Monitoring is one of the key components of network security. A network monitoring system (NMS) monitors the network for problems caused by overloaded or crashed servers, network connections or other devices. Network monitoring is a critical IT process where all networking components like routers, switches, firewalls, servers, and VMs are monitored for fault and performance and evaluated continuously to maintain and optimize their availability.
Key network monitoring features and aspects include the selecting of a network monitoring tool, protocol and thresholds (to identify bottlenecks) as well as choosing what portions of the network should be monitored. Monitoring software constantly searching for trends, the monitoring system tracks and logs network parameters. These include data transmission rate (throughput), error rates, downtime/uptime, use-time percentages, and response time to user and automated inputs and requests. When predetermined parameter thresholds are reached, alarms are triggered.
Network monitoring is part of network management. So, typically, administrators monitor and manage a network using network monitoring tools and software applications. Every network monitoring system should also offer reports for a range of users, including systems administrators, network administrators, and IT management. Finally, a secure network monitoring system should be user-friendly, and offer basic drill down and reporting functionalities.
Many IT organizations are subject to Service Level Agreements (SLA). An SLA is a contract between IT and Line of Business Owners. Meeting SLA commitments are often included in IT compensation plans. SLAs are a performance guarantee. They are measured and reported on. The more demanding the SLA, the more costly it is to implement and maintain. So it is clear that the network administrators who are parties to this contract must do their job more seriously and rigorously. These administrators are in dire need of network monitoring software. A powerful, complete, accurate and sensitive monitoring software. A monitoring software that has a variety of tools for reporting as well as issuing alerts in times of crisis.
What’s Network Throughput?
Network throughput refers to how much data a given network transmits over a set time period. For instance, an Ethernet connection that transfers data at a rate of 80 Megabits per second has an 80 Mbps throughput.
Functions of NMS
Network Monitoring System (NMS) provide five basic functions:
NMSs discover the devices on the network – The routers, switches, firewalls, servers, printers and more. NMSs include a library of monitoring roles, which defines how to monitor a device. Device roles are type and vendor specific.
All NMSs discover devices on the network. However, not all will discover how devices are connected to the network. For instance, an NMS may have identified a server on the network. But it will not know what switch it is connected to. It’s not good because for effective network monitoring – it’s not enough to know what’s on a network, you need to know how it’s all connected. For example, when a switch fails, all devices connected to that switch can’t communicate over the network. This is a big problem if this is the switch connecting the servers supporting an organization CRM system.
Administrators’ ability to visualize their networks can saves hours, and even days troubleshooting network problems. Therefore, if network monitoring system can produce a complete, accurate and up-to-date map of the network, it is a very effective help to network administrators. An efficient network Monitoring System generates network maps. Network maps are a powerful first response tool that enables network admins visualize their networks. They provide a clean and orderly representation of the wiring closet.
Most network monitoring tools provide monitors for other components like the fans and power supplies in a router, or temperature in a wiring closet and or network services like HTTP, TCP/IP and FTP. NMSs – But more important than anything else- expose network administrators to a large selection of monitors:
- Ping availability and latency
- Interface utilization
Network Monitoring Systems notify Network Admins when something goes wrong. They deliver alerts via email, text and logging. The NMS may configured to issue an alert when the CPU utilization on a switch exceeds 90%. This allows the network administrator to proactively investigate and respond before the switch fails altogether. This feature (warning before an existing fault affects the network) is called threshold-based alert. Determining the threshold is one of the tasks of the network administrator.
Performance metrics like CPU, memory and interface utilization fluctuate during the day. So, NMS alerts are usually configured with a time elements. For instance, if CPU utilization exceeds 80% for more than 10 minutes, then issue an alert. To save energy costs, some device to shut down at non-working hours. So the network administrator should be able to configure NMSs not to send alerts to the network administrator during non-working hours about on the unavailability of such devices.
