LANology's Network Monitor

Network monitoring is an important aspect of any well-run network. With the Internet's increasing popularity, TCP/IP-based monitoring systems are becoming more valuable and necessary every day. LANWARE, an affiliate of LANology, offers Windows NT users a new product, NTManage, to monitor systems. With such a product, you can improve the security and increase service uptime for most enterprise networks. Both these improvements lead to monetary savings.

How can a network monitor increase your security effectiveness? Well, most network break-ins occur on inadequately monitored networks, and a monitoring service can help you discover intrusion attempts when they begin instead of after it's too late to stop them. Denial-of-service attacks, in which hackers bombard services with traffic and requests until the services can no longer handle the load, are common on the Internet. NTManage can detect an overloaded, nonresponsive service, and take offensive action toward remedying the situation. Suppose an intruder accesses a service at a command level and simply issues commands to bring the service down. A good network monitor can restart non-responsive or stopped services automatically, hindering an intruder from keeping them down or offline.

Service uptime is a huge concern in any network environment. One area to watch is preventing services from crashing and locking up a server on a weekend or after hours. Downtime at the wrong time means your network administrators spend their off hours working on your network, which costs your firm money in overtime expenses.

Service uptime and availability is often a direct reflection of your business. With so many businesses adopting Internet technologies such as email and Web servers as tools of commerce, people expect those services to be available when they need to use them. You don't want a hot prospect sending your sales staff important email, only to have that email bounce back to the prospect because your mail server was down all night or all weekend. And likewise, you don't want to spend money advertising your Web address only to find your Web server was down during the ad campaign. NTManage can help eliminate these possible fiascos. Let's look at NTManage and what it can do for you and your network environment.

NTManage is a TCP/IP and Simple Network Management Protocol (SNMP)-based monitoring system that notifies administrators about network problems through onscreen, email, and paging interfaces. The product also includes rules-based error reporting and notification that can spawn an application, run a separate Visual Basic script per device monitored, page or email an administrator, and write the errors to a log file.

NTManage supports SNMP 1 Management Information Bases (MIBs), and fortunately, most major software and hardware manufacturers support SNMP 1. SNMP 2 support is expected in NTManage's next update. The SNMP protocol requires a MIB for each device it manages to understand what management features and functionality the particular device supports. The software ships with several generic MIB types for monitoring and controlling devices and NT services, largely without requiring a product-specific MIB. NTManage has a built-in MIB manager and a MIB compiler and ships with several MIBs for common network services, including Dynamic Host Configuration Protocol (DHCP), FTP, Gopher, HTTP, Windows Internet Name Service (WINS), Gateway, Systems Management Interface (SMI), Microsoft Internet Information Server (IIS) MIB, LAN Manager MIB-2, and MIB-2.

The product sports a nifty split-screen, graphics-based network-monitoring display that looks like a cross between NT's Perfmon and Network Monitor. The difference is that the monitor is built into NTManage for quick access and can graph data from remote SNMP devices. You can view total bandwidth utilization, network traffic errors, and various packet counts for a given remote device.

NTManage includes configurable menu entries for quick access to external TCP/IP utilities such as whois, ping, traceroute, telnet, FTP, and command scheduler. Also, the product has a built-in IP address-assignment database for tracking enterprisewide IP usage.

Four features in particular make this product shine. First, if your network services, such as a SQL server or a mail server, run on an NT server or NT workstation, NTManage can attempt to restart a failed service across the network. NT servers monitored on the network map (created using NTManage to monitor your network devices) export all services to NTManage so that if a service fails, NTManage can attempt to restart it. If NTManage cannot restart the service, it generates an error condition that follows the rules-based error reporting you've defined. For example, if your SMTP mail server runs as an NT service and fails, NTManage will try to restart the NT service automatically. If the restart fails, NTManage will report the error using the methods and rules specified in the configuration for that device.

Second, you can instruct NTManage to cleanly shut down and reboot an NT server or NT workstation from a remote monitoring location. NTManage runs as a desktop application, which means it inherits the security policies of the user who is currently logged on to the system. For the remote service restart and system reboot features to work, the user must have Administrator rights.

Third, NTManage has an auto discovery feature that can scan ranges of IP addresses to locate all listening devices and their associated services. Auto discovery works across routers and into subnets.

Fourth, NTManage has an auto mapping feature. It builds a network map based on the information collected by the auto discovery feature.

