NOC Slides

September 12, 2017 | Author: Anish Veettiyankal | Category: Proxy Server, Computer Network, Web Server, Web Browser, World Wide Web

Share Embed Donate

Report this link

Short Description

NOC Slides...

Description

Network Operation Center

CMS Info Systems Pvt. Ltd.

18/12/2009

Overview • • •

Introduction NOC Philosophy Available Tools

CMS Info Systems Pvt. Ltd.

18/12/2009

Introduction •

“A network operations center (or NOC, pronounced “nock”) is one or more locations from which control is exercised over a computer, television broadcast, or telecommunications network.”

CMS Info Systems Pvt. Ltd.

18/12/2009

Functions of a NOC • • • • •

Responsible for monitoring the network for alarms or adverse conditions (e.g. power failures, link failure) NOC staff analyze problems, troubleshooting, collaborate with other technicians on site. NOC tracks issues/problems until they are resolved. Problems not solved within a specified time frame can be escalated to the appropriate personnel. Standard Operating Procedures exists that detail how to remedy issues/problems.

CMS Info Systems Pvt. Ltd.

18/12/2009

NOC Philosophy • • • • • • • •

Automate everything Document everything Communicate as much as possible Know your resources Know your users Know your business Security cannot be an afterthought Plan ahead

CMS Info Systems Pvt. Ltd.

18/12/2009

Purpose • •

NOCs are dedicated to monitoring and coordinating network operations. This requires that the following functional areas are addressed:

Faults & Issues Configuration Management

Performance Monitoring

Policies

Security Management

Accounting

Communication

CMS Info Systems Pvt. Ltd.

18/12/2009

The Squid Caching Proxy

CMS Info Systems Pvt. Ltd.

18/12/2009

What is Squid? •

• • •

A caching proxy for – HTTP, HTTPS (tunnel only) – FTP – Gopher – WHOIS (Squid version 2 only) Supports transparent proxying Supports proxy hierarchies (ICP protocol) Squid is not an origin server!

CMS Info Systems Pvt. Ltd.

18/12/2009

Other proxies • •

Free-ware – Apache 1.2+ proxy support (abysmally bad!) Commercial – Netscape Proxy – Microsoft Proxy Server – NetAppliance’s NetCache (shares some code history with Squid in the distant past) – CacheFlow (http://www.cacheflow.com/) – Cisco Cache Engine

CMS Info Systems Pvt. Ltd.

18/12/2009

What is a proxy? •

•

Firewall device; internal users communicate with the proxy, which in turn talks to the big bad Internet – Gate private address space into publicly routable address space Allows one to implement policy – Restrict who can access the Internet – Restrict what sites users can access – Provides detailed logs of user activity

CMS Info Systems Pvt. Ltd.

18/12/2009

What is a caching proxy? •

Stores a local copy of objects fetched – Subsequent accesses by other users in the organization are served from the local cache, rather than the origin server – Reduces network bandwidth – Users experience faster web access

CMS Info Systems Pvt. Ltd.

18/12/2009

How proxies work •

User configures web browser to use proxy instead of connecting directly to origin servers – Manual configuration for older PC based browsers, and many UNIX browsers (e.g., Lynx) – Proxy auto-configuration file for Netscape 2.x+ or Internet Explorer 4.x+ • Far more flexible caching policy • Simplifies user configuration, help desk support, etc.

CMS Info Systems Pvt. Ltd.

18/12/2009

How proxies work (user request) • • • •

User requests a page: http://cmsinstitute.co.in/ Browser forwards request to proxy Proxy optionally verifies user’s identity and checks policy for right to access cmsinstitute.co.in Assuming right is granted, fetches page and returns it to user

CMS Info Systems Pvt. Ltd.

18/12/2009

Squid’s page fetch algorithm • •

•

Check cache for existing copy of object If it exists in cache – Check object’s expire time; if expired, fall back to origin server – Check object’s refresh rule; if expired, perform an If-Modified-Since against origin server – If object still considered fresh, return cached object to requester If object is not in cache, expired, or otherwise invalidated – Fetch object from origin server – If 500 error from origin server, and expired object available, returns expired object – Test object for cacheability; if cacheable, store local copy

CMS Info Systems Pvt. Ltd.

18/12/2009

Cacheable objects •

•

HTTP – Must have a Last-Modified: tag – If origin server required HTTP authentication for request, must have Cache-Control: public tag – Ideally also has an Expires or Cache-Control: max-age tag – Content provider decides what header tags to include • Web servers can auto-generate some tags, such as Last-Modified and ContentLength, under certain conditions FTP – Squid sets Expires time to fetch timestamp + 2 days

CMS Info Systems Pvt. Ltd.

18/12/2009

Non-cacheable objects • •

HTTPS, WAIS HTTP – No Last-Modified: tag – Authenticated objects – Cache-Control: private, no-cache, and no-store tags – URLs with cgi-bin or ? in them – POST method (form submission)

CMS Info Systems Pvt. Ltd.

18/12/2009

Implications for content providers • •

• • • • • • •

Caching is a good thing for you! Make cgi and other dynamic content generators return Last-Modified and Expires/CacheControl tags whenever possible – If at all possible, also include a Content-Length tag to enable use of persistent connections Consider using Cache-Control: public, must-revalidate for authenticated web sites If you need a page hit counter, make one small object on the page non-cacheable. FTP sites, due to lack of Last-Modified timestamps, are inherently non-cacheable. Put (large) downloads on your web site instead of on, or in addition to, an FTP site. Microsoft’s IIS with ASP generates non-cacheable pages by default Other scripting suites (e.g., Cold Fusion) also require special work to make cacheable Squid doesn’t implement support for Vary: tag yet; considers object non-cacheable Squid currently treats Cache-Control: must-revalidate as Cache-Control: private

CMS Info Systems Pvt. Ltd.

18/12/2009

Transparent proxying • • •

Router forwards all traffic to port 80 to proxy machine using a route policy Pros – Requires no explicit proxy configuration in the user’s browser Cons – Route policies put excessive CPU load on routers on many (Cisco) platforms – Kernel hacks to support it on the proxy machine are still unstable – Often leads to mysterious page retrieval failures – Only proxies HTTP traffic on port 80; not FTP or HTTP on other ports – No redundancy in case of failure of the proxy

CMS Info Systems Pvt. Ltd.

18/12/2009

Transparent proxying •

Recommendation: Don’t use it! – Create a proxy auto-configuration file and instruct users to point at it – If you want to force users to use your proxy, either • Block all traffic to port 80 • Use a route policy to redirect port 80 traffic to an origin web server and return a page explaining how to configure the various web browsers to access the proxy

CMS Info Systems Pvt. Ltd.

18/12/2009

Squid hardware requirements • • •

UNIX operating system (NT is not currently supported, nor has anyone announced work on a port) 128M RAM minimum recommended (scales by user count and size of disk cache) Disk – 512M to 1G for small user counts – 16G to 24G for large user counts – Squid 2.x is optimized for JBOD, not RAID

CMS Info Systems Pvt. Ltd.

18/12/2009

Installing Squid (overview) • • • • • • • • •

Get distribution from http://squid.nlanr.net/ Increase maximum file descriptors available per process before configuring Squid Run configure script with desired compile-time options Run make; make install Edit squid.conf file Run Squid -z to initialize cache directory structure Start Squid daemon Test Migrate users over to proxy

CMS Info Systems Pvt. Ltd.

18/12/2009

Squid distributions (versions) •

•

•

1.x and 1.NOVM.x – No longer supported – Entire cache lost if even one disk in cache fails – Doesn’t understand Cache-Control: tag – Other problems – Bottom line: don’t use them 2.0, 2.1, 2.2 – Redesigned disk storage algorithm much improved – Understands Cache-Control: tag – Better LRU/refresh rule engine – Supports proxy authentication – See documentation for full list of enhancements Recommendation: 2.1 is fairly stable, but move to 2.2 when 2.2STABLE released

CMS Info Systems Pvt. Ltd.

18/12/2009

squid.conf ACL example • • • • • • • •

acl manager proto cache_object acl localhost src 127.0.0.1/32 acl managerhost src 204.248.51.34/32 acl managerhost src 204.248.51.39/32 acl managerhost src 204.248.51.40/32 acl cawtech src 204.248.51.0/24 acl cawtech-internal src 172.16.0.0/16 acl all src 0.0.0.0/0.0.0.0

CMS Info Systems Pvt. Ltd.

18/12/2009

squid.conf ACL example • • • • • • •

acl SSL_ports port 443 563 acl gopher_ports port 70 acl wais_ports port 210 acl whois_ports port 43 acl www_ports port 80 81 acl ftp_ports port 21 acl Safe_ports port 1025-65535

• • • • • •

acl CONNECT method CONNECT acl FTP proto FTP acl HTTP proto HTTP acl WAIS proto WAIS acl GOPHER proto GOPHER acl WHOIS proto WHOIS

CMS Info Systems Pvt. Ltd.

18/12/2009

squid.conf ACL example • • • • • • •

http_access deny manager !localhost !managerhost http_access deny CONNECT !SSL_ports http_access deny HTTP !www_ports !Safe_ports http_access deny FTP !ftp_ports !Safe_ports http_access deny GOPHER !gopher_ports !Safe_ports http_access deny WAIS !wais_ports !Safe_ports http_access deny WHOIS !whois_ports !Safe_ports

• • • •

http_access allow localhost http_access allow cawtech http_access allow cawtech-internal http_access deny all

CMS Info Systems Pvt. Ltd.

18/12/2009

Kindly perform the Hands On Lab

CMS Info Systems Pvt. Ltd.

18/12/2009

Open Audit The Automation of Network Inventory

CMS Info Systems Pvt. Ltd.

18/12/2009

Necessity of Inventory Systems Ignorance is not a valid excuse for Network Administrators • Which systems are near the end of their warranty? • Which Towers contain model #*** video card? • Which IPs are in use and where? • How many licenses are left for X software? • Which systems don't have the MS security patch that was released yesterday?

CMS Info Systems Pvt. Ltd.

18/12/2009

Problems of Inventory Systems • •

Manual entry is Error Prone Especially in complex systems Budget restrictions Economic drought means cheaper solutions are that much more favorable

CMS Info Systems Pvt. Ltd.

18/12/2009

Manual Entry = Errors Excel Spreadsheets Benefits - query by column - MS ‘familiarity’ Disadvantages - manual entry - MS knowledge required - possible to overwrite data - file naming conventions & storage - MS advanced function can be dangerous

CMS Info Systems Pvt. Ltd.

