A key element of the management environment in any IT Networking scenario is the ability to manage and monitor network activity. It is usually split into two main areas, network security and network performance management. To be sure there are areas where requirements will overlap, and information from one may trigger activity in the other. Having said that though, It is unlikely that one single IT Networking management and monitoring tool will do everything needed.
An essential part of any network security manager’s armoury is a range of tools, on the one hand, to help identify security violations and attempted malware exploits, and on the other to manage and monitor the internal corporate network inside the firewall. There is often a network management tool supplied by the equipment manufacturer.
If we put security to one side for the moment and consider what a network management and monitoring tool need to have:
Support for the latest network protocols
Network protocols are continually changing, and a corporate network needs to be able to support the latest and provide legacy support to older and superseded protocols. It may also be that new types of network traffic are added to the corporate network, for example, VoIP, and these need to be accommodated in the management scenario.
This implies that the network monitoring and management tool needs to do the same. It needs the capability to have new protocols easily added to its repertoire.
Many tools offer the capability of using filters to focus on one protocol or a range of protocols, so any new protocols need to be able to be used in filters.
Other features such as VPN support and remote switch management to port level should also be supported in a graphic environment.
The tool must generate automatic alarms, for instance for network outages, out-of-scope network performance, or unusual network activity.
The application must allow the technician to set operational parameters and alarm conditions in terms of capacity, ping times and so-on, and for example, if a link or server fails.
The alarm capability must have several levels of seriousness. At the lowest level, it will advise of operational conditions that are approaching limits. At the most serious, the alarm condition must generate a visible alarm in the Network Operations Center, and if required send an alert by email or SMS to support staff.
It should also detect unusual network activity, perhaps even as far as a user repeatedly trying to log on to a system to which they aren’t authorised. One thing it must do is to detect and block the attachment of unauthorised network devices, such as networked hard drives or in some cases, WiFi routers.
It’s all very well having alarms to tell you something is wrong, but you then need troubleshooting tools to find where it’s wrong and why it’s wrong. The real reason for an outage may not be the fault that raised the alarm.
As an instance, a switch failure has been reported, but it may only be that the cooling fan in the switch has failed, and only the fan, not the switch needs to be replaced.
Many network monitoring applications support the “Big Picture”, a network schematic displayed on a wall-sized display. It shows the current network layout, with say, green for good equipment and connections, blue for those that are or near operational limits, and red for failed links or equipment.
The technicians must then be able to drill down to identify failed equipment of connections and any remedial equipment and actions needed.
The ability to filter by network protocol or equipment type is a bonus.
Powerful analysis capabilities
Collecting data is all very well, but it needs to do a couple of things.
It needs to initiate immediate action for serious events like a link outage, but at a macro level needs to provide the ability to analyse network traffic so that management can see where improvements and reassigning capacity will bring benefits.
An analysis is also needed where there are complaints about poor network performance to identify the cause and take remedial action.
Trend analysis that assists with capacity planning.
The ability to aggregate and analyse data from log files is also essential for trend analysis and capacity planning. It can also be used for network modeling if extensions to the network are being planned.,
It is important to point out at this time that currently Software Defined Networks, and later Intent-Based Networks automate a large part of this activity, but that will not remove the need for manual oversight of the network. They may well automate the bulk of network configuration and basic management but there will be occasions when a technician must override the automatic configuration or take emergency action.
The need for network management tools will remain.