html). These tools interrogate MIB data from a variety of SNMP agents and RMON devices and can provide an assortment of summary reports.

Polling systems are diverse. You may be best served by a tool that provides a range of polling alternatives. For example, IP.Check from Tally Systems addresses a range of IP-based applications (Web, FTP) and provides TCP/IP network-level polling using ICMP (Internet Control Message Protocol).

On the other hand, if you're more focused on a particular type of managed service, then you may want to investigate tools that offer more depth in a particular area. For example, AlertPage from Geneva Software is focused on response and availability of network and servers (at the network level) while MailCheck, also from Tally, concentrates purely on messaging systems.

Of course, owning and operating the tools is not your only option. Many service providers offer network management services to complement their core network service offerings; examples include Authority from LCI and Viewspan from Intermedia. If you're considering this approach, you still need to go through the process of determining what the metrics will be and whether the carrier's instrumentation and reporting approach satisfies your needs. Another alternative is to outsource the baselining function to another service provider, perhaps one that doesn't offer competing bandwidth services, such as ReliNet from Lucent Technologies.

Control Tools that report on service provider performance are just that-- tools. They are of no value unless both the service provider and the user organization clearly understand how the output from those tools will be used. Ideally, the service provider should be involved in the process of developing the baselining approach and of developing the SLA. The SLA should include not only the performance expectations, but also the commercial arrangements for nonperformance, how nonperformance will be determined (specifically what data the service provider will require) and how the service provider will be notified. In addition, it will be necessary to determine who internally has responsibility for validating performance against the baseline, how frequently, and the process to be followed in the case of nonperformance.

This may seem like a lot of work, and it is. But by putting in the work up front to clearly determine how you will baseline your service provider, you'll be able to simplify the ongoing task of managing one of your most important commercial relationships.

Philip Carden is a managing consultant with Renaissance Worldwide, a leading international provider of IT consulting services. He is a recognized expert in network management and security and is a co-author of the book Internet Security for Windows NT. He can be reached at pcarden@rens.com