Survivor's Guide to 2005: Network and Systems Management

Enterprise IT will spend more on NSM in 2005 compared to 2004, thanks to industry initiatives like on-demand computing and Adaptive Enterprise, according to Meta Group. Our readers, meanwhile, say compliance with regulations, such as HIPAA (Health Insurance Portability and Accountability Act), Sarbanes-Oxley and Six Sigma, is pushing them to spend more on audits, audit preparation and compliance software. That will give the forthcoming IT best-practices spec, ITIL (IT Infrastructure Library), a boost because it tackles compliance concerns, among other things. Although none of this is truly new, it has NSM suppliers licking their chops.

How do you sort through all the NSM imperatives, match them to the appropriate tools and craft an overall NSM strategy? Start by determining what your NSM strategy is supposed to solve.Size Matters

First, identify the size of the problem you're solving. This means looking at the size of your IT group, not necessarily the entire IT organization.

If your IT organization is large, consider a comprehensive NSM strategy and products that will scale with your organization. Use the inventory, performance and service information one IT group collects to help others, thereby also removing duplication. Choose an NSM vendor that links your IT groups directly or through a third party.

NSM framework and fault-collection vendors, such as Aprisma, BMC, Computer Associates, HP, IBM Tivoli, Micromuse and SMARTS, attempt to define the big-vision, IT-management strategy. Their NSM packages create a single IT asset store of all IT services. These products not only try to eliminate duplicate and unsynchronized inventory--everything from network infrastructure to service topologies--but also seek to synergize management tasks. For instance, they may map all topologies automatically. They also provide remediation triage and diagnostic suggestions.

These tools standardize management data and access across an organization. Deploying ITIL and other best practices goes a long way here, but the NSM suite provides a common user interface, singular access control and integrated tools shared within IT to improve efficiency.A single vendor can't offer all management tools for all organizations, though. So look for an API and a documented command line to extend a product's usefulness among your business partners and for internal developers. Widespread adoption of the promised management panacea has failed because of the complexity and cost of such an approach. Still, the large vendors offer the only packages for large organizations to track and manage their IT systems.

HP OpenView remains one of the top dogs here, and HP continues to refine and expand the platform. NNM (Network Node Manager), which implements Layer 2 topology discovery using CDP (Cisco Discovery Protocol) and Cisco's bridge MIB, is slated to take advantage of the new IEEE 802.1ab Layer 2 discovery protocol next year. Time will tell whether 802.1ab will replace proprietary protocols like CDP and EDP (Enterasys Discovery Protocol), but with HP and Cisco behind the new spec, it's possible. (Cisco is also working on 802.1ab for its switches and CiscoWorks management software.)

OpenView's application monitoring is innovative. Its Transaction Analysis automates nTier application-architecture topologies. It's the best product available for pinpointing poorly performing components in an application-service chain. Many performance-monitoring packages poke at this problem, but HP's implementation is more granular, flexible and automatic.

The next big thing for NSM vendors like HP is catching up with SOA (service-oriented architecture). Organizations aligning IT to their business need more than service reporting--they require details on business impact and quicker IT reaction to business needs. Web services makes it even tougher for organizations to keep up with change, so the pressure is on management vendors to come up with SOA strategies. Look for ITIL, change and availability management to be part of this, and for NSM vendors to pitch it.

HP and other big players, as well as Concord Communications and Managed Objects, are talking BSM (business service management) as the answer to SOA. So far, the main pieces available for BSM are HP's automatic discovery of nTier topologies and BMC's integrated change- and configuration-management offering.If yours is a small IT organization, don't sweat big-time sizing and strategy issues. Concentrate on what works for specific problems. Focused NMS tools typically are inexpensive, or even free.

Large-scale NSM software obviously requires more hours to set up, but simple NMS products require care and feeding, too. It takes time to decide what needs alarms and to manage those alarms. Creating a service-level agreement is also time-consuming. The trade-off with a smaller-scale tool, of course, is you don't get a single management schema and associated third-party tools.

Hot management vendors serving up affordable and simple NSM include Ipswitch, Neon Software, Nessoft and SolarWinds. Netcordia's NetMRI, which is for both small and large NSM requirements, takes a different approach: This little appliance operates with the expertise of a Cisco CCIE, finding misconfigured and poor-performing network devices.

So, which NSM technology should you choose? First, monitor the network devices and servers running in your enterprise. All framework products have fault and monitoring tools. A cheaper alternative is Ipswitch's hugely successful WhatsUp Gold. This tool is used just about everywhere and has continued to evolve, thanks to its active and intelligent user community. Another option is Cricket, available for free from www.forge.net. But as with any free solution, you'll be saddled with the training and maintenance, which certainly aren't free.

