Remote Monitoring andRemote Monitoring andDesktop ManagementDesktop Management

Week-7Week-7

SNMP designed for management of SNMP designed for management of a limited range of devices and a a limited range of devices and a limited range of functionslimited range of functions

Monitoring is difficult in both WANs Monitoring is difficult in both WANs and the newer switched LANs.and the newer switched LANs.

Remote MonitoringRemote Monitoringand Desktop Managementand Desktop Management

SNMP network management tools SNMP network management tools can support the monitoring of can support the monitoring of individual devices. However, it is individual devices. However, it is difficult to learn about traffic on a difficult to learn about traffic on a particular network using SNMP.particular network using SNMP.

Remote MonitoringRemote Monitoring

Protocol analysers can support viewing Protocol analysers can support viewing of each packet that passes on a network.of each packet that passes on a network.

In a network using routing or switches, In a network using routing or switches, monitors will only see the traffic on their monitors will only see the traffic on their part of the network.part of the network.

Thus, the devices cannot cover whole Thus, the devices cannot cover whole network. network.

Protocol Analysers as MonitorsProtocol Analysers as Monitors

Could have one monitor per subnetwork Could have one monitor per subnetwork or switched section - may be excessively or switched section - may be excessively costly if use protocol analysers.costly if use protocol analysers.

If dedicated monitoring modules are used If dedicated monitoring modules are used that report back to a network that report back to a network management station, this may be management station, this may be possible. This is called remote possible. This is called remote monitoring. monitoring.

Remote Network MonitorsRemote Network Monitors

A range of standard functions have been A range of standard functions have been defined for remote monitoring within defined for remote monitoring within SNMP - RMON.SNMP - RMON.

RMON agents may be dedicated RMON agents may be dedicated hardware devices attached to a hardware devices attached to a subnetwork or may be software running subnetwork or may be software running in networked devices (computers, in networked devices (computers, switches, routers, printers, etc)switches, routers, printers, etc)

Remote Monitor - RMONRemote Monitor - RMON

Off-line operationOff-line operation

Monitor collects statistics (packet Monitor collects statistics (packet counts, error rates, etc) with counts, error rates, etc) with management station retrieving data management station retrieving data after some time duration.after some time duration.

Reduces network traffic.Reduces network traffic.

RMON normally supports:RMON normally supports:

Preemptive MonitoringPreemptive Monitoring

Monitor runs diagnostics and collects Monitor runs diagnostics and collects statistics continuously, reporting statistics continuously, reporting failure to management station and failure to management station and supplying diagnostic information to supplying diagnostic information to assist problem resolution.assist problem resolution.

RMON normally supports:RMON normally supports:

Problem detection and reportingProblem detection and reporting

Monitor passively observes its Monitor passively observes its subnetwork and reports to subnetwork and reports to management station on specific management station on specific problems that are observed.problems that are observed.

RMON normally supports:RMON normally supports:

Value-added dataValue-added data

Monitor can provide information of Monitor can provide information of greater detail and with analysis that greater detail and with analysis that would normally only be available to would normally only be available to an analyser attached to that an analyser attached to that subnetwork - eg, hosts generating subnetwork - eg, hosts generating most traffic.most traffic.

RMON normally supports:RMON normally supports:

Multiple managersMultiple managers

Monitors may be expected to Monitors may be expected to provide support for more than one provide support for more than one management station.management station.

RMON normally supports:RMON normally supports:

A monitor is required to perform tasks A monitor is required to perform tasks that are more sophisticated than the that are more sophisticated than the devices normally managed using SNMP devices normally managed using SNMP (routers, bridges, etc).(routers, bridges, etc).

Thus it must be able to interact with a Thus it must be able to interact with a management station to provide data and management station to provide data and receive commands of some complexity.receive commands of some complexity.

Monitor ControlMonitor Control

SNMP was not originally intended SNMP was not originally intended for this and so needs some minor for this and so needs some minor changes to support RMON.changes to support RMON.

This is done via an RMON MIB.This is done via an RMON MIB.

