Network Management Networking Management Overview 1 Objectives Network
Network Management Networking Management Overview 1
Objectives • Network management: day-to-day operations • Network management tools • Network Implementation and Management Strategies IT 6723 Network Management 2
Network Manager • Network management involves not just technology, but also a human dimension • Job specifics by type of business – Service provider • Tickets: – Reported by customers – Reported by monitoring systems – Medium size business • Can use Managed Service Providers (MSP) as hosting companies or access providers – Data center • Planning and infrastructure setup IT 6723 Network Management 3
Why do we need a network management strategy? • The network is now essential for all companies • Now have distributed rather than centralized systems in most cases • Need an overall strategy for network implementation, and management and maintenance • Anticipate future requirements (why? ) IT 6723 Network Management 4
• Network implementation strategy is needed – Implementation of a network is costly – The network needs to fit the business of the organization – The network needs to be able to scale with technology and organizational size • Network management strategy is needed – To determine how to do the desired management without excessive use of bandwidth – To decide which are the most important objects to manage – To be able to decide which management tool(s) will be the best fit to the strategy – To evaluate the tradeoff of cost versus strategy and implementation IT 6723 Network Management Burke ch 3 5
Network Implementation Design Analysis Geographical Distribution • Office • Department (how many offices) • Division ( how many departments) • Organization (how many divisions) Subnets • How many • Ethernet (wireless, how many IPs, etc) LAN • How many • Domain names • DNS (Domain Name Service) configuration • Network address • Subnets IT 6723 Network Management 6
Network Implementation Design Analysis MAN • Connectivity between LANs WAN • Connectivity between LANs or MANs Bandwidth Requirements • Video Bandwidth (Constant, Time Dependent, on demand) • Audio Bandwidth (Constant, Time Dependent, on demand) • Teleconferencing Bandwidth Media Requirements • Cable • Wireless • Microwave • Satellite • Optical Fiber IT 6723 Network Management 7
Network Implementation Design Analysis Technology • What is available now • Minimum required for the job • Technology improvements during next 5 years • Required to support expected growth Service Level Agreements (SLA) • Specified bandwidth available at any time • Specified bandwidth available during specified time periods • Bandwidth on demand IT 6723 Network Management 8
Network Implementation Design Analysis Security Requirements • Location of firewalls • Firewall capabilities • Location of proxy servers • Encryption and authentication needs • Network Intrusion Detection/Prevention Systems (IDS/IPS) Budget • To support resources of optimum network • To support resources of minimum network IT 6723 Network Management 9
Network Management Categorization Reliability • Transmission error rates • Dropped packets • Link failures Faults • Proactive prevention • Detection • Location • Correction time Availability • Mean time between failures (MTBF) of network Performance http: //www. computerworld. com/s/article/105781/MTBF • Time to provide a response to the user 10
Network Management Categorization • Throughput – Bytes per second that a user can expect to transmit reliably. – Guaranteed throughput based on Service Level Agreement (SLA) • • • Data (Packet throughput) Voice (Ordered packet throughput) Video (Link bandwidth, bandwidth on demand) Use (Packets/sec, Transactions/sec) Resource Use (software, network devices, storage, CPU, etc) IT 6723 Network Management 11
Network Management Categorization • Policies – – – – – Traffic Alerts on what events (what is critical) Backup, update & patch -what and how often Application testing Software upgrades & licensing Administration Type of service availability required Security level required (firewalls, IDS, etc) User rights requirements • Redundancy (number of redundant systems, critical alternate paths) • User Support (automatic responses, automatic reporting) 12
ISO Network Management Model FCAPS • Fault management • Configuration management • Accounting management • Performance management • Security management 13
Performance Management • Sub-categories – – – – Collecting baseline utilization data Collecting a history of utilization data Capacity planning Setting notification thresholds Building databases Running network simulations Latency 14
• • • Performance Management : Collecting Baseline Data Measuring link utilization using a probe Counting packets received/transmitted/device Measuring device processor usage Monitoring device queue lengths Monitoring device memory utilization Measuring total response time 15
