Systems administration teams typically react to problems rather than proactively detect problems before they affect hundreds of users. Several factors contribute to the reactive nature of systems administrators, including insufficient IS staff resources, nonadherence to preventive procedures such as regular backups and periodic scanning of event logs, and inherent technological limitations. Systems management technology helps you proactively monitor, alert, and manage your discrete systems from one console or across multiple operating system (OS) platforms.
In most corporate IS environments with distributed systems, the IS manager's goal is to increase availability and reduce costs. Instead of managing only one or two centralized mainframe systems with few places to look for events or logs, the administrator has thousands of distributed servers and workstations that generate events. This situation requires enterprise-level systems management tools that can monitor, collect information from, report on, and manage devices to lower the cost of maintaining a distributed environment, increase its availability, and guarantee service levels.
You can choose from several systems management tools. Single-function tools solve only one or two systems management problems (e.g., capturing event logs, monitoring disk usage by user). You might be tempted to use single-function tools to solve your day-to-day problems, and these tools might be right for your environment's size. However, if you plan to expand your Windows NT environment, or if you need to integrate your systems management tools across OS platforms, you'll want to evaluate single-function tools for their ability to integrate into larger solutions. In this article, I'll focus on enterprise systems management packages that you can use to monitor your systems in an NT environment. These tools are fully functional and enable a variety of capabilities. I'll discuss the most common systems management solutions: framework solutions and vertical solutions.
Framework Solutions vs. Vertical Solutions
Framework packages give you the basic architecture and tools to create an enterprise systems management infrastructure and let you implement the framework details. These packages are typically platform independent. Most frameworks scale to large enterprises and might not be appropriate for your organization's size. Frameworks are difficult to implement and require a large amount of up-front planning and customization. You need to clearly outline what you want your systems management framework to accomplish before you spend time implementing it. Systems management vendors recognize the problem of implementing a framework without the resources to complete the implementation. Companies such as Computer Associates (CA) and Tivoli Systems have developed lightweight systems management solutions that are geared toward smaller enterprises with fewer than 1000 nodes.
Vertical solutions accommodate specific environments, such as NT, and they can provide you with some platform independence. These solutions are often ready to run out of the box, but they sometimes aren't customizable. Some vertical solutions aren't scalable, and you might have a hard time integrating them if you move from a platform such as NT to a platform such as UNIX, Novell, or MVS.
Framework and vertical solutions have advantages and disadvantages. Thus, you'll want to ensure that your systems management product can integrate or interoperate with other vendors' products. You need to carefully examine how complete the integration or interoperability is. Some vendors say their products integrate, when they've merely put an icon on another systems management console's menu.
| Tivoli Management |
Tivoli Systems * 770-350-4500 or 800-284-8654
Windows NT 3.51 or 4.0
| Unicenter TNG 2.1 |
Computer Associates * 516-342-5224
Windows NT 3.51 or 4.0
| PATROL 3.2 |
BMC Software * 800-841-2031
Price: $750 for Knowledge Modules
Windows NT 3.51 or 4.0
Important Systems Management Features
A robust enterprise-level systems management platform offers numerous management features. You'll find some of the advanced features (e.g., integration into a trouble-ticketing system), only in framework products. In general, systems management tools can collect management data as realtime or historic (or trending) data. You need to remember this distinction when you evaluate tools. Monitoring and alerting features have meaning only in realtime, but other features might work with both types of data.
Automated trouble ticketing. A systems management tool can send monitoring alerts to a trouble-ticketing system as part of the systems management product or when integrated with a third-party trouble-ticketing system. Automated trouble ticketing is valuable in Help desk environments, where the alerts generate a tracking process that support personnel can use to track problems.
Event correlation and automated response. Event correlation is taking events from various sources and correlating them for reporting or trouble-ticketing purposes. Automated response functions let you perform actions based on generated events (predetermined or system-generated events). For example, automatically restarting a service on an NT server that fails is an automated response. Event correlation and automated response are advanced functions that you might find only in framework products.
Help desk. Help desk functions include remote control, remote execution, and other tasks that front-line Help desk staff perform. Many systems management tools provide these functions.
Inventory and asset management. Inventory collection and asset management are ways to collect information about a network's devices. This information includes hardware and software configuration, and sometimes a machine's files. The system stores this information in a central repository so that an asset management application can track and analyze it.
License metering. Software license metering is the ability to track software usage in realtime and report on compliance with your current agreements. Most license-metering tools can restrict further access to applications if the license restriction is met.
Performance management for troubleshooting and capacity planning. In NT, performance management is the ability to log performance objects across multiple servers or workstations to a central repository. You can access this information later for performance management trending and analysis.
Security management. Security management encompasses user administration features. However, security management includes policy-based security configuration and enforcement, server hardening (i.e., file system access control list--ACL--management), and centralized auditing and reporting.
Service-level management. Enterprises have service-level agreements with their customers. These agreements dictate the type of service a user can expect, such as response time to problems. Systems administrators must monitor adherence to service-level agreements, and they often use systems management platforms to track downtime, determine time to resolution, and provide accurate reporting. This feature is common to trouble-ticketing systems.
Software configuration management. Software configuration management incorporates software distribution and includes managing the configuration requirements for various applications at the desktop and server. This function provides the ability to define centralized application configuration profiles for workstations to use in determining whether the workstations have the correct state or required file dependencies to run a set of applications.
Software distribution. Software distribution covers all aspects of moving bits between clients and servers. Some people place software distribution outside the realm of traditional systems management tools, whereas others consider this function integral to an end-to-end management strategy.
Systems monitoring and alerting. Systems monitoring and alerting is the ability to monitor server and workstation event logs, services, or performance metrics, and to send alerts if the system exceeds predefined thresholds. Advanced packages support additional monitors that are specific to NT's architecture. NT-specific features include the ability to monitor the state of domain trusts or the Windows Internet Naming Service (WINS) database.
User administration. In NT, user administration means augmenting User Manager's functionality with add-on services. These add-ons include policy-based account creation, account maintenance, and cross-platform user account synchronization.
| HP OpenView ManageX 3.0 and Desktop Administrator 4.0 |
HP * 650-857-1501
ManageX: $2995 for management console and performance monitor; $795 per managed server,
Desktop Administrator: $50 per client for a 1000-user license
ManageX: Windows NT Server 4.0 with Microsoft Management Console, 133MHz Pentium processor or better, 24MB of RAM, 20MB of hard disk space,
Desktop Administrator: Windows NT Server 3.51 or later, 133MHz Pentium processor or better, 32MB of RAM
| AppManager Suite 2.0 |
NetIQ * 408-556-0888
Price: Starts at $600 ($2500 console application)
System Requirements: Windows NT 3.51 or 4.0SQL Server, 32MB of RAM, 150MB of hard disk space
| LANDesk Management Suite 6.0, LANDesk Configuration Manager 1.5, and LANDesk Server Manager 3.0 |
Intel * 408-765-8080
LANDesk Management Suite 6.0: $6250 for 100 nodes
LANDesk Configuration Manager: $6500 for 100 nodes
LANDesk Server Manager: $995 per server
LANDesk Management Suite 6.0:
Management Server: Windows NT Server 4.0, 4MB of RAM, 80MB of hard disk space for the repository, 75MB of hard disk space for the management application
Other management servers: Windows NT 3.5 or later, 10MB of hard disk space, Software probe stations: 386 processor or better, 2MB of RAM, 20MB of hard disk space
LANDesk Configuration Manager:
Server: Windows NT 4.0 with Service Pack 3, 166MHz Pentium processor or better, 64MB of RAM, 2GB of hard disk space
Managed client: Windows NT or Windows 95, 486 processor or better, 8MB of RAM
LANDesk Server Manager:
Server: Windows NT 3.51 or 4.0, 486 processor or better, 4MB of RAM, 15MB of hard disk space
Console: Windows NT 4.0 or Windows 95, 486 processor or better, 16MB of RAM, 10MB of hard disk space
| Seagate Manage Exec 5.0 and Desktop Management Suite 3.0 |
Seagate Software * 408-438-6550
Manage Exec: $2499 for a 5-server license
Desktop Management Suite: $2377 for 100 nodes
Management server: Windows NT 4.0, 75MHz Pentium processor or better, 8MB of RAM, 35MB of hard disk space
Managed node: 5MB of RAM, 10MB of hard disk space
Desktop Management Suite:
Client: 240KB of RAM
Console: Windows NT 4.0 or Windows 95, 16MB of RAM, 6MB of hard disk space
Repository: Windows NT 4.0 or Windows 95, 16MB of RAM, 5MB of hard disk space plus 75KB of hard disk space per node
WinINSTALL: 70MB of hard disk space for 32-bit and 16-bit installers
Client: 4MB of RAM
Agents, Managers, and Repositories
Agents are key enablers of systems management tools. Agents collect the realtime and historic data that systems management tools use to provide functionality. Systems management tools use a variety of agent technologies to collect data on end nodes, including standards-based protocols and interfaces such as the Simple Network Management Protocol (SNMP), the Desktop Management Task Force's (DMTF's) Desktop Management Interface (DMI) standard, Microsoft's Windows Management Instrumentation (WMI) providers, or, more commonly, a proprietary agent that the tool's vendor developed.
