binocularsNetwork discovery is, not surprisingly, the process of finding and identifying every device, server and system on your network. Mastering IT best practices around network discovery will greatly improve how you map and monitor your IT infrastructure.

Networks these days are more dynamic than their predecessors. Tracking everything on your network manually is absolutely not realistic. For starters, just think about the changes that virtualization and live migrations have brought forth.

Instead, IT pros need to have up-to-date network inventory based upon discovery and asset management – from the physical to the virtual.

Three Tools for Network Discovery

The most three common tools for continuous network discovery include the following:

  • SNMP (Simple Network Management Protocol): As the leading technology used for network management, most network devices are SNMP-enabled. By using supporting technology, SNMP allows organizations to accurately understand every SNMP-enabled device on the network, as well as their impact
  • Ping: Perhaps the most well-known discovery tool, manually pinging network servers was once a regular part of an sysadmin’s job. These days, automated systems ping different network devices to understand their status and verify they’re online
  • ARP (Address Resolution Protocol): ARP makes use of SNMP to query the cache of a device, which can then build a new database of MAC addresses based on what it discovers. This process allows for discovering neighboring devices and eventually forms a comprehensive view of the network

One best practice for network discovery is to use a solution that leverages all three of these technologies to accurately and consistently determine what’s connected to the network. Conveniently enough, our own network monitoring solution makes use of all three. This includes SNMP Smart Scan, Ping Sweep and ARP Cache Discovery, among others, to provide IT pros with real-time network discovery.

Explore Your Own Network Topology

Network efficiency is an endless pursuit for IT pros. Generating and exploring network topology maps is a best practice aimed at optimizing efficiency by gaining a deeper understanding of the network.

Virtualization and the prevalence of connected mobile devices create a constantly shifting landscape that’s hard to monitor. That’s why automatic network discovery is vital for accurate monitoring. It identifies and corrects bottlenecks that might be restraining your network and application performance.

Layer 2 and Layer 3 discovery methods should be employed to identify every device and its role. Layer 2 protocols are used to discover interconnecting links and port-to-port connectivity, while Layer 3 protocols help discover neighboring devices.

One efficient Layer 3 solution is management software that queries SNMP-enabled devices, then builds an internal database based on the information it discovers. It’s able to build an accurate network map, including device location, attributes and key role.

Another Layer 3 solution is to use active probes that scan through the network and transmit device data back to a tool using a different and secure channel.

Ipswitch WhatsConnected is a discovery tool focused on understanding everything on your network by using both Layer 2 and Layer 3 solutions. It allows for easy device discovery as the network grows and shifts, both with new physical devices or software assets.

Don’t Neglect Link Layer Discovery Protocol

While Layer 3 discovery methods are needed for dynamic networks, Layer 2 protocols have a tendency to be proprietary. Examples include Cisco CDP and Nortel NDP. These different protocols make Layer 2 discovery difficult. As such, the Link Layer Discovery Protocol (LLDP) was created to streamline discovery in these situations.

We recommend enabling LLDP globally on your network to standardize topology. This is vital for businesses with multi-vendor networks. LLDP protocols provide crucial device information to neighboring devices, which is useful to Layer 3 discovery protocols.

WhatsUp Gold uses LLDP and SNMP, along with ARP Cache discovery, to move through every interconnected device and form a comprehensive view of everything on the network, even if there has been no recent traffic or the device is in a blocked state.

IT managers who yearn for automatic discovery of their networks hopefully should benefit from these best practices. In our next blog about best IT practices, we’ll look at network mapping. Discovery and mapping work hand-in-hand, making understanding both a powerful asset.

>> Once you’ve discovered what’s on your network you’ll need to manage that inventory and related configuration changes. Tune-in next Tuesday December 8 for a webcast at 2pm US ET when Michael Roth, senior systems engineer at the University of North Georgia, will share his best practices for effectively managing network inventory and configuration changes.

web promo

Related articles:

Network Ninja: Why Should You Care About Device Roles?

