|< Day Day Up >|
The LAN administrator’s main focus is usually on keeping the network operating properly and making sure the needs of users are addressed in a
Whether bundled with other products or used separately, the right tools help the LAN administrator monitor, analyze, and adapt the LAN to changing organizational needs. The tools
|< Day Day Up >|
|< Day Day Up >|
The key concepts in LAN administration are the console and agents. The console is the workstation that is set up to view information collected by the agents. The agents are special programs that are designed to retrieve specific information from the network. An application agent, for example, works on each workstation to log application usage. Workstation users are not aware of the agent and it has no effect on the performance of the workstation or the applications running on it. The collected information is organized into data sets and stored in a relational database, where it can be retrieved for viewing on the LAN administrator’s console.
Information from multiple sets of data can be displayed in several ways—
View and manipulate network data;
Automate file distribution;
Maintain hardware inventory;
Manage installed software, including application usage;
Receive notification of network events;
Establish and manage network printer support;
Automate network processes, such as backup and virus detection;
Monitor disk and file usage;
Create task lists;
Work with text files;
Establish and maintain security;
Figure 2.1: Information flow between console and agent.
All of the agents that collect information in support of these functions are configured at the console using commands selected from the menu bar. Once configured, each type of agent can be assigned an icon that launches its associated viewer for displaying collected information.
With LANs increasingly being
Hardware-based monitors and software-based agents can be used together distributed throughout a LAN, as well as
A critical tool in the IT department’s arsenal of management tools is the “ intelligent” agent, which is an autonomous and adaptive software program that accomplishes its
What makes these agents so smart is the addition of programming code that
The behavior of intelligent agents can be modified in two ways: templates and programs. The choice will depend on the level of an organization’s in-house network and systems management expertise.
Some vendors, such as Hewlett-Packard, offer
For instance, when a firewall issues an error message, under the rules described in its template, it sends all alerts to a particular system administrator. The network manager can change the rule so that an automated response is initiated instead, allowing agents to resolve problems and perform routine tasks (e.g.,
In a similar manner, responsibilities can be assigned to specific people. For instance, an operator can be assigned a particular
For programmers, many vendors offer tool kits that accelerate the development of the agent and manager
The agent-creation process is further simplified because developers now can use an intuitive C++ interface that insulates them from the complexities of APIs. For example, without using a tool kit, a developer might have to write more than 200 lines of code to create a simple “get” request. With a tool kit, such agent development can take as few as four lines of code, with the rest of the code being generated automatically. By drastically reducing the amount of manual coding, developer errors are reduced, and quality and productivity are increased. In addition, the code-generation process provides greater code consistency, thus improving code quality and maintainability as well.
Likewise, manager development is also enhanced through a
Some tool kits are actually elements of an integrated suite of tools and platforms that facilitate and accelerate the development and deployment of agent- or manager-based network management solutions. These tools are
It is not enough to have agent-manager development tool kits—there must be a means to test the results before implementation in the live environment. For this task, there are test tool kits that automatically create a suite of tests and provide automated and interactive
Through the use of interactive and regression tests, the agent tester tool kit fully exercises the agent during customization and testing. The interactive test method provides the ability to incrementally test the customization of the agent, while the regression-testing method allows for a complete suite of tests to be executed, with the results being
This level of automation means that developers can completely test their agents without ever writing code, enabling rapid deployment of effective and reliable management solutions, while reducing development costs, improving quality, and shortening the development cycle.
Agents can be built with Java and used to monitor and report on key performance metrics of systems, services, and applications. Since Java is a cross-platform development tool, agents built with Java can provide a single, unified management system to support any mix of IP-based desktop, server, and network resources that also run Java—including hubs, switches, and routers. In addition to
The agents can also collaborate to resolve problems directly—and without alarm generation—rather than escalating them to a higher-level manager in the traditional way. This intelligence reduces management traffic on the network, enables faster response to events, and
Agent technology has been available for several
Network performance monitoring can help determine network service-level objectives by providing measurements to help managers understand typical network behavior and normal periods. The challenge is defining “typical” and “ normal.” Intelligent agents can help define the network’s behavior and gather the information for documenting achieved performance levels. The following capabilities of intelligent agents are particularly useful for building a network performance profile:
Baselining and network trending: Identifies the true operating envelope of the network by defining typical and normal behavior that can be used to compare performance at some time in the future, perhaps to see if service level objectives are still being met and reveal out-of-norm conditions, which, if left unchecked, may have drastic consequences on the productivity of users.
Application usage and analysis:
Identifies the overall load of network traffic, what times of the day certain applications load the network, which applications are running between critical servers and
Client-server performance analysis:
Identifies which servers may be over utilized, which clients are hogging server resources, and what applications or protocols they are running. Such performance analyses help the network manager define and
Internetwork perspective: Identifies traffic rates between subnets so the network manager can find out which nodes are using WAN-links to communicate. This information can be used to define typical rates between interconnect devices. This perspective can show how certain applications use the critical interconnect paths and define normal WAN use for applications.
Data correlation: Allows peak network usage intervals to be selected throughout the day to determine which nodes are contributing to the network load at that peak point in time. Traffic source and associated destinations can be determined with seven-layer protocol identification.
