Print

Comment

Email

Digg

Del.icio.us

Reddit

Network technology has come a long way from the days of hubs and 10 BaseT Ethernet to complex multi-layered networks carrying voice, video and data. It is seen that with emergence of technologies such as VoIP, VPN, MPLS backbones and Wireless LANs, most organizations have adopted these technologies for the benefit they offer. It is also seen that organizations are looking for best-of-breed solutions leading to multi-vendor networks over a period of time. Add to that, a complex myriad of technologies and the network becomes a nightmare for the CIO to manage and maintain. Most CIOs are looking for panacea in network management solutions that will assist their teams in ensuring that the network is always available and performing optimally. Network management gurus typically use the acronym FCAPS (Fault/Configuration/Accounting/Performance/Security) which more or less sums up the challenges of network management and expectations from a network management tool.

Fault Management
Almost all network devices today are manageable (ie they have an intelligent SNMP agent installed). This capability makes it very easy for a network management system to discover and classify the device. In addition, the SNMP agent provides additional information about the current status and connectivity with other devices.

Fault management systems (FMS) are able to discover and model the topology of complex network environments based on SNMP and other technologies (Routing tables, ARP caches etc). They are able to poll devices and receive traps to correctly depict the status on the topology map. In addition, these solutions allow capabilities to automate response to common events, the response typically being e-mail/SMS notifications, incident registration to a service desk or running custom scripts. Such detailed information helps administrators diagnose problems faster leading to reduced mean time to repair.

Advanced fault management systems offer the most useful functionality of event correlation and root cause analysis. This system typically comprises in-built correlation logic and rule sets to correlate multiple incoming events and provide a possible single root-cause. This allows administrators to understand and diagnose network problems faster as compared to chasing events that are symptomatic. For example, when an upstream device goes down, all connected downstream device polls will generate failure messages.

Another common function that advanced fault management systems perform today is mapping discovered IT infrastructure to IT services. SLAs (based on availability and response times) can be attached to the IT services rather than individual elements. This allows administrators to understand the impact of a failing component on IT services and the relevant SLA that are affected.

Configuration Management
Configuration management is a process that covers a wider range of IT infrastructure and is not restricted only to network devices. Configuration changes on network devices are required for a wide variety of reasons including adding new boards to existing devices, firmware upgrades, manual addition/removal of routes on a router etc. Configuration management mandates that such changes be made only after relevant approvals from the CAB (Change Advisory Board) or similar approving authority. This is done so that the impact of the change on various IT and Business Services can be studied before actually performing the change. Rollback procedures are also defined to minimize disruption to services in case something goes wrong.

Configuration management solutions are also capable of reading device configuration at periodic intervals and comparing it to the deployed image to check for changes. Changes (if any) can be reported to the fault management system and automated actions such as redeploying the original image can be initiated. It is also important to ensure that unauthorized changes to device configurations do not take place (by deploying stricter access control on network devices).

Accounting Management
The primary challenges addressed by accounting management are-tracking network utilization by application/end-user/department for the purpose of chargeback; allocate appropriate network resources for business critical applications/departments

Accounting management involves tracking each individual user's utilization of network resources for the purposes of allocation of resources and billing for their use of the network. This type of information helps a network manager allocate the right kind of resources to users, as well as plan for network growth. With the same information, the cost of transmitting messages across the network can be computed and billed to the user if the traffic was revenue bearing.

This type of management involves monitoring the login and logoff records, and checking the network usage to determine a user's use of the network. In addition, access privileges and usage quotas can be established and checked against actual for accounting information.

Technology used for accounting management typically involves probes/flow records to collect raw data related to traffic segregated by user/application. This data is collected, analyzed and appropriate reports are created to indicate the network resource usage. Accounting tools go a step further by analyzing the collected data and providing billing invoices to business units based on pre-defined chargeback information.

Performance Management
Complex networks such as VoIP or MPLS cores require a finer degree of performance monitoring that provides the ability to collect data from vendor provided SNMP MIBs to report on parameters such as jitter, MOS (Mean Opinion Score-a common indicator of voice quality in VoIP networks) and volume/congestion levels in a CoS (Class of Service indicating a dedicated channel with QoS attributes in an MPLS based VPN). These reports are provided out-of-box by advanced network performance management systems.

Network performance management solutions also aid the administrator in locating performance bottlenecks by providing intelligent 'At-a-Glance' reports that show crucial device performance metrics on a single page. Decisions on which metrics best reflect the overall performance of the device are made in consultation with industry experts. These solutions also offer the ability to customize reports based on user requirements.

IT managers can also use the solutions to identify under utilized and over utilized links. Advanced systems also offer 'what-if' scenario simulators that allow administrators to gauge the growth in capacity given the growth in demand. This is a very useful feature when rolling out new applications.

Multiple network performance solutions are available in the market ranging from freeware, open source to proprietary software. Most of these solutions leverage SNMP agents on target devices to collect and chart performance statistics of key parameters such as device utilization, link utilization and error rates, availability and response times.

Security Management
Security Management is a vast domain on its own comprising threat management (firewalls, anti-virus, anti-spyware, content inspection, vulnerability management), identity and access management (user lifecycle management, single sign on, access control) and security incident management (log consolidation, data normalization, event correlation). Comprehensive security management suites are available today to provide an integrated approach to managing security at various touch points within the organization.

Vulnerabilities often exist at the network layer in the form of firmware loopholes, badly configured SNMP access control and non-existent access lists on critical devices. Solutions such as vulnerability scanners alleviate this problem by providing a list of vulnerabilities and bad configurations. These scanners obtain a list of the latest vulnerabilities from vendor websites. Using these reports, administrators can take remedial actions such as upgrading the firmware or modifying configurations.

Network security solutions also offer data security by means of Virtual Private Networks (VPNs) that allow end users to securely access data over public networks such as the Internet. IPSec protocols are standards-based and provide the three factors needed for secure communications-authentication, integrity, and confidentiality-even in large networks. The end-result is that with IPSec-compliant products, you can build a secure VPN in any existing IP-based network.

Multi-functional Solution
All said and done, network management is one of the oldest disciplines of IT infrastructure management and is here to stay. Network management solutions have come a long way from being just polling and charting tools to providing advanced analytics to minimize downtime and brown-outs. Today, CIOs are expecting solutions that provide integrated FCAPS functionality rather than a piecemeal approach. They also expect these solutions to provide analytics in the form of complex SLA reports, capacity planning information and root cause analysis to ensure that the network is always available and performing optimally.

Rajendra Dhavale,
consulting director, CA India and SAARC
vadmail@cybermedia.co.in
Rajendra has over 18 years of experience.
A frequent speaker at industry seminars and technical conferences in India, he is also constantly featured in IT/telecom publications.