The resurgence of network management

Steve Broadhead, director of Broadband-Testing Labs, evaluates two products that offer a simple way of monitoring networks and...

Steve Broadhead, director of Broadband-Testing Labs, evaluates two products that offer a simple way of monitoring networks and are easy to implement.

At Broadband-Testing we have witnessed many examples of users "paying lip service" when it comes to network management software. Companies often spend millions of pounds and then never fully complete the software deployment, or they deploy it but never really use it.

Worse still, a bad deployment of network management software can be damaging to the network. In one example, a well-known entertainment company was found to be taking up 72% of its network capacity with network management software traffic alone. SNMP - the de facto network management software protocol - can be a real network killer if mishandled.

It is clear there is still a need for network management. However, a simplified approach gives the IT department just the information of real value, does not hog the network and does not cost millions of pounds to buy and even more to deploy.

This is the thinking behind the second wave of UK-based, network management product developers. Forget the "network management software" concept - this is about simple tools that do a specific and valuable job and do it properly. Moreover, virtually any user is capable of understanding and using these tools, not just specialist consultants. Network management is now an open code, not a closed, or even closet, technology.

This points to a genuine revolution in the way networks are being managed from top to bottom through new approaches, specific tools and with return on investment a key factor.

Deltalert Server

Deltalert is a network management tool that sets out to do one specific job - identify the state of change on a network and ensure that minor problems do not escalate into major ones, so the data remains manageable.

Deltalert is web services-based, so is designed to be controlled across the internet, even across very low bandwidth links, such as GSM/GPRS.

It consists of three separate modules - the server, the SNMP module and the Telnet Tracker, all of which run on a standard Microsoft Windows PC. The server focuses on the network as a whole, whereas the SNMP module raises change messages when an interface changes on an SNMP interface. The interface throughputs can be monitored and any deviations from a preset profile will raise a message.

The Telnet Tracker connects to a switch/router via a Telnet connection, checks for changes in configurations and lets you compare old with new, side by side.

Deltalert Server presents you with a single screen, where the first thing you do is run a discovery.

The discovery options allow you to enter an IP address range. You can also set which TCP ports to search for on the devices to be discovered. By default, Deltalert checks for ports 21,23, 80 and 443, but you can add others manually. It also searches for SNMP support using default community strings, public and default, and these can be added to.

The discovery process consists of four sweeps - first for IP addresses, then for DNS information, then for TCP port information, and finally for SNMP data. Once all data for a discovered node has been accumulated, it is automatically stored in the database. Thereafter, any change discovered by Deltalert is reported.

As network nodes are discovered, a list is developed on the left-hand side of the screen - like Microsoft Explorer - which can be viewed by IP address, DNS information or name. By default, these fall into a single group but can be moved into new groups by dragging and dropping. A right-click on any node pops up a window showing node details, ping details and ping response.

Colour coding is used extensively to define the state of any element within Deltalert, such as a discovery in progress or if the network nodes have discovered a failed ping response, for example. This makes it easy to quickly spot any problem areas.

As data is accumulated you can filter it accordingly. Under "data db" - the central database where all Deltalert information is stored - you can search for database entries by general or specific filters. You can search for a particular IP address, or in relation to a specific time and date - called the epicentre. Searches can be within a particular timescale, such as plus or minus 30 minutes of that epicentre.

This is a logical and human way of resolving problems, based on when that problem occurred, rather than starting with the technical breakdown and working backwards, as is more traditional.

At a starting price of just £99, anyone looking for a quick and simple means of tracking changes on their network, wherever they are - even with a product such as Hewlett-Packard's Openview already in place - should consider Deltalert. A 30-day demonstration version is downloadable and only takes five minutes to get up and running.

Mutiny Toshiba Network Monitor

Network monitoring is often considered to be a specialist application for specialist people. However, with Toshiba Network Monitor (TNM), Mutiny is breaking the old rules. Mutiny's TNM is all about simplicity and cost-saving. That is, saving the "hidden" costs of a classic network software deployment, such as training, timescales, day-to-day management and maintenance.

It comes as a network appliance which you attach to the network and switch on. "Plug 'n' forget" technology is how chief executive John Earley has described it. Nor is there reason to set aside a substantial amount of time for the deployment; just a few hours.

The appliance-based approach to management provision makes sense. The first advantage comes with ease of installation. Anyone who has wrestled with a complex software installation will require little persuasion as to the benefits of a system that arrives pre-installed. Appliance suppliers have said that users could justify the investment in a boxed product just by analysing the costs of getting the software installed and operational.

