|
 |
|
General Information
|
Add To My Personal Library |
April 9, 2010
• Vol.32 Issue 8
Page(s) 25 in print issue
|
Plug The Holes In Your Network
If Your Network Is Like Most, There Are Likely Some Gaps In Its Coverage
|
Jump to first occurrence of: [COYOTE] [CREEK]
| Key Points
• Organizations that don’t monitor sufficiently may wind up paying for upgrades they don’t really need.
• Too many network monitoring tools can make it difficult to track issues, because there are too many screens or consoles to watch.
• Network monitoring policies and processes help ensure that maintenance tasks get done. | Monitoring the company network is a full-time challenge, especially with constant changes in applications, servers, and network technologies. In fact, few IT managers believe they have their networks fully covered, according to a survey by Enterprise Management Associates and Anue Systems. That survey found that only 19.3% of the respondents feel their networks are sufficiently monitored. “There were a lot of reasons, such as the cost involved, not having the tools to do what they wanted to, or not having sufficient staff to keep up,” says Jim Frey, research director at Enterprise Management Associates.
The biggest technical problem, according to the survey, is a lack of network access points on which to attach monitoring tools. Money is another stumbling block, with 66% of survey respondents saying they lack sufficient monitoring tools and tool budgets.
Today’s networks must support an array of traffic and services. Keeping up with these technologies is a constant job for monitoring tool makers and their customers. For example, tool vendors are working to add support for virtualization, but it will take time. Another example is the move to faster 10Gb Ethernet networks, as many monitoring tools handle 1Gb traffic. Successful monitoring requires an upgrade to the tool or a workaround, such as breaking the traffic into smaller streams or looking at the header information and not the payload.
 Close The Gap
Organizations that don’t monitor sufficiently may wind up paying for upgrades they don’t really need. “People make the mistake of upgrading bandwidth without analyzing the need, not looking at which users are occupying the bandwidth and how they’re using it,” says Kalyan Ram, technical analyst for ManageEngine (www.manageengine.com).
Ram notes that something as simple as selecting unfamiliar monitoring tools or expecting network engineers to use the “pet tool” of a prior employee, but one that they’ve never used, can cause major problems. “It creates steep learning curves for the engineer,” says Ram.
Old network equipment is another problem. Legacy routers and switches that don’t support newer protocols can derail a monitoring effort. “People neglect to identify and replace legacy devices, such as a very old router that doesn’t have Cisco Netflow capability, for instance,” he says.
Mike Faster, president of network consulting firm Coyote Creek (www.coyotecrk.com), notes that he often sees companies accumulate monitoring tools, only to have some of them sit on the shelf and collect dust, while others aren’t updated when the network configuration changes, thus losing effectiveness.
“We often find tool atrophy,” he says. “Someone purchased a tool at some point, then management changed or a new guy came in with a different tool. The old tool begins to die on the vine because no one is keeping it up-to-date or even checking it regularly. Eventually, you wind up with a sedimentary rot of old tool upon old tool.”
Excess tools also exacerbate the problem of limited network access points. “There are only two ports for every network device, so it’s a problem if you have more than two monitoring tools,” notes Frey, adding that there are products on the market that enable ports to be shared between multiple monitoring tools.
Too many tools can also make it difficult for a network engineer to track issues, simply because there are too many screens or consoles to watch. Purchasing an integrated monitoring suite that includes several monitoring functions makes it easier to track multiple systems and to spot trends. If an integrated package is not possible, linking the disparate tools to a single console can help. “If I have to go through six different tools, it’s going to take me more time to figure out the cause of the problem,” Ram notes.
Automating much of the monitoring activity is also important, note Ram and Faster. By setting the monitoring software to automatically handle tasks such as checking available disk space; network utilization; and the health of servers, routers, and firewalls, the monitor can be scanning for trouble and can send automated emails, pages, or warnings to the network management console in case of a problem.
Looking For Trends
Monitoring products can automatically record traffic volume, types of traffic, and application usage over time; usage by department, user, and time of day or week; and other information that can provide insight into future network needs, preventing problems before they become critical.
“That’s proactive use—looking for trends, looking at capacity. Unfortunately, that is often not done,” says Faster. “Ninety percent of the value of monitoring is in the preventive use, but most organizations don’t keep up with that.”
In many cases, he says, the root of a network’s operational problems lies in the organization’s lack of processes for daily monitoring of network traffic and trends and for updating the tools. Some of the fault lies with the human penchant for taking on new and exciting projects, sometimes at the expense of the day-to-day work.
“People will always tend to starve ongoing maintenance and operations in favor of new projects,” says Faster. “There is no real interest in the ‘keeping the lights on’ type of work until something breaks.”
Faster advises IT to create network monitoring policies and processes to ensure maintenance tasks get done. “The secret sauce isn’t the tool or even a new standard. There are lots of good tools and standards out there. But if you have a few good processes in place, life can be good,” he says.
Two of the processes he says all IT departments should have are change management—any updates to the network should go through a formal approval process—and a progressive policy of event management/escalation.
“I ask clients, when you get an alert that something is down, what do you do?” says Faster. Often, the response is simply “fix it,” with no policies as to who should be notified or what should occur if the problem can’t be quickly fixed. An escalation process for notifying supervisors and stakeholders of the issue is critical, he notes, so network users can implement fallback plans for dealing with an outage rather than clogging the help desk lines with frantic calls.
Common Metrics
A common set of metrics for judging network performance will help prevent interdepartment fighting over who’s at fault or what the problem really is. For example, Frey notes that measuring response time at the client’s end may give you a good user perspective, but it won’t tell you exactly where the problem is.
“What goes on between those two points in time is often a very complex set of transactions and messages between various contributing components,” he says. To get a better overall picture of the network, he suggests watching several other metrics, including server response time; network response time or latency (the time to connect an end user to the Web server or first application); packet count or the number of exchanges of data that occur in one transaction or session; and session count, which can give warnings of an application design flaw, configuration error, or security breach.
“The network is the place that gets blamed when things go wrong,” says Frey, who suggests turning that into a benefit by monitoring the network more comprehensively and serving as the troubleshooter for other groups. “I always advise network professionals to promote themselves as the ones who can help pinpoint problems. You can look at the network and figure out where to focus future investigations.” 
by Sue Hildreth
Why They Monitor
According to the report “Monitoring Optimization 2010: Trends and Issues Surrounding Network and Security Monitoring,” sponsored by Anue Systems and conducted by Enterprise Management Associates, IT departments monitor their networks for the following reasons:
• Troubleshooting of applications or network issues: 61%
• Intrusion detection or prevention: 57%
• Application performance monitoring: 42% |
|
|
