Upcoming Events

Executive conference

Cloud Connect March 16-18

Comprehensive thought leadership for executives, IT professionals and developers. Topics include: the ROI, cost and economics of on-demand computing; Migration strategies to move from on-premise to cloud-based IT; Vertical cloud specialization, tailoring features and architectures to specific applications, industries, and customer ecosystems

More Events »

Vendor Newsfeed

More Vendor Newsfeed »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up
Network + Systems Management
S N E A K   P R E V I E W  
Oculan OpticNerve Keeps Watch

  January 23, 2003
  By Sean Doherty and Dilip Advani


TOC Issue TOC
Printer Print full article
E-Mail E-Mail this URL
Discuss Discuss this article
flame author Flame the author

Although network-management systems from BMC Software, Enterasys and others help many small- and medium-sized organizations control network nodes and services, their complexity and cost can be daunting, especially as those enterprises grow to support more users and customers. Oculan's OpticNerve 3.1 addresses the management needs for these groups; the network-management-services appliance keeps an eye on the network, reporting problems and thereby increasing the availability of network services.

For our tests, Oculan preconfigured an appliance with the IP information of our Syracuse University Real-World Labs® and shipped it with two optional devices: the Eyelid, which detects network intrusions, and the Ocustat, which reports bandwidth usage. We installed the appliance using a standard Web browser and the default user ID and password provided. From a GUI wizard, OpticNerve collected the network address ranges and SNMP community strings used to discover nodes and gather performance data. We then supplied it with an SMTP server for delivering outage notifications via e-mail and with DNS servers for name resolution.


OpticNerve automatically discovers nodes within a specified network range using ICMP sweeps. Once it finds a node, the node is probed for supported services by Service Pollers, which simulate transactions for DNS, DHCP, FTP HTTP, IMAP, POP3, SNMP, SMTP, SSH and other protocols, and applications and databases, including Lotus Notes, Informix, Oracle, SQL, Sybase and Postgres. Discovered nodes and associated services are added to OpticNerve's SQL database. Services are polled every five minutes and nodes are rescanned periodically for new services.

OpticNerve's Iris Agents run on Microsoft Windows 98, Me, NT4, 2000 and XP. Using less than 500 KB of memory, these agents run in the background and report system health and configuration information to OpticNerve. Iris Agents are event-driven: They detect window creation, file operations, faults and exceptions as well as application installations and launches. They also generate information regarding the OS, CPU, memory, network adapter, drives and installed applications. After creating users and associating them with management groups, we installed the optional Iris Agents 2.0 on Windows 2000 servers and Windows 98 and XP workstations by downloading the installation file from the OpticNerve.

Good
• Synthetic transactions poll network services.
• Configurable event notifications.
• Filters screen out unwanted notifications.

Bad
• Thresholds are not configurable.
• Set polling periods (approximately 5 minutes).
• SSL not supported.
To see events from polling information, SNMP traps and Iris Agents, you simply access a Web interface, supply a user name and password, and the home page draws all the events reported by devices on your network (see screen at right). An eventd subsytem processes all events and classifies them according to a rules engine. If an outage--any event that impacts an end user's ability to access a resource--occurs, it is registered and an actiond process notifies users.

Lights Out

Using both preconfigured and customized pollers, OpticNerve detected node and service outages on multiple subnets in our labs. We tested this by suspending FTP, HTTP, SMTP and telnet services on a Sun Microsystems SunFire 280R. OpticNerve detected the event and notified users that the services were unresponsive though the port was still available. It successfully detected FTP, HTTP, SMTP and SQL database outages on a Windows 2000 server as well. OpticNerve also scanned open ports to determine available services and report on known vulnerabilities. It found remote DCE services and anonymous FTP sites in our tests.

The optional Eyelid device provides higher levels of vulnerability scanning by detecting network intrusions and reporting them to the OpticNerve. Eyelid also attempts minor intrusions and exploits against the system to test for vulnerabilities. It successfully detected both a SSH Kerberos and a DoS (denial of service) vulnerability against our SMTP server and identified rfpoison and IIS buffer overflow vulnerabilities. OpticNerve also provides helpful solutions and common vulnerabilities and exposures (CVE) entries.

Ocustat gives basic network usage information by listing the most requested Web sites, top DNS host names and top talkers of the network. Both Eyelid and Ocustat monitor network traffic from a shared hub or a mirrored switch port.

Notifications flow to users within preconfigured groups by priority based on users' ranks and work schedules. The first user listed in the reporting group receives notification and has 15 minutes to resolve the outage and acknowledge the notification. If an acknowledgement is not received within 15 minutes, the next listed user is notified. Notifications are escalated to a management group if they are not acknowledged within a set period of time.

Vendor Info
OpticNerve 3.1, subscription service starts at $300 per month through resellers. Oculan Corp., (919) 534-0500, (800) 247-5080, Opt. 3. www.oculan.com
Once notifications are acknowledged or service returned to normal, the notifications are removed from active status but are archived for one year so they can be used to calculate service-level availability and included in standard reports on network availability, outages and SNMP performance. Reports are available in PDF, HTML or raw XML format for further processing.

Dilip Advani is a research associate at the Center for Emerging Network Technologies at Syracuse University. Sean Doherty is a technology editor and lawyer based at our Syracuse University Real-World Labs®. Write to them at dadvani@nwc.com or sdoherty@nwc.com.

Best of the Web

Data deduplication: Declawing the clones

Data deduplication is emerging as a critically important new arrow in the storage administrator's quiver to answer hard questions about the increasing problem in storage growth costs.

Quick Read

Compression, Encryption, Deduplication, and Replication: Strange Bedfellows

One of the great ironies of storage technology is the inverse relationship between efficiency and security: Adding performance or reducing storage requirements almost always results in reducing the confidentiality, integrity, or availability of a system.

Quick Read

WAN Optimization Whitelists and Blacklists

Optimization is a fantastic way of saving money and creating really happy customers at the same time, but it doesn't work flawlessly for all applications.

Quick Read

WAN Optimization as a Managed Service: It's Not About the Cost

This insight examines how organizations outsourcing their WAN optimization initiatives to a third-party go about achieving their goals for application performance, reducing operational costs, and streamlining enterprise infrastructure.

Quick Read

  Sponsored Links

Premium Content

Next Generation Data Center, Delivered, November 17th
NWC


Salary

Video

View All Videos

Most Popular

Stories Blogs

More Stories »

Whitepapers

More »

BlogRoll