18/12/2009

Origin of Open-Audit • •

•

Open Source http://winventory.sourceforge.net/ Mark Unwin had written a script to audit computers on a network, saw the need to extend it (to have a query-able web interface). In 2005 the project was originally released via the GPL (http:/www.gnu.org/copyleft/gpl.html ) wmi, vbscript, mysql & php

CMS Info Systems Pvt. Ltd.

18/12/2009

Free Software License •

Open-AudIT is licensed under the terms of the GNU General Public License Version 2 as published by the Free Software Foundation . This gives you legal permission to copy, distribute and/or modify Open-AudIT under certain conditions. Read the 'LICENSE' file in the OpenAudIT distribution or read the online version of the license for more details.

•

Open-audit is provided as is with no warranty of any kind, including the warranty of design, merchantability, and fitness for a particular purpose.

CMS Info Systems Pvt. Ltd.

18/12/2009

What do you get for free?

CMS Info Systems Pvt. Ltd.

18/12/2009

Open-Audit = Automation •

Overview Open Audit audits the hardware and software it discovers on your computers, and posts its findings to a MySQL database. From there the data is presented in a clean and readable form via a set of PHP web pages.

CMS Info Systems Pvt. Ltd.

18/12/2009

Automation = No typing errors!

CMS Info Systems Pvt. Ltd.

18/12/2009

Free: Automated data collecting • • • • • • •

Hardware Software Operating System Settings Security Settings Users and Groups Disk Usage Graphs Audit History

CMS Info Systems Pvt. Ltd.

18/12/2009

Free: Data Reports • • • • • • • • • • •

Operating System Type IE Versions Firefox Versions Memory Sizes Processor Types and Speeds Hard Disk sizes Software Keys Detected Network Servers Newly Detected Software Low Disk Space Systems not audited for xxx days

CMS Info Systems Pvt. Ltd.

18/12/2009

What's the catch?

CMS Info Systems Pvt. Ltd.

18/12/2009

Not Free: Cost of ownership Requirements: • Web server • PHP • MySQL • Secured installation

CMS Info Systems Pvt. Ltd.

18/12/2009

Not Free: Knowledge and Skills Q: We are a windows shop • A: XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. Q: No knowledge of PHP/MySQL • A: No configuration, easy to install Open Audit. Must possess basic sysadmin troubleshooting and problem solving skills. After all, it is a tool, not an employee.

CMS Info Systems Pvt. Ltd.

18/12/2009

How Open-Audit works Roles of Components: • Application resides on Web Sever • Domain Admin account to remote audit machines If there is no Domain admin account: • Local machine can have a scheduled job to regularly audit and send results to the server

CMS Info Systems Pvt. Ltd.

18/12/2009

Server installation: Linux Up and running in minutes (overview): • yum install httpd subversion mysql php php-mysql php-common • create database and user • svn co https://open-audit.svn..../trunk /var/www/open-audit/ • /etc/init.d/httpd start • /etc/init.d/mysqld start • Follow web install instructions

CMS Info Systems Pvt. Ltd.

18/12/2009

Server installation: windows Up and running in minutes (overview): • Download and install XAMPP & tortoisesvn • Create database and user • Grab a copy of Open-Audit from svn repository • Follow web based installation guide • http://server-address/open-audit/

CMS Info Systems Pvt. Ltd.

18/12/2009

Client installation •

No client installation is needed if all computers are on a domain and you have domain admin account Overview: • Scheduled task to run .cmd file on network share, network share has the audit.config file which points to the server • Windows audit with vbs script • Unix audit with shell script

CMS Info Systems Pvt. Ltd.

18/12/2009

Open-Audit : quick tour

CMS Info Systems Pvt. Ltd.

18/12/2009

Kindly perform the Hands On Lab

CMS Info Systems Pvt. Ltd.

18/12/2009

ManageEngine NetFlow Analyzer

CMS Info Systems Pvt. Ltd.

18/12/2009

Introduction • • • •

ManageEngine™ NetFlow Analyzer is a web-based bandwidth monitoring tool that performs in-depth traffic analysis using exported NetFlow data. NetFlow™ technology provides granular details about network traffic that has passed through an interface. NetFlow Analyzer processes this information to show you what applications are using bandwidth, who is using them, and when. Extensive graphs and reports make this information easy to analyze, and also help accelerate the troubleshooting process.

CMS Info Systems Pvt. Ltd.

18/12/2009

A Typical Setup •

•

NetFlow Analyzer Enterpise edition supports bandwidth monitoring and traffic analysis in distributed networks. A typical setup involves a Single Central Server and “N" number of Distributed collectors. Each of the “N" collectors reside near the routers at the remote location. The collectors collect & process the NetFlows from the routers and passes the compressed data to the Central Server through a secure https connection.

CMS Info Systems Pvt. Ltd.

18/12/2009

System Requirements Hardware Requirements The minimum hardware requirements for NetFlow Analyzer to start running are listed below. • 32 bit machine • 2.4GHz, Dual Processor • 4 GB RAM • 20 GB disk space

Software Requirements NetFlow Analyzer can be installed and run on the following operating systems and versions: • Windows 2003 server SP2 • Windows 2008 server SP1 • Windows Vista RedHat Linux •

Supported Web Browsers NetFlow Analyzer has been tested to support the following web browsers and versions: • Internet Explorer 6.0 and later • Mozilla Firefox

CMS Info Systems Pvt. Ltd.

18/12/2009

Prerequisites •

NetFlow Analyzer Central Server requires the following ports to be free

CMS Info Systems Pvt. Ltd.