NMSs systems should provide real-time and historical monitoring data. NMSs deliver monitoring information in webpages called dashboards. Dashboards are made up of turn-key views. For example, a top 10 CPU utilization view or a Top 10 Memory utilization view. Most NMSs are customizable. Network admins can create dashboards Based on the information they need.
What Aspects Does Network Monitoring Involve?
Important aspects of network monitoring:
- Effective and continuous monitoring of network
- Optimizing the monitoring interval
- Selecting the right protocol
- Setting thresholds
Effective and Continuous Monitoring of Network
Faulty network devices impact network performance. There are two main steps in effective network monitoring:
- Identifying the devices and the related performance metrics to be monitored.
- Determining the monitoring interval.
Optimizing the Monitoring Interval
Monitoring interval determines the frequency at which the network devices and its related metrics are polled to identify the performance and availability status. The interval depends on the type of network device or parameter being monitored. In one aspect, devices on the network can be divided into two general categories:
- Critical devices (like Servers, Switches and Routers)
- Non-critical devices (such as Desktops, IP Phones and Printers)
Non-critical devices are not critical and do not require frequent monitoring whereas critical devices must always be monitored. For example, CPU and Memory stats can be monitored once in every 5 minutes. The monitoring interval for other metrics like Disk utilization can be extended and is sufficient if it is polled once every 15 minutes.
Selecting the Proper Protocol
Network management protocols are used to minimize any impact the network monitoring software has on its surrounding network and network devices. Network Monitoring Systems poll network devices and servers for performance data using standard protocols such as:
- SNMP, Simple Network Management Protocol
- WMI, Windows Machine Interface
- And SSH, Secure Shell for UNIX and Linux server for Windows-based devices
NMSs can check HTTP pages, HTTPS, SNMP, FTP, SMTP, POP3, IMAP, DNS, SSH, TELNET, SSL, TCP, ICMP, SIP, UDP, Media Streaming and a range of other ports with a variety of check intervals ranging from every four hours to every one minute. SNMP is one of the widely accepted protocols to manage and monitor network elements. In fact, SNMP is standard protocol that collects data from almost any network attached device, including: Routers, Switches, Wireless LAN Controllers, wireless Access Points, Servers, Printers and more.
SNMP supports read and write access which enables control over a device. SNMP include a software agent on each monitored device. Most of the network elements come bundled with a SNMP agent. Allowing SNMP read-write access gives one complete control over the device. Using SNMP, one can replace the entire configuration of the device.
You can read about SNMP in here.
And But WMI. It is a protocol use for monitoring Microsoft windows based servers and applications and does not monitor network devices or non-Microsoft servers. WMI is a client/server framework which allows for system management through using the Common Information Model (CIM). CIM is a model which represents the components of the operating system (OS). WMI has a disadvantage: WMI consuming more CPU and Memory to process than SNMP.
You can read about WMI in here.
Configuring thresholds helps in proactively monitoring the resources and services running on servers and network devices. Multi-level threshold can assist in classifying and breaking down any fault encountered. Utilizing thresholds, alerts can be raised before the device goes down or reaches critical condition.
When levels reach those thresholds, the network monitoring system triggers an alarm and initiates network fault management processes. There is a concept here called trigger. What’s it? Triggers are events that will generate alarms in the system. An event might refer to a deviation from mean value of a parameter, a crossed threshold parameter value, a change in the state of a node.
Network Monitoring Solutions
The process of network monitoring and management is simplified and automated with the help of network monitoring software and network monitor tools. A network performance monitor is essential to tackle network bottlenecks and performance woes which might have a negative impact on network performance.
A suitable network monitor software is a software that:
- It able to displays all network infrastructure along with all available classifications.
- This software should has pre-defined templates for automatic configuration of devices and interfaces.
- This software should be able to control and troubleshoot the performance of all network components.
- This software must have efficient and customizable features to prepare the report. It should also be able to notify network administrators of various methods (such as email, sms, or even voice alarm) as soon as a problem is detected.
In this blog, we have introduced some tools and software for network monitoring so far: