Chapter 12 Title Bar

Introduction

Once you've constructed your network, the question becomes: "How do I keep it from running amok?" In a small network with just a few workstations and servers this is a simple matter. But in any network with more than, say a hundred PCs or a couple of wiring closets, the question of how to keep track of everything -- where it is, what it's running, whether it's running -- becomes a time-consuming source of labor and expense. This chapter is a tour through the methods and products used to reignin large networks. First we will look at how it's done, then we will look at what is available from commercial vendors.

  1. Management methods
  2. Management products
  3. Conclusion
  4. Self Check




[ I ] MANAGEMANE METHODS

We should start with a definition. Network Management is the ability to monitor, control, and modify the devices running on the network.

Making the management connection





Out of band connections are usually used for initial configuration of network devices, or for diagnosis of device-related problems. In band connections are usually used for keeping tabs on things.

There are two ways to retrieve management information from devices on the network. You can either communicate over the network itself or you can use some other type of connection. Management systems that use the network itself to communicate with managed devices use in band management. Management systems that use some other means (usually a direct connection to the managed device via a serial cable or modem) are said to use out of band management. In band communications have the advantage of generally being faster than out of band, and no special provisions need to be made for the connection: if you and the device you wish to manage both have functioning network connections, you can communicate. Out of band connections are particularly handy when the reason you want to communicate with a device is because there is some sort of problem with the network, such as a downed WAN link between two sites.

Simple Network Management Protocol (SNMP)

The most common in band method for communication between management tools and managed devices is SNMP -- the Simple Network Management Protocol. SNMP was an outgrowth of frustration in the industry over incompatable management protocols. In the early days of network management systems each vendor had their own communications protocol for linking their management application and their devices. SNMP has provided a lingua franca to unify the network management world.

SNMP is based on a MIB, or Management Information Base. A MIB is a hierarchical database of information about a specific device. To manage an SNMP-capable device the management software must have a copy of the device's MIB. While the information in a MIB is unique to each managed device, the format of MIBs is the same from system to system. Managed devices will store their settings and performance information in their MIB. The management application can retrieve settings and performance statistics over the network using SNMP. Management stations can also use SNMP to communicate setting changes to a managed device.

The most frequent criticism of SNMP is that it lacks strong security. Access control is based on two "community strings": one for read-only access, and one for read-write access. SNMP does not support setting passwords in addition to the monitor and control community strings. To make matters worse, most SNMP-manageable devices come with their monitor community strings set to "public" and their control community strings set to "admin". Many network administrators don't take the time to change these strings to something that is, at least, harder to guess. SNMP II was supposed to fix this weakness by offering passwords in addition to the community strings. However, attention seems to have drifted away from enhancing SNMP to developing the capabilities of RMON.

Remote MONitoring (RMON)



Network analyzers such as Data General's Sniffer (TM) generally start at about $20,000 each. This does not count the central analysis software (another few thousand dollars). Despite the costs there are some times when the only thing that will help you diagnose a network problem is a full-fledged network analyzer. Many network admins are finding that RMON probes can get the job done for them most of the time.

SNMP was designed to deal with the simple types of information that you would normally expect to see in a database: network addresses of interfaces in a router, number of good packets per second on the wire.... It was not designed to handle retrieval of large amounts of real-time information. To meet this need RMON -- Remote MONitoring was developed. RMON's strength is that it is designed to allow activities such as capturing packets of network traffic at a remote device, and then displaying them for analysis at the management console. RMON "Probes" can be used to permit the Network Engineer to see, at the packet level, exactly what is going on on the network regardless of whether his is in Chicago and the probe is monitoring a network segment in Dubuque.

Most high-end hubs, switches, and routers support RMON probes as add-on options. RMON is meant to occupy the middle ground between the skimpy network diagnostic information that can be retrieved via SNMP, and the great expense of installing full-blown network analyzer systems (or "sniffers") on each segment of the network that you want to watch. RMON also has stronger security to address the perennial complaint about SNMP's weakness. This does not mean that all the world is turning to RMON however. RMON devices are considerably more expensive than SNMP-enabled systems, and most network setup and basic monitoring tasks can be accomplished over SNMP.