18/12/2009

Installing and Uninstalling Installing NetFlow Analyzer Central Server

Uninstalling NetFlow Analyzer Central Server

Windows: • The Windows download for NetFlow Analyzer is available as an EXE file at http://www.netflowanalyzer.com/distributedmonitoring/download.html • Download the EXE file for the Central Server to your local machine, and double-click it to start installation. Follow the instructions as they appear on screen to successfully install NetFlow Analyzer on to your machine.

Windows 1. Navigate to the Program folder in which NetFlow Analyzer has been installed. By default, this is Start > Programs > ManageEngine NetFlow Analyzer EE Central Server . 2. Select the option Uninstall Central Server 3. You will be asked to confirm your choice, after which NetFlow Analyzer is uninstalled.

Linux: The Linux download for NetFlow Analyzer is available as a BIN file at http://www.netflowanalyzer.com/distributedmonitoring/download.html 1. Download the BIN file and assign execute permission using the command: chmod a+x .bin where is the name of the downloaded BIN file. 2. Execute the following command: ./.bin 3. Follow the instructions as they appear on the screen to successfully install NetFlow Analyzer on to your machine.

Linux 1. Navigate to the /_uninst directory. 2. Execute the command ./uninstaller.bin 3. You will be asked to confirm your choice, after which NetFlow Analyzer is uninstalled.

CMS Info Systems Pvt. Ltd.

18/12/2009

Starting and Shutting Down Starting as a Service

Shutting Down NetFlow Analyzer Central Server

Windows:

Windows: 1. Navigate to the Program folder in which NetFlow Analyzer has been installed. By default, this is Start > Programs > ManageEngine NetFlow Analyzer Central Reporting Server > Shutdown Central server 2. Alternatively, you can navigate to the \bin folder and invoke the shutdown.bat file. 3. You will be asked to confirm your choice, after which the NetFlow Analyzer server is shut down.

If you have chosen the Start as Service option during installation, NetFlow Analyzer will run as a service on Windows. Linux: 1. Login as root user. 2. Navigate to the \bin directory. 3. Execute the startAsDaemon.sh file 4. Then execute the command /etc/init.d/netflowanalyzer start • This starts NetFlow Analyzer as a service on Linux.

Linux: 1. Navigate to the /bin directory. 2. Execute the shutdown.sh file. 3. You will be asked to confirm your choice, after which the NetFlow Analyzer server is shut down.

CMS Info Systems Pvt. Ltd.

18/12/2009

Accessing the Web Client •

NetFlow Analyzer is essentially a bandwidth monitoring tool that uses Cisco NetFlow exports to analyze network traffic and determine bandwidth usage.

• 1. 2.

Once the server has successfully started, follow the steps below to access NetFlow Analyzer. Open a supported web browser window Type the URL address as http://:80 (where is the name of the machine on which NetFlow Analyzer is running, and 80 is the default web server port) Log in to NetFlow Analyzer using the default username/password combination of admin/admin

3. •

Once you log in, you can start managing devices exporting Cisco NetFlow, generate bandwidth reports, and more.

CMS Info Systems Pvt. Ltd.

18/12/2009

License Information NetFlow Analyzer comes in two flavors: • Evaluation Edition - collect, analyze, and report on Netflow data ( valid only for 30 days ) • Enterprise Edition - collect, analyze, and report on Netflow data from a maximum of n interfaces (where 'n' is the number of interfaces for which NetFlow Analyzer has been purchased) Once installed, NetFlow Analyzer runs in evaluation mode for 30 days. You can obtain a registered license for NetFlow Analyzer at any time during the evaluation period by contacting NetFlow Analyzer Support.

CMS Info Systems Pvt. Ltd.

18/12/2009

Upgrading your License •

1. 2. 3. 4. 5.

After obtaining the new license from AdventNet, save it on your computer, and follow the steps below to upgrade your NetFlow Analyzer installation: Log in to the NetFlow Analyzer Central Server web client Click License Management from Admin Operations Click the Upgrade License link present in the top-right corner of the screen In the License window that opens up, browse for the new license file and select it Click Upgrade to apply the new license file

CMS Info Systems Pvt. Ltd.

18/12/2009

Cisco® NetFlow Device Support Cisco Routers NetFlow is also supported by these Catalyst series switches: 45xx, 55xx, • 6xxx.

CMS Info Systems Pvt. Ltd.

18/12/2009

Other Vendors Some of the major vendors supporting NetFlow include: • Alcatel • Enterasys Networks • Extreme Networks - Does not support input/output interface, octets, or first and last times. • Foundry Networks • Juniper Networks - Does not support sampling interval attribute. First and last times are stored in seconds rather than milliseconds. Riverstone Networks - no native NetFlow support. However, Riverstone provides a converter that • translates the LFAP records from their devices into NetFlow.

CMS Info Systems Pvt. Ltd.

18/12/2009

Configuring Netflow Export on an IOS Device •

Follow the steps below to configure Netflow export on a Cisco IOS device.

Enabling Netflow Export Enter global configuration mode on the router or MSFC, and issue the following commands for each interface on which you want to enable Netflow: • • •

interface {interface} {interface_number} ip route-cache flow exit

CMS Info Systems Pvt. Ltd.

18/12/2009

Exporting Netflow Data •

Issue the following commands to export Netflow data to the server on which NetFlow Analyzer is running:

CMS Info Systems Pvt. Ltd.

