The Interactive Network Design Manual The Systems Management Dimension by Bruce Boardman Performance This has traditionally been an area that covered the management of servers and databases, but now is beginning to cover application management as well. The basic aim is to configure, manage and monitor the use of distributed computing resources like disk, memory and CPU utilization. There are hundreds of possible data points that can be collected for server, database and application monitoring. Those that are consistent across platforms, such as Process and SQL statements are to be expected; others are application- or database-dependent and will require specific evaluation. Generally the more data points the better, but there are other more generic features associated with performance monitoring. Configuration and diagnostic actions rely on well-annotated data and error points. The lev el of understanding of your particular server, database and application is going to vary from product to product so take some time to look at the clarity of vendor's explanations of a particular collection statistic. When monitoring processes or utilization, it is important that baseline thresholds be set in order to create a frame of reference. It is unlikely that any products are going to automate the setting of this threshold in terms of actual traffic or transactions, but the product might preset some, such as CPU and network utilization, and allow them to be changed to fit your environment. Short of having automated real performance baseline settings, annotations regarding the specifics of each data point, its usage, errors and other related data points, should be expected, in order to tune not only the statistical gathering but also the configurations of the monitored process. Historical and real-time data collection reported in tabular as well as graphical formats is a given. The better products will combine predefined graphical studies along with the ability to create or modify existing studies. Error conditions need to be both highlighted and minimized. They should be highlighted through the use of color, icons and linking icons to the specific as well as related error messages. And they should be minimized through the use of correlation of events and suggested actions, or even automated recovery. The more aware a product is of your specific application the more likely that the suggested automated actions will apply without the need for any further development. Security The changing of user IDs on multiple systems is time-consuming and error-prone. It is common to find systems management products that will change user IDs across heterogeneous Unix platforms but rare to find one that will make those changes across LAN, Unix and mainframe products. Tread lightly when this claim is made, as vendor-specific products or only certain versions of operating systems may be supported. Security administration needs to be centrally controlled, but that does not mean that all changes need to be done by a single individual. Better systems will allow for a delegation of security administration to logical subgroupings that will replicate the changes to the appropriate systems. All of the usual restrictions, such as password length, common word restriction, user/resource grouping and time of day access, for example, need to be supported. It is reasonable to expect that the security will be policy-based and that servers targeted for security changes, are available from the discovered database of known nodes. Logging of exceptions, and unauthorized changes/attempts, needs to be hierarchical to support local administration, and yet available centrally based on policy to support centralized control. Messages should only be available for viewing based on access authorization, and perhaps only to specific terminals. The message structure needs to be able to clearly filter and notify the security administrator(s) of errors and exceptions, so they are not lost in the morass of normal access granting messages. Additionally the scheduling of changes via a calendaring system with all the applicable logs is important. On better systems this is a single action that applies to all the target systems, based on the user or processes group membership. Firewall and encryption services are not part of any of the major systems management suites with the same level of functionality as you'll find available in firewall point products. This will no doubt change as some big fish swallows a smaller one, but look for development and support of security and directory standards in operating systems as the leverage to improve overall systems management security administration. Intranet/Internet Management Intranet/Internet services/access management and the use of a browser as a ubiquitous console interface are just becoming available in large systems management suite s. The integration of this class of systems resource into the event, security and correlation engines of the management suite is important to bring it within the bounds of systems management. More specific functionality for content and Web server management is to be found in specific point products, but no doubt functionality within management suites will increase over the next 12 months though development and acquisition. Systems management suites now provide control over intranet/Internet, as well as configuration and tracking of browser deployment. Server event queue management and monitoring, along with near-line storage of infrequently accessed HTML pages is to be expected. Another more advanced feature is the integration of performance monitoring and local corrective action for availability enhancement of Web server-centric operations. Most common Web servers should be supported, such as Apache, Netscape Navigator and Microsoft Explorer. Web page access should be limited by network- and policy-based definitions, and should support standards such as Secure Sockets Layer (SSL) and Secure HTTP (SHTTP). Integration into the security modules for ease of definition, such as group membership, and centralized control is necessary for Web access to be an integrated part of system resources being managed. Monitoring, logging and notification of unauthorized access, attempted break-ins and idle logins, for example, as reported by firewalls should be integrated into the suites' security module. Browser deployment is an extension of the existing function of software distribution and asset inventory. It is important to look for the ability to configure browser specific options like helper apps, proxy Domain Name Service (DNS) setup and bookmarks. The asset management software should reflect these options. Software-distribution software makes for a consistent, easy, secure deployment of browser clients across the enterprise. Updated December 17, 1996 Print This Page E-mail this URL