Have you ever had complaints from your customers about poor network performance? What about trying to find out what your bandwidth utilization is from the edge? If you are an IT administrator, I guarantee that you have had these types of tasks before.
I recall a time when I was an IT administrator of a medium-sized business, working at the company headquarters. The business had a data center hosted in Little Rock, Arkansas with more than twenty different branch offices scattered throughout the United States. The data center was the central hub for all network connectivity for the entire organization with each branch office connected to the data center via private MPLS circuits. One day, my team received a call notifying us that one of the remote locations was without Internet access. There was literally no way for me to know why this happened without spending a great deal of time researching the issue. After an hour, we finally found the cause of the problem. The core router died during a lightning storm at that branch office. We were able to call a local technician to connect a spare router at the branch office and get our customers back online but the damage had been done. The total amount of downtime for our customers was four hours which was completely unacceptable for a company that relies on the Internet to perform its work.
In a completely different example, I was working as a network administrator team member at another company where most of our users use a web-based application to perform their jobs. One day, I received an e-mail alert notifying me that our primary Internet link was down. I contacted our ISP who dispatched a technician immediately. As I was working on crafting a notification e-mail message to the company about the situation, I received a call that many of our customers' Internet connections were very slow, their web application was timing out, and they were unable to work. I informed the customer that we were working on the issue and notified the company of the problem. After a short period of time, the ISP technician arrived and resolved the problem. The total customer downtime for this scenario was 30 minutes.
As you no doubt have observed, there are multiple issues with the first scenario. There was no alerting in the event of any type of network failure which limited the IT department to be proactive in such an event. The second scenario shows some of the best and most used features of a network monitoring system. Thanks to the core monitoring features of the monitoring system, I was able to determine the root cause of the problem quickly and have the ISP technician dispatched as soon as possible. Even though my customers experienced a network outage for 30 minutes, I'm sure you would agree that a downtime of 30 minutes is more acceptable than four hours.
SolarWinds Orion Network Performance Monitor is one of these types of monitoring systems and this book is going to discuss many of its features including what Orion NPM actually is, what it does, the technologies behind Orion NPM, and how Orion NPM can help to make your job as an administrator easier.
Orion Network Performance Monitor is a scalable, easy to use, cost-effective network monitoring system that provides a complete overview of network environments by monitoring performance and availability. Orion NPM enables you to be proactive in detecting, diagnosing, and resolving network issues and outages and has the benefit of supporting hundreds of types of server, OS, and network vendors including Cisco, HP, Microsoft, Linux, Motorola, Brocade, Foundry, and more.
Orion NPM is used by thousands of public and private companies, educational institutions, and government entities and is a well-known product. Here is a list of important features that make Orion NPM stand out in the crowded network monitoring software market:
Logical, useable, customizable, interactive, drill-down (LUCID) interface
The SolarWinds Orion NPM LUCID interface is one of the key features of Orion NPM. It is a browser-based frontend for the entire SolarWinds Orion monitoring system dubbed the "dashboard". Every section of the dashboard is completely customizable. If you do not like viewing the top-level network map module on the Summary home page, it can be moved to a different menu bar or it can be removed entirely. Each module in every menu bar can be customized as well, or custom menu bars can be assigned to specific user accounts. The personalization and dashboard customization options are almost endless!
Uses standard protocols to poll devices and servers
In order to monitor servers and devices, many network monitoring solutions require an administrator to install and configure specialized client software on each server and network device. SolarWinds Orion uses industry-standard protocols that are already built into the software of each server and device, and does not require an administrator to install any additional software.
ConnectNow topology mapping
One of the most time consuming tasks of a network administrator is the need to diagram the topology of a network. The most common tool used to map out a network is Microsoft Visio, but diagramming a network in Visio can take a great deal of time to perfect. Using the Network Sonar Wizard, Orion NPM uses proprietary "ConnectNow" technology to discover device relationships and automatically map those relationships for you in the Orion Network Atlas.
