Your network is filled with firewalls, servers, and routers that can detect and log security threats. But when a threat comes up, too many admins rely on a slow process of manually wading through tens-of-thousands of log entries to find and correlate a small number of log entries.

The result? Slow detection and response to serious security threats. What if there was a way to take all of that information, and turn it into something useful?

SolarWinds Log and Event Manager (or LEM) may be the answer. It not only centralizes and collects logs, but it also helps to correlate important events, provides advanced searching features, and even takes automatic action against threats, all in real-time! This full range of functions is referred to as SIEM – Security Information and Event Management – and it provides a powerful way to manage events on any network.

Here’s what it does:

Real-Time Event Correlation

LEM is designed to receive and process the tens of thousands of event log messages generated by network devices. Next, it uses a very sophisticated matching engine to instantly correlate events, identifying potential security threats or other issues.

Events are processed in real-time and in memory, meaning that they don’t need to be written to a database and then queried before the system can identify problems. Response is incredibly fast, though obviously higher log volumes could lead to slower processing depending on how powerful your server is.

A monitoring display, like the one below, shows alerts as they flood in. Alerts are generated when conditions match rules defined in LEM. Notifications can be set for alert types that need instant attention.

LEM ships with over 700 built-in event rules that can be used to start monitoring the network out-of-the-box. And, SolarWinds makes it easy for admins to create new rules. A simple graphical drag and drop interface allows admins to build new filters. Say goodbye to complex query languages!

Event correlation rules are very flexible. Rules can be set to correlate events based on times, or transactions that occur, or even groups of events. Thresholds can be specified for number of events in a time period. And, variables can be set for various conditions – for example, enable rules during certain business hours, but disable them outside of business hours.

Active Response

After an alert is detected, someone needs to do something about it! LEM helps here by being your “someone” and automating response to many situations.

SolarWinds calls this “Active Response,” and LEM includes a large library of possible responses to common situations. You can automate actions like:

• Quarantine infected machines, or force shutdowns and restarts.
• Block IP addresses.
• Disable user accounts.
• Kill processes.
• Restart or stop services.
• Force user log-off.
• Reset passwords.

Admins can still opt to manually respond to specific alerts with a few clicks in the GUI. Just select an event from the monitoring window, then click the “Respond” button to immediately force a specific action.

Some companies are very concerned about large-scale data loss from USB devices. Active Response can help manage data access via USB devices. LEM can identify unauthorized access and copying of sensitive files, and enable actions like automatic ejection of USB devices, or quarantine of workstations using USB devices.

Advanced Search Features

Have you ever tried to mine through a huge log database? It can be pretty hard to find what you’re looking for, and it can be slow to query databases for different event types and IP addresses.

LEM tries to take search to a new level with visual search tools. The search interface is designed to use a similar drag and drop interface as filters and rules. Building a search query quickly becomes intuitive and easy to do.

Visual search tools use a time-window slider near the top of the screen for focusing on specific time periods. The word cloud in the middle of the screen shows which words appear in events, with the most frequently occurring words being the largest. So say a worm outbreak results in many failed logon attempts. The cloud would likely show the event type in large font, indicating that something unusual is happening.

Other graphics slice and display data in different ways, such as the treemap shown on the right-hand side of the screen, as well as bubble-charts and histograms. There’s also a helpful reporting option, so you can dump search data into a convenient export. And, raw data can be accessed for manipulation using other tools.

Reporting

SolarWinds has included a powerful reporting engine with Log and Event Manager. Over 300 built-in reports help with everything from graphical summaries of activity, to detailed threat reporting and compliance.

Speaking of compliance, many of the reports are designed to show your organization’s compliance with standards and legislation like PCI DSS, Sarbanes-Oxley, HIPAA, and others. And, reports can be customized to meet specific needs.

Reports can be scheduled to run at pre-determined intervals. It’s a great idea for large reports that are needed regularly since scheduling a report to run at night frees up day-time processing power for other needs.

Easy Installation

LEM is deployed as a virtual appliance. In theory, installation is as simple as downloading the VMware or Hyper-V file and loading it up. Yes, you read that right – LEM now supports Hyper-V – a feature users have been clamoring for!

SolarWinds likes to refer to this as “live by lunch” installation, since database and web server configuration is eliminated.

In practice it’s a little more complex than that. If you don’t already have VMWare or Hyper-V running in your environment then you’ll need to set those up first. Fortunately the installer is helpful and includes links to the free VMWare ESXi platform. A desktop software package is also required to set up various reporting components.

On the downside, there is no Windows installer version of LEM which removes some flexibility. The only option is to use the virtual appliance. Most organizations looking at a product like this will already be using Virtualization technology, so in reality this isn’t much of a limitation.

The other component required: agents. Agents are needed for systems that don’t support SNMP/Syslog, and to enable some of the more advanced features of the product. Agents add key functionality, and you’ll definitely want them. But, the fact is that successfully installing agents on hundreds or thousands of machines can be an enormous task, even if using automated tools.

Pricing

The pricing model is notable because it is based on the number of nodes being monitored, as opposed to some software that is priced based on volume of log data. A huge number of factors can influence the amount of data generated – number of devices on the network, types of events, virus outbreaks – the list goes on and on. It can be hard to estimate how much log volume to expect.

SolarWinds has a good solution to provide some certainty around licensing costs. They license by node, providing a predicable cost-model without requiring administrators to try to estimate log volume.

Log and Event Manager pricing starts at $4,495 (USD) to monitor 30 nodes.

Summary

Log and Event Manager is a very cool tool! It blends log management with security incident response, delivering a well-priced, versatile, and easy-to-use product. Features like Active Response and the search centre will help to manage threats, and make it easier for administrators to understand what’s really happening on the network. The VM-appliance style of install makes it easy to get up-and-running quickly.

And, as a nice bonus for users of other SolarWinds products, LEM integrates with SolarWinds software like the Network Performance Manager and Server and Application Monitor. Integration allows the ability to send syslog messages to and from the other apps.

On the other hand, having the tool available as a VM-only install removes some flexibility. And the need to install agents adds complexity and increases the work involved in a large deployment.

But overall, the great UI design and rich feature-set of LEM won us over. Log and Event Manager is sure to fill a niche that many businesses are missing. Try it out yourself with a free 30-day trial download, or check out the Live-Demo for a closer look. If you don’t have a log and security response product like this, you’ll be amazed at what you’ve been missing.

