Enterprise IT Management Blog from ManageEngine

Enterprises depend on network availability for business continuity. To keep the network up and running, it is bare essential to have a robust, reliable fault and performance management software that helps in effectively monitoring the network. With world-class ManageEngine OpManager in place, you have perfect control over the Network Monitoring arena.

To prevent network problems and performance degradation issues arising due to faulty device configuration changes, OpManager NCM plug-in is essential. OpManager and NCM Plug-in together make Network Management not only efficient, but also truly centralized.

If you are a Network Administrator responsible for managing the configurations of network devices, check yourself:

• Do you spend hours on manually configuring your devices?
• Do you laboriously logon to each device separately to retrieve or change configurations?
• Do frequent configuration changes pose threat to your network availability?

If yes, read on:

Automating these Network Change and Configuration Management activities with OpManager NCM plug-in could significantly save your time, cost and resources, reduce the risk of errors and thereby network downtime and improve efficiency and productivity.

Download the white paper "Overcoming Network Degradation Blues with OpManager NCM plug-in " to know how automating Network Change and Configuration Managament through OpManager NCM plug-in could make your job a lot easier!

Bala

Microsoft, on Thursday, announced an advance notification on the bulletins and patches that are to be released for March Patch Tuesday.

With just two bulletins, this month is relatively light compared to last month. Both these bulletins are marked important. While one affects the Windows Operating Systems, the other affects Microsoft Office applications.Surprisingly, this time, no patches is being released for Windows Server Operating systems. The affected OS and applications include:

1. Windows XP Service Pack 2 and Windows XP Service Pack 3
2. Windows XP Professional x64 Edition Service Pack 2
3. Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
4. Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
5. Windows 7 for 32-bit Systems
6. Windows 7 for x64-based Systems
7. Microsoft Office XP
8. Microsoft Office 2003
9. 2007 Microsoft Office System
10. Microsoft Office 2004 for Mac
11. Microsoft Office 2008 for Mac
12. Open XML File Format Converter for Mac
13. Microsoft Office Excel Viewer
14. Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
15. Microsoft Office SharePoint Server 2007 (32-bit editions)
16. Microsoft Office SharePoint Server 2007 (64-bit editions)
    

Alarms from Applications Manager can be of any of the following severity :

1. Critical (for Health & Down for Availability) -Amber
2. Warning - Orange
3. Clear (for Health & Up for Availability) - Green

A few examples for Alarms can be :

1. Service is down
2. Server is down
3. Process 'java.exe' is down
4. CPU Utilization has violated the threshold value, 90% > 80% ( Can be Critical or Warning as configured )
5. Response time is greater than the threshold value, 200 ms > 180 ms

Alarms can be notified through Email or SMS . Corrective Actions like restarting the service or server can be executed through ‘Execute Script ’ option when alarms are generated.

Let us now design an alarm workflow through Applications Manager for the scenario as shown in the diagram below :



The points below outline the solution for the above use case :

a)    In order that the first poll does not generate any alarm, you can configure to generate an alarm after ‘n’ consecutive polls

Ex : Poll 2 times consecutively before reporting the monitor is down.

You can configure this option

1. Globally : This would mean that a Critical or Warning alert will be generated for all monitor types ( Server, Tomcat, Apache), for all attributes ( CPU, Memory, Java Heap Size ) only if the attribute has crossed the threshold 2 times
2. At the specific attribute level : This is done while configuring the Threshold . This policy can be applied to monitors with similar attributes thereby saving time and managing escalation policies effectively.
   

The status of the Monitor will not change in the first poll. If the fault (or event) is still active in the second consecutive poll, the status of the Monitor changes to Critical or Warning, as the case may be.

b)    You can configure to Send Email or SMS and also execute a script for corrective action or 'Log a Ticket' in ServiceDesk Plus, when the alarm is generated in the 3rd poll. In order that this alert be raised as ticket in your helpdesk, configure the Helpdesk Email address in the Email Actions.



The second step in the above use case is thus solved. Now, the third one is to raise a ticket when the alarm is not acknowledged for 20 minutes.

c)    If the alarm is not cleared automatically or manually within the next 20 minutes, you can configure Alarm Escalation Rules .

