Noc-Slides PDF

Network Operation Center
CMS Info Systems Pvt. Ltd. 18/12/2009

Overview
• Introduction
• NOC Philosophy
• Available Tools

Introduction
• “A network operations center (or NOC, pronounced “nock”) is one or more locations from which
control is exercised over a computer, television broadcast, or telecommunications network.”

Functions of a NOC
• Responsible for monitoring the network for alarms or adverse conditions (e.g. power failures, link
failure)
• NOC staff analyze problems, troubleshooting, collaborate with other technicians on site.
• NOC tracks issues/problems until they are resolved.
• Problems not solved within a specified time frame can be escalated to the appropriate personnel.
• Standard Operating Procedures exists that detail how to remedy issues/problems.

NOC Philosophy
• Automate everything
• Document everything
• Communicate as much as possible
• Know your resources
• Know your users
• Know your business
• Security cannot be an afterthought
• Plan ahead

Purpose
• NOCs are dedicated to monitoring and

coordinating network operations.
• This requires that the following functional Faults
areas are addressed: &
Issues
Performance Configuration
Monitoring Management
Policies
Security
Accounting
Management
Communication

The Squid Caching Proxy

What is Squid?
• A caching proxy for
– HTTP, HTTPS (tunnel only)
– FTP
– Gopher
– WHOIS (Squid version 2 only)
• Supports transparent proxying
• Supports proxy hierarchies (ICP protocol)
• Squid is not an origin server!

Other proxies
• Free-ware
– Apache 1.2+ proxy support (abysmally bad!)
• Commercial
– Netscape Proxy
– Microsoft Proxy Server
– NetAppliance’s NetCache (shares some code history with Squid in the distant past)
– CacheFlow (http://www.cacheflow.com/)
– Cisco Cache Engine

What is a proxy?
• Firewall device; internal users communicate with the proxy, which in turn talks to the big bad
Internet
– Gate private address space into publicly routable address space
• Allows one to implement policy
– Restrict who can access the Internet
– Restrict what sites users can access
– Provides detailed logs of user activity

What is a caching proxy?
• Stores a local copy of objects fetched
– Subsequent accesses by other users in the organization are served from the local
cache, rather than the origin server
– Reduces network bandwidth
– Users experience faster web access

How proxies work
• User configures web browser to use proxy instead of connecting directly to origin servers
– Manual configuration for older PC based browsers, and many UNIX browsers (e.g.,
Lynx)
– Proxy auto-configuration file for Netscape 2.x+ or Internet Explorer 4.x+
• Far more flexible caching policy
• Simplifies user configuration, help desk support, etc.

How proxies work (user request)
• User requests a page: http://cmsinstitute.co.in/
• Browser forwards request to proxy
• Proxy optionally verifies user’s identity and checks policy for right to access
cmsinstitute.co.in
• Assuming right is granted, fetches page and returns it to user

Squid’s page fetch algorithm
• Check cache for existing copy of object
• If it exists in cache
– Check object’s expire time; if expired, fall back to origin server
– Check object’s refresh rule; if expired, perform an If-Modified-Since against origin
server
– If object still considered fresh, return cached object to requester
• If object is not in cache, expired, or otherwise invalidated
– Fetch object from origin server
– If 500 error from origin server, and expired object available, returns expired object
– Test object for cacheability; if cacheable, store local copy

Cacheable objects
• HTTP
– Must have a Last-Modified: tag
– If origin server required HTTP authentication for request, must have Cache-Control:
public tag
– Ideally also has an Expires or Cache-Control: max-age tag
– Content provider decides what header tags to include
• Web servers can auto-generate some tags, such as Last-Modified and Content-
Length, under certain conditions
• FTP
– Squid sets Expires time to fetch timestamp + 2 days

Non-cacheable objects
• HTTPS, WAIS
• HTTP
– No Last-Modified: tag
– Authenticated objects
– Cache-Control: private, no-cache, and no-store tags
– URLs with cgi-bin or ? in them
– POST method (form submission)

Implications for content providers
• Caching is a good thing for you!
• Make cgi and other dynamic content generators return Last-Modified and Expires/Cache-
Control tags whenever possible
– If at all possible, also include a Content-Length tag to enable use of persistent
connections
• Consider using Cache-Control: public, must-revalidate for authenticated web sites
• If you need a page hit counter, make one small object on the page non-cacheable.
• FTP sites, due to lack of Last-Modified timestamps, are inherently non-cacheable. Put
(large) downloads on your web site instead of on, or in addition to, an FTP site.
• Microsoft’s IIS with ASP generates non-cacheable pages by default
• Other scripting suites (e.g., Cold Fusion) also require special work to make cacheable
• Squid doesn’t implement support for Vary: tag yet; considers object non-cacheable
• Squid currently treats Cache-Control: must-revalidate as Cache-Control: private