Noble Truth #8: Save Time with Automatic Discovery & Dependency Mapping

Warehouse

When you think of best practices in IT, what comes to mind first? Maintaining a very solid security posture? Sure, that’s a big one. But what about IT asset management? (Or IT inventory management, as the case may be.) If you don’t know what’s attached to you network you’re likely a lot less secure than you think.

Where are your laptops?

Early last year Coca Cola announced that personal information belonging to 74,000 employees, contractors, and suppliers had been compromised. This massive loss of data wasn’t the result of a malware attack or a determined hacker. Instead, the information was accessible through a number of laptops lacking encryption controls that had been stolen by a single employee.

The employee’s responsibility at the company had been to maintain and dispose company laptops after reaching their lifespan. Unfortunately for Coca Cola, employees whose information was accessible on the unencrypted laptops sued the company a few months after the loss was revealed. Laptops are just the start. Looking across your entire network you need to have strong IT asset management in place for all of the following:

  • Routers
  • Switches
  • Servers
  • Hosts
  • Firewalls
  • Applications
  • Services
  • Operating systems

IT Asset Management: Why It Matters

The story about Coca Cola’s stolen laptops should serve as a warning to companies of all sizes. IT asset management isn’t easy to do. For one thing, devices like laptops and smart phones are on the move with the people who use them. And people are as imperfect as the technology itself. At the end of the day, if you have the following three pieces of information in hand you can truly get to know your network a lot better, and secure your data more effectively:

  1. Detailed physical connectivity
  2. Asset or device type
  3. Configuration information

Aside from the issue of security, IT asset management is vital for a number of reasons. Are you thinking about upgrading or purchasing new software and equipment? How are you going to do that if you don’t know what software or equipment needs to be bought or upgraded? Don’t forget about warranties on software and equipment. Do you know when the warranties or service agreements on your IT assets (be they hardware or software) are going to expire?

Troubleshooting is another area in which IT asset management comes in handy. It’s possible that the reason one of your routers isn’t working the way it should is because of another router that you didn’t even know existed. More importantly, you might be legally obligated to keep an up-to-date inventory of your IT assets. If you’re in an industry affected by FISMA, SOX, PCI DSS, or HIPAA, you will face legal penalties or fines for not complying.

How to Implement IT Asset Management

The size of today’s networks is enormous. How can you possibly track every asset connected to a network? The answer is “automation.”

A number of IT asset management software products discover and map network assets, then create an inventory which automatically updates when a device is reconfigured or its status changes. These software products collect the manufacturer and model ID, the serial number, hardware or software and firmware versions, chassis ID, module inventory, and all relevant data about the device’s hardware such as power supplies or fans.

What should you look for in IT asset management software? The solution should collect information across a variety of protocols and should function over a range of technologies. These include ARP, SNMP, SSH, Virtual Infrastructure Management, IP addressing, ICMP, LLDP, WMI, and Telnet.

Spoiler alert, we sell such a product called Ipswitch WhatsConnected.

Effectively Manage Inventory and Configuration Changes

Join us on December 8 at 2pm ET when Michael Roth from the University of North Georgia will share his case study during our webcast “Effectively Manage Inventory & Configuration Changes”. Michael is going to share how his university adopted automated IT asset management across its entire network including more than 500 servers. In this webcast Michael will share how you can do the following:

  • Discover the hidden challenges of inventory management
  • Explore the tools that transformed a time-consuming, semi-annual audit process to an automated, continuously updated process
  • Learn how the University can assess current system state across the whole institution, spread across five locations.

webinar-banner-tweet-dec8

Stay tuned for the next blog in our ongoing series on IT best practices, and let me know what you think about this one.

 

 

Most college students in the U.S. spent a good part of this month prepping and taking their fall midterm exams, and straining their campus networks as a result. IT teams who manage the campus network, however, are tested each and every day in subjects like BYOD and network performance. With the average student carrying around at least two wireless devices, campus networks are under pressure to deliver a sustainable and consistent online experience.  campus network monitoring

Our recent survey of 313 students attending U.S. colleges and universities found that 67 percent of students had a minimum of two to four wireless devices connected to the campus network at all times. Adding to this dilemma is the constant introduction of new mobile devices and wearables like the Apple Watch.

