during production and missed quotas, a synchronized time keeping system should be installed. These integrated time keeping systems will help ensure that each stage of production is on time, and every part of the operation is moving forward as desired.

The Sapling Company specializes in synchronized clock systems. The synchronization of time and the ability to easily manage the time system can be an enormous benefactor to any manufacturing plant. Even though these production plants are usually in big warehouses, Sapling’s synchronized wireless clock system can be easily installed to accommodate a building of any size or number of floors.

Within a Sapling wireless system, a master clock is first installed into the establishment. After configuring the master clock to your desired settings, it will send the time signal to the clocks in the plant. The clocks each contain a built-in repeater which allows them to receive the signal and then repeat it to neighboring clocks. This feature permits the master clock to be less expensive than our competitors whose clocks need a lot more power to reach all of the clocks within a facility.

Sapling’s wireless clock system can assist a production manager record the time the spent on assembly by employees and an accurate read of when products are going to be shipped. This is essential when management is deciding where and when to allocate their resources. Sapling prides itself on the reliability and innovation of its synchronized clock systems. In regards to questions or any additional information, please visit our website or contact us.

Thanks to Sapling for the article.

 

Inline Security Solutions from Ixia

Flexible, Fail-Safe Inline Security Boosts Agility, Availability, and Resilience While Reducing Network Costs

As networks deliver more services and carry ever-higher volumes of multiprotocol traffic, data rates continue to soar. Voice, data, and streaming video now travel on one wire, raising security and compliance issues. Today’s intense threat landscape demands multiple proactive security systems throughout the network for a strong, layered security posture. These proactive devices include firewalls, next-gen firewalls, web-application firewalls, and Intrusion Prevention Systems (IPS)—and all require inline network deployment.

Multiple inline security resources can themselves actually become points of failure and vulnerability. They bring concerns about network uptime, performance, operational ownership, security flexibility and overall costs. Despite redundancy and other protections, they must be taken offline for upgrades and scheduled or unscheduled maintenance. Further, if a tool loses power or becomes overprovisioned, the network link can break and traffic cease to flow.

Now, Ixia’s Inline Security Framework offers a proven solution for deploying multiple inline security tools. This smart approach improves your network’s availability, agility, performance, and functionality, while providing greater security, flexibility, and resilience, and lowering overall costs and personnel workloads.

Ixia’s Inline Security Framework protects your network uptime with multiple resources: Bypass switch bi-directional heartbeat monitoring for system, link and power failures ensures uninterrupted network uptime while increasing network availability. Security tool load balancing ensures efficiency while enabling you to leverage existing tool investments and add capacity as needed, rather than investing in a forklift upgrade.

Replacing multiple inline security devices with a single passive bypass switch eliminates network maintenance downtime while providing a pay-as-you-go capacity upgrade path for your changing security needs—dramatically reducing costs of migrating your 1G tools to the 10G environment, for example.

Ixia Net Optics Bypass Switches offer proven, fail-safe Inline protection for your security and monitoring tools. A heartbeat packet protects the network link from application, link, and power failure: if a packet doesn’t return, the switch instantly goes into bypass mode and takes that appliance out of the traffic path. With support for 10Mbps to 40Gbps connectivity, you receive automated failover protection on full duplex traffic streams connected to the monitoring tools. Because the Bypass Switch is passive, link traffic continues to flow even if the Bypass itself loses power.

Packet Brokers reside behind the bypass switch to provide additional flexibility and control over traffic flow for inline security tools. These packet brokers provide advanced control of traffic as it traverses the security tools, including load balancing, traffic aggregation from multiple links, application filtering, and out-of-band access.

Ixia’s robust Inline Security Solutions give you the confidence of assured inline availability for improved business continuity and network health. Find out more about how our cost-effective inline approach extends the availability and security of your network.

Related Products

 

	Net Optics Bypass Switches Fail-safe deployments for inline security tools
	Security Packet Brokers Inline traffic aggregation, filtering, failover, and load balancing for security tools

Thanks to ixia for the article.

Infosim® Global Webinar Day August 27th, 2015

Oh. My. God. This time it IS the network!

How to prevent – or recover from – a network disaster
(and also win a $50 Amazon gift card!)

Jason Farrer Join Jason Farrer, Sales Engineer with Infosim® Inc. for a Webinar and Live Demo on “How to prevent – or recover from – a network disaster”.

 

This Webinar will provide insight into:

• Why is it important to provide for a network disaster?
• How to deal with network disaster scenarios [Live Demod]
• How to prevent network corruption & enhance network security

But wait – there is more! We are giving away three Amazon Gift Cards (value $50) on this Global Webinar Day. To join the draw, simply answer the trivia question that will be part of the
questionnaire at the end of the webinar. Good Luck!