As an end-to-end SIEM solution SolarWinds Log & Event Manager (LEM) aggregates, correlates and normalizes log and event data, and stores them in one single repository for centralized management. LEM extends it functionality to allow quick and easy search of the stored event data. Let’s understand the power of this advanced, intuitive IT search that helps IT pros quickly scan through and search for historical event data and get them on a report for analysis and forensics.

nDepth is a powerful search engine within the LEM console that lets you search all of the alert data or the original log messages that pass through a particular Manager. The log data is stored in real time, as it originally occurs from each host (network device) and source (application or tool) that is monitored by the Manager. You can use nDepth to conduct custom searches, investigate your search results with a graphical tools, investigate alert data in other explorers, and take action on your findings.

LEM has two data storage areas – one to store the messages from the original event logs, and one to store the normalized alert data that the Console reports in the Monitor view.

• In Alerts mode, nDepth summarizes and explores your alert data. This is the normalized data that appears in the Monitor view and is stored in the LEM database.
• In Log Messages mode, nDepth summarizes and explores the raw log messages that are going into nDepth Log Storage from the original event logs. This mode is intended for security admins who have specific data analysis needs, and who fully understand how to interpret the raw log messages that are generated by their network devices and tools.

Both, the raw log messages, as well as the normalized data, are viewed within the same LEM console.

nDepth summarizes and displays search results with several different visual tools that can also be combined into a customizable dashboard. The tools are intuitive and interactive – you can point and click to refine your searches. Each graphical tool provides an alternative view of the same data, so you can examine your data from several perspectives. You can also view and explore a text-based view of the actual data.

These visual anlytical tools are:

• Word Clouds: This shows keyword phrases that appear in your alert data. Phrases appear in a size and color that relates to their frequency. You can filter this view to zero in on a range of activity. You can also click a phrase to create or append a search based on that phrase. Word Clouds is the first-of-its-kind implementation in a log monitoring system.

Word Cloud Visualization

• Tree Map: This shows the items that appear most often in the data as a series of categorized boxes. The size of a box within each category is associated with its relative frequency. The more often an item occurs, the larger its box appears.

Tree Map

• Bar, Line, Pie Charts: These are a group of widgets tha shows your most frequent data items as a series of bar, line and pie charts.
• Bubble Charts: This shows your most frequent data items as a series of circles or “bubbles.” The size of each bubble corresponds with the item’s relative frequency. The more often an item occurs, the larger its bubble appears.

Using the nDepth Widget Builder, you can create a new nDepth widget or edit the configuration of an existing nDepth widget.

nDepth Widget Builder

• Histogram: nDepth’s histogram summarizes alert activity within a particular period. This histogram is for a search of the last 10 minutes of alert activity. The bright zone shows the period that is currently being reported. The gray zones show activity outside of the reported period.

Histogram

Result Details is a text-based view of all of the data you are investigating. This feature also supports nDepth’s search capabilities allowing you to create or refine searches by dragging and dropping search strings from the search data into nDepth’s search box.

Result Details

Based on the resuslt details of the search, you can use the “Respond” button to perform responsive actions like Block IP, Detach USB Drive, Logoff User, etc.

Export Search Data into Ad Hoc Report: Search data can easily be converted into ad hoc reports which can later be exported as PDF. The title of the report, graphs, and pages can be customized as desired.

LEM simplifies the search process by allowing you to save the search already carried out. These searches can be saved and later run again as required.

Export Data into ad-hoc report

To consolidate, the nDepth feature in SolarWinds LEM can be used to:

• Search normalized alert data and the original log messages, and can also be used to explore log messages that are stored on a separate nDepth appliance.
• Intuitively view, explore, and search significant alert activity. nDepth summarizes alert activity with simple visual tools that you can use to easily select and investigate areas of interest.
• Conduct custom searches with the Search Builder
• Save and reuse custom searches
• Export your findings to a printable report in PDF format, or your search results to a spreadsheet file in CSV format.
• Use the Respond menu to take action on any of your findings.
• Export your findings to a report in PDF format.

With a wide variety of other features like real-time event correlation, 300+ pre-build audit-proven compliance reports ready for use, Active Response technology to respond immediately to network threats, LEM is just the SIEM solution that can keep your infrastructure secure while saving a ton of time, effort and post-disaster hassle!

Download a Free Fully-Functioning 30-Day Trail of Log & Event Manager

Once you have a good network monitoring system in place, what’s next? Many organizations have a gap around configuration, compliance, and inventory management.

They know which routers and switches are up or down, but don’t necessarily know useful information like which admins made recent changes (and why!), which devices are mis-configured or running old code, and which devices are no longer supported by vendors.

ManageEngine’s DeviceExpert has lots of features designed to make it faster, easier, and more accurate for admins to manage network device configuration:

• Automation: simplify routine tasks with scripts to help automate firmware updates and security updates.
• Monitor devices for configuration changes, and quickly roll-back to known good configs.
• Audit changes: know when and who made a change, quickly compare different config versions.
• Automate inventory tracking for serial numbers, ip addresses, and more.
• End-of-Life management helps admins proactively plan refresh on aging hardware before losing vendor support.
• Compliance management: define and enforce standards, check devices for compliance.

How well do those features stack up? Read on to find out…

Automate Routine Network Maintenance

One of the most common tasks for administrators is to perform routine firmware and software updates. But updating routers and switches can be a mind-numbingly time consuming task, even if your network is small.

DeviceExpert’s solution is to automate those routine jobs by scripting them. Once a script template is created, the tool will run those scripts on any device or group of devices that administrators choose.

This feature has huge potential. For example, admins could automate tasks like SNMP configuration, VLAN Configuration, Access Control List changes, or even interface configuration – and much more.

Let’s look at one example – a password change. The screen below shows the template script for a password change, and the new password is simply entered as a variable: %password%.

Starting the script launches a screen that will prompt for any variables to be filled in – so in this case we’re prompted to enter a value for “%password%”. Once that’s done, use the box at the bottom of the screen to choose which devices to run the script against – then click “Execute” and watch the magic happen.

Like any script, it could take some trial-and-error to build something that works as expected most of the time. It would be great to see ManageEngine provide more sample templates for common hardware, or even an integrated forum for users to exchange their own templates.

Configuration, Change Management and Auditing

Change management is a major strength of DeviceExpert – but, and it’s a big but, it revolves around using DeviceExpert to “push” configuration changes to network devices, rather than logging on directly to make changes.

This requires a discipline change that some admins may have trouble with – requiring them to edit entire config files in the GUI and then load them to the router, rather than logging on to the console and entering commands the traditional way. Love it or hate it though, there are huge benefits to a system like this.

First, it automates part of the change management approval process with role-based controls. Users can be granted rights to create new config files, but not be allowed to push configuration changes without administrator approval. This would probably be most useful in situation where junior staff work closely with seasoned admins.

Second, it provides an audit trail that tracks which users have uploaded configurations, so the right people can be involved in fixing problems.