[ II ] MANAGEMENT PRODUCTS

What can be managed

Given that we have the capabilites of RMON and SNMP to retrieve management data and perform setup and changes, what sorts of devices can be managed over the network? The sort answer is: just about anything you can think of. Servers, routers, bridges, hubs, switches, UPS units, laser printers, computer room environmental systems, CDROM servers, fax servers, modem banks.... This list is virtually endless. Even traditionally non-networked systems such as PBXs (private company telephone systems) and building HVAC (Heating, Ventillation, and Air Conditioning) and lighting systems are being built with SNMP-based management.



It is rumored that the Coke machine is accessible over the internet at coke.cs.cmu.edu. A machine there running ULTRIX answers to that address, but it doesn't permit anonymous logins.

Some years ago a faculty member (probably a grad student) in Carnagie Mellon's computer science program got tired of walking down three flights of stairs from his office to the basement Coke machine only to find it out of the kind of soda he wanted. So he placed a spare PC on top of the Coke machine, wired up sensors from the Coke machine to the PC, and hooked the PC up to the network. Through a telnet application he could then see how many cans of each type of soda the machine had before making his journey to the basement. Though the application's transport mechanism was telnet, this is a good example of the type of device that is now coming under SNMP management and control over LANs and WANs.

Commercial products

Most management applications come first in the form of a proprietary application. For instance Compaq's Insight Manager became available first as an application that ran on a Windows PC. Insight Manager could only do one thing -- manage Compaq servers. Many products like Insight Manager don't play well with other management applications. This tends to lead to a "one application, one PC" phenomenon. If you're using early editions of network management packages to track your Compaq servers, Shiva modem banks, and 3Com hubs, chances are you have three PCs sitting on a table somewhere.

To attack this proliferation of management consoles several companies have developed "all in one" management systems. The two leaders in the "enterprise management system" world are Hewlett Packard with its OpenView Network Node Manager, and Computer Associates with their Unicenter TNG. These management systems provide some level of SNMP management themselves. Their real value comes through "snap-in" applications; applications written by third parties to manage their network devices. Snap-ins are intended to maintain the "look and feel" of the foundation management application upon which they are running. For instance, Bay Networks' Optivity product (for managing Bay's hubs, switches, and routers) is designed to look and act like a part of OpenView when you are running it on top of OpenView. The promise is that through centralization you will achieve some economies of scale, and will have the benefit of centralized management of alerts and alarms coming from all the managed devices on your network.

Buyer beware!

Caveat emptor -- "Let the buyer beware". There are a number of pitfalls with the large all-in-one management systems. First, is the cost. A fully configured OpenView system usually needs a UNIX workstation or high-end Windows NT system to run. The hardware and software alone will cost up to $45,000. This is before you start adding on snap-in applications to manage additional devices. The version of Bay's Optivity for mid-sized networks, Optivity Campus, goes for about $7,500. Second, even though enterprise management consoles have been around since the early 1990s, none of the vendors have been able to deliver on their promises of total integration and seamless control of every device on the network from one seat. What you have today tends to behave like a lot of related and similar looking applications that don't quite get along with each other. The situation is somewhat like a reunion of a lot of distant cousins. Last is the issue of complexity. Sometimes network management systems can take so much maintenance just to keep them running as to make you wonder which is taking more of your time: managing the network, or managing the management.

In general, network management systems are not justified for small networks. The startup costs are too high and the return, in terms of man hours saved, is too low to justify the expense. In large networks, especially in WAN environments where the network may go to locations where there is no full-time network support personnel, network management systems can be invaluable assets for speeding network problem determination and reducing the amount of labor spent keeping the network running. Several companies are attempting to address the high cost problem, by producing "lite" versions of their products aimed at smaller and mid-sized networks.

Example Applications

This section shows some examples of network management applications and how they operate. Some of the screen images in this section are quite large, so they are presented here as thumbnails. Click on them to see the full-sized image.

One of the simplest network management applications is American Power Conversion's PowerChute software. PowerChute runs as a process on a server, monitoring the UPS, gathering statistics, and standing by to signal the server to shut down in the event of a power failure. You can remotely monitor the UPS via PowerChute manager software running on a PC or UNIX system. The image here is of the main screen of the older PowerChute DOS software (a spiffy new Windows version has been available for a couple of years, but the DOS version run on anything, anywhere).