There are client-side agents that continuously monitor the performance and availability of applications from the end
Such agents are installed on clients as well as application servers. They monitor every transaction that crosses the user desktop, traversing networks, application servers, and database servers. They monitor all distributed applications and environmental conditions in real-time, comparing actual availability and performance with service-level thresholds.
This analysis enables network and application managers to understand the source of application response time problems by breaking down response times into network, application, and server components. As a result, troubleshooting that sometimes takes weeks can be accomplished in a matter of minutes.
When faults on the network occur, it is imperative that problems be resolved quickly to decrease the negative impact on user productivity. Network managers must be able to respond quickly and have procedures in place to reestablish lost service and maintain beneficial service levels. The following capabilities of intelligent agents can be used to gather and
Data correlation: Since managers cannot always be on constant watch for network faults, it is imperative to have historical data available that provides views of key network metrics at the time of the fault. What was the overall error/packet rate and the types of errors that occurred? What applications were running at the time of the fault? Which servers were most active? Which clients were accessing these active servers, and which applications were they running? Data correlation can help answer these questions.
Identification of top error generators: Identifies the network nodes that are generating the faults and contributing to problems such as bottlenecks caused by errors and network down time.
Immediate fault notification: With immediate notification of network faults, managers can instantly learn when a problem is occurring before users do. Proactive alarms help detect and solve the problem as it is happening.
Automated resolution procedures: Intelligent agents can be configured to automatically fix the problem when it occurs. The agent can even be programmed to automatically e-mail or notify help desk personnel with instructions on how to solve the problem, thus saving time and money.
Capacity planning and reporting services play a significant role in delivering sustainable network service levels to end users. They also provide documented proof to management and other organizations that pay for services to help ensure that network service levels are consistently achieved. Capacity planning and reporting allows for the collection and evaluation of information to make informed decisions about future network configurations,
Baselining: Allows the network manager to determine the true operating performance of the network by comparing performance at various times, perhaps on a monthly basis, which can identify business cycle deviations.
Allows the network manager to compare inter-network service objectives from multiple sites at once to determine which subnets are overor
Protocol/application distribution: Helps the network manager understand which applications have outgrown which domains or subnets. For example, these capabilities can find out if certain applications are continuously taking up more precious bandwidth and resources throughout the enterprise. With this kind of information, the network manager can better plan for the future.
Host load balancing: Allows the network manager to obtain a list of the top network-wide servers and clients using mission-critical applications. For example, the information collected from intelligent agents might reveal if specific servers always dominate precious LAN or WAN bandwidth, or spot when a central processing unit (CPU) is becoming overloaded. In either case, an agent on the LAN segment, WAN device, or host can initiate load balancing automatically when predefined performance thresholds are met. The information gathered by the agent can be used for resource planning.
Traffic profile optimization:
To best guarantee service-level performance, the ability of network managers to compare actual network configurations against proposed configurations is crucial. From the information gathered and
To build Web sites for electronic commerce and other mission-critical applications, administrators are mirroring site content at additional points of presence (PoPs). This provides redundancy in case one site goes down, and enables traffic to be routed between the sites to increase overall response time. Flow management software determines which Web server to send a request so the fastest service can be provided to the clients.
Resonate Inc.’s Global Dispatch, for example, integrates multiple PoPs into a single Web site resource. The company’s flow management software uses three factors to determine where to send a request: PoP availability, PoP load, and the Internet latency between the client and each PoP.
As requests are received, the Global Dispatch scheduler instructs the agents installed at each Web server to measure the latency between the PoP and the client’s local
A single PoP can also have multiple agents, each performing a share of the triangulation work, which minimizes scheduling overhead. The use of multiple agents is
A properly functioning and secure corporate network plays a key role in maintaining an organization’s competitive advantage. Setting up security objectives
Monitor effects of firewall configurations: By monitoring post firewall traffic, the network manager can determine if the firewall is functioning properly. For example, if the firewall was just programmed to disallow access of a specific protocol or external site, but the program’s syntax was wrong, the intelligent agent will report it immediately.
Show access to and from secure subnets: By monitoring access from internal and external sites to secure data centers or subnets, the network manager can set up security service-level objectives and firewall configurations based on the findings. For example, the information reported by the intelligent agent can be used to determine whether external sites should have access to the company’s database servers.
Trigger packet capture of network security signatures: Intelligent agents can be set up to issue alarms and automatically capture packets upon the occurrence of external intrusions or unauthorized application access. This information can be used to track down the source of security breaches. Some intelligent agents even have the capability to initiate a trace procedure to discover a breach’s point of origination.
Show access to secure servers and nodes with data correlation: This capability reveals which external or internal nodes are accessing potentially secure servers or nodes and identifies which applications they are running.
Show applications running on secure
Watch protocol and application use throughout the enterprise:
This capability allows the network manager to select applications or protocols for monitoring by the intelligent agent so that the flow of information throughout the enterprise can be
Some agents are capable of taking action based on the nature of the security threat. Symantec, for example, offers its Intruder Alert, which uses a real-time, manager-agent architecture to monitor the audit trails of distributed systems for “footprints” that
Typically, an organization would use either a network-based intrusion detection system to monitor only a handful of key facilities that transport sensitive information, or use a host-based solution that places monitoring agents on the systems that host critical applications and store
|< Day Day Up >|