Not only are students more connected than ever before, but they are using these devices for bandwidth hoarding activities. The survey revealed that 63 percent of students spend one to four hours a day streaming media using services like Spotify, Netflix and YouTube. It’s becoming a constant battle for campus IT between being able to provide a positive user experience and maintaining network integrity.

Given the additional pressure that new technology is bringing to the campus network and the fiscal pressures for IT to do more with less, here are three steps for network administrators to consider:

  1. Increase your level of visibility. You can’t fix problems that you don’t know exist. With network performance monitoring you can rapidly respond with real-time alerting to fix problems quickly.
  2. Watch out for wearables. College students have high expectations for being able to use their shiny new wearable or mobile device of choice, whenever and wherever they want. It’s a generation with expectations for technology that is not going to change. Campus IT teams need to adapt. Or at least prepare to do so.
  3. Know your configuration. Who knows what’s on your big sprawling campus network? You can if you are able to manage network configuration. Compare what is running on your network vs. what is authorized to do so. You can also schedule regular configuration audits and get alerted when configurations have changed.

 

Today’s tale from the front lines of network management comes to us from an IT operations specialist who works at a British university.

mi_cerebro_es_electronico_1969His team supports a network used by more than 8,000 students, faculty and staff. His story was a long one so we’ll sum it up:

Lighting up Shadow IT: The IT operations specialist had been plagued by network and laptop issues. Students had been downloading torrent programs and other software that isn’t allowed. IT now knows who has downloaded what program and can share policy with those who skipped their class.

Keeping it cool: When there’s a power outage, a UPS system kicks in to keep the servers from frying. The IT team uses Application Performance Monitor to track the time remaining on the system so they can initiate scripts to shut down server groups based on importance and priority.

Dude, where’s my PC?: There are 350 PCs in the five story library for students to use but sometimes the students can’t find an available machine. The IT folks created custom SNMP monitors to track PC availability and display them on Layer 2 Maps. “We display these maps on TV monitors on each floor and color code the PCs as green, red or gray depending on the status.”

Get the max for the minimum: “WhatsUp Gold not only shows us the source of a network management problem so we can address it, but gave us more features than other products, at a lower price.”

 

 

Education IT systems seem to have a large target on their back these days.  According to an October, 2010 McAfee study, universities and colleges rank number 1 in the ‘Top 10 Riskiest Places to Give Your Social Security Number’.  Cyber crooks are attracted to the vast pools of personal data available on university and educational IT systems.  And unlike typical commercial organizations, universities and schools can’t simply lock the doors in the evening and feel assured that their network is somewhat secure.  Open buildings and computer lab environments complicate the physical security policies for these institutions.  As a result, “State schools and universities are among the most likely government agencies to suffer data breaches.”

Breaches seem to be a continuous part of the news headlines these days, but one article in particular caught my eye in the last few weeks.  In mid-January, a California city college notified more than 13,000 students and employees about a specific breach that was discovered in late November.  The breach was identified when the IT department found gaps in the data logs of a server that was located in a campus computer lab.  After investigating these gaps, they found a virus that had existed on the college’s system since 1999…more than a decade.  And during the investigation, they found transmissions that had been sent to Russia, China and several other countries; however the college hasn’t confirmed what type of data was sent in these transmissions.

As our schools add new devices to the network, making it more complex, it is harder to manage and control.  How can education institutions that are struggling to control costs mitigate these risks within their expanding networks while protecting their student and employee’s data?  Abnormal behavior often provides the best insight to network administrators needing prevent breaches and system failures. Cost-effective solutions exist that can help institutions watch their network for unusual behavior that may include:

  • Unconventional network traffic patterns
  • Unauthorized access attempts
  • Resource utilization spikes
  • Unauthorized configuration changes

To learn more about these IT Management best practices for Education, please listen to our latest webcast that provides insight into mitigating data breach risks or download our best-practice white paper.