Third, it simplifies configuration management and could save hours of troubleshooting. Picture a scenario where an admin makes a series of changes to a router on a weekend. The admin runs through their test plan and all looks fine. But on Monday morning, the helpdesk is deluged with phone calls related to a problem caused by the change.

DeviceExpert makes configuration rollback simple – the changes are all recorded, and on Monday any administrator can simply roll-back to the original baseline configuration.

And finally, it provides alerts when device configurations are changed, even if changes are made directly on the device. It can send email, SMS, SNMP, and use other ways of notifying administrators whenever configurations is modified. This eliminates the problem of mystery changes that haven’t gone through the change management process and aren’t discovered right away, potentially reducing downtime.

Policy Compliance Management

This is one of the more interesting features of DeviceExpert, because it helps to standardize the network, and identify devices that don’t conform to your standards.

The software monitors your network devices, and compares configurations from every device against a set of policies determined by you. Any device that doesn’t match is flagged so that admins can take action.

Have a look at the example in the screenshot below – the “CiscoIOSPolicy” specifies that all devices should have NAT enabled. The device in question doesn’t, so this is flagged as a “Critical” policy violation. Admins can specify the severity of every policy violation, so that lower-priority violations can appear as “Warnings” only; compared to important security risks which might be “Critical.” Multiple policies can be specified for devices, or groups of devices.

Device End-Of-Life Management

An unfortunate reality: most networks have some old and outdated equipment still in production. Often, admins don’t find out that an old device is no longer supported until a problem pops up – and by then a problem could be critical.

DeviceExpert has a helpful new function called End-of-Life (EOL) management that is designed to help proactively manage older equipment. The software is continually updated with EOL data from various sources – manufacturer’s websites, service bulletins, and other information.

Next, that data is fed into a report that scans your network, identifying any devices near End-of-Life. The upshot is that admins are enabled to proactively remove unsupported devices from the network, rather than discovering them by surprise. This is a fairly new feature in the industry, so it will be interesting to see how it proves itself over the long term.

[Note:ManageEngine pointed out that they have a strong track-record of releasing new and innovative features, and are very confident in the ability of the EOL feature to identify and manage end-of-life hardware.]

Network Reporting

DeviceExpert has a very comprehensive reporting engine. Everything from hardware inventory, to configuration change reports, and security auditing can be reported on.

Have a look at the screen clip of a configuration analysis report below. The screenshot shows only one small section of a large report that details nearly everything there is to know about a router.

Command Execution Tools

Want to save some time running basic show commands?

DeviceExpert provides an interface that can execute show commands like “Show Interfaces” or “Show Log.” The software executes the command on the target device, and then displays the results in the GUI.

It’s a great feature and a real time-saver if you’re just after information, and don’t need full access to the console.

Summary and Pricing

DeviceExpert is a very cool tool that most organizations should have, but probably don’t. It makes it easy to know exactly which devices are deployed, where they are, how old they are, and when they were changed last. It provides configuration backups and snapshots that make it easy to rollback a bad change. And, it provides a structure to automate many routine tasks – saving time and money. And, if you already have their OpManager network management system (Recently reviewed here) then DeviceExpert can be integrated as a plug-in.

On the other hand, some administrators may not like the idea of editing and pushing config files in a GUI, rather than logging on to routers. And, ManageEngine doesn’t have the same sort of user-exchange community like some of their competitors, so you’re mostly on your own when it comes to creating templates and scripts. Fortunately, the interface is simple and easy to use, so most admins will have no trouble creating their own scripts.

Pricing starts at $795 (USD) to manage 10 devices. Like they do with most of their products, ManageEngine offers a free 30-day trial download so you can try it out on your network. But be warned: you probably won’t want to give up this tool once you see it in action.

Are you still storing password in spreadsheets, or worse, Word documents? Spreadsheets and other text-based files can have serious security holes – not to mention problems with lost password files, and inability to restrict who can access which passwords. Password sharing in a large enterprise can be very challenging because of the many different types of systems and passwords involved!

ManageEngine’s PasswordManager Pro makes it easier for enterprises to store and share passwords among authorized users, with role-based access control, logging, and reporting. It even enables remote login to devices without sharing passwords at all!

There are some very good reasons to consider PasswordManager Pro like:

Easy Setup

Installation is easy – it only takes a few minutes for the software to install its database and web-server. PasswordManager provides a helpful setup guide that pops up on first launch. One small complaint was that once I completed the first step, the setup guide stopped appearing. Good thing I had a screenshot to work from, because I couldn’t figure out how to get that screen to display again!

Open Secure RDP, SSH and Telnet Sessions Right from PasswordManager

One outstanding feature is the ability to open up remote sessions to devices from PasswordManager Pro. This is unlike most other tools, in that the session runs from the PasswordManager Pro server – not the workstation of the user/administrator. The PasswordManager Pro server connects a Telnet, RDP, or SSH session to the target devices, and then emulates that connection for the end user in a browser window.

This has obvious advantages, including the benefit of saving time that normally would be used to copy/paste passwords from the password document. It also increases accountability, since PasswordManager Pro tracks password access and usage.

One of the great things about this feature is that it enables administrators to have much more control over access. Rather than giving out individual passwords to users, an administrator can simply add the user to a group permitted to access a given device. Then, then user can use a single-click to access and auto-logon to the resource without ever having to know what the passwords really are.

The great part? If administrators move to new roles and no longer need access, simply remove them from the access group. Organizational change becomes much easier to manage!

On the downside, there is currently no way to have multiple SSH or Telnet sessions open from PasswordManager Pro. This could create challenges for network administrators who may frequently need multiple sessions open to several different devices. The good news: ManageEngine tells us this functionality is on the roadmap for a future version of the product.

Role Based Access and Password Management

PasswordManager Pro can share and manage passwords several ways.

By default, administrators own all passwords they create. No other users can access or view those passwords unless they are deliberately shared. Owners can decide what level of access to grant to another user. Access can be granted to view, modify, or manage resources, and can be given to either users, or groups of users.

Users can also be granted various roles permitting different levels of access to the system and passwords in the system – administrator, auditor, “super administrator,” user, etc.

Add in LDAP/Active Directory integration, and this creates a very flexible access management structure.

Did an administrator forget to share a password? Enable password “workflows” and users can request access to resources from admins – and it’s a great way to grant temporary access too!

Password Control and Audit

All password activities are logged – so you’ll know whether a password is added, viewed, or changed. There’s even an “auditor” role that can be assigned to users allowing them to access all audit logs.

Better Password Management and Automated Password Resets

Changing passwords regularly is an IT security must, but in practice it isn’t done as regularly as it should be.

PasswordManager can help with total password management. It doesn’t just store passwords, but can go out and change them on your resources whenever a password is updated. It supports changes on a wide range of systems – from Windows and Linux, to SQL, Oracle, and Cisco or HP network devices. In some cases this could require a remote agent to be installed.