When you evaluate systems management tools, ask about their agent technology for integrating events into other systems management tools. For example, if you need to send event information to an SNMP-based management tool such as HP OpenView, your systems management agents must support this format natively or through converters. You must understand how the systems management tool queries the agents, how often, and whether you can adjust this interval. A central server can poll agents at periodic intervals, or agents can automatically initiate communication with the server after certain thresholds are exceeded. The polling method can create significant network overhead if you have many devices, and it might not scale well. The threshold-based method is more scalable from a network perspective. However, if a device is unavailable, the device cannot report to the central server. Intelligent agents collect data on a given set of counters and act on their own (through predetermined criteria from the manager) to perform an action based on the data they collect. You'll realize the most benefit if you combine polling and threshold-based alerting.
Managers are applications that receive information from agents. A manager can be a console application that receives updates from agents while the manager is active, or a background process that collects information from agents and stores it for later access from the console application--a lights-out manager. Most systems management packages do not require a console to be constantly active to receive or act on agent information. But some events trigger pop-up notifications that require a console to be running.
Another feature of the standard systems management tool is the repository that keeps configuration information or historical data. You need to consider the repository's functionality when you choose a systems management tool. For example, Microsoft's Systems Management Server (SMS) and NetIQ's AppManager support only SQL Server as the repository for inventory and site configuration information. Other products support a variety of back-end database engines, including Sybase SQL Anywhere, Oracle, Informix, DB2, or their own proprietary relational or flat-file database format. If you choose a technology that doesn't fit your current database strategy, you might need to add database expertise to your organization. If your corporate standard is SQL Server and you choose a systems management tool that supports only Oracle, don't expect Oracle to manage itself just because it's part of the systems management tool. You'll need an experienced Oracle database administrator (DBA) to help manage the Oracle database.
Business Process Management
Many systems management vendors, especially framework providers, have embraced business process views of enterprise systems. Traditional systems management tools can tell you if a server or process is down. But modern distributed applications include services running on multiple servers on several OSs and using different databases and network devices. Business process management lets you monitor an application at a business function level and gives you the ability to locate problems in the application architecture. The three framework vendors I discuss in this article provide support for this powerful approach, which is gaining popularity because of its functionality.
A Little Help from NT
NT and the utilities in the Microsoft Windows NT Server 4.0 Resource Kit provide numerous tools such as Performance Monitor and Event Viewer to make basic systems management quick and easy. For example, NT's built-in tools let you easily manage a few boxes on a small network. But you can't use many of these tools to collect logs and generate meaningful alerts for hundreds of servers. In addition, if you want to integrate native NT tools' events into a systems management tool, you need to develop your own solutions to send data in a predictable format.
|Although enterprises have used NT for about 3 years, NT's systems management market is immature.|
SMS 1.2 and 2.0 (the current beta version) provide important enterprise systems management platform capabilities. For example, SMS provides advanced software distribution, inventory collection, and Help desk functions. However, SMS isn't a true systems management platform because it provides only a subset of typical systems management functionality, and it can't function as a standalone enterprise systems management solution. SMS doesn't provide robust realtime monitoring and alerting. Microsoft points out that SMS can integrate into larger framework products such as Tivoli Management Environment (TME) 10 and CA's Unicenter TNG.
Several products provide NT systems management functions. Although enterprises have used NT for about 3 years, NT's systems management market is immature. Many large companies don't yet have enterprise systems management solutions for NT, and others end up implementing several function-specific tools instead. If NT is to become the preeminent enterprise platform, possibly replacing UNIX and mainframe systems, systems management vendors will have to provide scalable, robust, NT-specific management environments. The following framework and vertical solutions attempt to meet this challenge.
Framework solutions. TME 10 is an open-standards based enterprise management framework that attempts to integrate multiple OS platforms into one management model. TME 10 has provided NT support in the form of NT-specific monitoring agents since 1995 and currently supports more than 20 OS platforms. Tivoli characterizes TME 10's deployment as some assembly required. Tivoli gives you the tools to manage your environment, but you must decide how to implement those tools. The TME 10 framework encompasses several modules, one of which is the Tivoli Enterprise Console. TEC is the collection point for Tivoli's management functions and provides one control point for managed nodes, whether on NT, Novell NetWare, or various UNIX flavors. You can run the TEC application on NT or UNIX.