APC PowerChute Console

The left-hand side of the screen gives current statistics, including AC line voltage and UPS temperature. The bar graphs show how much capacity is left in the battery, AC line voltage, and load on the UPS. The strip at the bottom of the screen shows the last two happenings in PowerChute's event log. From the menus you can configure testing intervals, shutdown behavior, and even reboot the system connected to the UPS.

The next application is a SNMP-based server management tool from Compaq: Insight Manager (CIM). CIM permits network administrators to monitor Compaq servers running Novell NetWare, MS Windows NT Server, and SCO UNIX from a single console. It is available both as a Windows application and as a snap-in for both HP OpenView and Novell ManageWise. Other server vendors have similar offerings. The software relies on agents loaded on the server to monitor the server's hardware, disk space, environment, and utilization. The main console (see below) shows all of the managed servers on the network using a simple color-coded tell-tale system to show that all is well, or that a server needs attention. The CIM monitoring software can be configured to send email to, or page, the networking staff in the event of a failure. Sophisticated reporting is also built into the application.

Compaq Insight Manager Console

Double-clicking on a server name brings up a window depicting that server (yes, the server image changes to match the model of server being managed) with a number of buttons so that the administrator can "drill-down" into the server and look at the status of almost all of the components.

Insight Manager server window

By working our way down from the "Mass Storage" button we can get down to individual disk drives:

Insight Manager drives window

Further drill-down is possible: we can get into statistics on reads and writes, self test results, and firmware revisions.

Insight Manager permits the administrator to reboot servers remotely. Recall that this is an SNMP-based application, and the weakness of SNMP's security. It is crucial that any station running an application like Insight Manager be in a secure location, and locked by a console or screen saver password whenever the administrator is not sitting at the monitoring station. Imagine what a curious "tourist" could do with this:

Insight Manager reboot window

Hewlett Packard offers a similar tool for monitoring HP systems running HP-UX (HP's flavor of UNIX).

HP Glance main screen

Glance not only tracks disk, memory, processor, and network utilization, it also allows the administrator to dig down into the individual processes running on the system to monitor and tune processes or the system as a whole.

Pictured below are a pair of graphics showing Bay Networks' Optivity network management software. Optivity runs on top of HP OpenView as a snap in application. The screens show a user drilling down from one layer of the network to another to locate a failed station. In this case, the failed station is a hub.

Optivity window

Optivity window

You should also note the graph in the lower right-hand corner. This graph is displaying network utilization on a segment in realtime. Multiple segments can be graphed at once for comparison (or to save some room on the desktop). This is particularly handy if you're gathing information from the different segments attached to a L2 switch. This image was captured late on a Friday afternoon so the traffic level is quite low.

Like Insight Manager, Optivity supports viewing the status of individual systems on the network. Depicted below is a status display of the front panel of a Bay Networks series 5005F concentrator with three FDDI cards installed.

Optivity 5005F window

From this display the network administrator can drill down into statistics and status information for individual ports. He can also configure which backplane path a port is attached to, or even disconnect the port from the network.
[ III ] CONCLUSION

Hopefully this chapter has demonstrated the power of network management tools. Properly utilized, network management stations can speed network troubleshooting, and enable you to predict needs for increased network bandwidth and other services. From one desk an administrator can configure routers, manage servers, and configure hubs. Network Management tools can save countless trips to distant wiring closets (or plane trips to distant office locations in large corporations). With this power comes the need for security: it is no wonder that the Network Operations Centers (NOCs) of major corporations are secured like bank vaults.

One last word before you move on to the self-test questions. Contratulations! You've made it to the end! I hope that this hypertext book has fulfilled its mission; providing you with the tools and concepts you'll need to begin working on your own networks. Good luck!
[ IV ] SELF CHECK

  1. Define Network Management, and the two methods for retrieving management information.

  2. Describe how authentication works with SNMP. Is this a strong or weak authentication system?

  3. If my management application does not have a copy of a device's MIB, can I manage that device from the management station?

  4. Explain in a few sentences, the role of RMON in network mangement.

  5. Describe the benefits and pit-falls of using a commercial network management application.

[ CH 11 ] [ TOC ]
Back to top
© 1998,99,2000 Shipman | Created 4-19-98 | Updated 2-5-00