Installation and Configuration
The installation process was smooth and straightforward. Once I installed the version 1.0 software, I easily launched it from the NT 4.0 Start menu, where the installation program placed the software's folder. The software runs on Windows NT 3.51 and 4.0, if you've installed the SNMP networking components.

The user interface for NTManage is similar to NT Explorer's, with a split-screen view that shows devices in a tree structure in the left pane and the graphical network map in the right pane. The tree structure keeps everything highly organized, so you can design a network map with an unlimited number of hierarchies or submaps. To navigate to maps, submaps, and devices, scroll through the tree structure in the left window pane and select the item from the list.

You can monitor any TCP/IP- or SNMP-enabled device. NTManage's interface makes manually building a network map easy, or you can use auto discovery and auto mapping to complete the task. I built my map manually during this evaluation, but I tested the automatic features and found them to be quick and accurate. When you build a map manually, drag-and-drop procedures let you create the network map quickly. To add items to the map, select the item icon type from the toolbar's speed buttons; then point and click on a blank spot on the map where you want the icon placed. If you decide to move the icon later, drag it to its new location. You can quickly link objects with representational lines by clicking on the first object, holding down Shift while clicking on the second device, and selecting Link Objects from the pop-up menu. If you reposition an object on the map, the connecting lines also will move automatically.

NTManage classifies nine basic categories of network map and submap objects: bridges, computers, hubs, printers, repeaters, routers, submaps, switches, and terminal servers. For each category, you can define numerous icons to represent the network device, and the user can add icons. NTManage ships with numerous icons in place for most popular brands and types of network devices, from Cisco routers to Windows 95 machines.

Each network map object has a set of adjustable properties: Device Info, SNMP/NT, Notes, Image, and Error Management. Device Info, shown in Screen 1, includes device name, IP address, type, person to contact, contact's email address, device serial number, and device location. SNMP/NT includes SNMP community names for Get, GetNext, Set, and Trap, and NT machine name for restarting system services. Notes is a text-based device description and associated notes. Image covers icon category type and icon file name. Error Management, shown in Screen 2, offers switch setting to play a sound to signal a device error, write an entry to the NTManage's status log, run a specified program when an error occurs, and perform a traceroute to the device with logging.

To display a device's properties sheet, double click an object on the map. Once you place a device icon on the map, you have the options of no device monitoring, basic device monitoring using a simple ping routine, or extended device monitoring if you select the services to monitor: If a device on the map has no IP address assigned, NTManage will not monitor it; if a device on the map has an IP address defined, but no services selected, NTManage will monitor only by pinging. And if a device on the map has services selected to monitor, NTManage will monitor those services at the port level or with SNMP.

You can selectively define the type of services to monitor for a network device by right-clicking the device's icon and selecting Configuration Management from the pop-up menu. The dialog in Screen 3 appears, and you can enable and disable the list of services by clicking the associated check boxes. Monitorable services include ping, SNMP, Post Office Protocol (POP) 3, Simple Mail Transfer Protocol (SMTP), HTTP, FTP, Domain Name System (DNS), Network News Transfer Protocol (NNTP), and Windows NT Services.

Once you place several icons on the map and set their associated properties and monitoring types, you can manually draw lines to visually represent their interconnectivity, or you can use the auto-linking feature. The lines enhance the visual representation of your network map, letting you easily see what device is connected to what other devices and how the devices are connected to each other, as Screen 4 shows. For instance, you can have two SMTP mail servers in different locations connected with a T1 circuit and TCP/IP routers. In this case, you can drop two mail server icons on the map, drop two router icons on the map, and draw lines between the devices to represent the connections. Then adjust the device properties and status monitoring settings to check the SMTP mail service on port 25 of each server (all SMTP mail servers run on TCP port 25 by default). NTManage will automatically check the services at the specified interval, and according to the rules you define, notify the administrator if a problem arises.

Ready When You Are
In less than 30 minutes, I had NTManage installed, configured, and monitoring my small network of 20 workstations, 1 router, 3 dial-up servers, 5 Internet servers, and a T1 link to the Internet. The product is well worth your time to check out, and it can really go a long way toward providing a more secure and stable network environment, especially for TCP/IP-based services.

NTManage 1.0
LANWARE * 713-975-8050
Web: www.lanology.com/ntmanage
email: ntmanage@lanology.com
Price: $1997 (single-server license); $1597 (additional server licenses)