18/12/2009

Verifying Device Configuration •

Issue the following commands in normal (not configuration) mode to verify whether Netflow export has been configured correctly

CMS Info Systems Pvt. Ltd.

18/12/2009

A Sample Device Configuration •

The following is a set of commands issued on a router to enable Netflow version 5 on the FastEthernet 0/1 interface and export to the machine 192.168.9.101 on port 9996.

CMS Info Systems Pvt. Ltd.

18/12/2009

Turning off Netflow •

Issue the following commands in global configuration mode to stop exporting Netflow data:

CMS Info Systems Pvt. Ltd.

18/12/2009

Getting Started •

Once NetFlow Analyzer Central server has been successfully set up and started in your network, the Collector can be started. The collector contacts the Central server for configuration setting information. The next thing to do is start receiving NetFlow exports from routing devices on your network.

•

As soon as you log in to the NetFlow Analyzer web client, you will see the Dashboard Collectors. The top 10 interfaces and the corresponding routers are shown in this display.

The All Devices option on the left panel is diviided into two tabs. 1. The Interface View which lists all the interfaces from which NetFlow exports are received 2. The Autonomous System View which lists all the autonomous systems configured with each router

CMS Info Systems Pvt. Ltd.

18/12/2009

Google Map View • •

•

Google maps feature lets you physically locate your network resources on a map. This enables network administrators to have a feel of how distributed their network is and more importantly in a quick and easy drill down to resource-specific information. Information on up to 3 top interfaces linked to a router is shown in the map. NetFlow Analyzer, by using google maps, lets you position your devices on a map for a graphical presentation. You need to obtain a Google API Key in order to set up this. The steps to obtain one is elaborated below.

CMS Info Systems Pvt. Ltd.

18/12/2009

IP Groups View •

Initially when no IP groups have been created, you will simply see a status message with the option to start creating IP groups.

•

The IP Group List shows all the IP groups that have been created so far. Click the View Description link to view descriptive information on all IP groups created. Alternatively you can click the View Description link against each IP group to view descriptive information on that IP group alone. Details such as Speed, IP Address, Port(Protocol), Associated Interfaces is shown.

•

Click the IP Group name to view traffic graphs specific to that IP group. From the traffic graph, you can navigate to see the top applications, top hosts, and top conversations in this IP group.

•

The IN Traffic and OUT Traffic columns show the volume of incoming and outgoing traffic in the IP group generated over the past one hour. You can click on the IN Traffic or OUT traffic bar to view the respective application traffic report.

CMS Info Systems Pvt. Ltd.

18/12/2009

NetFlow Traffic Reports •

NetFlow Analyzer generates traffic reports in real-time, as soon as NetFlow data is received from an interface.

•

The traffic reports in NetFlow Analyzer include information on: – Traffic Trends – Top Applications – Top Hosts – Top Conversations

•

Apart from these pre-defined reports, Custom Reports let you define criteria and generate specific reports on network activity. Consolidated Reports show you overall traffic statistics for an interface or AS as applicable. Troubleshooting Reports let you troubleshoot an interface using raw data directly.

CMS Info Systems Pvt. Ltd.

18/12/2009

Top Applications •

The Applications tab shows you the top applications and top protocols for the selected time period. The default view shows the Top ApplicationIN Report. This report shows the distribution of incoming traffic application-wise.

•

Choose between IN and OUT to display the application-wise distribution of incoming or outgoing traffic respectively.

•

The table below the graph shows the distribution of traffic per application. You can see what application caused how much traffic, and how much of the total bandwidth was occupied by that application.

Top Conversations Click on an application's name to see the Top Conversations that contributed to this application's traffic. Viewing Top Protocols Click the Protocol Distribution link to see the top protocols for the selected interface or IP group, in a new window. Top Hosts • The Source tab shows the top source hosts contributing to traffic in the selected time period. The default view shows the Top SourceIN Report. • The Destination tab shows the top destination hosts contributing to traffic in the selected time period. The default view shows the Top DestinationIN Report.

CMS Info Systems Pvt. Ltd.

18/12/2009

Admin Operations •

NetFlow Analyzer lets you perform many administrative tasks typical of an enterprise network administrator, such as managing a group of routers, handling different users, setting up alerts, etc.

•

Explore the following sections to know more about the administrative options available in NetFlow Analyzer.

CMS Info Systems Pvt. Ltd.

18/12/2009

Alert Profiles Management An alert profile is created to set the thresholds for generating alerts. The parameters to be set for creating an alert profile are; • Interfaces/ IP Groups / Interface Group - The list of interfaces/ IP Groups / Interface Group whose bandwidth utilization must be watched • Traffic pattern - The traffic to be watched - In Traffic, Out Traffic or a Combination of both • Application / Port(s) - You can watch the traffic through all the applications or from a particular application. Similarly, through a single port or a range of ports • Threshold Settings - It has 3 settings namely % utilization, no. of times, and duration. – % Utilization - When the utilization exceeds this limit, it is noted – No. of time - The number of times the utilization can be allowed to exceed the threshold before an alert is raised – Duration - The time period within which, if the threshold is exceeded the specified number of times - an alert is created(generated)

CMS Info Systems Pvt. Ltd.