A screenshot of the Alarm Escalation Rule is shown below :



Using these rules, you can create a ticket in your Helpdesk if the ticket is not closed within 20 minutes. You have to configure your helpdesk email address in the To Address while configuring Email Actions, so that the alarm is generated as a ticket in your helpdesk. [In case, if you would want to raise a ticket with ServiceDesk Plus , you can use the ‘Log a Ticket ’ Action or use the Email Commands Template to generate a ticket.]

The Technician can login to the Helpdesk System to add notes/work log in order to update the steps taken to resolve the problem. Once the problem is resolved, Application Manager automatically changes the status of the monitor to Clear (Green) in the next poll.

Let me know if you have a different alarm work flow, which needs to be integrated into Applications Manager.

Kevin

Remember ‘Minority Report’, the Steven Speilberg directed sci-fi movie starring Tom Cruise? The movie is set in futuristic Washington where the police force employ ‘precogs’ with precognition abilities to view murders that occur in the future. The police use these precogs to track down and stop murders before they happen, and they cut the crime rate in the city by 90%!



IT administrators might wish they had precognition too, so they can track down problems in their network before they occur. Now we can say their wish has been granted. Applications Manager has introduced Anomaly Detection, a new feature which detects potential threats to server or application performance beforehand and sends out alarms. The IT team can analyze and interpret the alarms generated and take pre-emptive action before things go out of hand.

How does Anomaly Detection work?

You have to define anomaly profiles on the performance metrics of an application or server such as CPU Utilization. Applications Manager then continually compares the performance data with the pre-defined set of best data and sends notifications if they deviate from established patterns. Any deviation from normal behavior can be interpreted as a potential threat to application performance.


The anomaly detection capability helps system administrators move from a reactive approach to troubleshooting problems towards a more proactive approach. This in turn can help improve their overall efficiency and bring down IT costs.

Anomaly Detection is available as an add-on feature to Applications Manager and works with both the Professional and enterprise editions. Feel free to try this out and let us know what you think!

Now that you know the need for a Network Connector between OpManager and Applications Manager, let me detail out how to connect these 2 applications through the Network Connector.

Based on recommendations, you can install OpManager and Applications Manager on the same server or a different one.  You should have purchased the Network Connector Add-On in order to connect these two applications.

Step 1 : Configure OpManager details in Applications Manager Admin Interface : Admin -> Add-On Product Settings, click Add against OpManager.



Enter the servername, portnumber of OpManager application and the username and password to connect.



Step 2 : Once you save the settings, the “Fetch Now” image will be active, as shown in the image below. Click the Fetch Now image to fetch data from OpManager.



Step 3 : Create a New Monitor Group.



Step 4 : Click Associate Monitors.



Step 5 : Select the Network Devices which you want to monitor through Applications Manager. You will find the Network Devices, below the Available Monitors section.



Click Associate to add these devices to the monitor group.

You can find that the Alarms generated against these devices in OpManager will be propogated to the Monitor Group view in Applications Manager.

Network Devices Availability & Health :



Network Devices Alarm Snapshot :



You can click the link against the name of these devices to view their snapshot.

You should try it to know how easy and useful it is.

Kevin

In previous discussions, we have mentioned that NetFlow Analyzer offers various kind of reports for bandwidth analysis. Just thought we should highlight the various types of reports available in NetFlow Analyzer and how they help in better bandwidth monitoring and traffic analysis.

To be simple, NetFlow Analyzer depends on the NetFlow packets exported from the routers and switches and generates various reports which can be helpful for bandwidth analysis, bandwidth measuring, troubleshooting and trend analysis etc.

NetFlow Analyzer shows information on the interfaces and their traffic from the product UI itself with PDF and CSV export options available. In addition to these, the product has more reports to help in detailed bandwidth analysis. Following are some of the reports available in NetFlow Analyzer :

1. Troubleshoot report

2. Search Report

3. Consolidated Report

4. Compare Reports

                                  

Troubleshooting Report:

I believe you have an idea about the storage pattern in NetFlow Analyzer with help of Data Storage Pattern Blog . Troubleshooting report is generated from the raw data, (about which we have discussed in the Data Storage Pattern Blog) and is used for detailed traffic analysis, helps identify cause of network spikes with complete port level information.

