Raritan Computer's CommandCenter NOC

So many machines and operating systems to support, and only so many IT administrators to support them. Raritan Computer's CommandCenter NOC (CC-NOC) appliance takes some of the load off, automatically monitoring the health of IT systems.

The CC-NOC comes in three versions: At the low end, the CC-NOC 100 monitors up to 100 workstations, 10 servers and 10 infrastructure devices; at the high end, a distributed architecture version scales to 1,000 monitored workstations, servers and infrastructure devices. I tested the CC-NOC 250, which scales to 250 monitored computers, 25 servers and 25 infrastructure devices, at our Syracuse University Real-World Labs®.

Setup Basics

Initial setup of the 1U server appliance is done over a serial console cable, giving the CC-NOC its IP address, subnet mask and default gateway. After the Linux-based appliance rebooted, I finished the configuration using a Web browser (your choice of IE, Netscape or Mozilla on client platforms including Windows, Solaris and Red Hat Linux). Raritan quickly resolved the one small snag I faced--uploading a corrupted license file during setup. The wizard-like Web configuration site requires data on time zone, DNS servers, monitored IP ranges, SNMP community strings and e-mail server information; once entered, you'll be able to work using the polished Web interface.

The CC-NOC scans the monitored IP ranges for servers and the services they're running, and automatically imports that information into the tool. The CC-NOC found all the components on the monitored networks, which included a Linux server, Layer 2 network switch, wireless access point, print server and the ISP gateway. For devices with SNMP monitoring, the CC-NOC displays much more detail about traffic and processor utilization and switch port statistics.

The CC-NOC includes a robust and flexible alert notification engine. After I created a rule to notify IT administrators by e-mail when HTTP was not working, I enabled the engine, then stopped Apache on the Linux server. The CC-NOC responded appropriately, registering the outage and sending off an alert e-mail.

The CC-NOC comes with an extensive set of predefined rules on which to base alerts, and the custom rules engine is quite powerful. Standard rules include notifications for SNMP traps received, switch interface status and various security events. If you use Raritan's KVM and serial-over-IP products, you can configure integration of the device with Raritan's CommandCenter Secure Gateway product. The benefit is that notifications from the CC-NOC will contain links to access the machines' consoles from the Secure Gateway.

The CC-NOC escalates events that are not acknowledged by admins. I set up escalation for the HTTP notification to alert my cell phone with a text message if the issue wasn't fixed in 15 minutes. I left the HTTP service down on the Linux host after receiving the e-mail message, and 15 minutes later I got the text message.The CC-NOC includes a configuration management database (CMDB) where administrators can store all pertinent data on their assets. Importing and exporting of the CMDB in CSV format is built-in, so you can reconcile the information with other data sources. The appliance could use a more robust access-control mechanism, though: It allows for only three levels of users.

Reporting is polished in the CC-NOC 250, letting administrators view canned reports in their Web browser or download them as PDF files. The CC-NOC Network Report Card, Outage Reports, and Availability Report show you how well your equipment is performing. SNMP reporting is more detailed, showing bits per second, errors, discards and traffic utilization for SNMP-capable assets. There's no custom reporting tool, but events can be exported in CSV formats. The CC-NOC does not have the ability to add custom SNMP MIBs, something they claim to be adding in the future.

The CC-NOC includes an intrusion-detection engine. Using signatures downloaded from Raritan, you can configure the appliance to warn you of suspicious activity. I enabled this and CC-NOC immediately began warning me of potential problems. The CC-NOC includes another network interface it uses to spy on traffic, using a mirror port on your switch or router. Raritan assists with pinpointing the most pressing alerts by assigning events a criticality level. But the engine can classify traffic only at 20 Mbps--larger organizations will need a beefier IDS.

Other features on the CC-NOC's checklist include monitoring syslog traffic from switches, routers and Unix-based hosts, thereby freeing admins from daily log reviews. It also can monitor Microsoft Windows computers' performance data using the Windows Management Instrumentation and CC-NOC WMI proxy software. The CC-NOC buys the peace of mind that comes with having a quick-to-deploy management and monitoring solution.

Christopher T. Beers is a contributing editor to Network Computing and manager of systems operations for a large broadband ISP. Write to him at [email protected].0