Transparent proxying
• Router forwards all traffic to port 80 to proxy machine using a route policy
• Pros
– Requires no explicit proxy configuration in the user’s browser
• Cons
– Route policies put excessive CPU load on routers on many (Cisco) platforms
– Kernel hacks to support it on the proxy machine are still unstable
– Often leads to mysterious page retrieval failures
– Only proxies HTTP traffic on port 80; not FTP or HTTP on other ports
– No redundancy in case of failure of the proxy

Transparent proxying
• Recommendation: Don’t use it!
– Create a proxy auto-configuration file and instruct users to point at it
– If you want to force users to use your proxy, either
• Block all traffic to port 80
• Use a route policy to redirect port 80 traffic to an origin web server and return a
page explaining how to configure the various web browsers to access the proxy

Squid hardware requirements
• UNIX operating system (NT is not currently supported, nor has anyone announced work on
a port)
• 128M RAM minimum recommended (scales by user count and size of disk cache)
• Disk
– 512M to 1G for small user counts
– 16G to 24G for large user counts
– Squid 2.x is optimized for JBOD, not RAID

Installing Squid (overview)
• Get distribution from http://squid.nlanr.net/
• Increase maximum file descriptors available per process before configuring Squid
• Run configure script with desired compile-time options
• Run make; make install
• Edit squid.conf file
• Run Squid -z to initialize cache directory structure
• Start Squid daemon
• Test
• Migrate users over to proxy

Squid distributions (versions)
• 1.x and 1.NOVM.x
– No longer supported
– Entire cache lost if even one disk in cache fails
– Doesn’t understand Cache-Control: tag
– Other problems
– Bottom line: don’t use them
• 2.0, 2.1, 2.2
– Redesigned disk storage algorithm much improved
– Understands Cache-Control: tag
– Better LRU/refresh rule engine
– Supports proxy authentication
– See documentation for full list of enhancements
• Recommendation: 2.1 is fairly stable, but move to 2.2 when 2.2STABLE released

squid.conf ACL example
• acl manager proto cache_object
• acl localhost src 127.0.0.1/32
• acl managerhost src 204.248.51.34/32
• acl cawtech src 204.248.51.0/24
• acl cawtech-internal src 172.16.0.0/16
• acl all src 0.0.0.0/0.0.0.0

• acl SSL_ports port 443 563
• acl gopher_ports port 70
• acl wais_ports port 210
• acl whois_ports port 43
• acl www_ports port 80 81
• acl ftp_ports port 21
• acl Safe_ports port 1025-65535
• acl CONNECT method CONNECT

• acl FTP proto FTP
• acl HTTP proto HTTP
• acl WAIS proto WAIS
• acl GOPHER proto GOPHER
• acl WHOIS proto WHOIS

• http_access deny manager !localhost !managerhost
• http_access deny CONNECT !SSL_ports
• http_access deny HTTP !www_ports !Safe_ports
• http_access deny FTP !ftp_ports !Safe_ports
• http_access deny GOPHER !gopher_ports !Safe_ports
• http_access deny WAIS !wais_ports !Safe_ports
• http_access deny WHOIS !whois_ports !Safe_ports
• http_access allow localhost

• http_access allow cawtech
• http_access allow cawtech-internal
• http_access deny all

Kindly perform the Hands On Lab

Open Audit
The Automation of Network
Inventory

Necessity of Inventory Systems
Ignorance is not a valid excuse for Network Administrators
• Which systems are near the end of their warranty?
• Which Towers contain model #*** video card?
• Which IPs are in use and where?
• How many licenses are left for X software?
• Which systems don't have the MS security patch that was released yesterday?

Problems of Inventory Systems
• Manual entry is Error Prone
Especially in complex systems
• Budget restrictions
Economic drought means cheaper solutions are that much more favorable

Manual Entry = Errors
Excel Spreadsheets
Benefits
- query by column
- MS ‘familiarity’
Disadvantages
- manual entry
- MS knowledge required
- possible to overwrite data
- file naming conventions & storage
- MS advanced function can be dangerous

Origin of Open-Audit
• Open Source http://winventory.sourceforge.net/
• Mark Unwin had written a script to audit computers on a network, saw the need to extend it (to have a
query-able web interface). In 2005 the project was originally released via the GPL
(http:/www.gnu.org/copyleft/gpl.html )
• wmi, vbscript, mysql & php

Free Software License
• Open-AudIT is licensed under the terms of the GNU General Public License Version 2 as
published by the Free Software Foundation . This gives you legal permission to copy, distribute
and/or modify Open-AudIT under certain conditions. Read the 'LICENSE' file in the Open-
AudIT distribution or read the online version of the license for more details.
• Open-audit is provided as is with no warranty of any kind, including the warranty of design,
merchantability, and fitness for a particular purpose.