In my current role I speak to a lot of network engineers trying to automatically map their network topology. Actually it’s more than that, they don’t just want to discover devices, the want a port level diagram of exactly how all their switches, routers, servers, workstations, phones, firewalls . . . you get the point. Some engineers I speak to practically ask:

“Can this tool provide a detailed topology and physical map illustrating the rack number and space in the rack for all the devices in my environment without configuring SNMP?”

Seriously? Really?? While I may be dramatizing a bit, the reality is that network engineers regularly walk into hostile environments where the responsibility for the documentation and organization of equipment on the network has been sorely neglected. In some cases these engineers are filling a role that never existed before so nobody took these responsibilities seriously, and in others . . . let’s just say their predecessor may have left in less than amicable circumstances. In these situations engineers need tools that will flexibly discover and map the environment by any means necessary and provide them with the information they need to make sense of this strange new world they’ve thrown themselves into.

I feel for these engineers. I’ve been one of those professional services road warriors walking into a new environment every week and seen everything from well organized, well labeled, cable managed, SAS 70 certified datacenters where the greatest risk is getting stuck in the mantrap or having your coffee confiscated when you accidentally carry it onto the raised floor, to the cable spaghetti general purpose wiring closets where copper network cables are picking up EMF cross-talk from 240V electrical wiring that was dangerously close to a leaky roof. That’s no dramatization, and the point I’m trying to make is no matter how well funded, organized, or configured an environment may be, without a map to illustrate the physical and logical relationships between systems every engineer I’ve met would be lost.

Getting those maps early on and keeping them updated is a critical part of every network engineer’s role and a tool that will automate the process of discovering and drawing those maps is invaluable. That said we can’t expect miracles, tool developers are not the brothers Grimm, there are no networking fairies that will console into all your switches while you sleep and enable SNMP/CDP. There’s always going to be some amount of legwork to enable the environment to tell you what you need to know and it will be an iterative and ongoing process to keep that environment properly configured, documented, and mapped. The tools that minimize that legwork and maximize the value of our efforts as engineers is something truly worthy of legend.

Enhanced by Zemanta

IT Automation

Each year sees an increase in the amount of IT tasks and operations that can be automated. 2011 will be no different, according to Ennio Carboni:

As the number of networked devices inside and outside the enterprise continue to explode – both in infrastructure (e.g. routers, switches and systems infrastructure supporting video, and wireless app delivery) and end point devices (especially mobile handhelds, tablets, and netbooks) – higher automation is necessary to maintain control of management costs. Equipment vendors, software publishers and end user IT organizations are embracing automation in many ways – building and deploying more intelligent network devices, using virtualization-led dynamic provisioning and configuration to meet variable demand profiles and attempting to build closed loop management systems that can react to infrastructure changes. We’ve seen this coming: technology replacing humans in the workplace – case-in-point, HP laying off 9000 workers from their datacenter services unit.

Configuration Management and IT Security

However, the rapid growth in the number and complexity of network devices does have its drawbacks. As networks grow, so do the vulnerabilities associated with their configuration and security. Analysts estimate that more than 60% of network outages are caused by manual configuration errors at an annual average rate of 30+ errors per device. This has tremendous impact on maintaining IT security and compliance with internal and external regulatory policies. As a consequence, analysts predict that configuration management and IT security tools will continue to see robust growth in 2011 (Check out slide 4.)

If your network is undergoing the growth now found across the board and you don’t already have a configuration management tool in place, 2011 is the year to change that. A good configuration management tool allows you to automate the process and reduce your chances of an outage, while also notifying you when and where an outage occurs so it can be rectified quickly with little downtime.

Although we are all familiar with budget cuts, this might ring close to home for the UK public sector, where on October 20 the government announced an intense review of public sector spending. However, given the less than ideal state of the international economy, working effectively within budget constraints is no less prevalent worldwide. Our Channel Manager, Steve Demianyk, provides some tips for the IT department under fire.