18/12/2009

Schedule Reports It is a good idea to schedule reports to be run at non-peak traffic hours since generation of reports is a resource hungry process especially for large interface numbers. A Scheduler is configured to set the parameters for automating the generation of reports. The parameters to be set for creating a Scheduler are: •

• •

•

Source - The Interfaces or IP Groups which are the source of traffic. – Interfaces - The list of interfaces who's bandwidth utilization must be watched. One report will be generated for each interface selected. – IP Groups - The IP groups who's bandwidth utilization must be watched. One report will be generated for each IP Group created. Report Type - The type of report to be generated - Consolidated or Custom ( custom report option not available under "IP Groups") Report Generation Schedule - How and when the report is to be generated (e.g.) daily,weekly,monthly,or only once – Generate report on - This value determines the time when report is to the generated – Generate report for - This value determines the start and the end time for the report Email Address - This is the address to which the generated reports will be sent

CMS Info Systems Pvt. Ltd.

18/12/2009

User Management •

The User Management option lets you manage different users with varying access privileges. You can assign different users to different device groups and IP groups, and allow them to manage the assigned groups exclusively. You can choose from three types of users in NetFlow Analyzer - Administrator, Operator, and Guest. You can create any number of users of each type, and assign them to any number of device groups and IP groups.

CMS Info Systems Pvt. Ltd.

18/12/2009

Mail Server Settings •

These settings are important when e-mail notifications have to be sent for alerts generated and when Scheduled Reports have to be emailed.

CMS Info Systems Pvt. Ltd.

18/12/2009

Kindly perform the Hands On Lab

CMS Info Systems Pvt. Ltd.

18/12/2009

Monitoring Networks With PRTG Traffic Grapher

CMS Info Systems Pvt. Ltd.

18/12/2009

Why Monitoring Of Bandwidth and Network Usage Is Important ? •

•

• •

Today most businesses rely more or less on a computer and network infrastructure. So, the computer network's reliability and speed are crucial for these businesses to be successful, as well as an efficient use of the available resources. For the network administrator this means that he has to ensure his network's uptime, reliability, and speed – and the efficient use of the network. To do this, monitoring the network is inevitable. PRTG (Paessler Router Traffic Grapher) is an easy to use software that monitors bandwidth usage and many other network parameters via SNMP PRTG Traffic Grapher runs on a Windows machine in your network for 24 hours every day and constantly records the network usage parameters. The recorded data is stored in an internal database for later reference.

CMS Info Systems Pvt. Ltd.

18/12/2009

Base Features • • • • • • • • • •

Reliable network monitoring used by more than 100.000 users every day Supports data acquisition via SNMP Classifies network traffic by IP address, protocol and other parameters Works with most switches, routers, firewalls, and other network devices Easy installation with a few clicks on Windows 2000/XP/2003 Monitoring engine is capable of monitoring up to several thousand sensors A Freeware Edition is available for smaller networks Creates scheduled reports from the monitoring data Sends out alarms for failing or overloaded sensors Includes a built-in web server for remote access to the monitoring results

CMS Info Systems Pvt. Ltd.

18/12/2009

Supported Data Acquisition Methods • •

•

•

•

All common methods for network usage data acquisition are supported: SNMP: Simple Network Management Protocol is the basic method of gathering bandwidth and network usage data. It can be used to monitor bandwidth usage of routers and switches port-by-port as well as device readings like memory, CPU load etc. Packet Sniffing: The Packet Sniffer inspects all network data packets passing the PC's network card(s) and is able to classify network traffic by IP address, protocol and other parameters NetFlow: The NetFlow protocol is supported by most Cisco routers to measure bandwidth usage. Although being the most complex type to set up it is also the most powerful method suitable for high traffic networks and can also classify network traffic by IP address, protocol and other parameters. Note: Only with Packet Sniffer and NetFlow based monitoring it is possible to measure the traffic by IP address, and/or protocol. SNMP based traffic measurement is port-based only.

CMS Info Systems Pvt. Ltd.

18/12/2009

Windows and Web Based User Interface • • • • •

•

Monitoring data can be accessed via a Windows GUI and a web based front end Intuitive Windows user interface for data retrieval and configuration Integrated web server for remote access (no external web server necessary) Results are shown in various graphs and tables live data for last 5-60 minutes · x minute average for up to 48h · hourly averages for up to 60 days · daily averages for up to 365 days · Top Talkers, Top Protocols, Top Connections · Events Graphs and tables are always generated on-the-fly for live reporting

CMS Info Systems Pvt. Ltd.

18/12/2009

Internal Web Server • • •

Easy to use navigation allows to drill into the live monitoring results Fully "skinable" web interface using HTML templates (several default skins included) Web server supports public access (anyone can view the data) as well as authenticated access (username/password required) with multiple user account

CMS Info Systems Pvt. Ltd.

18/12/2009

Reports • • • •

Configurable reports (graphs and data tables) in HTML, RTF, XLS, TIFF or PDF format can be created on schedule or on demand Reports can be exported via email or saved to file x% percentile calculation for any percentile value, any interval, and any time frame Includes a billing system for bandwidth based billing

CMS Info Systems Pvt. Ltd.

18/12/2009

Notifications •

For each sensor individual email notifications can be configured that notify about · Errors (e.g. device is not reachable) · Reaching traffic limits (e.g. more than x MB transferred per day or month) · Reaching traffic or usage thresholds (e.g. more than 700kbit bandwidth for more than one hour)

CMS Info Systems Pvt. Ltd.