What do you get for free?

Open-Audit = Automation
• Overview
Open Audit audits the hardware and software it
discovers on your computers, and posts its
findings to a MySQL database. From there the
data is presented in a clean and readable form
via a set of PHP web pages.

Automation = No typing errors!

Free: Automated data collecting
• Hardware
• Software
• Operating System Settings
• Security Settings
• Users and Groups
• Disk Usage Graphs
• Audit History

Free: Data Reports
• Operating System Type
• IE Versions
• Firefox Versions
• Memory Sizes
• Processor Types and Speeds
• Hard Disk sizes
• Software Keys
• Detected Network Servers
• Newly Detected Software
• Low Disk Space
• Systems not audited for xxx days

What's the catch?

Not Free: Cost of ownership
Requirements:
• Web server
• PHP
• MySQL
• Secured installation

Not Free: Knowledge and Skills
Q: We are a windows shop
• A: XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl.
Q: No knowledge of PHP/MySQL
• A: No configuration, easy to install Open Audit. Must possess basic sysadmin troubleshooting
and problem solving skills. After all, it is a tool, not an employee.

How Open-Audit works
Roles of Components:
• Application resides on Web Sever
• Domain Admin account to remote audit machines
If there is no Domain admin account:
• Local machine can have a scheduled job to
regularly audit and send results to the server

Server installation: Linux
Up and running in minutes (overview):
• yum install httpd subversion mysql php php-mysql php-common
• create database and user
• svn co https://open-audit.svn..../trunk /var/www/open-audit/
• /etc/init.d/httpd start
• /etc/init.d/mysqld start
• Follow web install instructions

Server installation: windows
Up and running in minutes (overview):
• Download and install XAMPP & tortoisesvn
• Create database and user
• Grab a copy of Open-Audit from svn repository
• Follow web based installation guide
• http://server-address/open-audit/

Client installation
• No client installation is needed if all computers are on a domain and you have domain admin
account
Overview:
• Scheduled task to run .cmd file on network share, network share has the audit.config file
which points to the server
• Windows audit with vbs script
• Unix audit with shell script

Open-Audit : quick tour


ManageEngine NetFlow Analyzer

Introduction
• ManageEngine™ NetFlow Analyzer is a web-based bandwidth monitoring tool that performs
in-depth traffic analysis using exported NetFlow data.
• NetFlow™ technology provides granular details about network traffic that has passed
through an interface.
• NetFlow Analyzer processes this information to show you what applications are using
bandwidth, who is using them, and when.
• Extensive graphs and reports make this information easy to analyze, and also help
accelerate the troubleshooting process.

A Typical Setup
• NetFlow Analyzer Enterpise edition
supports bandwidth monitoring and traffic
analysis in distributed networks.
• A typical setup involves a Single Central
Server and “N" number of Distributed
collectors. Each of the “N" collectors
reside near the routers at the remote
location. The collectors collect & process
the NetFlows from the routers and
passes the compressed data to the
Central Server through a secure https
connection.

System Requirements
Hardware Requirements Software Requirements
The minimum hardware requirements for NetFlow Analyzer can be installed and run on the
NetFlow Analyzer to start running are following operating systems and versions:
listed below. • Windows 2003 server SP2
• 32 bit machine • Windows 2008 server SP1
• 2.4GHz, Dual Processor • Windows Vista
• 4 GB RAM • RedHat Linux
• 20 GB disk space
Supported Web Browsers

NetFlow Analyzer has been tested to support the
following web browsers and versions:
• Internet Explorer 6.0 and later
• Mozilla Firefox

Prerequisites
• NetFlow Analyzer Central Server requires the following ports to be free

Installing and Uninstalling
Installing NetFlow Analyzer Central Server Uninstalling NetFlow Analyzer Central Server
Windows: Windows
• The Windows download for NetFlow Analyzer is available as 1. Navigate to the Program folder in which NetFlow Analyzer
an EXE file at http://www.netflowanalyzer.com/distributed- has been installed. By default, this is Start > Programs >
monitoring/download.html ManageEngine NetFlow Analyzer EE Central Server .
• Download the EXE file for the Central Server to your local 2. Select the option Uninstall Central Server
machine, and double-click it to start installation. Follow the 3. You will be asked to confirm your choice, after which
instructions as they appear on screen to successfully install NetFlow Analyzer is uninstalled.
NetFlow Analyzer on to your machine.
Linux: Linux
The Linux download for NetFlow Analyzer is available as a BIN 1. Navigate to the <NetFlowAnalyzerHome>/_uninst
file at http://www.netflowanalyzer.com/distributed- directory.
monitoring/download.html
2. Execute the command ./uninstaller.bin
1. Download the BIN file and assign execute permission
using the command: chmod a+x <file_name>.bin 3. You will be asked to confirm your choice, after which
where <file_name> is the name of the downloaded BIN NetFlow Analyzer is uninstalled.
file.
2. Execute the following command: ./<file_name>.bin
3. Follow the instructions as they appear on the screen to
successfully install NetFlow Analyzer on to your machine.

