Enterprise Management Systems

The complexity of networks has increased due to integration of heterogeneous devices including different types of media, protocols, and interconnectivity with networks that may have an entirely different setup. An enterprise with a large network setup that spans multiple LANs or a WAN requires constant monitoring and manageability to prevent network failure. Though network failures are inevitable, you can reduce network downtime if you are prepared. Proactive monitoring of enterprise networks ensures quick resolution of network faults, based on service level standards and performance baselines. This enables you to take precautionary measures before a network problem occurs. Today, enterprise management systems (EMSs) have become a necessity for large and small networks.

A conventional EMS provides an integrated set of tools to manage mission critical characterstics of a network such as network and resource availability, responsiveness, resilience, and security. It is characterized by Service Level Agreements (SLAs) and policies, drill-down views of the network infrastructure, and a “single pane of glass” view of the network, which enable you to centrally monitor and manage the network. The most common functions performed by an EMS are:

Fault management: Requires the system to process events generated within the network environment and produce alerts when a network fault occurs. In addition, it involves event filtering and trend monitoring by maintaining data.

Configuration management: Involves enabling the technical support staff to modify the configuration of managed devices if the configuration needs to be synchronized. Configuration management is critical for the network, providing facilities such as VPNs and service standards including QoS.

Accounting Management: Involves maintenance of user-based accounts for tracking payments. This type of service is most suitable for telecommunication networks.

Performance Management: Involves monitoring and maintaining capabilities to ensure consistent network performance with respect to the service standards. An EMS usually possesses tools that have a predefined matrix for measuring network performance. Various network resources are constantly monitored and alerts are generated depending on thresholds set by network operators.

Security Management: Ensures secure access through implementation of user authentication and authorization techniques along with data integrity and audit checks.

In addition to these functions, an NMS includes utilities such as MIB browsers. A conventional MIB browser allows you to view the MIB tree, using the point-and-click GUI of a particular device. The display shows the MIB variable, the values, and the structure of the MIB for a particular device.

Recent trends show that large and small networks usually converge to a common IP environment. Anticipating this trend as a major turnover, Cisco has developed a general network infrastructure called the Architecture for Voice, Video, and Interface Data (AVVID). While AVVID may not be exhaustive, it provides many network layouts in a common IP environment.

AVVID provides the base infrastructure needed to design a scalable and reliable network setup by providing resilience for networks, communication, application, and businesses. As a generalized set of standards and best practices for setting up a scalable network environment, AVVID covers various aspects of network installation. It provides standards for ensuring high availability, QoS security, and mobility. This architecture enables you to focus on business-specific network requirements, while following the guidelines provided by the AVVID norms to set up the network. This architecture can be used when designing or redesigning a network. If a network has performance issues, you can check the guidelines provided by AVVID and identify the relevant problem areas.

Managing an enterprise network requires products that can monitor and detect bottlenecks for all aspects of the network, including connectivity issues, interface problems, and configuration mismatches. One of the popular enterprise management applications provided by Cisco is CiscoWorks. It is a family of products that provides end-to-end management of networks and increases the flexibility of support for new services such as voice, wireless, and content management devices. CiscoWorks constitutes various applications that are used for managing LAN and WAN networks along with mobile and wireless networks. These applications provide a number of tools and techniques for efficiently managing network devices, configurations, users, and services.

Some of the products that assist in performing enterprise-wide management of network devices and resources within the CiscoWorks family include:

• Management Solutions for LANs

• Management Solutions for WANs

• Management Solutions for VPN/Security

• Policy-Based Management of Quality of Service Networks

• Management for Small Networks

Management Solutions for LANs

The CiscoWorks LAN Management Solution (LMS) provides a framework of techniques that assist you in managing and monitoring LANs. The applications included in LMS are:

Cisco nGenius Real-Time Monitor: Provides multiuser Web access to information about RMON. It is a real-time monitor that uses RMON-enabled catalyst switches, internal network analysis modules, and LAN switch probes.

CiscoWorks Device Fault Manager (DFM): Follows an unconventional top-down approach for analyzing network problems. It identifies the fault condition using a problem signature, which represents a set of symptoms that occur due to the fault. This tool creates a causality mapping between the fault condition and the symptom, which in turn, determines the problem. This information is then coded into the DFM analysis model, which diagnoses the fault conditions based on events that already exist in the analysis model. Depending on the event that defines the fault condition, remedial measures can be taken. DFM works as an independent product or combines with various network and/or enterprise management systems for proactively detecting faults.

CiscoWorks Campus Manage: Manages and analyzes the complex structure of physical and logical network layouts. It provides powerful Layer 2 tools for configuring and managing physical and logical networks.

CiscoWorks Resource Manager Essential (RME): Covers inventory and configuration management aspects of the network. It is a powerful Web-based management application that manages inventory, configuration, and software updates for Cisco routers and switches, providing facilities to schedule periodic updates and generating alerts in case of new updates.

CiscoView: Provides updated status, statistics, and configuration information about Cisco products including routers, switches, hubs, and access servers. CiscoView is one of the most commonly used network management products by Cisco. It is a GUI-based management application, which displays the status of Cisco devices using color-coding schemes that define various severity levels for devices. This allows you to understand the status of network devices at a glance, and you do not have to go through all the statistics. This allows centralized management of network devices even on a remote network setup. In addition, it provides real-time monitoring and tracking of data about network device performance, traffic, and usage based on matrices such as percentage utilization, frames transmitted and received, and errors generated. CiscoView also provides the capability to modify configuration for trap, IP route, VLANs, and bridges.

Management Solutions for WANs

The CiscoWorks Routed WAN Management Solution allows easy fault detection and recovery, which reduces network downtime and performance downturns. CiscoWorks provides Routed WAN Management Solution for enterprise-wide management of WANs. It provides applications for configuring, administering, and troubleshooting routed WANs. In addition, it provides various tools for configuring and optimizing bandwidth use across WAN links. The available applications are:

CiscoWorks Internetworks Performance Monitor (IPM): Monitors network congestion and latency. As a part of the routed WAN management solution, this tool allows you to monitor the performance of multiple protocols across heterogeneous networks. In addition, it measures the response rate and availability of IP networks on a hop-by-hop basis.

CiscoWorks ACL Manager: Is an add-on application used with Resource Manager Essentials (RME) for managing information about Access Control Lists (ACLs). In addition, CiscoWorks RME and CiscoWorks View are used with routed WAN Management Solution.

Management Solutions for VPN/Security

Managing enterprise-wide networks is incomplete without taking into account the management of VPNs and security issues. The VPN/Security Management Solutions (VMS) provides services such as configuring, monitoring, and managing VPNs, firewalls, networks, and host-based intrusion detection. Constituents of VMS include:

Management Center for PIX Firewalls: Provides centralized management of Cisco PIX firewalls displaying information about a PIX device manager.

Management Center for IDS Sensors: Configures and deploys switch and network IDS sensors and detects intrusion and other security violations.

Management Center for VPN Routers: Manages security while configuring and deploying VPN connections for each network site.

Monitoring Center for Security: Provides a central console for monitoring events related to network, switch, and host IDS along with Cisco PIX and Cisco IOS devices.

Auto Update Server: Deploys updates and the latest configurations for the PIX firewall while working with the PIX firewall management center.

Cisco Secure Policy Manager: Provides predefined policies that serve as service standards for Cisco PIX- and IOX-based firewalls along with IPSec VPN routers.

Cisco IDS Host Sensor and Console: Prevents attacks from NIMDA and Code Red worm viruses. As a security and intrusion detection tool, it can identify an attack and prevent unauthorized access to network resources.