Tip #1 Make the most of the infrastructure you already own

Document port-to-port connectivity, ideally, with an inexpensive layer 2/3 discovery, mapping, and inventory tool. With a complete inventory in place, troubleshooting, auditing, and repurposing unused resources becomes easier.

Tip #2 Need more hardware? Consider moving to an internal cloud!

Ipswitch hasn’t purchased a single piece of hardware in the three years since we’ve moved to the internal cloud. Your first step in virtualization is to decide which serves to move to the cloud. Usually, supplementary servers like DNS, domain controllers, DHCP, and file and print servers are good places to start because they don’t take full advantage of the hardware on which they exist. Web servers, mail servers and small databases are also good candidates.

More complex servers can be virtualized, but this must be planned out carefully. Before virtualizing any server you should run a trending analysis and performance monitoring. You will want to measure processor use, memory use, storage, network traffic volume and disk I/O. An overloaded server should not be moved to the cloud in any case.

Tip #3 Look for ways to troubleshoot and resolve issues faster

Industries studies show that 80% of IT time and resources are spent on finding the problem, and only 20% is for fixing the issues. If you are running more than one network management solution you will have to manually examine multiple reports and interfaces to correlate information across various types of metrics. This can substantially lengthen mean time to resolution (MTTR), making the job much more difficult and time consuming. Look for an infrastructure management solution that will let you discover, map, monitor and manage the network devices, servers, applications, virtual resources, port-to-port connectivity, configuration settings and network traffic from a single console.

Tip #4 Ensure 24×7 health, availability and optimal performance of infrastructure and applications

Performance monitoring should be a routine task. This seemingly unimportant activity can minimize risks and increase the likelihood that network issues and bottlenecks are found early on. A network management solution with an all-inclusive console will make this job easier and more efficient.

Tip #5 Look for cost-effective solutions

They do exist. If you currently use one of the big four solutions you might want to reconsider your solution for the upcoming year. You can still have a solid IT management solution for a reasonable price, but you may have to sacrifice the bells and whistles. One might naturally look towards open source solutions, but configuration can be a nightmare and the risks are high: vulnerability, scalability, liability, lack of tech support.

As the Hitch Hiker’s Guide to the Galaxy puts it, “Don’t panic” (in the face of budget cuts). Just weigh your options and find ways to do more with less.

[blackbirdpie id=”1719513137545216″]

Thanks to Chris Hampton of Realtime Publishers we have a few tips to make your life as a network admin easier.

Through automation and other efficient methods of network management you can make yourself the ultimate resource for network status and configuration knowledge, while at the same time alleviating your stress points.

One way to help yourself is to utilize tools that save time. Why waste time with manual network topology documentation when ARP Cache Discovery and Link Layer Discovery Protocols can do that for you? They query your devices’ Management Information Database files and collect extensive info to assist in building a network outline that is up-to-date in near real-time.

Another important ability is staying in control. Know your network: what devices are on your network and where they are located. You should know device interdependencies and how they are affected by changes to the network. In order to do this it is a good idea to track all changes. Collecting up-to-date status information with powerful scheduled discovery checks will allow you to do this. A network management solution that offers device configuration management from a central location would be a great asset to you in this situation.

With such a tool you can also enhance your ability to keep the network available by pinpointing issues quickly and reducing downtime. Pinpointing becomes easier when you have a network management solution that automatically generates network maps and map views and can export these maps to documentation tools like Microsoft Visio. Easily-retrievable maps provide you with insight into a network’s overall design.

Once you have these abilities at your fingertips, daily network administration tasks are a cakewalk. Plus, you’ve succeeded in making yourself the ultimate resource.

When your business is growing so is your network. Even when business isn’t booming (thanks economy) your business’ infrastructure can be evolving too. What you need is a tool that can manage these changes for you.

Little known fact: 75% of network outages and performance issues are the result of misconfiguration error. No one wants that.

We don’t want that for you either — so we’ve developed a list of best practices to assist you with network configuration and change management.

Best Practice #1: Create standard configurations for each device classification, such as router, LAN switch, WAN switch, or ATM switch.