Mobile views
A simple view of the Orion NPM dashboard can be accessed from a mobile web device's web browser. No special "apps" need to be downloaded and installed from an app store in order to view the Orion Dashboard. Simply navigate to the dashboard URL on your mobile device's browser to view!
Microsoft Active Directory integration
User account authentication can be tied in with Microsoft Active Directory. Single accounts can be added to the account authentication in Orion NPM, or entire Active Directory security groups. This allows administrators to continue to centralize and secure authentication and accessibility on the network.
Role-based access
SolarWinds Orion NPM has a robust access control system that can be as granular as you need it to be. An administrator can grant a variety of permissions to specific areas of the Orion Dashboard, or even administrative portions of Orion NPM. Even more granularity is enabled when role-based access is combined with the integration of Microsoft Active Directory.
Automated network discovery
SolarWinds Orion NPM can be configured to automatically scan your network on a regular basis for devices and servers and add them to the Orion dashboard for monitoring. This helps to get Orion NPM set up quickly for new installations as well as making device management easier for administrators in existing installations.
Multi-vendor device support, universal polling, and custom MIB creation
Thanks to Orion NPM using industry-standard polling protocols, thousands of manufacturers and vendors are supported in Orion NPM. Orion NPM can also import customized MIBs from various vendors.
Conditional group dependencies
Devices and/or servers can be grouped together with defined dependencies in a parent/child relationship. When the parent device is down, only a single alert notification will be sent instead of one for every child dependency.
Wireless polling
Orion NPM can monitor wireless access points and keep historical data of SSIDs, client IP addresses, IP addresses, signal strength, channel usage, and more.
Virtual server monitoring
You do not need to purchase additional licensing just to keep an eye on your VMware virtual server hosts. Orion NPM can do this out of the box! Both virtual server hosts and resident virtual machines for VMware ESX and ESXi are supported.
Report Writer
Orion NPM includes several preconfigured reports. Using the included Report Writer, you can write your own customized reports as well as automate their creation.
VSAN summary
SolarWinds Orion NPM can not only monitor your critical network devices and servers, but also your fiber channel and virtual storage. Orion NPM can alert administrators if VSAN storage volumes have low disk space, low I/O performance, and more. You can drill down to the nitty-gritty details on the fiber channel interfaces including transmitted and received data as well as utilization information.
Community content exchange
SolarWinds has created a comprehensive support community built around the Orion product line called Thwack. You can find expert advice forums, submit feature requests, download administrative scripts and Orion add-ons, free tools, and other content in the Thwack community.
Cisco EnergyWise monitoring
Orion NPM can take advantage of Cisco's EnergyWise software component in Cisco Catalyst switches. EnergyWise is a part of Cisco's "Green Initiative" that monitors power consumption in Catalyst switches that can generate reports and alerts for power-related incidents. For example, if you have a port with Power Over Ethernet (PoE) capabilities and that port has PoE enabled, but the PoE is not in use on that port, Orion NPM can generate an alert for this port. EnergyWise is designed to help IT departments become "more green" and help with reducing power consumption, which will effectively help to lower costs.
Do-it-yourself deployment
You don't need to be an expert to install and set up SolarWinds Orion NPM on your network and you don't need to hire a specialized consultant to do it for you. Orion NPM is designed to be easy to install and set up. It is possible to set up a full Orion NPM solution within an hour! I should know, I've done it myself.
As you can see, there are several core features of SolarWinds Orion NPM that helps differentiate it from the competition. As you become more familiar with Orion NPM using this book, you will discover even more features not listed above!
The Orion NPM system is a database-driven web application which operates on top of Microsoft .NET server technologies. Microsoft Internet Information Services (IIS) is the web service for the Orion Dashboard and Microsoft SQL Server is the database backend for all information gathered from network devices and servers.