Starting and Shutting Down
Starting as a Service Shutting Down NetFlow Analyzer Central Server
Windows: Windows:
1. Navigate to the Program folder in which NetFlow Analyzer
If you have chosen the Start as Service option during has been installed. By default, this is Start > Programs >
installation, NetFlow Analyzer will run as a service on ManageEngine NetFlow Analyzer Central Reporting
Windows. Server > Shutdown Central server
2. Alternatively, you can navigate to the
Linux: <NetFlowAnalyzer_Home>\bin folder and invoke the
1. Login as root user. shutdown.bat file.
2. Navigate to the <NetFlowAnalyzer_Home>\bin 3. You will be asked to confirm your choice, after which the
directory. NetFlow Analyzer server is shut down.
3. Execute the startAsDaemon.sh file
4. Then execute the command /etc/init.d/netflowanalyzer Linux:
start 1. Navigate to the <NetFlowAnalyzer_Home>/bin directory.
• This starts NetFlow Analyzer as a service on Linux. 2. Execute the shutdown.sh file.
3. You will be asked to confirm your choice, after which the
NetFlow Analyzer server is shut down.

Accessing the Web Client
• NetFlow Analyzer is essentially a bandwidth monitoring tool that uses Cisco NetFlow exports to
analyze network traffic and determine bandwidth usage.
• Once the server has successfully started, follow the steps below to access NetFlow Analyzer.
1. Open a supported web browser window
2. Type the URL address as http://<hostname>:80 (where <hostname> is the name of the machine
on which NetFlow Analyzer is running, and 80 is the default web server port)
3. Log in to NetFlow Analyzer using the default username/password combination of admin/admin
• Once you log in, you can start managing devices exporting Cisco NetFlow, generate bandwidth
reports, and more.

License Information
NetFlow Analyzer comes in two flavors:
• Evaluation Edition - collect, analyze, and report on Netflow data ( valid only for 30 days )
• Enterprise Edition - collect, analyze, and report on Netflow data from a maximum of n interfaces
(where 'n' is the number of interfaces for which NetFlow Analyzer has been purchased)
Once installed, NetFlow Analyzer runs in evaluation mode for 30 days. You can obtain a registered license
for NetFlow Analyzer at any time during the evaluation period by contacting NetFlow Analyzer Support.

Upgrading your License
• After obtaining the new license from AdventNet, save it on your computer, and follow the steps below to
upgrade your NetFlow Analyzer installation:
1. Log in to the NetFlow Analyzer Central Server web client

2. Click License Management from Admin Operations
3. Click the Upgrade License link present in the top-right corner of the screen
4. In the License window that opens up, browse for the new license file and select it
5. Click Upgrade to apply the new license file

Cisco® NetFlow Device Support
Cisco Routers
• NetFlow is also supported by these Catalyst series switches: 45xx, 55xx,
6xxx.

Other Vendors
Some of the major vendors supporting NetFlow include:
• Alcatel
• Enterasys Networks
• Extreme Networks - Does not support input/output interface, octets, or first and last times.
• Foundry Networks
• Juniper Networks - Does not support sampling interval attribute. First and last times are stored in
seconds rather than milliseconds.
• Riverstone Networks - no native NetFlow support. However, Riverstone provides a converter that
translates the LFAP records from their devices into NetFlow.

Configuring Netflow Export on an IOS Device
• Follow the steps below to configure Netflow export on a Cisco IOS device.
Enabling Netflow Export
Enter global configuration mode on the router or MSFC, and issue the following commands for
each interface on which you want to enable Netflow:
• interface {interface} {interface_number}

• ip route-cache flow
• exit

Exporting Netflow Data
• Issue the following commands to export Netflow data to the server on which NetFlow Analyzer is running:

Verifying Device Configuration
• Issue the following commands in normal (not configuration) mode to verify whether Netflow
export has been configured correctly

A Sample Device Configuration
• The following is a set of commands issued on a router to enable Netflow version 5 on the
FastEthernet 0/1 interface and export to the machine 192.168.9.101 on port 9996.