The TME 10 Distributed Monitoring module provides agent services on Tivoli-managed nodes. Distributed monitoring gives you canned monitors for your NT environment, such as support for Performance Monitor counters, disk monitors (e.g., free space), file system monitors, and system resources (e.g., basic system availability). Distributed monitoring also helps you create your own monitors. Tivoli is now developing NT-specific Plus modules for TME 10 to specially monitor BackOffice products such as Microsoft Exchange. You can also find supporting modules for other systems management functions, such as software distribution, inventory, user administration, security management, and remote control. Tivoli provides integration services for other third-party systems management tools, including SMS and Remedy Help Desk. IBM now owns Tivoli, so Tivoli has added NetView to round out its systems management tools with network management functions.
Unicenter TNG 2.1 is CA's framework for delivering systems management tools that embrace the distributed world, including NT, UNIX, and NetWare. Unicenter's architecture includes the Real World Interface (RWI), a 2-D and 3-D based console that lets you use real-life objects to visualize your network and lets you manage systems through Web interfaces. Unicenter agents are intelligent and hierarchical. A node can have several subagents that monitor specific applications or system-level functions and that report to a manager agent in the node. The manager coordinates activities between the subagents. CA also provides a set of APIs, the Agent Factory, that you can use to develop your own agents. For NT, CA supports end-node management via DMI or the Web-Based Enterprise Management (WBEM) model or computer-integrated manufacturing (CIM) management model. Unicenter supports auto-discovery of devices and applications, similar to network management platforms' auto-discovery of routers and hubs. CA provides numerous modules to augment Unicenter's basic alerting and reporting mechanisms, including software distribution, Help desk functions, Web server management, security management, desktop configuration management, and performance management.
BMC Software's PATROL 3.2 offers complete systems management geared toward application and data management. The architecture includes intelligent, autonomous agents that reside on each managed node and can act independently of a console application. Knowledge Modules (KMs) are plug-ins that provide product-specific management functionality. You can get a KM for applications such as Oracle, SAP, and NT. NT's KM lets you monitor resources such as event logs, CPU usage, physical disks, printers, security, and services. BMC provides several console applications to monitor and configure agents, including an operator console to monitor your managed environment and a developer console to monitor and configure agents and KMs. Plus, the developer console provides full knowledge module development capabilities, so you can create your own. Operator and developer are two different modes of the same PATROL console. There are native NT and UNIX versions of the console, both of which supply operator and developer modes. You can use BMC's PATROLWATCH for Windows to monitor agents from an NT or Windows 95 system. You can also use PATROLWATCH for Web Browsers to display management information to browser-based users. This feature doesn't let users manage devices but gives them a read-only view of management information. PATROLWATCH for Web Browsers supports Netscape and Internet Explorer (IE) 3.0 clients. PATROL also includes Pathfinder, which enhances Microsoft Explorer to give you access to BMC management objects, similar to file system object access. BMC offers PATROLVIEW modules that let PATROL-based agents deliver event information to other leading vendors' frameworks, including TME 10. You can thus use BMC's agent architecture with another framework's console.
Vertical solutions. HP OpenView offers a suite of products for managing your NT environment. HP established close ties to Microsoft to integrate products around SMS and the Microsoft Management Console (MMC). The main component of OpenView's architecture is the ManageX application. HP acquired ManageX from NuView late last year. ManageX is one of the first MMC-based systems management tools. It includes snap-in modules for functions such as NT event log notification, Performance Monitor logging to a SQL Server database, user administration, service monitoring, and capacity planning. It also provides a set of intelligence policies, which are canned scripts for managing many BackOffice products, including Exchange, Internet Information Server (IIS), and SQL Server. You can extend and create your own policies with JScript or Visual Basic Script (VBScript). ManageX can act as a midlevel manager, reporting events to your UNIX-based OpenView console.
In addition to ManageX, OpenView provides Desktop Administrator, a complementary NT application. Desktop Administrator is based on the Norton Administrator for Networks, which HP also acquired late last year. Desktop Administrator provides inventory and asset management of end nodes, software distribution capabilities, license metering, remote control, and an enhanced interface for easily creating NT system policies. Desktop Administrator has console application and agents, but MMC hasn't yet integrated the product.