Performance Management: Collecting History • Measuring utilization and response times at different times of the day • Measuring utilization and response times on different days over an extended period 16
Performance Management : Capacity planning • Manually graphing or using a network management tool to graph utilization as a function of time to detect trends • Preparing trend reports to document projected need for and the cost of network expansion 17
Performance Management : Setting notification thresholds • Having a network management tool pool devices for values of critical parameters and graphing these values as a function of time • Setting polling intervals • Setting alarms/alerts on those parameters when a threshold is reached • Initiating an action when a threshold is reached 18
Performance Management : Building databases • Having network management tool create a database of records containing device name, parameter, threshold and time for off-line analysis • Use database to extract time dependence of utilization • Use the time dependence to decide when upgrades will be necessary to maintain performance 19
Performance Management : Running network simulations • Using a simulation tool to develop a model of the network • Using the model’s parameters and utilization data to optimize network performance Latency • Query/response time interval 20
Fault Management • Sub-categories – – – – – Prioritization Timeliness required Physical connectivity testing Software connectivity testing Device configuration SNMP polls Fault reports generated Traffic Monitored Trends 21
Fault Management : Prioritization • Prioritize faults in order they should be addressed • Use in-band management packets to learn about faults • Identify which fault events should cause messages to be sent to the manager • Identify which devices should be polled and at what intervals • Identify which device parameter values should be collected and how often • Prioritize which messages should be stored in manager’s database 22
Fault Management : Timeliness required • Management station is passive and only receives event notifications • Management station is active and pools for device variable values at required intervals • Application periodically requests a service from a service provider 23
Fault Management : Physical connectivity testing • Using a cable tester to check that links are not broken Software connectivity testing • Using an application that makes a request of another device that requires a response – ping 24
Fault Management : Device configuration • Devices are configured conservatively to minimize chances of dropped packets SNMP Polls • Devices are periodically polled to collect network statistics 25
Fault Management : Fault Reports Generated • • Thresholds configured and alarms generated Text media used for report Audio media used for report A color graphical display used to show down devices • Human manger is notified by pager 26
Fault Management : Traffic monitored • • Remote monitors Protocol analyzers Traps sent to Network Management Station Device statistics monitored Trends • Graphical trends generated to identify potential faults 27
Configuration management • Sub-categories – – – Local configuration Remote configuration Automated configuration Manual inventory Automated inventory IT 6723 Network Management 28
Configuration management : Local configuration • • Choice of medium access protocol Choice of correct cabling and connectors Choice of cabling layout Determining the number of physical interfaces on devices • Setting device interface parameter values (I/O addresses, network layer addresses) • Configuration of multiport devices • Use of the Windows Registry • Comparing current versus stored configurations • Checking software environments of devices • SNMP service IT 6723 Network Management 29
Configuration management : Remote configuration • From the network management station – – – – Disabling device ports Redirecting port forwarding Disabling devices Comparing current versus stored configurations Configuring routing tables Configuring security parameters Configuring addresses of management stations to which traps should be sent • Verifying integrity of changes IT 6723 Network Management 30
Configuration management : Automated configuration • Using the Dynamic Host Configuration Protocol to configure IP addresses • Using Plug and Play enables NICs for automatic selection of interrupts and I/O addresses • Domain Name Services (DNS) • Trap messages from agents IT 6723 Network Management 31
Configuration management : Manual Inventory • Maintaining records of cable runs and the types of cables used • Maintaining device configuration records • Creating network database for each device – – Device type OS Drivers Versions - Software environment - Utilities - Applications - Configuration files (ini, sys) – Vendor contact information – IP address – Subnet address IT 6723 Network Management 32
