LANology's Network Monitor
Network monitoring is an important aspect of any well-run network. With the
Internet's increasing popularity, TCP/IP-based monitoring systems are becoming
more valuable and necessary every day. LANWARE, an affiliate of LANology, offers
Windows NT users a new product, NTManage, to monitor systems. With such a
product, you can improve the security and increase service uptime for most
enterprise networks. Both these improvements lead to monetary savings.
How can a network monitor increase your security effectiveness? Well, most
network break-ins occur on inadequately monitored networks, and a monitoring
service can help you discover intrusion attempts when they begin instead of
after it's too late to stop them. Denial-of-service attacks, in which hackers
bombard services with traffic and requests until the services can no longer
handle the load, are common on the Internet. NTManage can detect an overloaded,
nonresponsive service, and take offensive action toward remedying the situation.
Suppose an intruder accesses a service at a command level and simply issues
commands to bring the service down. A good network monitor can restart
non-responsive or stopped services automatically, hindering an intruder from
keeping them down or offline.
Service uptime is a huge concern in any network environment. One area to
watch is preventing services from crashing and locking up a server on a weekend
or after hours. Downtime at the wrong time means your network administrators
spend their off hours working on your network, which costs your firm money in
overtime expenses.
Service uptime and availability is often a direct reflection of your
business. With so many businesses adopting Internet technologies such as email
and Web servers as tools of commerce, people expect those services to be
available when they need to use them. You don't want a hot prospect sending your
sales staff important email, only to have that email bounce back to the prospect
because your mail server was down all night or all weekend. And likewise, you
don't want to spend money advertising your Web address only to find your Web
server was down during the ad campaign. NTManage can help eliminate these
possible fiascos. Let's look at NTManage and what it can do for you and your
network environment.
NTManage is a TCP/IP and Simple Network Management Protocol (SNMP)-based
monitoring system that notifies administrators about network problems through
onscreen, email, and paging interfaces. The product also includes rules-based
error reporting and notification that can spawn an application, run a separate
Visual Basic script per device monitored, page or email an administrator, and
write the errors to a log file.
NTManage supports SNMP 1 Management Information Bases (MIBs), and
fortunately, most major software and hardware manufacturers support SNMP 1. SNMP
2 support is expected in NTManage's next update. The SNMP protocol requires a
MIB for each device it manages to understand what management features and
functionality the particular device supports. The software ships with several
generic MIB types for monitoring and controlling devices and NT services,
largely without requiring a product-specific MIB. NTManage has a built-in MIB
manager and a MIB compiler and ships with several MIBs for common network
services, including Dynamic Host Configuration Protocol (DHCP), FTP, Gopher,
HTTP, Windows Internet Name Service (WINS), Gateway, Systems Management
Interface (SMI), Microsoft Internet Information Server (IIS) MIB, LAN Manager
MIB-2, and MIB-2.
The product sports a nifty split-screen, graphics-based network-monitoring
display that looks like a cross between NT's Perfmon and Network Monitor. The
difference is that the monitor is built into NTManage for quick access and can
graph data from remote SNMP devices. You can view total bandwidth utilization,
network traffic errors, and various packet counts for a given remote device.
NTManage includes configurable menu entries for quick access to external
TCP/IP utilities such as whois, ping, traceroute, telnet, FTP, and command
scheduler. Also, the product has a built-in IP address-assignment database for
tracking enterprisewide IP usage.
Four features in particular make this product shine. First, if your network
services, such as a SQL server or a mail server, run on an NT server or NT
workstation, NTManage can attempt to restart a failed service across the
network. NT servers monitored on the network map (created using NTManage to
monitor your network devices) export all services to NTManage so that if a
service fails, NTManage can attempt to restart it. If NTManage cannot restart
the service, it generates an error condition that follows the rules-based error
reporting you've defined. For example, if your SMTP mail server runs as an NT
service and fails, NTManage will try to restart the NT service automatically. If
the restart fails, NTManage will report the error using the methods and rules
specified in the configuration for that device.
Second, you can instruct NTManage to cleanly shut down and reboot an NT
server or NT workstation from a remote monitoring location. NTManage runs as a
desktop application, which means it inherits the security policies of the user
who is currently logged on to the system. For the remote service restart and
system reboot features to work, the user must have Administrator rights.
Third, NTManage has an auto discovery feature that can scan ranges
of IP addresses to locate all listening devices and their associated services.
Auto discovery works across routers and into subnets.
Fourth, NTManage has an auto mapping feature. It builds a network
map based on the information collected by the auto discovery feature.