NetIQ is a new NT systems management company. NetIQ developed AppManager 2.0 specifically to manage NT environments. AppManager's modules integrate into a central console application that uses SQL Server as its repository. These modules monitor NT Server and Workstation services and event logs, as well as application-specific events for Microsoft products such as Exchange, SQL Server, SMS, IIS, Microsoft Cluster Server (MSCS), and Microsoft Transaction Server (MTS). AppManager includes a module that supports Compaq Computer's Insight Manager and that lets Insight alerts go directly to the AppManager console. Many BackOffice components have modules that provide agents that reside on the managed nodes and collect information about Microsoft products. Visual Basic for Applications (VBA) scripts, known as knowledge scripts, drive the agents. These knowledge scripts direct agents to collect the appropriate information. You can write knowledge scripts to monitor any aspect of the NT environment. The scripts can monitor events in realtime or collect historical information for future analysis. AppManager stores historical information locally to the managed nodes in a small Microsoft Jet database. Agents are intelligent and autonomous and don't need the console application to record and act on events.
AppManager exposes management information through Active Server Pages-based Web pages for access from a browser. Unlike more full-featured products I discuss, AppManager is geared specifically for event management, alerting, and performance monitoring. It contains no software distribution, asset management, or desktop management functions.
Intel offers several products to help manage your NT and NetWare environments. Intel LANDesk Management Suite 6.0 is an all-inclusive product that provides some redundant functionality to the LANDesk Configuration Manager 1.5 and LANDesk Server Manager 3.0. Management Suite includes software distribution, license metering, inventory, remote control, server monitoring, and Performance Monitor logging from one console. Management Suite tightly integrates into NetWare, although all management components can run on NT or Win95 systems. Management Suite provides support for discovering and describing DMI enabled systems, and provides full-featured integration to management frameworks such as TME 10 through the industry standard multiplatform management (MPM) specification.
LANDesk Configuration Manager is an in-depth software configuration management tool for managing desktops. Configuration Manager's LANDesk Service Agent can be software or hardware based, via BIOS or NIC ROM. Configuration Manager manages all aspects of desktop distribution, including BIOS upgrades, remote OS installations, and application installation. Configuration Manager and the Service Agent intervene at system boot-up to perform configuration actions. Configuration Manager's strength is managing the desktop at a hardware level independent of the OS or any applications on the system.
LANDesk Server Manager and Server Manager Pro provide software-based or software- and hardware-based (with the Pro version) monitoring, alerting, and performance logging to augment Management Suite's server monitoring functions. The Pro version includes an ISA-bus-based Emergency Management Card that provides hardware-independent, low-level monitoring of server characteristics such as remote reboot, out-of-band remote control, temperature and voltage monitoring, and alerting via pager and email. The card also includes a battery backup that lets you manage the device out-of-band when the server is down, if you have a modem connection to the card.
Seagate Manage Exec 5.0 provides NT and NetWare-based systems management tools, replacing LanAlert, which relied on NetWare servers. Manage Exec provides agents for monitoring Performance Monitor counters; event logs; historical logs of performance data; and system resources such as disk space, memory, and open files. Agents use threshold-based alerting to eliminate network-intensive polling, and they report events to designated alert servers in the Manage Exec domain. Manage Exec detects failed NT services and automatically restarts them. The alert servers can forward events via SNMP to other third-party systems management applications such as TME 10, Unicenter TNG, and HP OpenView. Manage Exec integrates and uses third-party remote control applications from the console. (Currently, Manage Exec supports only Funk Software's Proxy application.)
Seagate Desktop Management Suite 3.0 provides additional application and desktop control. Desktop Management Suite includes WinSMART 3.0, a software metering product; WinLAND 4.0, an inventory tracking application that includes Year 2000 hardware and software testing capabilities; WinINSTALL 6.0, the familiar installer tool that includes software distribution functions, workstation cloning capabilities, SNMP alerting, and integration with Unicenter TNG and TME 10; Backup Exec 7.0, for managing backups across NT and NetWare servers; virus protection via McAfee VirusScan or normal data virus control; and remote control. Manage Exec and Desktop Management Suite are not integrated into one console but instead rely on standards-based mechanisms such as SNMP to forward events to a common console application.
Ease Your Workload
You have many options for managing your NT environment. Solutions range from complex multiplatform frameworks to focused vertical solutions. To find the right solution for your environment, consider your needs. Choose the solution that combines the features you need, the integration ability you want, and the level of implementation complexity you can support. You want a systems management solution that expands your NT system's capabilities without creating extra work to implement and maintain the systems management infrastructure.