The software also provides reports that help administrators understand how passwords are being used. Know instantly how many passwords have expired, which ones don’t meet password complexity policies, and which passwords are rarely used.

The system can send notifications on password expiry, or even automatically change passwords at pre-determined intervals.

And Many More Features…

A few of PasswordManager Pro’s other features stand out, adding to overall value of the software:

• PCI (Payment-Card Industry) compliance reporting
• APIs for programmatic application password access – no more encoding passwords into scripts or code! Passwords can be pulled dynamically from the database as needed – and always using the most current password.

Summary

This is a very impressive product! It meets a real need for better enterprise-scale password management. It also adds features that enhance reporting, auditing, PCI compliance, user management, and more. And, the ability to remotely connect to Telnet/SSH/RDP is very impressive.

Complaints with this product are few, but there are a couple of kinks to work out. Occasionally, the product can feel somewhat rigid. Example: When adding a user you must set a password, and pick a password policy. But the default password policies are overly complex – so for example, a “medium” complexity password must be between 6 to 8 characters.

It’s incredibly frustrating as a user to be forced to use a specific length of password – it’s pretty clear why minimum password lengths are required, but I’m not aware of too many security holes caused by using too long of a password. So, why not set a 6-character minimum and be done with it?

Password policies can be customized, so there is a workaround. But, it’s annoying, and an example of the sort of rigidity that you’ll run into throughout the product.

Pricing

Pricing is based on a subscription model. It starts at $495 (USD) for the “Standard” version, for two administrators. The “Premium” edition starts at $1,195 (USD) for five administrators.

Standard features include things like:

• User and group management,
• Password sharing and policies,
• Auditing,
• AD integration.

The Premium edition adds additional features like:

• Remote device password resets,
• Password workflows, and
• APIs for application-to-application password access.

Few other password manager suites allow such ease of password management, and centralized control over how passwords are used. Add the ability to change passwords on remote devices; and secure, browser-based Telnet/SSH/RDP connectivity and you’ve got a win!

PasswordManager Pro is available for a free 30-day trial download. Try it out, and you may never go back to spreadsheets.

Application Monitoring software can make the difference between knowing that a server went offline after the fact, and knowing that a server’s disk space has been running out for two weeks, and that URL response to your web-apps has been getting slower and slower.

ManageEngine’s Applications Manager is an application monitoring system that can help you to proactively identify potential application problems, and notify you when unexpected problems happen. How well does it work? We took it for a test drive to find out.

Let’s start by testing out the main features of the Applications Manager:

Easy Setup

There’s not much to say about setup – it’s quick and easy as you’d expect for a product like this. Suffice it to say, most admins will have no problem installing and configuring the software.

Monitor lots of different apps

The Applications Manager can manage a wide range of apps. Need to monitor databases? It supports Oracle, SQL, DB2 and others – and can perform custom database query testing. Virtualization? No problem – monitor both VMWare and Hyper-V. Web Servers like Apache and IIS are supported, as are more advanced Website monitoring functions. For example, you can do URL monitoring as well as web content monitoring (alert if a page changes unexpectedly!), and more.

It also can monitor other services like Sharepoint and Active-Directory, Exchange, DNS, and FTP. Add custom application monitoring, SNMP and custom scripting, and you’ve got a very robust package.

Server Monitoring

In addition to applications, the tool can monitor most Server OS’es: Windows, Linux, Solaris, HP-UX, Novell and Mac OS are all supported.

Server monitoring simplifies management of your hardware platforms. It monitors key performance metrics like CPU, memory, and disk utilization. Alarms and notifications can be triggered if say, CPU usage gets too high, or if available disk space drops.

It also enables capacity planning by providing detailed reporting of past trends. It helps to identify which resources are getting slim, and allows administrators to proactively plan for optimum performance.

Application Monitoring

As you already saw, this product can monitor many different applications. Details on what can be monitored vary by applications, but a few examples include:

• Oracle and other databases – monitor server response time, connection time, number of users, and more.

• IIS: Applications Manager can use WMI to query IIS for content statistics and files transferred. It also monitors availability and response time

Group Multiple Monitors for Complete Service Monitoring

The ability to group multiple monitors together is a useful feature. It allows you to define components that deliver business services, group them into a single view, and alert when critical infrastructure components fail. This feature makes it easy to provide a dashboard that can give IT managers an at-a-glance view of critical business services – without having to know the details about which servers are involved in service delivery.

Clicking on a business view drills down to a detailed summary screen. This screen shows summary information about the applications and servers involved in delivering the service. In this screen we can see two database monitors are “critical,” and therefore the service is down.

Administrators could drill down further to aid troubleshooting. Clicking on any of the monitors would lead to a detailed status screen for that component. The detailed status screen shows things like recent alerts, events, and performance metrics – all helpful for identifying the root cause of problems.

Clicking on the “Business View” tab shows a visual map of all monitors that make-up the application. This screen also shows status of the components – again showing us the failed databases. Just like the summary screen above, clicking on a component leads to a detailed drill-down screen.

End User Experience Monitoring

End users in remote offices often have a far different opinion about how fast IT services are, compared to head-office staff. ManageEngine has a way to monitor and report on the end-user experience. An agent is installed at a remote location, and configured to monitor key services like DNS or file-server response time.

The end-user monitor reports back on service characteristics for the remote offices, shown side-by-side with local performance stats. The tool make it easier for administrators to understand how applications perform over the WAN, and helps them to detect performance problems,  giving confidence that the IT infrastructure isn’t the cause of productivity problems.

The only downside to this approach is the requirement to install agents – which by their nature require administrators to have target workstations available at their remote offices. It also means that the workstation and agent must be maintained, patched, and supported – adding to overall IT complexity. Finding spare hardware can be a challenge for many cash-strapped IT departments, but the insight that this tool provides into your wide-area network could be well worth the trouble.

Fault Alerting

Applications Manager wouldn’t be complete if it didn’t generate alarms and notifications of trouble. Notifications and other actions are triggered whenever a monitored application crosses an administrator-defined threshold – send email, run a script or program, or other action.

There’s also a useful Alarm view that provides a fast way for admins to identify active alarms. It provides an instant view of critical problems, and warnings that could become bigger problems. You can also use this view to drill down and view details on components in trouble.

Alarms can be configured with multiple thresholds. For instance, a CPU “warning” can be triggered when the utilization goes over 75%, then it can be cleared again when it drops. And, a “critical” alarm can be triggered when the CPU hits 100%. This should be a must-have feature for every monitoring system. It helps admins to identify potential trouble areas without the urgency associated with a critical alert.