Turning off Netflow
• Issue the following commands in global configuration mode to stop exporting Netflow data:

Getting Started
• Once NetFlow Analyzer Central server has been successfully set up and started in your
network, the Collector can be started. The collector contacts the Central server for
configuration setting information. The next thing to do is start receiving NetFlow exports from
routing devices on your network.
• As soon as you log in to the NetFlow Analyzer web client, you will see the Dashboard -
Collectors. The top 10 interfaces and the corresponding routers are shown in this display.
The All Devices option on the left panel is diviided into two tabs.
1. The Interface View which lists all the interfaces from which NetFlow exports are received
2. The Autonomous System View which lists all the autonomous systems configured with each
router

Google Map View
• Google maps feature lets you physically locate your network resources on a map.
• This enables network administrators to have a feel of how distributed their network is and more
importantly in a quick and easy drill down to resource-specific information. Information on up to 3 top
interfaces linked to a router is shown in the map.
• NetFlow Analyzer, by using google maps, lets you position your devices on a map for a graphical
presentation. You need to obtain a Google API Key in order to set up this. The steps to obtain one is
elaborated below.

IP Groups View
• Initially when no IP groups have been created, you will simply see a status message with the option to start creating
IP groups.
• The IP Group List shows all the IP groups that have been created so far. Click the View Description link to view
descriptive information on all IP groups created. Alternatively you can click the View Description link against each
IP group to view descriptive information on that IP group alone. Details such as Speed, IP Address, Port(Protocol),
Associated Interfaces is shown.
• Click the IP Group name to view traffic graphs specific to that IP group. From the traffic graph, you can navigate to
see the top applications, top hosts, and top conversations in this IP group.
• The IN Traffic and OUT Traffic columns show the volume of incoming and outgoing traffic in the IP group
generated over the past one hour. You can click on the IN Traffic or OUT traffic bar to view the respective
application traffic report.

NetFlow Traffic Reports
• NetFlow Analyzer generates traffic reports in real-time, as soon as NetFlow data is received from an
interface.
• The traffic reports in NetFlow Analyzer include information on:

– Traffic Trends
– Top Applications
– Top Hosts
– Top Conversations
• Apart from these pre-defined reports, Custom Reports let you define criteria and generate specific
reports on network activity. Consolidated Reports show you overall traffic statistics for an interface or
AS as applicable. Troubleshooting Reports let you troubleshoot an interface using raw data directly.

Top Applications
• The Applications tab shows you the top applications and top protocols for the selected time period. The default
view shows the Top ApplicationIN Report. This report shows the distribution of incoming traffic application-wise.
• Choose between IN and OUT to display the application-wise distribution of incoming or outgoing traffic
respectively.
• The table below the graph shows the distribution of traffic per application. You can see what application caused
how much traffic, and how much of the total bandwidth was occupied by that application.
Top Conversations
Click on an application's name to see the Top Conversations that contributed to this application's traffic.
Viewing Top Protocols

Click the Protocol Distribution link to see the top protocols for the selected interface or IP group, in a new window.
Top Hosts
• The Source tab shows the top source hosts contributing to traffic in the selected time period. The default view
shows the Top SourceIN Report.
• The Destination tab shows the top destination hosts contributing to traffic in the selected time period. The default
view shows the Top DestinationIN Report.

Admin Operations
• NetFlow Analyzer lets you perform many administrative tasks typical of an enterprise network
administrator, such as managing a group of routers, handling different users, setting up alerts, etc.
• Explore the following sections to know more about the administrative options available in NetFlow
Analyzer.

Alert Profiles Management
An alert profile is created to set the thresholds for generating alerts. The parameters to be set for creating
an alert profile are;
• Interfaces/ IP Groups / Interface Group - The list of interfaces/ IP Groups / Interface Group whose
bandwidth utilization must be watched
• Traffic pattern - The traffic to be watched - In Traffic, Out Traffic or a Combination of both
• Application / Port(s) - You can watch the traffic through all the applications or from a particular
application. Similarly, through a single port or a range of ports
• Threshold Settings - It has 3 settings namely % utilization, no. of times, and duration.
– % Utilization - When the utilization exceeds this limit, it is noted
– No. of time - The number of times the utilization can be allowed to exceed the threshold before
an alert is raised
– Duration - The time period within which, if the threshold is exceeded the specified number of
times - an alert is created(generated)

Schedule Reports
It is a good idea to schedule reports to be run at non-peak traffic hours since generation of reports is a resource hungry
process especially for large interface numbers.
A Scheduler is configured to set the parameters for automating the generation of reports. The parameters to be set for
creating a Scheduler are:
• Source - The Interfaces or IP Groups which are the source of traffic.

– Interfaces - The list of interfaces who's bandwidth utilization must be watched. One report will be generated
for each interface selected.
– IP Groups - The IP groups who's bandwidth utilization must be watched. One report will be generated for
each IP Group created.
• Report Type - The type of report to be generated - Consolidated or Custom ( custom report option not available
under "IP Groups")
• Report Generation Schedule - How and when the report is to be generated (e.g.) daily,weekly,monthly,or only
once
– Generate report on - This value determines the time when report is to the generated
– Generate report for - This value determines the start and the end time for the report
• Email Address - This is the address to which the generated reports will be sent

User Management
• The User Management option lets you manage different users with varying access privileges. You can assign
different users to different device groups and IP groups, and allow them to manage the assigned groups
exclusively. You can choose from three types of users in NetFlow Analyzer - Administrator, Operator, and Guest.
You can create any number of users of each type, and assign them to any number of device groups and IP groups.