Monitor ControlMonitor Control

RMON OverviewRMON Overview A standard MIBA standard MIB Described in RFC 1757Described in RFC 1757 Defines MAC-layer statistics and control Defines MAC-layer statistics and control

objectsobjects Monitors basic Ethernet operationsMonitors basic Ethernet operations Powerful alarm and event mechanismPowerful alarm and event mechanism Automatic historical data collectionAutomatic historical data collection

– UtilisationUtilisation– CollisionsCollisions– Usage patternsUsage patterns– Planning dataPlanning data

RMON ArchitectureRMON Architecture

WAN

LAN segments LAN segments

Router Router

RMONDCM

Statistics - utilisation and error rateshistory - periodic samples are storedalarm - alarm thresholds can be sethost - traffic to/from hosts on subnetworkhostTopN - maintains a list of highest recorded (peak) statistics for hostsmatrix - error and utilisation data can be returned as a matrix for all addresses of nodes recorded

RMON Group objectsRMON Group objects

filterfilter - permits the setup of selective - permits the setup of selective monitoringmonitoringpacket capturepacket capture - determines how the - determines how the monitor delivers data to the monitor delivers data to the management stationmanagement stationeventevent - table of all events generated by - table of all events generated by the RMON agentthe RMON agent

RMON Group objectsRMON Group objects

RMON agents may be set to retain RMON agents may be set to retain information for a period of time, or to information for a period of time, or to return data immediately. In either case, return data immediately. In either case, the volume of data may reduce network the volume of data may reduce network performance.performance.

However, the trade-off may be the lack However, the trade-off may be the lack of network knowledge….of network knowledge….

Network OverloadNetwork Overload

The volume or detail of information The volume or detail of information required to be accessed by RMON required to be accessed by RMON agents may be so great that it may agents may be so great that it may affect monitoring device performance.affect monitoring device performance.

In high-volume situations (high speed In high-volume situations (high speed switches, etc) dedicated devices are switches, etc) dedicated devices are preferable. preferable.

Monitoring Device OverloadMonitoring Device Overload

Desktop Management Task Force Desktop Management Task Force a collection of computer industry a collection of computer industry parties (Microsoft, Intel, etc see parties (Microsoft, Intel, etc see www.dmtf.org ) have been working ) have been working on the development of an agent that on the development of an agent that can reside in device to be managed. can reside in device to be managed.

Desktop ManagementDesktop Management

The DMTF developed the Desktop The DMTF developed the Desktop Management Interface (DMI) a Management Interface (DMI) a standardised system to carry out the standardised system to carry out the task. task. Resides as a TSR (Terminate and Resides as a TSR (Terminate and Stay Resident program) or as a Stay Resident program) or as a windows DLL.windows DLL.

DTMF - DMIDTMF - DMI

Desktop management InterfaceDesktop management Interface

Initial development of the user agent Initial development of the user agent has centred around the IBM-has centred around the IBM-compatible PC-style machines. compatible PC-style machines.

However, there is intended to be a However, there is intended to be a standard interface for all operating standard interface for all operating environments and platforms. environments and platforms.

A remote management station can then A remote management station can then provide a wide range of supportive provide a wide range of supportive functions from "over-the-shoulder" functions from "over-the-shoulder" helping of the user, to taking over of the helping of the user, to taking over of the keyboard and "becoming the user" to keyboard and "becoming the user" to run through a sequence of operations.run through a sequence of operations.

The management station can also The management station can also provide many remote management provide many remote management functions like backup and automatic functions like backup and automatic software upgrades, independent of the software upgrades, independent of the users involvement. users involvement. The management agent will be a The management agent will be a standardised product that is compatible standardised product that is compatible with the current and future management with the current and future management standards (CMIP, SNMP).standards (CMIP, SNMP).

Desktop management using a local Desktop management using a local agent offers many advantages, agent offers many advantages, particularly in the areas of system particularly in the areas of system security and reliability and it may be security and reliability and it may be necessary for the support of network necessary for the support of network administration in the new networking administration in the new networking environments.environments.