Reporting

The reporting engine has a wide range of reports available covering things like:

• Availability reporting
• Application session details
• Summary trend reporting
• Web service health reports
• TopN reports
• And many others

Reports can be scheduled to run at specific times, or run ad-hoc with custom date and time parameters.

Comparisons can be generated by selecting at least two applications from the list, then selecting “Compare.”

Pricing and Editions

Applications Manager is priced per Monitor required. Monitors are required for each specific application, server, or service being monitored. A Windows server would require one monitor, and another would be required to monitor Apache running on that server. In addition, various add-on monitors are available at extra cost – such as the End-User Monitor that we covered earlier.

Most users will probably want the “Professional” edition, which includes most of the features reviewed here. Larger enterprises would want to consider the “Enterprise” edition of Applications Manager, which can support 250 or more monitors. It’s scalable, can be distributed geographically, and supports a fail-over redundancy for higher availability.

Cost for the Professional edition of Applications Manager starts at around $750(USD) for 25 monitors, but pricing varies based on the numbers of users accessing the web-client. More pricing information can be found on ManageEngine’s site.

Summary

Overall, the Applications Manager is a great tool that will help any business manage their applications and business services better. It is packed with capability, easily monitoring some of the most popular – and even some of the more obscure applications around.

Faults with this package are few. The UI is mostly easy to use. The navigation bar is a little odd the way it has a lower ribbon bar that doesn’t ever change to match the context of the main bar above, but it’s functional. The only other complaint is that I couldn’t find an easy way to access SNMP trap information sent from servers – but it’s probably there somewhere. [Note:ManageEngine contacted me to point out that SNMP traps can be monitored as long as "SNMP Trap Listeners" are configured.]

For such a well-priced product, the Applications Manager has a ton of features. If you’re looking for better application management then it’s well worth a second look. Try it out with a free 30-day trial download, or check out the LiveDemo environment.

The Problem: Admins receive an alert from your Network Management System when a random server crashes. But do they know which parts of the business rely on that server? Is it a crucial part of your e-commerce, or just a business support server that is not urgent to repair?

As an IT manager, can you see the status of your critical services at a glance?

ManageEngine thinks that they have the solution to all of this with a new product called IT360.

What is IT360?

Most IT shops have tools to monitor networks, log helpdesk incidents, track problems, manage change activities, and track inventory. But rarely are any of those tools integrated. The result is that it’s difficult to understand the impact of any one device failure on any other. And, lack of integration means that systems can be inefficient, and support slow.

IT360 is a unique suite of products. It integrates operations management with service management. It combines network management tools, asset management, service desk software, change management, knowledge bases, and more into a single tool. IT360 eliminates the complexity of managing multiple tools that maintain similar data, and delivers a unified view of the entire IT infrastructure.

The upshot of all this is a unified system designed for mid-to-large enterprises, making it simpler to understand your IT infrastructure from start to finish.

Features

IT360 incorporates a wide range of tools and features like:

• Business service views make it easy to monitor the health of a service at a glance. A business service view is configured by identifying the underlying servers, applications, and network devices that are relied on by services. Once that’s done then the main dashboard displays a list of all services, with status indicator beside each one. For example, in this screenshot we can see that eCommerce is down.

Clicking on eCommerce leads to a detailed summary screen, where we can see the cause of the service outage:

And, clicking on “Business View” shows the devices that the service uses, as well as their status. From here we could drill down further to view stats for specific devices, enabling further troubleshooting. Business service views are a great tool for both service managers who want to view a high-level dashboard, as well as for operations admins that need a fast way to troubleshoot specific failures!

• Special versions for Service Providers: the Managed Service Provider (MSP) variant is specially designed to help provide value to clients. It has features that enable SLA management, as well as the ability to differentiate devices and assets that serve different customers. It also makes it possible to change logos and other branding, so that customers see your own brand when they access support tools.

• iPad support – tablets like the iPad are starting to become convenient and widely used tools. IT360 supports an iPad optimized interface that displays information in an easy to use way.

• Network Monitoring: It goes without saying that a management tool like IT360 includes network monitoring, especially when ManageEngine makes the excellent standalone OpManager network management system. The monitoring capabilities of IT360 are very comprehensive. Monitor devices for outages or potential problems, set alerts and notifications of problems, and run reports when needed.

The network-specific dashboard shows a high-level status of all network devices. You can drill down to any of the devices to see detailed statistics on things like bandwidth utilization, memory usage, and more.

• Application and server monitoring is just as critical as network monitoring. IT360 can watch your servers to make sure that disk space is plentiful, memory is available, and that CPUs aren’t stressed.

On top of that, it also can closely monitor applications running on those servers. Applications supported include things like Exchange, SQL, Oracle, and IIS to name just a few. To take things further, IT360 can also query applications to test end-user response. So, you can monitor HTTP response, or Database query response, and alert on any slowdowns that might be caused by other backend infrastructure.

• An ITIL compliant Service Desk integrates with the other components of IT360 and simplifies incident management compared to the common practice of using separate management and helpdesk software, where the helpdesk might not be able to see recent change activity without switching tools. This makes it hard for support staff to correlate incidents to recent work, resulting in longer downtime.

But with IT360, modules for Change management, Problem management, and Incidents can all be displayed in a single pane of glass making it easy for support staff to link activities together, resulting in faster, more efficient support. And, the knowledge-base component allows staff to document solutions in a common location.

Alarms that are generated with IT360 detects an outage can automatically trigger incident tickets, giving administrators one place to view alarms, troubleshoot and resolve problems, and then resolve the incident.

• The Asset Management features help to manage your hardware and software inventory. It can scan for workstations, servers, network devices, printers, and other assets. Printers can report on supplies helping with re-orders.

Summary

As you’ve seen, IT360 has the ability to greatly simplify the way most businesses manage IT. And, the tools deliver value to operations experts, service managers, IT planners and the executive. The business-centric dashboard will deliver value to managers who want assurance that critical business functions are online.

The focus on business-context also means that staff can more easily understand the impact of outages, enabling them to prioritize their work on mission-critical systems, and simplify the IT workflow.

If you want to understand your IT infrastructure more clearly, then take a look at the IT360 live Demo environment to see the system in action, or download an evaluation copy of IT360. You might be surprised to see what this software is capable of.

• Consolidate multiple tools into a single, integrated suite.
• Enables better planning and troubleshooting and add business context to reports and monitoring.
• Simplify workflows between fault management, monitoring, troubleshooting, and service desk software.

Syslog is a way for network devices to send event messages to a logging server – usually known as a Syslog server. The Syslog protocol is supported by a wide range of devices and can be used to log different types of events. For example, a router might send messages about users logging on to console sessions, while a web-server might log access-denied events.