Best Practice #: Maintain the current running configurations for all devices and a set number of previously running versions – at least 3 to 5 previous working versions – it will really help with troubleshooting tasks.

Best Practice #3: Keep track of when configuration changes were made for auditing purposes – you might even think about setting up real-time alerts and notifications in this area.

Best Practice #4: Automate the execution of the scheduled tasks relating to current network configuration backups, startup configuration file backups and password change management for an individual device or across groups of devices to reduce errors and save time.

Best Practice #5: Document your network and configuration changes periodically.

Sounds like a lot to take care of? WhatsConfigured can automate these processes for you. With full integration into WhatsUp Gold, it can simplify your life and eliminate human errors. Tedious manual configuration tasks and solving misconfiguration issues in the dark can now be a think of the past with WhatsConfigured. Nightly configuration backups, bulk configuration changes, complete audit trails, and real-time alerts triggered by changes to configuration are just a few of the featured we’ve designed with you in mind.

Ever wonder how other IT professionals use WhatsUp Gold?

Marston’s, Britain’s largest brewer of cask beer, has a cool use-case story. The brewers were interested in growing their business to become known for more than great beer and pubs. They wanted their evolving clientele to know them for also providing a fun public WiFi hotspot and the place to play the latest internet-connect gaming products.

In order to do this they needed to not only enhance both front of house and back-office infrastructure but also improve communications and reliability of connection between the individual pubs and head office so they could start offering these new services to clients.

To achieve this, Marston’s took on the ambitious and innovative step of moving into the telecoms industry in its own right, allowing it to package and deploy its own customized services to various parts of the business.

But creating its own broadband network and taking responsibility for the infrastructure of its 500+ managed pubs meant that Marston’s needed to invest in a scalable networking monitoring solution to provide visibility across the new telecoms network and to help identify problems with hardware and connectivity.

Luckily, their partner, Level 8 Solutions, stepped in and recommended Ipswitch’s WhatsUp Gold.

This wasn’t Marston’s first experience with WhatsUp Gold. They’d been using within their head office for several years. They then deployed a separate WhatsUp Gold installation to monitor routers and WiFi hotspots installed at its managed pubs, as well as to support home workers also served by Marston’s Telecom.

 

“Using Ipswitch WhatsUp Gold, we are able to monitor the remote infrastructure installed at our estate of managed pubs across the country, ensuring that equipment is functioning correctly and that the connectivity we are providing through Marston’s Telecom is also performing as expected,” McMinn explained.

Plus sides to using WhatsUp Gold over other products like HP Insight were WhatsUp Gold’s clear and easy to follow feedback on the state of the network and the devices connected to it; its single point of view over the health of the network being monitored; and the clear visual guidance when a device encounters a problem.

As in . . . Green is Good, Red is Bad.

So what about you? Do you use WhatsUp Gold to monitor something even more interesting that beer? If you do, let us know about it in the comments!

WUG_Bell_300dpiWhatsUp Gold v14 Premium was recently added to the U.S. Department of Navy’s Application and Database Management System (DADMS) list. Previous versions of WhatsUp Gold have been on the list since v11. As a member of the DADMS list, WhatsUp Gold v14 Premium has been rigorously tested to ensure compliance with the Navy’s application reduction initiative.

Other members of the WhatsUp Gold Family are frequently used by government offices and Federal agencies. For instance, WhatsUp Gold Event Log Management Suite is not only used by the U.S. Navy, but also the Federal Aviation Administration (FAA), Department of Homeland Security, Department of Veterans Affairs (VA), and all branches of the U.S. military.

Having the newest and most up-to-date versions of WhatsUp Gold allows government organizations to be confident in the availability, health, and security of their critical infrastructures. It is our hope at Ipswitch to continue to provide powerful network management solutions that maintain the high standard of performance and adherence to regulations the U.S. Navy and other Federal branches have come to expect. WhatsUp Gold v14 Premium and WhatsUp Gold Event Log Management Suite continue this tradition.