Troubleshooting Report can be generated by clicking on the troubleshooting icon present in the Interface View for each interface or we can drill down to specific interface then click on More Reports present at the right corner of the user interface. We can generate troubleshooting report by specifying criteria as per our report generation needs. Troubleshoot report can be generated for the time period raw data is stored in NetFlow Analyzer. So, any time you need a detailed analysis of traffic, dont forget the troubleshoot report.

Search Report:

Search report is similar to troubleshooting report but this report generated from aggregated data which is based on top 100 (Again the Data Storage Pattern Blog should give you an idea). You can can generate search report by clicking on More Reports available in Interface View right corner. You can select the interfaces for which you want to generate report by clicking on "Select Device" and like troubleshooting report, you can specify different criteria as per report generation needs. This report is most helpful when you need to analyze specific information going back in time. The report, since it is generated from aggregated data, can give historic information. Imagine having around 80% report accuracy for data ranging back to years !

Consolidated Report :

Consolidated report is a single page report which will list the traffic graph for the selected interface or IP group with the top 10 Application, Source, Destination and Conversation on IN and OUT basis. Consolidated Report can be generated by clicking on the Quick View icon present in the Interface View for each interface or we can drill down to specific interface or IP group then click on More Reports present at the right corner of the user interface. The reports help get a quick view on the traffic stats from each of the interfaces thus helping to avoid drill downs to the interface and then checking the top applications one by one.

Compare Reports:

Compare Report help you compare the traffic pattern over time or with different devices, networks or locations. You can get a picture on the traffic pattern for different devices or have an idea of the traffic pattern for the same device over time. To know more about Compare Report in NetFlow Analyzer, check out this blog.

Most of the reports we have talked about may be needed on a daily basis. Instead of having to generate the report everyday, you can have the reports emailed to you and this is where our Schedule Reports help.

Schedule option lets users create reports about the information they need and have them emailed on a daily, weekly or monthly basis. The reports can be send to multiple email addresses and users can set time filters for daily reports and exclude the reporting on weekends. To know more about Schedule Report in NetFlow Analyzer visit this Blog.

With a better knowledge on the reports available in NetFlow Analyzer, I hope you can get more out of the product.

Demo | Download 30-day Trial | Twitter  | Customers

Regards

Praveen Kumar

Administrators are a harassed lot with the network issues following them everywhere. The frustration doubles when an guy rushes to a location in the middle of a night on seeing an alert only to find that there was never a problem in the first place. Optimizing the alert management configurations will prevent your inbox from being flooded with erratic up/down alerts.

Invariably, half the alerts are false positives that frustrate you and your team. Here are a few things that you can do to avert false postives:

1. Suppress Alarms for device: Its possible that you have pulled down some devices for maintenance or a device has crashed and may not be up any time soon. Tell OpManager to stop sending alerts for such devices. Go to the device snapshot page > Actions menu > Suppress Alarms and select the period for which you like the alarms suppressed.

2. Set up thresholds: When configuring thresholds, specify the consecutive failure counts. For instance, if the poll interval is 5 mins, a device might not respond to a poll due to a transient spike leading to a 'down' alert. The subsequent polls will succeed and you will find 'clear' alerts. This erratic up-down alerts can be avoided by letting OpManager alert you after 3 consecutive polls.

3. Configure device dependencies: If a router or a firewall is down, the devices behind these do not respond to polls resulting in unnecessary 'down' alerts. Configure device dependencies so that OpManager does not monitor a set of devices if the dependent device is down.

4. Optimize Syslog Rules: The consecutive failure counts can be specified even when parsing syslogs. The advanced syslog configuration screen contains a field where you can indicate the number of occurrences.

Yes, we are really flattered and it’s because of YOU. It’s been really a good start for us. ManageEngine ServiceDesk Plus has won two awards this year, Winner in Network Products Guide Product Innovation - IT Infrastructure Awards 2010 and runner in Windowsnetworking.com Reader's choice Award-2010 . We would like to extend our gratitude to all our customers who voted for us. Thanks for making us the “The Winners”.


Let’s bring home more awards together this year.!

For all those who love ServiceDesk Plus, you can now follow us in twitter @ http://twitter.com/SDPtweets & join us in facebook @ ManageEngine Fan page