Network Management: Managing that Network

Network technology has come a long way from the days of hubs and
10 BaseT Ethernet to complex multi-layered networks carrying voice, video and
data. It is seen that with emergence of technologies such as VoIP, VPN, MPLS
backbones and Wireless LANs, most organizations have adopted these technologies
for the benefit they offer. It is also seen that organizations are looking for
best-of-breed solutions leading to multi-vendor networks over a period of time.
Add to that, a complex myriad of technologies and the network becomes a
nightmare for the CIO to manage and maintain. Most CIOs are looking for panacea
in network management solutions that will assist their teams in ensuring that
the network is always available and performing optimally. Network management
gurus typically use the acronym FCAPS
(Fault/Configuration/Accounting/Performance/Security) which more or less sums up
the challenges of network management and expectations from a network management
tool.

Fault Management

Almost all network devices today are manageable (ie they have an intelligent
SNMP agent installed). This capability makes it very easy for a network
management system to discover and classify the device. In addition, the SNMP
agent provides additional information about the current status and connectivity
with other devices.

Fault management systems (FMS) are able to discover and model
the topology of complex network environments based on SNMP and other
technologies (Routing tables, ARP caches etc). They are able to poll devices and
receive traps to correctly depict the status on the topology map. In addition,
these solutions allow capabilities to automate response to common events, the
response typically being e-mail/SMS notifications, incident registration to a
service desk or running custom scripts. Such detailed information helps
administrators diagnose problems faster leading to reduced mean time to repair.

Advanced fault management systems offer the most useful
functionality of event correlation and root cause analysis. This system
typically comprises in-built correlation logic and rule sets to correlate
multiple incoming events and provide a possible single root-cause. This allows
administrators to understand and diagnose network problems faster as compared to
chasing events that are symptomatic. For example, when an upstream device goes
down, all connected downstream device polls will generate failure messages.

Another common function that advanced fault management systems
perform today is mapping discovered IT infrastructure to IT services. SLAs
(based on availability and response times) can be attached to the IT services
rather than individual elements. This allows administrators to understand the
impact of a failing component on IT services and the relevant SLA that are
affected.

Configuration Management

Configuration management is a process that covers a wider range of IT
infrastructure and is not restricted only to network devices. Configuration
changes on network devices are required for a wide variety of reasons including
adding new boards to existing devices, firmware upgrades, manual
addition/removal of routes on a router etc. Configuration management mandates
that such changes be made only after relevant approvals from the CAB (Change
Advisory Board) or similar approving authority. This is done so that the impact
of the change on various IT and Business Services can be studied before actually
performing the change. Rollback procedures are also defined to minimize
disruption to services in case something goes wrong.

Configuration management solutions are also capable of reading
device configuration at periodic intervals and comparing it to the deployed
image to check for changes. Changes (if any) can be reported to the fault
management system and automated actions such as redeploying the original image
can be initiated. It is also important to ensure that unauthorized changes to
device configurations do not take place (by deploying stricter access control on
network devices).

Accounting Management

The primary challenges addressed by accounting management are-tracking
network utilization by application/end-user/department for the purpose of
chargeback; allocate appropriate network resources for business critical
applications/departments

Accounting management involves tracking each individual user's
utilization of network resources for the purposes of allocation of resources and
billing for their use of the network. This type of information helps a network
manager allocate the right kind of resources to users, as well as plan for
network growth. With the same information, the cost of transmitting messages
across the network can be computed and billed to the user if the traffic was
revenue bearing.

This type of management involves monitoring the login and logoff
records, and checking the network usage to determine a user's use of the
network. In addition, access privileges and usage quotas can be established and
checked against actual for accounting information.

Technology used for accounting management typically involves
probes/flow records to collect raw data related to traffic segregated by
user/application. This data is collected, analyzed and appropriate reports are
created to indicate the network resource usage. Accounting tools go a step
further by analyzing the collected data and providing billing invoices to
business units based on pre-defined chargeback information.

Performance Management

Complex networks such as VoIP or MPLS cores require a finer degree of
performance monitoring that provides the ability to collect data from vendor
provided SNMP MIBs to report on parameters such as jitter, MOS (Mean Opinion
Score-a common indicator of voice quality in VoIP networks) and
volume/congestion levels in a CoS (Class of Service indicating a dedicated
channel with QoS attributes in an MPLS based VPN). These reports are provided
out-of-box by advanced network performance management systems.

Network performance management solutions also aid the
administrator in locating performance bottlenecks by providing intelligent 'At-a-Glance'
reports that show crucial device performance metrics on a single page. Decisions
on which metrics best reflect the overall performance of the device are made in
consultation with industry experts. These solutions also offer the ability to
customize reports based on user requirements.

IT managers can also use the solutions to identify under
utilized and over utilized links. Advanced systems also offer 'what-if'
scenario simulators that allow administrators to gauge the growth in capacity
given the growth in demand. This is a very useful feature when rolling out new
applications.

Multiple network performance solutions are available in the
market ranging from freeware, open source to proprietary software. Most of these
solutions leverage SNMP agents on target devices to collect and chart
performance statistics of key parameters such as device utilization, link
utilization and error rates, availability and response times.

Security Management

Security Management is a vast domain on its own comprising threat management
(firewalls, anti-virus, anti-spyware, content inspection, vulnerability
management), identity and access management (user lifecycle management, single
sign on, access control) and security incident management (log consolidation,
data normalization, event correlation). Comprehensive security management suites
are available today to provide an integrated approach to managing security at
various touch points within the organization.

Vulnerabilities often exist at the network layer in the form of
firmware loopholes, badly configured SNMP access control and non-existent access
lists on critical devices. Solutions such as vulnerability scanners alleviate
this problem by providing a list of vulnerabilities and bad configurations.
These scanners obtain a list of the latest vulnerabilities from vendor websites.
Using these reports, administrators can take remedial actions such as upgrading
the firmware or modifying configurations.

Network security solutions also offer data security by means of
Virtual Private Networks (VPNs) that allow end users to securely access data
over public networks such as the Internet. IPSec protocols are standards-based
and provide the three factors needed for secure communications-authentication,
integrity, and confidentiality-even in large networks. The end-result is that
with IPSec-compliant products, you can build a secure VPN in any existing
IP-based network.

Multi-functional Solution

All said and done, network management is one of the oldest disciplines of IT
infrastructure management and is here to stay. Network management solutions have
come a long way from being just polling and charting tools to providing advanced
analytics to minimize downtime and brown-outs. Today, CIOs are expecting
solutions that provide integrated FCAPS functionality rather than a piecemeal
approach. They also expect these solutions to provide analytics in the form of
complex SLA reports, capacity planning information and root cause analysis to
ensure that the network is always available and performing optimally.

Rajendra Dhavale,

consulting director, CA India and SAARC

vadmail@cybermedia.co.in

Rajendra has over 18 years of experience.

A frequent speaker at industry seminars and technical conferences in India, he
is also constantly featured in IT/telecom publications.