Next comes configuration management, which applies to network devices and systems. The high-end NSM frameworks have comprehensive systems-configuration tools for deploying software and even provisioning hardware. Microsoft and Red Hat also have such tools with their OSs, and imaging systems like Symantec's Ghost are good alternatives. Plenty of other desktop-management vendors, including Altiris, LANDesk and Tally Systems, offer configuration-management tools.One area the big frameworks don't address is network device configuration. This may be the result of failed early network policy management efforts, or partnering with vendor-specific solutions, like Cisco's CiscoWorks and Extreme Networks' Epicenter. But AlterPoint, Rendition Networks, Voyence and newcomer Ohia Networks offer NSM platforms that support different networking vendors' hardware (in other words, not just Cisco's) and configure firewalls, load balancers and systems.

A lower-cost solution is a simple TFTP server scripted to download running configs.

Performance Anxiety

The next step is to get proactive with performance. But before you can be proactive, you have to be able to react.

Performance monitoring tracks how many bytes are sent, how many bytes are received or how many bytes are in error. There is plenty more performance data you can measure at the client, network, server, storage, OS, Web server, application server and database server level as well. This data is gathered regularly--every 5, 10 or 15 minutes 24/7--and saved. The data is then plotted onto graphs, reports, portals and dashboards to tell you when something abnormal has happened. (Abnormal depends on what has been collected in the past.)

This may still seem reactive, but over time, you get a performance baseline that's specific to your IT services. Some products, such as Concord Communications' eHealth, project possible resource constraints with server CPU and bandwidth, for instance. Performance management becomes proactive when you integrate the polled metrics into your IT operations. For one, occasional polling gathers data rather than waiting for a fault to occur. Second, the widely varying performance data can provide enough info to assign problem remediation to responsible parties more quickly and accurately. It also offers systems admins and application developers more detailed information about the cause of a problem, because it gathers detailed data and tracks the history.

Hundreds of vendors address performance management. Stalwarts like Computer Associates, Concord, Empirix, HP, NetIQ and ProactiveNet offer products that collect data from anything that moves in front of and behind the firewall, but you pay for it. If you can't afford to spend a quarter of a mil or more, these products are not for you. But if you have the budget and you're serious about tracking services and getting to the root of a problem quickly, this technology makes it happen.

Less expensive alternatives from Castle Rock Computing, ipMonitor, Neon Software and SolarWinds do a good job, but with some trade-offs. They are limited in the number of devices they can collect data from and how much data they can save. Remember, CPU and bandwidth are needed to gather, store and report the data--tasks the more expensive products do using distributed computing architectures.The low-cost tools also don't dig as deeply. They monitor applications merely by checking that a TCP or UDP port is responding, rather than running actual transactions through the application to check the results like pricier products do.

Another emerging performance-management approach gathers TCP sessions passively on the wire like a RMON probe. NetQoS and NetScout have been doing this for some time, reaching into application performance using ARM (Application Response Measurement) and other proprietary techniques. The advantage is it's easy to implement: no agents, no polling.

Newcomer Coradiant uses similar passive data collection. Its TrueSight product gathers and makes sense of the TCP sessions in real time. So network operations can see and react to problems with smaller groups of users that typically wouldn't be tracked with a conventional network-management polling product.

Last but not least, you must implement capacity planning. This is roughly divided between load testing and simulation. Both operations predict performance prior to production. Load-testing services, such as those from BMC, Gomez and Keynote Systems, work outside the firewall so you can identify potential problems in a new Web site. Quest's Benchmark Factory and Empirix's eTest Suite are examples of software run inside the firewall, posing as thousands of customers or users banging away at your network, servers and applications.

This is real traffic, and it requires real network and systems setup, even if it is a lab. Simulation software from Analytical Engines, Opnet and TeamQuest mathematically figure out what will happen to a given node, link, transaction, bandwidth, memory or other variables. These are powerful products, but they've mostly been adopted by government, service providers and large organizations. If you're considering one of these, beware that each requires dedicated, skilled IT personnel. And they'll cost you anywhere from a few thousand to hundreds of thousands of dollars. The alternative to simulation is overprovisioning or getting caught short, so justification comes from smarter IT-resource management.If you're not careful, network and systems management can become a black hole, sucking your organization of money and staff. But by understanding your organization's real NSM needs and solving one management problem at a time, you can make your IT services more efficient and consistent.

Bruce Boardman, executive editor of Network Computing, tests and writes about network management and systems. Write to him at [email protected].

It's no surprise that the guy in charge of desktop support considers his software more strategic than router and switch configuration. But if you're managing the network and desktop support, which is more strategic? Our cop-out answer: both.

Here's how we rank network- and systems-management tools by strategic importance:

1. Network monitoring. This basic fire alarm has got to be first.2. Desktop and server management. Get something, even if it's just a good image.

3. Network configuration management. Hello ... TFTP server and some scripts can save your assets.

4. Performance management. If you've got the time, you can get some useful info out of these tools.