Mail Server Settings
• These settings are important when e-mail notifications have to be sent for alerts generated and when Scheduled
Reports have to be emailed.


Monitoring Networks With PRTG
Traffic Grapher

Why Monitoring Of Bandwidth and
Network Usage Is Important ?
• Today most businesses rely more or less on a computer and network infrastructure. So, the
computer network's reliability and speed are crucial for these businesses to be successful,
as well as an efficient use of the available resources.
• For the network administrator this means that he has to ensure his network's uptime,
reliability, and speed – and the efficient use of the network. To do this, monitoring the
network is inevitable.
• PRTG (Paessler Router Traffic Grapher) is an easy to use software that monitors bandwidth
usage and many other network parameters via SNMP
• PRTG Traffic Grapher runs on a Windows machine in your network for 24 hours every day
and constantly records the network usage parameters. The recorded data is stored in an
internal database for later reference.

Base Features
• Reliable network monitoring used by more than 100.000 users every day
• Supports data acquisition via SNMP
• Classifies network traffic by IP address, protocol and other parameters
• Works with most switches, routers, firewalls, and other network devices
• Easy installation with a few clicks on Windows 2000/XP/2003
• Monitoring engine is capable of monitoring up to several thousand sensors
• A Freeware Edition is available for smaller networks
• Creates scheduled reports from the monitoring data
• Sends out alarms for failing or overloaded sensors
• Includes a built-in web server for remote access to the monitoring results

Supported Data Acquisition Methods
• All common methods for network usage data acquisition are supported:
• SNMP: Simple Network Management Protocol is the basic method of gathering bandwidth
and network usage data. It can be used to monitor bandwidth usage of routers and switches
port-by-port as well as device readings like memory, CPU load etc.
• Packet Sniffing: The Packet Sniffer inspects all network data packets passing the PC's
network card(s) and is able to classify network traffic by IP address, protocol and other
parameters
• NetFlow: The NetFlow protocol is supported by most Cisco routers to measure bandwidth
usage. Although being the most complex type to set up it is also the most powerful method
suitable for high traffic networks and can also classify network traffic by IP address, protocol
and other parameters.
• Note: Only with Packet Sniffer and NetFlow based monitoring it is possible to measure the
traffic by IP address, and/or protocol. SNMP based traffic measurement is port-based only.

Windows and Web Based User Interface
• Monitoring data can be accessed via a Windows GUI and a web based front end
• Intuitive Windows user interface for data retrieval and configuration
• Integrated web server for remote access (no external web server necessary)
• Results are shown in various graphs and tables
• live data for last 5-60 minutes
· x minute average for up to 48h
· hourly averages for up to 60 days
· daily averages for up to 365 days
· Top Talkers, Top Protocols, Top Connections
· Events
• Graphs and tables are always generated on-the-fly for live reporting

Internal Web Server
• Easy to use navigation allows to drill into the live monitoring results
• Fully "skinable" web interface using HTML templates (several default skins included)
• Web server supports public access (anyone can view the data) as well as authenticated
access (username/password required) with multiple user account

Reports
• Configurable reports (graphs and data tables) in HTML, RTF, XLS, TIFF or PDF format can
be created on schedule or on demand
• Reports can be exported via email or saved to file
• x% percentile calculation for any percentile value, any interval, and any time frame
• Includes a billing system for bandwidth based billing

Notifications
• For each sensor individual email notifications can be configured that notify about
· Errors (e.g. device is not reachable)
· Reaching traffic limits (e.g. more than x MB transferred per day or month)
· Reaching traffic or usage thresholds (e.g. more than 700kbit bandwidth for more than
one hour)

SNMP Related Features
• Monitors any value that is accessible by SNMP (i.e. any given OID Object ID)
• Supports SNMP Version Versions 1, 2c, and 3
• Supports 64 bit counters (for SNMP V2c and 3)
• Brings its own extensive OID database with many preconfigured SNMP settings (e.g. for
CPU loads, disk usages, printer pagecounts, environmental monitoring, and many more)
• Supports Paessler SNMP Helper for easy access to several thousand performance counters
on Windows based machines via SNMP
• MIB files can be converted into OIDLIBs to monitor any device that supports SNMP
• Various SNMP parameters (e.g. port, timeout) can be set by the user


ManageEngine OpManager

ManageEngine OpManager -
Network Monitoring Software
• With the growing need for the network monitoring software in the IT industry, OpManager
has been built to satisfy the needs of network administrators by monitoring servers, routers,
switches, firewalls, printers, critical services and applications from a single console.