Devices are added to the Orion NPM database either manually by IP address or DNS name, or automatically by using the Network Sonar Wizard. Once a device has been added to Orion NPM, it is polled for data by Orion NPM on a predefined timer, or counter. An internal process consistently runs in the background on the Orion NPM server that checks when to "kick off" the polling engine depending on the time set for a device in the counter. When that time has been reached, the device is polled.
Tip
SolarWinds Orion NPM does not poll all devices at the exact same time at a set, predetermined, fixed time. Orion NPM only polls the device when the counter has been reached. It may be difficult to understand this, so here is an example. Imagine that you have a very large network with 5,000 network devices. If SolarWinds Orion NPM was configured to poll all 5,000 devices at precisely the same time, this would act just like a denial-of-service attack and literally take your network down! The counter process is a fantastic feature since it guarantees that Orion NPM won't flood your network with polling traffic and won't cut off your users' network access.
Orion NPM monitors a network using industry-standard protocols to poll data from network devices on a regular basis. The protocols used by Orion NPM to gather network information are Simple Network Management Protocol (SNMP), Windows Management Instrumentation (WMI), Internet Control Message Protocol (ICMP), and Syslog. Depending on the device, Orion NPM will use an appropriate protocol to gather information. For gathering data from a Cisco switch, Orion NPM would use SNMP or ICMP. To gather data from a Windows server, it may use WMI. The following diagram is a simple example of how Orion NPM monitors a network and how that information is presented:
It is important to understand not only how Orion NPM operates, but also understand the technologies, standards, and protocols that it uses. The next few sections describe several standard network monitoring protocols and how Orion NPM uses them.
Simple Network Management Protocol (SNMP)
SNMP is the most commonly used protocol for gathering monitoring data from computer systems and network devices and it consists of three components: managed devices, agents, and network management systems. A managed device could be a switch, router, server, or any other type of network device that has an SNMP agent. An SNMP agent is software on a device that translates data to SNMP-compatible language for transmission across a network to a network management system, such as SolarWinds Orion NPM. SNMP has been around almost since the beginning of the modern computer age and has gone through several revisions.
SNMP is an IETF-standardized protocol and operates in one of two ways; the manager/agent model, and traps. In the manager/agent model, an SNMP agent is configured on a device to allow SNMP communication between itself and an SNMP manager. The SNMP manager periodically grabs the device's information from the SNMP agent. SNMP can gather an endless list of information from a network device such as memory usage, CPU utilization, power supply usage, syslog messages, humidity sensors, and so on.
Most SNMP traffic is initiated by the SNMP manager, but SNMP traps can be configured on an SNMP agent to directly alert the management system of some type of abnormality, such as high CPU usage in a server or maxed-out bandwidth usage from an interface in a router. The information an SNMP trap transmits to alert an SNMP manager of a problem depends on what is defined in its Management Information Base (MIB). Some vendors offer a utility to create custom MIBs for SNMP agents for a particular device.
Orion NPM can use all three iterations of the SNMP protocol; Version 1, Version 2c, and Version 3. Versions 1 and 2c are still considered the de-facto standards of SNMP by many and follow a simple community-based way of authentication using a defined IP port, community string, and/or a read/write community string. SNMPv3 builds on SNMPv2 and offers more robust security options.
SNMP agents are typically disabled by default and must be configured manually by an administrator. The best thing about SNMP is that it is found in virtually every single manageable network device and operating system on the planet so it makes sense that Orion NPM would utilize SNMP extensively.
Windows Management Instrumentation (WMI)
WMI is a management framework built into all modern Windows operating systems which grants administrative visibility to almost every aspect of the Windows OS. Management applications or administrative scripts can be created to view or manipulate components of Windows using WMI in a variety of programming languages. The most common type of administrative scripts that take advantage of WMI are VBScript and Windows PowerShell. Applications such as SolarWinds Orion NPM can make programmatic WMI calls to a Windows computer to access direct information about the operating system such as its IP address, MAC address, SNMP information, event logs, active and non-active services, and more. WMI can gather the same type of information from a computer that an SNMP agent can. Microsoft has a built-in security model for WMI, so before you go querying data from a Windows computer you need to make sure you have the proper access on that computer to do so.
