Choose the Right Network Management Tool
Choosing the right network management software is often a daunting task. There are many features a network engineer requires, and many that he or she consider very nice perks. Stumbling across a usable software package, free or otherwise, that offers everything you need is nearly impossible.
In this article, we will talk about the features most network engineers crave, and the software that can deliver them. Part two will feature an in-depth review of two of the most appealing network management packages available.
It's all about features. Many large, complex and expensive packages have the basic features network engineers look for, but lack usability. HP OpenView and IBM's Tivoli are cost-prohibitive to most, and to others, simply too complex to use.
Arguably, the most important function of Network Management System (NMS) software is discovery. This means it tends to concern itself with layers 2 and 3 (define).
Most commercial NMS packages focus on layer 3, meaning that the graphs and maps are purely layer 3 (IP) data. Knowing where things appear in your network from an IP perspective is important, however, that doesn't help network engineers figure out exactly where something is plugged in.
Layer 2 discovery normally has the ability to associate a MAC address with a specific switch port, making it possible to identify a host's exact location. HP OpenView, for example, has the ability to make excellent network maps based on a router's ARP table and directly connected networks, but has trouble reporting where a computer is plugged in to the network.
NMS software should definitely be able to tell you when something fails. This can be as simple as ping, or as complex as monitoring, for example, mail or Web services to see if they are still responding properly. Verifying in-depth switch and router functionality normally falls into the next feature set, since most information of this nature can only be obtained via SNMP.
Another important feature of NMS software is the ability to receive SNMP traps. Sane defaults in this area are very important. A good NMS package will be able to notify you when L2 trunks fail, even when L3 is fully operational, while at the same time not bugging you every time a normal switch port loses its link (i.e. someone turned off a computer). An SNMP MIB browser also falls into this category, preferably with an interface to set various alerts based on the OID in question.
Many other features exist that different people will consider more valuable than others. A usable interface should, of course, be highly valued. The ability to generate pretty manager-ready reports on uptime and availability will be more important to some. The list goes on, and proportionally the NMS software becomes more and more complex.
Finding the middle ground between desired features and ease of use sometimes requires sacrifice. This can take the form of running multiple tools at once, or sometimes simply going without the features you really want. A short list of the most widely used solutions follows. Note that we are intentionally leaving out the large complex systems.
Nagios is an open source management system with many features, aimed primarily host and service monitoring. It can, however, be used to fill the role of a full-blown SNMP-based management system by setting it up to receive SNMP traps. Nagios can then generate alerts based traps received from hosts and network devices. Nagios shines in the area of service monitoring, with its ability to connect to SMTP, POP3, HTTP, NNTP, PING, etc. Nagios even allows very advanced monitoring of host statistics, such as disk usage, temperature, load, etc. Nagios has the ability to produce some of the best availability charts and graphs as well. It focuses on NOC operations by allowing you to schedule downtimes (i.e. suppress notifications) and track problem resolutions. Being open source and having a decent API also means that there's hundreds of plug-ins for Nagios. Nagios does lack discovery capabilities, however.
Netdisco is another NMS Suite designed for Linux-only that has a specific focus. This time, as the name implies, the focus is on network discovery. If this is most important to you, Netdisco is definitely worth a look. Netdisco takes discovery to new levels by providing the long sought after layer 2 discovery. It creates mappings from IP and MAC addresses to switch ports, and provides a great interface for searching the discovered information. Netdisco provides many useful reports as well, including: a clickable graph of the network topology, statistics about the number of nodes connected, and a great listing of security concerns such as rogue wireless access points and hosts using IP addresses that aren't in DNS.
WhatsUp is a very popular monitoring system that runs on Windows only. WhatsUp is a fairly complete NMS, implementing: monitoring, discovery, and reporting. It can even catch SNMP traps and provide information about devices using its SNMP Viewer. The intuitive interface, world-class maps and diagrams, and ease of use make WhatsUP preferred by many.
Big Brother's focus is purely on monitoring. Big Brother is a customizable and very pretty monitoring system that is easy to set up. It works on both Unix and Windows servers and clients. The web interface shows a statistics page with simple "red = bad, green = good" scheme. Big Brother can monitor services, as well as act simply as a ping tool.
Cricket is a one-feature piece of software, but it deserves mention here. Cricket graphs important data based on SNMP data collected from routers and switches. Most common uses include data rate of every port and temperature/COU usage. Virtually every site uses this package in conjunction with other NMS tools, since it excels at gathering and displaying this important information.
Unfortunately, this is the extent of the list. There are others out there, but they're generally commercial products that are obscenely complex to use. HP OpenView is good at translating SNMP events and drawing layer 3 maps, but that's about all. Even configuring events, such as "page me when this fails" is quite non-trivial.
WhatsUp, Netdisco, and Nagios are the preferred applications among a diverse group of network engineers. Most people chose to run Nagios in parallel with something similar to Netdisco or WhatsUp, since Nagios provides very advanced host monitoring solutions. In the next installment we'll focus primarily on these three solutions; examining how these programs can make your life easier, as opposed to more stressful had you opted for HP OpenView or similar solutions.