Most network equipment, like routers and switches, can send Syslog messages. Not only that, but *nix servers also have the ability to generate Syslog data, as do most firewalls, some printers, and even web-servers like Apache. Windows-based servers don’t support Syslog natively, but a large number of third-party tools make it easy to collect Windows Event Log or IIS data and forward it to a Syslog server.

Unlike SNMP, Syslog can’t be used to “poll” devices to gather information. For example, SNMP has a complex hierarchical structure that allows a management station to ask a device for information on things like temperature data or available disk space. That’s not possible with Syslog – it simply sends messages to a central location when specific events are triggered.

Syslog Servers

Syslog is a great way to consolidate logs from multiple sources into a single location. Typically, most Syslog servers have a couple of components that make this possible.

• A Syslog listener: A Syslog server needs to receive messages sent over the network. A listener process gathers syslog data sent over UDP port 514. UDP messages aren’t acknowledged or guaranteed to arrive, so be aware that some network devices will send Syslog data via TCP 1468 to ensure message delivery.
• A database: Large networks can generate a huge amount of Syslog data. Good Syslog servers will use a database to store syslog data for quick retrieval.
• Management and filtering software: Because of the potential for large amounts of data, it can be cumbersome to find specific log entries when needed. The solution is to use a syslog server that both automates part of the work, and makes it easy to filter and view important log messages. Syslog servers should be able to generate alerts, notifications, and alarms in response to select messages – so that administrators know as soon as a problem occurs and can take swift action!

Syslog Messages

We won’t go in depth on Syslog messages here, but there are a few important things to know.

Syslog messages usually include information to help identify basic information about where, when, and why the log was sent: ip address, timestamp, and the actual log message. Messages are sometimes in a descriptive, human-readable format – but not always!

Syslog uses a concept called “facility” to identify the source of a message on any given machine. For example, a facility of “0” would be a Kernel message, and a facility of “11” would be an FTP message. This dates back to Syslog’s UNIX roots. Most Cisco network equipment uses the “Local6” or “Local7”facility codes.

Syslog messages also have a severity level field. The severity level indicates how important the message is deemed to be. A severity of “0” is an emergency, “1” is an alert that needs immediate action, and the scale continues right down to “6” and “7” – informational and debug messages.

The Downsides to Syslog

There are a few downsides to Syslog.

First, the problem of consistency. The Syslog protocol doesn’t define a standard way for message content to be formatted – and there as many ways to format a message as there are developers. Some messages may be human readable, some aren’t. Syslog doesn’t care – it just provides a way to transport the message.

There are also some problems that arise because of the way syslog uses UDP as a transport. UDP is connectionless and not guaranteed – so it could be possible to lose log messages due to network congestion or packet loss.

Finally, there are some security challenges with syslog. There is no authentication on syslog messages, so it could be possible for one machine to impersonate another machine and send bogus log events. It is also susceptible to replay attacks.

In spite of this, many administrators find that the syslog is a valuable tool, and that the downsides are relatively minor.

Summary

As you can see, Syslog can be a powerful tool that can make it easier for administrators to manage complex networks. But one of the biggest challenges with Syslog is the volume of data. The logging server software must simplify log management, and help admins filter and focus on messages that truly matter. In a future post, we’ll show you some tools that you can use to get the most out of the Syslog.

In the meantime, check out our reviews of network management systems that also have syslog capabilities, like ManageEngine’s OpManager, SolarWinds Orion NPM, or OpenNMS.

In today’s networks, bandwidth consumption seems to expand to use up any available bandwidth. Demand can be driven by business use of cloud services, VOIP and Video, online applications, and centralized services. But, it can also be consumed by users with their own devices like iPads, Android Phones, and laptops; or for personal use of social media, video and photo sharing sites, and peer-to-peer networks.

Often, the solution is to throw more bandwidth at the problem – but that’s an expensive approach that doesn’t address the real issue. In time, critical applications are once again starved of needed bandwidth, and eventually slow down or stop working.

But there is a better way!

The ManageEngine NetFlow Analyzer helps by identifying exactly what types of traffic travel over the network. This allows administrators to take action that could save bandwidth, and delay or reduce the need for costly upgrades.

The NetFlow Analyzer is installed on a server, and then network devices configured to send data to the Analyzer. Administrators access the Analyzer via an easy-to-use web console. ManageEngine supports “Flow” data from a large number of hardware vendors, so it can collect NetFlow, J-Flow, and sFlow, data.

Graphing and Reporting

NetFlow Analyzer has a wide array of charts and graphs to help identify exactly what traffic is flowing on your network. Graphs are sorted by network devices, application types, or other custom groupings. It shows who the “top talkers” are on the network, and what kind of traffic they are generating.

Helpful dashboards, like the one below, show your network at a glance. The “Top Applications” graph shows what kind of applications use the most traffic – and NetFlow Analyzer can identify most common application types so there’s little guesswork involved. “Top Conversations” shows which data flows and devices are generating the most traffic overall.

NetFlow Analyzer Dashboard

Identify Bandwidth Hogs

Device grouping allows administrators to create logical groups of devices or network subnets. This enables NetFlow Analyzer to generate charts and reports sorted by those custom groups. So for example, administrators could create groups sorted for different branches to determine what kind of data needs a specific workgroup has. This could be useful for troubleshooting or move planning. Or, it could be easily used to monitor traffic for a group of application servers helping to show the network impact of new services.

NetFlow Analyzer Logical Groups

Drill down to an IP group to see more detail, including Total traffic, and in/out utilization.

Group Detail Reporting

Next you could click on the “Capacity Planning” link to jump to a detailed usage report for that group. The report includes some of the information already covered, as well as a very useful Application Report. The Application Report shows top applications used by volume and by percentage of total traffic.

NetFlow Analyzer Application Reports

Data for the group can be displayed in several ways: by application, source, destination, or conversation to name a few. The screenshot below shows a conversation view.

Traffic by Top Conversation

Reports can be exported for use with other applications. NetFlow Analyzer includes native support for emailing reports, exporting to PDF, or exporting to CSV to make it easier to mine through data in Excel.

Alerting

Another useful feature is the ability to set Alerts. An alert can be created to trigger when specific IP addresses, subnets, applications, or port/protocol combinations exceed a threshold. Thresholds can be based on utilization, volume limits, speeds or packet rates.

If an alert is triggered, an email will alert administrators to the situation. Alerts can also be configured to only alert during business hours, though this appears to be a global setting and not configurable for individual alerts.

Security Analysis

NetFlow Analyzer can also help administrators to monitor network security with the add-on “Advanced Security Analytics Module.” Obviously this isn’t the same as running a dedicated security appliance, but rather it adds another layer of monitoring which is never a bad thing – and in fact might be just the right tool to complement existing security.

The Security Analytics module monitors all network flows for anomalies. If an unusual traffic flow is detected, it logs it and attempts to classify the behavior. This can be very helpful for detecting traffic generated by worms or DOS attacks.

