Whatever set of tools you use, whether they are open-source or commercial products, monitoring systems are a critical part of IT management. If you are not using client monitoring tools and managing IT resources, you are setting yourself up for failure.
Scenarios
Which scenario are you most closely aligned with?
Scenario 1: you come in for your IT shift, the management team can’t log into the CRM, you have voicemails from employees that can’t access necessary resources and their email isn’t working and your manager is hovering over your desk asking you what is going on? You are not certain, can barely log into any device or server yourself to start checking.
Scenario 2: you come in for your IT shift and you already know that someone on the LAN accidentally brought a virus in and illicit software is busy trying to spam the world, tying up email and maxing out your bandwidth. Your monitoring system already alerted you to the fact that someone on port 6 of the east wing switch trend analysis bandwidth spiked at 3am and is maxing out everything. You come in, walk over and unplug port 6 and stop the offending traffic. You walk over to your desk and your manager already knows that the problem has been fixed.
In both scenarios, the problem is the same, but the results very different. The impression from clients, co-workers is very different. Your own most valuable resource, your time, is also affected differently. Good monitoring is a very clear win-win for IT techs and Executives paying the bills.
The amount of information, both relevant and irrelevant, can be overloading as well. There is far too much information at times and filtering through the good meaningful information over sample of symptoms can severely decrease resolution times.
What about a Denial of Service attack?
Take for example, an external threat such as a DoS (denial of service) or DDoS (distributed) attack. Without tools, IT technicians may have to analyze logs or capture packets just to figure out what is going on. It is very likely that the incoming attack is so overwhelming that IT technicians cannot even access the device’s command line or web management interfaces. Often they are calling their ISP for help but without some professional management, many ISPs don’t have the ability to figure out what to filter to enable legitimate traffic and block unwanted traffic.
In the case of an attack, are you using network traffic analysis to understand what is going where? Many monitoring systems can identify anomalies in flows, from or to and alert on trends and automatically block attacks.
Simply figuring out where the attack is coming from is much simpler with monitoring tools. Having this data to compare what is ‘normal’ vs an ‘attack vector’ greatly simplifies the analysis and reduces the time before corrective measures can be put in place.
An attack from more than 60,000 unique end points producing over millions of packets per second was recently directed towards a client in an effort to shut them down and potentially breach their firewall through buffer overloads. Monitoring tools show the port, size of packets, protocol and other details to help identify the exact attack vector details and methods. Based on this information ACLs (Access Control Lists) can be implemented to reduce or block these attacks until they over, and still allow legitimate traffic through.
Monitoring Components
Here are some important components of successful monitoring:
Identify Failures – Are your network nodes up, are your servers running?
Capacity Planning – Is there enough bandwidth available, are your hard disks filling up?
Performance – Is your database the bottleneck to your business critical applications?
Security Management – Who or what process took that node offline? Who has access to what?
Some other important components of monitoring systems:
Frequency Period – How often is it useful to poll devices for information – monitoring systems typically pull data on an automated schedule, say every 5 minutes grab all network data from a switch; most systems can report based on variants, per day, per hour, but consider real-time and it’s importance in troubleshooting.
Data Retention and Aggregation – How long to retain that data? Can the monitoring system summarize data? The amount of data collected can be immense, having the ability to archive historical data in summary format reduces the amount of data collected but still can give a great amount of data for long term trend analysis.
Thresholds – How many false positives do you receive? Can you set the frequency or amount of triggers over time to reduce short spikes?
Dependencies – Are you able to setup dependencies to zero in on the core issue quickly? Are you able to reduce the amount of alerting? The last thing you need to have in a time of crisis is the helpdesk filling up with tickets for nodes that rely on a core node that is having problems.
Alert Options – No sense alerting by email if your email is down. Do you have the ability to use SMS or some other form of out of band alert monitoring and management?
This is a very small list but some important considerations and factors for monitoring systems. Going back to the starting scenario, if you don’t have those tools are you working with a technology partner than can offer these abilities to you?
https://en.wikipedia.org/wiki/Comparison_of_network_monitoring_systems has a comprehensive comparison list of network monitoring software systems.
What about at NAS?
Here at NAS, we implement a variety of tools but many customers benefit from the insight of the monitoring systems we put in place. When you have a simple connection from NAS, we can setup access to your devices and nodes to help you understand where connection faults might start, where bandwidth capacity issues might be present and have an answer to the question, is my network solid and big enough for my business day to day operations?
Or we would be happy to work with you on a regular basis through our MSP program where we perform a number of network management tasks, both automated and manual for many customers including point-to-point, point-to-multipoint networks, MPLS and IP management.
Reach out to us for a free consult. We would be happy to engage even just to help review your current setup and how monitoring can help improve your business.