Register today to reserve your seat in the desired time zone:

AMERICAS, Thursday, August 27th, 3:00 pm – 3:30 pm EDT (GMT-4)
EUROPE, Thursday, August 27th, 3:00 pm – 3:30 pm CEST (GMT+2)
APAC, Thursday, August 27th, 3:00 pm – 3:30 pm SGT (GMT+8)

A recording of this Webinar will be available to all who register!
(Take a look at our previous Webinars here.)

Thanks to Infosim for the article. 

The 3 Most Important KPI’s to Monitor On Your Windows Servers

Much like monitoring the heath of your body, monitoring the health of your IT systems can get complicated. There are potentially hundreds of data points that you could monitor, but I am often asked by customers to help them decide what they should monitor. This is mostly due to there being so many available KPI options that can be implemented.

However, once you begin to monitor a particular KPI, then to some degree you are implicitly stating that this KPI must be important (since I am monitoring it) and therefore I must also respond when the KPI creates an alarm. This can easily (and quickly) lead to “monitor sprawl” where you end up monitoring so many data point and generating so many alerts that you can’t really understand what is happening – or worse yet – you begin to ignore some alarms because you have too many to look at.

In the end, one of the most important aspects of designing a sustainable IT monitoring system is to really determine what the critical performance indicators are, and then focus on those. In this blog post, I will highlight the 3 most important KPI’s to monitor on your windows servers. Although, as you will see, these same KPI’s would be suited for any server platform.

1. Processor Utilization

Most monitoring systems have a statically defined threshold for processor utilization somewhere between 75% and 85%. In general, I agree that 80% should be the “simple” baseline threshold for core utilization.

However, there is more than meets the eye to this KPI. It is very common for a CPU to exceed this threshold for a short period of time. Without some consideration for the length of time that this mark is broken, a system could easily generate a large number of alerts that are not actionable by the response team.

I usually recommend a “grace period” of about 5 minutes before an alarm should be created. This provides enough time for a common CPU spike to return to an OK state, but is also short enough that when a real bottleneck occurs due to CPU utilization, the monitoring team is alerted promptly.

It is also important to take into consideration the type of server that you are monitoring. A well scoped out VM should in fact see high average utilization. In that case, it may be useful to also monitor a value like the total percentage interrupt time. You may want to alarm when total percentage interrupt time is greater than 10% for 10 minutes. This value, combined with the standard CPU utilization mentioned above can provide a simple but effective KPI for CPU health.

2- Memory Utilization

Similar to CPU, memory bottlenecks are usually considered to take place at around 80% memory utilization. Again, memory utilization spikes are common enough (especially in VM’s) that we want to allow for some time before we raise an alarm. Typically, memory utilization over 80-85% for 5 minutes is a good criteria to start with.

This can be adjusted over time as you get to understand the performance of particular servers or groups of servers. For example, Exchange servers typically have a different memory usage pattern compared to Web servers or traditional file servers. It is important to baseline these various systems and make appropriate deviations in the alert criteria for each.

The amount of paging on a server is also a memory related KPI which is important to track. If your monitoring system is able to track memory pages per second, then I recommend also including this KPI in your monitoring views. Together with standard committed memory utilization these KPI’s provide a solid picture of memory health on a server.

3- Disk Utilization

Disk Drive monitoring encompasses a few different aspects of the drives. The most basic of course is drive utilization. This is commonly measured as an amount of free disk space (and not as an amount of used disk space).

This KPI can should be measured both as a percentage of free space – 10% is the most common threshold I see – as well as an absolute value, for example 200MB free. Both of these metrics are important to watch and should have individual alerts associated with their capacity KPI. It is also key to understand that a system drive might need a different threshold as compared to nonsystem drives.

A second aspect of HDD performance is the KPI’s associated with the time it takes for disk reads and writes. This is commonly described as “average disk seconds per transfer” although you may see this described in other terms. In this case the hardware that is used greatly influences the correct thresholds for such a KPI, so I cannot make a recommendation here. However, most HDD manufacturers will provide a KPI for their drives that is appropriate. You can usually find information on the vendors website for your specific drives.

The last component of drive monitoring seems obvious, but I have seen many monitoring systems that unfortunately ignore it (usually because it is not enabled by default and nobody ever thinks to check) and that is pure logical drive availability. For example checking the availability on a server of the C:\ , D:\ and E:\ Drives (or whatever should exist). This is simple, but can be a lifesaver when a drive is lost for some reason and you want to be alerted quickly.

Summary:

In order to make sure that your Windows servers are fully operational, there are few really critical KPIs that I think you should focus on. By eliminating some of the “alert noise” you can make sure that important alerts are not lost.

Of course each server has some application / service functions that also need to be monitored. We will explore the best practices for server application monitoring in a further blog post.

Thanks to NMSaaS for the article.