Security Analytics Identify Threats

Reporting

The reporting module is where administrators can configure reports that are accessed regularly. A small range of application, conversation, source/destination, and other reports are available.

On the plus side, reports can be scheduled to run and be emailed on a regular schedule. But on the downside, the scheduling module doesn’t seem to talk to the report profiles – so setting up a schedule means that reports must be configured from scratch again. It would be great if the reporting module felt more integrated with the other great reporting capabilities of the tool.

The reporting UI can be a little frustrating to use. For instance when expanding a profile to select a report to view, after selecting the report the selection tree would disappear. So if you clicked on the wrong report, you need to expand the tree again to find another report.

But other than those few minor complaints, reporting works well and provides a wealth of information.

NetFlow Reporting Module

Pricing

Pricing for all of this capability is surprisingly affordable. Prices for the “Professional” version start at $795 USD to monitor 10 network interfaces – which would be enough for most medium businesses to monitor their internet access and other key network devices. More information is available by requesting a quote from their website.

Summary

A NetFlow monitor is a crucial piece of network management software that every administrator should have. With ManageEngine’s NetFlow Analyzer it’s easy for an administrator to identify users who are sucking back excessive bandwidth for Peer-to-Peer file transfers, or even find machines infected with worms that could be generating malicious traffic. Or, departments and workgroups can be grouped together for reporting, helping a business to fine-tune bandwidth needs when parts of the office move to new locations.

On the other hand, it has a few small faults. For one, it would be nice to see the UI updated to be a little more intuitive and menu-like. Clicking on various parts of the tab-style layout often doesn’t seem to produce the desired result – the application felt as if it jumped around from module to module in an unexpected way. With time I began to understand the logic behind the UI and became more comfortable with it. But, it would be nice to see the UI get the great treatment that ManageEngine recently gave to their updated OpManager console. (You can read our review of the updated version here.)

But those are small complaints on a great tool overall. The NetFlow Analyzer does a great job of monitoring the network and helping to present that information in an understandable, useful manner. If you’re still struggling to understand what traffic is flowing over your network, then we recommend downloading the free 30-day trial of the NetFlow Analyzer, or checking out the Live Demo. You might be surprised to find out what users are really doing on your network!

Are you winning the battle to tame your network? Or are you constantly are surprised by servers running out of disk space and bandwidth shortages? Does the ring of your cell phone make you shudder and wonder what just broke? If you answered yes, then you need better network management software!

ManageEngine’s OpManager can help you take control of the network. OpManager is a powerful network management system that includes features like network monitoring, alarm notification, health reporting, and more.

Note: Jump straight to Aaron’s OpManager video walkthrough

Features

OpManager has a long list of features that make network monitoring simple and efficient, including some great new features over earlier versions. Some of the new features include:

• Hyper-V support – OpManager now provides Hyper-V tracking, monitoring, and inventory features.
• New Improved UI – Menus have been reworked for easier navigation and more intuitive use.
• REST API – New APIs provide a way to fetch data from OpManager from other 3^rd party service desk applications.

How well does it all work? Let’s jump right into the product, starting with:

Easy Installation and Configuration

Installation was fast and simple.  A small number of options presented themselves: whether to install as a service, which web port to use, and whether to use the built-in MySQL or a standalone MSSQL server to name a few.

Configuration is the next step, and OpManager presents a helpful list of recommended tasks on startup.  First on the list is network discovery – enter your SNMP strings and IP ranges, and away you go. In general, configuration is very easy. It’s simple to add devices or to discover new networks.

OpManager allows admins to create Templates that can be assigned to devices, making it easy to set a large number of devices to be treated the same way. Templates specify settings like polling intervals, and parameters that will be monitored on each device. For example, all file servers could be placed into a template that would activate disk utilization, memory, and CPU monitoring.

IT Workflow Automation

One of the new features in OpManager 9 is something they call “IT Workflow Automation.” What is it?

IT Workflow automation allows administrators to automate routine maintenance, as well as troubleshooting tasks that they would perform when a network fault occurs.

For example, suppose that whenever a website fails, your first tasks would be to ping the server, and attempt to re-start the web-service if the server is up. IT Workflow automation can do that for you – minimizing downtime and giving you time to find the real cause of the problem.

Script Monitoring

Closely related to Workflow Automation is Script Monitoring. If you’re like most admins, you have a many scripts that you use to retrieve data and perform tasks on your servers.

OpManager allows you to bring all of those scripts together into a single management console – making it easy to share common scripts among all of your servers.

It also supports setting thresholds and alerts on script results – which could then kick off automated tasks to repair problems. All in all, a very cool set of features!

Dashboards

One of the first things you’ll see in OpManager is the Dashboard, an at-a-glance summary of your network.  Several different dashboard views are available, and all can be customized to suit your particular needs.  Widgets can be added, removed or customized to show data you find useful.

The dashboard is a great help for troubleshooting. For instance, you could add a real-time chart to monitor key variables – memory, CPU, interface traffic, and much more.  Then, you can see instantly if your internet connection is saturated, or if your server is out of disk space.

Device Monitoring

Device monitoring is at the heart of any network management software.

OpManger does a great job of monitoring devices for potential problems.  It can use standard SNMP as a monitoring method, but it can also use WMI to monitor Windows servers and Active Directory.  And, it can use SSH/Telnet to monitor statistics for Linux servers.

Device snapshots display current statistics for monitored systems.  The snapshot page contains information on response time, availability, and various other key metrics depending on the type of system being monitored.

You’ll also find detailed information on interfaces, as well as trend data through links at the bottom of the snapshot window.

Mapping

The newest version of OpManager adds some nifty new automatic mapping features. Administrators simply chose a “seed device,” and the system dynamically maps the other devices connected to it. Devices are shown with a status icon, enabling an instant view of any trouble spots on the network.

URL monitoring

Have you ever been caught when a website failed, even though the server was up and running? Say goodbye to that problem thanks to the URL monitor. The URL Monitor can perform synthetic transactions, testing to verify that login pages and other web-applications are always working.

Another feature is called “Content Match.” This useful tool allows administrators to monitor a page for specific text. If that text ever goes missing for any reason – maybe an accidental delete or worse, a malicious attack – then an alert is triggered allowing a fast response.

Reporting

OpManager has a fantastic reporting engine that can generate many different types of reports.

We can’t cover them all, but here are a few examples of the kinds of reports available.

Service level reporting provides a helpful overview of the network’s availability – great for showing the boss what an excellent job you’re doing of keeping the network running.

At a glance reports provide a summary of key metrics for a device, providing a fast way to identify potential performance problems and bottlenecks.