18/12/2009

SNMP Related Features • • • • • • •

Monitors any value that is accessible by SNMP (i.e. any given OID Object ID) Supports SNMP Version Versions 1, 2c, and 3 Supports 64 bit counters (for SNMP V2c and 3) Brings its own extensive OID database with many preconfigured SNMP settings (e.g. for CPU loads, disk usages, printer pagecounts, environmental monitoring, and many more) Supports Paessler SNMP Helper for easy access to several thousand performance counters on Windows based machines via SNMP MIB files can be converted into OIDLIBs to monitor any device that supports SNMP Various SNMP parameters (e.g. port, timeout) can be set by the user

CMS Info Systems Pvt. Ltd.

18/12/2009

Kindly perform the Hands On Lab

CMS Info Systems Pvt. Ltd.

18/12/2009

ManageEngine OpManager

CMS Info Systems Pvt. Ltd.

18/12/2009

ManageEngine OpManager Network Monitoring Software •

With the growing need for the network monitoring software in the IT industry, OpManager has been built to satisfy the needs of network administrators by monitoring servers, routers, switches, firewalls, printers, critical services and applications from a single console.

CMS Info Systems Pvt. Ltd.

18/12/2009

Network Monitoring •

OpManager discovers switches, routers and firewalls in the network during the network discovery automatically and monitors the critical parameters such as the traffic rate, error and discards rate, buffer hits and misses and so on. You can get the availability report of each port and interface. Using the Switch Port Mapper tool, you can get the list of devices connected to each port of the switch. You can also create your own views and draw the diagram to virtually represent your network and get the availability of the interfaces visually.

CMS Info Systems Pvt. Ltd.

18/12/2009

Server Monitoring •

OpManager allows you to classify devices as servers and desktops. This facilitates separating critical servers from end-user workstations and allows for more meaningful management. You can manage Windows Event Logs and Windows Services.

CMS Info Systems Pvt. Ltd.

18/12/2009

WAN Monitoring •

OpManager provides complete solutions for monitoring your WAN links. It checks for RTT, Latency and availabilty between the WAN links. The WAN monitor comes as an add-on feature.

CMS Info Systems Pvt. Ltd.

18/12/2009

Applications and Services Monitoring •

OpManager discovers and actively monitors services and applications running in the servers. Out-of-the-box support is provided for services such as Web, HTTPS, FTP, IMAP, LDAP, Telnet, MySQL, MS-Exchange, SMTP, POP3, WebLogic, etc., and applications such as MSSQL, MS Exchange, Oracle and Lotus. Special add-ons are available for monitoring Exchange 2000/2003/2007 and Active Directory Services.

CMS Info Systems Pvt. Ltd.

18/12/2009

URL Monitoring •

OpManager monitors your Web sites, both global URLs and URLs in the servers, and promptly notifies you when the host becomes unavailable.

CMS Info Systems Pvt. Ltd.

18/12/2009

Fault Management •

OpManager provides extensive solutions for monitoring Sylsogs, Eventlogs and current Processes running on the devices. OpManager detects faults in the network through periodical status polling and generates color-coded alarms for the faults. OpManager can also be configured to notify the administrator about the fault detected in the network.

CMS Info Systems Pvt. Ltd.

18/12/2009

Performance Management: •

OpManager measures the performance of the network hardware and software, such as the bandwidth, memory, disk and CPU utilization, and service response time by collecting data at regular intervals. These data are provided in the form of reports and graphs to the administrators. The threshold limits can be configured to pro-actively monitor the critical parameters in the managed devices.

CMS Info Systems Pvt. Ltd.

18/12/2009

Starting OpManager •

After installation, all the OpManager-related files will be available under the directory that you choose to install OpManager. This is referred to as OpManager Home directory. On Windows Machines • If you have chosen to install OpManager as Windows service, you will be prompted to start the service after successful installation. The Web Client is invoked automatically on installing as a Service. Enter the log-on details. The default user name and password is 'admin' and 'admin' respectively. To later start OpManager as a Windows Service, follow the steps below: 1. Click Start, point to Settings, and then click Control Panel. 2. Under Administrative Tools, select Services. 3. In the details pane, right-click ManageEngine OpManager and click Start. To stop the ManageEngine OpManager service, right-click the ManageEngine OpManager service in the Services window and click Stop.

CMS Info Systems Pvt. Ltd.

18/12/2009

Starting OpManager On Linux Machines 1. Log in as 'root' user. 2. Execute the StartOpManagerServer.sh file present in the /bin directory. 3. Once the server is started successfully, execute StartOpManagerClient.sh to start the client. In the displayed login window, type the User Name and Password and press Enter. • To stop OpManager running on a linux machine, execute the ShutDownOpManager.sh file present in the /bin directory. Type the User Name and Password in the Shut Down OpManager window and press Enter.

CMS Info Systems Pvt. Ltd.

18/12/2009

Connecting the Web Client 1. 2.

Open a JavaScript-enabled Web browser such as Internet Explorer or Mozilla Firefox. Type http://: in the address bar and press Enter. Here, is the name of the machine in which OpManager is running and is the port that you have chosen to run OpManager Web Server during installation.

[Note: If you have enabled SSL, connect as https:///: in the address bar and press Enter.] 3. Type the User Name and Password and click Login. The default user name and password are 'admin' and 'admin' respectively. •

Alternatively, if the OpManager server is running on Windows machines, you can start the Web client using Start > Programs > ManageEngine OpManager > OpManager Web Client.

CMS Info Systems Pvt. Ltd.