The TNM is designed to provide network monitoring and alerting facilities for SNMP-based devices from PCs to high-end routers, mid-range systems such as IBM AS400 and beyond, and consists of a neat, small footprint Toshiba SG-20 server appliance with Red Hat Linux and Mutiny software pre-installed. It has integrated connectivity for Lan and Wan, the latter used to send pager and SMS-based alerts.

The first task for the Mutiny appliance is to automatically poll the configured IP address ranges and build a database and map of the discovered devices. Specific icons are auto-assigned to particular device types, so from a visual perspective, an untrained computer user can easily recognise what is being shown.

What information is retrieved thereafter by the system is dependent on what the SNMP service at each device is collecting. For example, this might include processor, memory and disc utilisation as well as system processes. The TNM system is particularly suited to monitoring application servers such as Microsoft Exchange, SQL Server and IIS via optional remote agents. Each agent supports a wide range of metrics, all of which are configurable.

Alerts are raised once pre-configured warning and critical thresholds have been exceeded. For ongoing monitoring, Mutiny's TNS uses a simple concept based around four specific icons to show device status.

Any unknown devices are assigned a blue circle, while a yellow rotating icon gives a triggered-warning and a red pulse identifies a critical system problem. The classic green "all clear" icon completes the picture.

Rather than simply offering a basic alert procedure, as is often the case, Mutiny has built in a tiered support contact database, consisting of primary, secondary and default shift patterns, per day, so that the TNM determines the order in which support staff should be called out, as well as in what form to notify them.

As a different approach to network monitoring, the Mutiny TNM is worth considering for any network where simplicity of operation is key, but where that network is still a critical component of the business.

Deltalert Server:

Mutiny Toshiba Network Monitor (TNM):

Going open source

Openxtra, a new UK start-up, is giving away a range of general network management tools, which are all open source but packaged by Openxtra to make them easier to deploy and use.  

These are available from the company's website along with a range of products you can buy. The latter, however, are focused in specific areas such as WLan intruder detection.  

Clearly the company is looking to make money in the areas of consultancy and design, but it is a clear example of someone bucking the trend. Network management has always come with a sizeable price tag attached, but not any more.

Helpdesk network management

Helpdesk, or IT service management, is one area of software not traditionally associated with network management.   However, UK developer Sunrise, best known for its established, if now slightly ageing, Enterprise ITSM product, has rewritten the rule book with its new product, Sostenuto, a pure browser-based application.  

This is not simply a "web-ised" version of an old product but a completely new concept in IT service management. The idea is that there are inherent cost benefits attached to deploying an entirely web-based product, such as a high level of process automation and a simple user interface, saving both time and cost.  

Whereas most helpdesk software deployments involve rolling out software to multiple sites, with Sostenuto it needs only a single upgrade on one machine and a URL sent to all the clients enabling them to download a Java runtime module necessary to run the software.  

Sostenuto maintains all the key features you would expect to find in a helpdesk product. However, where the common, modular approach is relatively rigid in terms of how it forces you to work in a particular way - and is usually expensive - Sostenuto has been developed from the ground up as a pure framework. The fact that in its basic incarnation it is a set of IT service management-specific tools is almost incidental.  

It means that, in practice, although you can treat it as a "me too" product, it can be developed into any kind of network asset management application suite you want it to be, or even a generic enterprise application.  

If this sounds a little frightening, you can take some comfort in the knowledge that Sunrise already has some early adopters using the product in ways they had not even envisaged.  

And the customers are happy. In some ways the situation is analogous to when Lotus introduced Notes - which became a phenomenal success - and then spent the first 12 months trying to work out what it actually did for users.

Steve Broadhead and Broadband-Testing Labs       

Steve Broadhead runs Broadband-Testing Labs, a spin-off from independent test organisation the NSS Group. 

His IT and networking experience dates back to the early 1980s, where he worked deploying and managing PC networks for two insurance companies, after which he made a sideways move into computer journalism.  

In 1991 he formed Comnet, which became the NSS Group, with Bob Walder, specialising in network product testing for suppliers and the publishing industry.  

In 1998, Broadhead created the NSS labs and seminar centre in the Languedoc region of France, offering a wide range of test and media services to the IT industry. Now named Broadband-Testing, it focuses on network infrastructure product testing and related areas.  

Author of recent DSL and Metro Ethernet reports, Broadhead is now involved in a number of projects in the broadband, mobile, network management and wireless Lan areas, from product testing to service design and implementation.

Read more on IT strategy