Health reporting dives a little deeper, and contains statistics for key performance metrics for specific devices.  This type of report helps to identify problem devices or circuits in relation to the rest of the network.

Finally, custom reporting allows administrators to query variables for specific devices and date ranges. The only downside to custom reporting is that it is not run from the Reporting module – it is accessed by clicking on a device, then by opening up one of the graphs shown on the device’s detail pages.

Overall, the reporting module is improved over previous versions of OpManager. It is more fully-featured and easier to use, and allows creating of custom reporting as well as filtered report views based on “business views” which are like lists of devices. On the other hand, I’d still love to see a simple query engine that would allow an admin to generate trend reports on the fly, for any monitored SNMP variable on any device. But we’re getting into wish-list territory, and the default reporting is generally excellent.

The User Experience

Overall, OpManager provides a great user experience and version 9 brings several improvements that make it much easier to use. The menu system has been reworked, and is now much more user friendly and intuitive.

The system allows for creation of multiple users with various levels of access.  The UI also supports rebranding – changing the overall look-and-feel to use your own corporate colors and logos.

Additionally, the entire console is administered and accessed almost entirely via the web-console. This makes management a breeze.

Alarms

What network management software would be complete without alarms and notifications? OpManager doesn’t disappoint here either, with the ability to set threshold alarms to trigger a range of notification methods.  All the usual suspects are here: email, SMS text, run scripts, etc.

Two useful features help to make the alarms well rounded.  A downtime scheduler allows admins to set outage windows in the system – perfect for reducing needless notifications during planned maintenance. And, dependencies can be set so that an outage to a key device doesn’t flood admins with alerts for all of the systems behind that device.

Clicking on an alarm provides a drill-down view of the alarm and event history for the device in trouble. The detailed view is a great troubleshooting tool, helping to identify chronic problems.

Also under the Alarms module: a useful “Devices to Watch” dashboard, which shows all devices that have triggered various types of alarms. The dashboard shows the device name, status, and key performance stats on CPU and Memory usage.

The only complaint I can find is that OpManager still doesn’t have the ability to set multiple threshold alarms – yet.  The good news: ManageEngine tells us this feature is coming in a very near future release of the product.

Having multiple thresholds allows an administrator to specify that warnings will be triggered at a certain threshold, and a critical alarm at another level. This would be useful for monitoring things like temperature or disk utilization that might creep up gradually – and allow administrators to monitor the situation before a critical state is reached. It will be a welcome addition once it’s available.

Plugins

ManageEngine offers several plugins as separate products that integrate smoothly with OpManager. There are too many to cover here, but examples include their VOIP monitor, and a useful tool called “Compliance Manager.” Compliance Manager scans devices and identifies if a specified policy is not met.

For example, in the screenshot below Compliance Manager has identified several critical violations on a Cisco device.

Other available plugins include:

• WAN RTT (Round-Trip-Time) Monitor, using Cisco IP SLA Technology

Monitor WAN links for latency, bandwidth utilization, Round–Trip–Time and other key performance indicators.

• NetFlow Traffic Analysis

The NetFlow plugin provides detailed graphs and reports that show not just how much traffic, but also what kind of traffic is flowing over the network. We recently reviewed the stand-alone NetFlow Analyzer from Opmanager, and recommend it for anyone struggling to understand why they never have enough bandwidth.

• Network Change Configuration

Detect changes to your network devices when they happen, and automate backups.

Pricing and Editions

OpManager’s pricing varies depending on how many devices you need to monitor – but the pricing scale has affordable options for everyone from small business to large enterprises. For example, a 50-device license would cost as little as $1,995. In addition, different plug-in software can be purchased that add extends functionality.

OpManager has several editions, including an Enterprise edition which is scalable up to 50,000 interfaces. It also has options for high-availability thanks to hot-standby servers and probes.

Given the range of pricing available, we recommend contacting ManageEngine for a price quote. More information can be found on their website.

And, trial versions of OpManager are free for 30 days!

Summary & Video Walkthrough by Aaron

OpManager was good before – now it’s great! It is an extremely versatile, feature-rich system, made better by new features like Mapping, Hyper-V support, and the improved UI. Alerting is comprehensive and full of information sure to help administrators fix problems faster. The reporting module provides data that will be useful for everyone from administrators to service managers. And, features like URL monitoring provide assurance that websites critical to the business are online.

On the downside, it still doesn’t have multiple-threshold alarms, but that feature is on the roadmap and no doubt will appear soon.

In our opinion, the new and improved OpManager is well worth your time to test out. Try out OpManager’s 30-day free trial download and see what you think.

Have you ever received complaints from your remote sites about poor network performance?  Do you have service level agreements with your service provider with no way to verify their performance?  This document will describe how you can address these issues using IP SLA technology.

IP SLA is a feature included in the Cisco IOS software that allows users to verify service guarantees, increase network reliability by validating network performance, proactively identify network issues, and increase Return on Investment (ROI) by easing the deployment of new IP services. IP SLA uses active synthetic traffic-monitoring technology to monitor continuous traffic on the network.  This is a reliable method in measuring overhead network performance. Cisco routers provide IP SLA Responders that give accuracy of measured data across a network.

A source router injects various types of traffic onto the network with an operation to perform (go to point A and report the latency back to me).  It is analogous to sending a test car into traffic on a highway and measuring latency (how much time does it take to go from point A to point B), availability (does it even arrive?), and jitter (does the space between the cars remain constant?).

By combining a network performance monitoring product, such as SolarWinds Network Performance Monitor (NPM), and an IP SLA product, such as SolarWinds IP SLA Manager, network engineers can test a number of different WAN performance scenarios.

Monitoring WAN Performance

By executing an IP SLA operation every 60 seconds between routers, you can determine the availability of the connection, the packet transmit time (latency), packet loss and jitter.

Further examination of these statistics will allow you to determine where you may have a WAN issue that allows you to take further action.

Monitor End-to-End Network Quality

In this scenario, you create 4 different IP SLA operations in your network.  First you check the overall response time from one end-point to another end point (852 ms).

Next, you create additional operations that break the end-to-end response time into a series of smaller segments.

By examining each independent segment as it relates to the overall performance, you can again identify potential problem areas.

Verify Service Level Agreements

By using IP SLA operations, you can measure your site-to-site WAN performance and compare that to what your service provider is telling you.  If you have charge-back, refund or credit rights then you may be able to recover some money if your SLAs are not being met.

Assessing VoIP Infrastructure

With IP SLA you can monitor jitter across various part of your network to determine if your infrastructure can handle deployment of voice over IP.

Hopefully you can see from the four use cases above just how powerful IP SLA can be for monitoring the overall performance of your network.

Learn more and download a fully functional free 30-day trial of both SolarWinds’ Network Performance Monitor and SolarWinds IP SLA Manager.