18/12/2009

Changing Ports in OpManager •

You will be prompted to change Web Server port during installation. You can change it after installation. • The script for changing the Web Server port number, ChangeWebServerPort (in Windows this will be a .bat file and in Linux, .sh file) is available under the /bin directory. The steps to change the port number are as follows: 1. Stop the OpManager server. If you are running OpManager as Windows service, stop the service. 2. Execute the script as follows: In Windows, ChangeWebServerPort In Linux, sh ChangeWebServerPort.sh Here, old_port_number is the port number you specified during installation and new_port_number is the one where you want to run the Web server. 3. Start the OpManager server.

CMS Info Systems Pvt. Ltd.

18/12/2009

What Should Be Monitored? Following are the components of networks that are considered critical: • WAN Infrastructure: Routers, WAN Switches, Firewall, etc. • LAN Infrastructure: Switches, Hubs, and Printers. • Servers, Services, and Applications: Application Servers, Database servers, Active Directory, Exchange Servers, Web servers, Mail servers, CRM Applications, etc. • Host Resources: CPU, Memory, and Disk Utilization of critical devices. • Critical Desktops and Workstations.

CMS Info Systems Pvt. Ltd.

18/12/2009

How Frequently Should I Monitor? The general practice is to monitor critical devices more frequently than non-critical devices. Given below are the recommended monitoring intervals for small and medium-sized networks (up to 1000 devices): • Routers and Critical Servers: 10 minutes • Switches, Hubs, and Printers: 10 - 20 minutes • Critical Services like Exchange, Active Directory: 10 - 20 minutes • Desktops and Workstations: We recommend turning off monitoring for desktops and workstations to reduce the amount of network traffic generated by OpManager. This is done by removing selection for Desktop category in Admin > Monitoring Intervals. Alternatively, monitor them less frequently, say for every hour or 30 minutes. If there are a few critical workstations that you want to monitor, you can turn on monitoring for those devices individually.

CMS Info Systems Pvt. Ltd.

18/12/2009

Using Quick Configuration Wizard You can also use the Quick Configuration Wizard to associate a service to several devices at one go. Here are the steps: 1. From the Admin tab, select Quick Configuration Wizard. 2. Select the option Associate a credential to several devices and click Next. 3. All the available Credentials are listed. Select the Credential which you want to associate to your devices. 4. Select the devices to which you want to assign the credential from the column on the left and move them to the right. 5. Click Finish. The Credential is associated to the selected devices.

CMS Info Systems Pvt. Ltd.

18/12/2009

Discovering Networks Using OpManager • • • • •

Discover a range Discover a complete network Discover by Importing from a file Import the Devices into OpManager Discover Individual Devices

CMS Info Systems Pvt. Ltd.

18/12/2009

Customizing Dashboards •

Customizing Dashboard feature in OpManager helps you to create your own dashboard and view the desired performance metrics, reports etc at-a-glance.

CMS Info Systems Pvt. Ltd.

18/12/2009

List View •

The List view (Maps-> -> List View) lists all the devices of a category along with their Status, IP Address, Type, % of CPU utilized and % of memory utilized in order to have a quick look at the current status and workload handled by the devices.

CMS Info Systems Pvt. Ltd.

18/12/2009

Google Maps •

OpManager allows you to integrate Google Maps and place the devices on the maps according to the geographic distribution.

CMS Info Systems Pvt. Ltd.

18/12/2009

Alerts Managing Faults in Network There can various types of faults in a network. With the network health depending on various resources like the system resources, services, network connectivity etc, getting to the root of the problem is simplified when the monitoring solution raises meaningful alarms. OpManager helps you identify the fault quickly with its detailed alarms indicating the resource that is poorly performing in the device . The different types of OpManager alarms include: • Status-poll Alarms (device, service, interface, port down alarms). • Threshold-based alarms for host resources, response times etc proactive monitoring. • Alarms from SNMP Traps. • Windows event logs based alarms. OpManager monitors the resources for availability and performance and triggers alarms for all the criteria mentioned above. These alarms can also be sent as email or sms alerts from OpManager.

CMS Info Systems Pvt. Ltd.

18/12/2009

Configuring Notifications •

When a fault is detected in your network, an event occurs and multiple events correlate to trigger an alarm. You can configure OpManager to notify the network administrator or perform automatic actions based on the alarm raised for a device. The different types of notifications available are: • Email Alerts • SMS Alerts • Web Alerts • Run a Program • Run a System Command

CMS Info Systems Pvt. Ltd.

18/12/2009

Configuring Mail Server Settings •

OpManager allows you to configure e-mail alerts and SMS alerts to get notified on the fault in your network. By default, OpManager sends the mail to the mail server specified in the email notification profile. To configure the SMTP server settings globally and to provide the secondary mail server settings, follow the steps given below: 1. Under the Admin tab, click Mail Server Settings. 2. Enter the SMTP Server name and Port number. 3. Select Requires Authentication and enter the User name and Password details, if the server requires authentication to send e-mail. 4. Configure the From and To Email ID fields.

CMS Info Systems Pvt. Ltd.

18/12/2009

Reports •

The information on the entire network configuration management process in your enterprise is presented in the form of comprehensive reports • It provides over 12 reports under four categories: 1. Network Reports 2. Configuration Reports 3. User Reports 4. Policy Compliance Reports

CMS Info Systems Pvt. Ltd.

18/12/2009

NOC Slides

Short Description

Description

Comments

We need your help!