Configuration management : Automated inventory • Auto-discovery of devices on the network using an NMS • Auto-determination of device configuration using an NMS • Creation of a network database • Auto-mapping of current devices to produce a network topological map • Accessing device statistics using NMS IT 6723 Network Management 33
Security Management • Sub-categories – – – Applying basic techniques Identifying access methods used Using access control methods Maintenance Assessing public data networks Using an automated security manager IT 6723 Network Management 34
Security Management : Applying basic techniques • Identifying hosts that store sensitive information • Management of passwords • Assigning user rights and permissions • Recording failed logins • Setting remote access barrier codes • Employing virus scanning • Limiting views of the Enterprise network • Tracking time and origin of remote accesses to servers IT 6723 Network Management 35
Security Management : Identifying access methods used • • • Electronic mail File transfer Web browsing Directory service Remote login Remote procedure call Remote execution Network monitors Network management system IT 6723 Network Management 36
Security Management : Using access control methods • • • Encryption Packet filtering at routers Packet filtering at firewalls Source host authentication Source user authentication IT 6723 Network Management 37
Security Management : Maintenance • Audits of the activity at secure access points • Executing security attack programs (Network Intrusion Detection) • Detecting and documenting breaches Accessing public data networks • No restrictions: hosts are responsible for securing all access points • Limited access: only some hosts can interface with the public data network using a proxy server IT 6723 Network Management 38
Security Management : Using an automated security manager • Queries the configuration database to identify all access points for each device • Reads event logs and notes security-related events • Security manager shows a security event on the network map • Reports of invalid access point attempts are generated daily for analysis IT 6723 Network Management 39
Accounting Management • Sub-categories – – Gather network device utilization data Bill users of network resources Use an accounting management tools reporting IT 6723 Network Management 40
Accounting Management : Gather network device utilization data • Measure usage of resources by cost center • Set quotas to enable fair use of resources • Site metering to track adherence to software licensing Reporting • Create historical billings trends • Automatic distribution of billing to cost centers • Project future billings by cost center IT 6723 Network Management 41
Accounting Management : Bill users of network resources • Set charges based on usage • Measure one of the following – Number of transactions – Number of packets – Number of bytes • Set charges on direction of information flow IT 6723 Network Management 42
Accounting Management : Use and accounting management tools • Query usage database to measure statistics versus quotas • Define network billing domains • Implement automatic billing based on usage by users in the domain • Enable billing predictions • Enable user selection of billing domains on the network map IT 6723 Network Management 43
Network Management Tools • • • • Device managers and craft terminals (for individual network equipment) Network analyzers (e. g. wireshark) Element managers (e. g. Cisco Prime LAN Management http: //www. cisco. com/c/en/us/products/cloud-systemsmanagement/prime-lan-management-solution/index. html ) Management platforms (e. g Open. NMS http: //demo. opennms. org/opennms/login. jsp ) Collectors and probes Intrusion Detection Systems (IDSs) (e. g. Snort http: //www. snort. org/vrt Performance analysis systems Alarm management systems Trouble ticket systems http: //helpdesk. spsu. edu/ Work order systems Workflow management systems and workflow engines Inventory systems Service Provisioning and Order management systems Billing system IT 6723 Network Management 44
Importance of Network Management • First tools: ping & traceroute • Can you afford your network to be down? • Open Source Network Management Tools – Nagios http: //www. nagios. org/ – Cacti http: //www. cacti. net/ – MRTG - Multi Router Traffic Grapher http: //oss. oetiker. ch/mrtg/ – Net-SNMP http: //www. net-snmp. org/ • Can paper and pencil be used as network management tool? IT 6723 Network Management 45
Review Questions 1. 2. 3. 4. 5. 6. 7. Name the different areas of network management. What are the goals of performance management? What are the goals of configuration management? What are the goals of accounting management? What are the goals of fault management? What are the goals of security management? If the connectivity between different company sites is provided by an outside MSP. Why is network administrator concerned with monitoring traffic statistics across these outside connections? IT 6723 Network Management 46
- Slides: 46