Network Monitoring
• OpManager discovers switches, routers and firewalls in the network during the network
discovery automatically and monitors the critical parameters such as the traffic rate, error
and discards rate, buffer hits and misses and so on. You can get the availability report of
each port and interface. Using the Switch Port Mapper tool, you can get the list of devices
connected to each port of the switch. You can also create your own views and draw the
diagram to virtually represent your network and get the availability of the interfaces visually.

Server Monitoring
• OpManager allows you to classify devices as servers and desktops. This facilitates
separating critical servers from end-user workstations and allows for more meaningful
management. You can manage Windows Event Logs and Windows Services.

WAN Monitoring
• OpManager provides complete solutions for monitoring your WAN links. It checks for RTT,
Latency and availabilty between the WAN links. The WAN monitor comes as an add-on
feature.

Applications and Services Monitoring
• OpManager discovers and actively monitors services and applications running in the
servers. Out-of-the-box support is provided for services such as Web, HTTPS, FTP, IMAP,
LDAP, Telnet, MySQL, MS-Exchange, SMTP, POP3, WebLogic, etc., and applications such
as MSSQL, MS Exchange, Oracle and Lotus. Special add-ons are available for monitoring
Exchange 2000/2003/2007 and Active Directory Services.

URL Monitoring
• OpManager monitors your Web sites, both global URLs and URLs in the servers, and
promptly notifies you when the host becomes unavailable.

Fault Management
• OpManager provides extensive solutions for monitoring Sylsogs, Eventlogs and current
Processes running on the devices. OpManager detects faults in the network through
periodical status polling and generates color-coded alarms for the faults. OpManager can
also be configured to notify the administrator about the fault detected in the network.

Performance Management:
• OpManager measures the performance of the network hardware and software, such as the
bandwidth, memory, disk and CPU utilization, and service response time by collecting data
at regular intervals. These data are provided in the form of reports and graphs to the
administrators. The threshold limits can be configured to pro-actively monitor the critical
parameters in the managed devices.

Starting OpManager
• After installation, all the OpManager-related files will be available under the directory that
you choose to install OpManager. This is referred to as OpManager Home directory.
On Windows Machines
• If you have chosen to install OpManager as Windows service, you will be prompted to start
the service after successful installation. The Web Client is invoked automatically on
installing as a Service. Enter the log-on details. The default user name and password is
'admin' and 'admin' respectively.
To later start OpManager as a Windows Service, follow the steps below:
1. Click Start, point to Settings, and then click Control Panel.
2. Under Administrative Tools, select Services.
3. In the details pane, right-click ManageEngine OpManager and click Start.
To stop the ManageEngine OpManager service, right-click the ManageEngine OpManager
service in the Services window and click Stop.

Starting OpManager
On Linux Machines
1. Log in as 'root' user.
2. Execute the StartOpManagerServer.sh file present in the <OpManager Home>/bin
directory.
3. Once the server is started successfully, execute StartOpManagerClient.sh to start the
client. In the displayed login window, type the User Name and Password and press
Enter.
• To stop OpManager running on a linux machine, execute the ShutDownOpManager.sh file
present in the <OpManager Home>/bin directory. Type the User Name and Password in
the Shut Down OpManager window and press Enter.

Connecting the Web Client
1. Open a JavaScript-enabled Web browser such as Internet Explorer or Mozilla Firefox.
2. Type http://<host_name>:<port_number> in the address bar and press Enter. Here,
<host_name> is the name of the machine in which OpManager is running and
<port_number> is the port that you have chosen to run OpManager Web Server
during installation.
[Note: If you have enabled SSL, connect as https:///<host_name>:<port_number> in the

address bar and press Enter.]
3. Type the User Name and Password and click Login. The default user name and
password are 'admin' and 'admin' respectively.
• Alternatively, if the OpManager server is running on Windows machines, you can start the
Web client using Start > Programs > ManageEngine OpManager > OpManager Web Client.

Changing Ports in OpManager
• You will be prompted to change Web Server port during installation. You can change it after
installation.
• The script for changing the Web Server port number, ChangeWebServerPort (in Windows
this will be a .bat file and in Linux, .sh file) is available under the <OpManager Home>/bin
directory.
The steps to change the port number are as follows:
1. Stop the OpManager server. If you are running OpManager as Windows service, stop the
service.
2. Execute the script as follows:
In Windows,
ChangeWebServerPort <old_port_number> <new_port_number>
In Linux,
sh ChangeWebServerPort.sh <old_port_number> <new_port_number>
Here, old_port_number is the port number you specified during installation and
new_port_number is the one where you want to run the Web server.
3. Start the OpManager server.