Internet Control Message Protocol (ICMP)
Internet Control Message Protocol is more affectionately referred to as ICMP and it is one of the core protocols of the TCP/IP suite. ICMP allows network devices to send errors, control information, and informational messages to and from network device. PING may be the most commonly used command-line tool in most operating systems that best showcases the ICMP protocol.
Syslog
Syslog is another IETF-standardized protocol for event notification messages. It allows a network device to send event logs and event notifications to an event collection system, usually called a Syslog server or Syslog collector. Almost every network device and network server has its own internal logging system. Using syslog, it is possible to have a device automatically forward its event logs across the network to a Syslog server. Orion NPM has its own built-in Syslog server and stores retrieved syslog messages in its SQL Server database.
This book strictly covers SolarWinds' flagship product, Orion Network Performance Monitor. Inside you will find all of the essential information required to install, set up, calibrate, and administer Orion NPM.
Chapter 1, Installation, tells you how to install Orion NPM.
Chapter 2, Orion NPM Configuration, builds upon the previous chapter and covers the initial configuration of Orion NPM.
Chapter 3, Device Management, discusses how to add devices to Orion NPM, various polling methods, and how to managing devices.
Chapter 4, Network Monitoring Essentials, gives an overview of the Orion website, discusses monitoring routers, switches, and wireless controllers.
Chapter 5, Network Monitoring II, continues upon the previous chapter by discussing server and virtualization monitoring, including universal device pollers.
Chapter 6, Setting Up and Creating Alerts, discusses the alerts and notification system in Orion NPM.
Chapter 7, Producing Reports and Network Mapping, takes a look at the reporting system and network mapping utilities in Orion NPM.
Chapter 8, Maintenance, discusses the various tools and tasks associated with maintaining an Orion NPM system.
Appendix A, Documentation and Support, shows you the online resources you can refer to for more information and support.
Appendix B, The Thwack Community, introduces you to the Thwack Community, a fully featured IT professional community for SolarWinds products.
Appendix C, Additional SolarWinds Orion Software, talks about additional SolarWinds Orion products that can be used to extend Orion NPM's core functionality.
It is highly recommended to have the following hardware and software available in order to follow along with many of the examples discussed in this book:
A computer with a 64-bit processor running Windows Server 2008 R2
A computer running Windows, Linux, or Max OS X with a modern web browser (that is, Google Chrome, Firefox, and so on)
Microsoft SQL Server 2008 R2 Express Edition
SolarWinds Orion NPM 30-day evaluation
A modern Linux OS (that is, Ubuntu 12.04 LTS, Fedora 18, and so on)
VMware ESXi 4.0 or newer
A Wireless Access Point and/or a Wireless Controller
An enterprise-class managed switch (that is, Cisco Catalyst series, Brocade FastIron, HP Procurve, and so on)
Managed router (that is, Cisco 2800 series, Juniper J-series, Vyatta Virtual Appliance, and so on)
Managed firewall (Cisco PIX or ASA series, Palo Alto PA-series, and so on)
This book is targeted to IT administrators that want a quick start to setting up Orion NPM. However, for those that just purchased SolarWinds Orion NPM (or are building a case for their IT Management team to purchase it), this book will assist you with that endeavor. For those that are already using Orion NPM in a test lab or a real-world production environment, this book could be used as a reference training manual. Another reason you purchased this book is because you are already using Orion NPM in a limited fashion and you want to know what additional features are available. One way or another, this book will suit your needs for everything Orion NPM.
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "For medium to large network sizes, a more appropriate view option is to set the first level to Location then level two to Department."
Any command-line input or output is written as follows:
net start SolarWindsTrapService
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "Click on External Websites in Orion Web Administration and then click on the ADD button."
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>, and mention the book title via the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
You can contact us at <[email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.