What Should Be Monitored?
Following are the components of networks that are considered critical:
• WAN Infrastructure: Routers, WAN Switches, Firewall, etc.
• LAN Infrastructure: Switches, Hubs, and Printers.
• Servers, Services, and Applications: Application Servers, Database servers, Active Directory,
Exchange Servers, Web servers, Mail servers, CRM Applications, etc.
• Host Resources: CPU, Memory, and Disk Utilization of critical devices.
• Critical Desktops and Workstations.

How Frequently Should I Monitor?
The general practice is to monitor critical devices more frequently than non-critical devices.
Given below are the recommended monitoring intervals for small and medium-sized networks
(up to 1000 devices):
• Routers and Critical Servers: 10 minutes
• Switches, Hubs, and Printers: 10 - 20 minutes
• Critical Services like Exchange, Active Directory: 10 - 20 minutes
• Desktops and Workstations: We recommend turning off monitoring for desktops and
workstations to reduce the amount of network traffic generated by OpManager.
This is done by removing selection for Desktop category in Admin > Monitoring Intervals.
Alternatively, monitor them less frequently, say for every hour or 30 minutes.
If there are a few critical workstations that you want to monitor, you can turn on monitoring
for those devices individually.

Using Quick Configuration Wizard
You can also use the Quick Configuration Wizard to associate a service to several devices
at one go.
Here are the steps:
1. From the Admin tab, select Quick Configuration Wizard.
2. Select the option Associate a credential to several devices and click Next.
3. All the available Credentials are listed. Select the Credential which you want to associate to
your devices.
4. Select the devices to which you want to assign the credential from the column on the left and
move them to the right.
5. Click Finish. The Credential is associated to the selected devices.

Discovering Networks Using OpManager
• Discover a range
• Discover a complete network
• Discover by Importing from a file
• Import the Devices into OpManager
• Discover Individual Devices

Customizing Dashboards
• Customizing Dashboard feature in OpManager helps you to create your own dashboard and
view the desired performance metrics, reports etc at-a-glance.

List View
• The List view (Maps-> <Device Category>-> List View) lists all the devices of a category
along with their Status, IP Address, Type, % of CPU utilized and % of memory utilized in
order to have a quick look at the current status and workload handled by the devices.

Google Maps
• OpManager allows you to integrate Google Maps and place the devices on the maps
according to the geographic distribution.

Alerts
Managing Faults in Network
There can various types of faults in a network. With the network health depending on various
resources like the system resources, services, network connectivity etc, getting to the root of
the problem is simplified when the monitoring solution raises meaningful alarms.
OpManager helps you identify the fault quickly with its detailed alarms indicating the
resource that is poorly performing in the device . The different types of OpManager alarms
include:
• Status-poll Alarms (device, service, interface, port down alarms).

• Threshold-based alarms for host resources, response times etc proactive monitoring.
• Alarms from SNMP Traps.
• Windows event logs based alarms.
OpManager monitors the resources for availability and performance and triggers alarms for all
the criteria mentioned above. These alarms can also be sent as email or sms alerts from
OpManager.

Configuring Notifications
• When a fault is detected in your network, an event occurs and multiple events correlate to
trigger an alarm. You can configure OpManager to notify the network administrator or
perform automatic actions based on the alarm raised for a device.
The different types of notifications available are:
• Email Alerts
• SMS Alerts
• Web Alerts
• Run a Program
• Run a System Command

Configuring Mail Server Settings
• OpManager allows you to configure e-mail alerts and SMS alerts to get notified on the fault
in your network. By default, OpManager sends the mail to the mail server specified in the e-
mail notification profile. To configure the SMTP server settings globally and to provide the
secondary mail server settings, follow the steps given below:
1. Under the Admin tab, click Mail Server Settings.
2. Enter the SMTP Server name and Port number.
3. Select Requires Authentication and enter the User name and Password details, if the
server requires authentication to send e-mail.
4. Configure the From and To Email ID fields.

Reports
• The information on the entire network configuration management process in your enterprise
is presented in the form of comprehensive reports
• It provides over 12 reports under four categories:
1. Network Reports
2. Configuration Reports
3. User Reports
4. Policy Compliance Reports

Noc-Slides PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Noc-Slides PDF

Uploaded by

Copyright:

Available Formats

Network Operation Center

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

• NOCs are dedicated to monitoring and

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

• acl CONNECT method CONNECT

CMS Info Systems Pvt. Ltd. 18/12/2009

• http_access allow localhost

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

Supported Web Browsers

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009

1. Log in to the NetFlow Analyzer Central Server web client

CMS Info Systems Pvt. Ltd. 18/12/2009

CMS Info Systems Pvt. Ltd. 18/12/2009