It is strange given the dramatic developments in network technologies over the past decades, that in one important area - that of network management - there has not been commensurate progress.
Network hardware appears (even if that appearance can be deceptive) to have become a commodity. It is now no more necessary to understand the workings of network protocols than it is to know how one’s car works. When it comes to Network Management Systems (NMS), however, the same does not seem to apply. Telcos, ISPs and other large organisations with matching budgets and full complements of staff may find it essential and indeed practical to run a full scale management platform. The average SME will more likely discover that the market does not really provide for its rather more prosaic requirements.
There are two issues: cost and usability. Purchasing a fully fledged NMS and a platform on which to run it is an expensive business; a very expensive business. In many cases what you get for your money is not - as you might hope - extensive functionality, but instead a great deal of potential. Making the system deliver useful information on the availability, performance and reliability of your network will probably require considerable development, which of course adds to the cost.
The issue of usability is an even thornier one. The problem is that network switches and other equipment can generate vast quantities of statistics. They can do this even just using SNMP - a useful but fairly rudimentary protocol - let alone anything more advanced. This looks good at first glance but the question is what to do with all of this information? Does it really help to know how many octets, collisions or CRC errors there are on all of your many interfaces? How does this help you to actually determine what is happening on your network and more importantly what has gone wrong with it.
From our experience (large independent secondary school) there are three main areas which we need our management tools to cover. First, we want to know if all of our devices are actually working. Ideally we would like this to be presented in a simple pictorial fashion, with green and red icons indicating the obvious. At this level we usually don’t actually need much more information than that.
Secondly, we would like to be able to tell how much traffic is passing down some of our links. Mostly we would like this for those links that cost a lot of money and for which we will need to know well in advance if we are going to have to spend even more. Again this is best represented by some form of graph - percentage of the link filled - rather than by having to interpret lists of statistics. If the graphs can give us an idea of how much the traffic has increased in the last six months, so much the better.
Finally, when the network grinds to a halt as the result of the latest virus/worm/thing of unspeakable evil that we have inadvertently acquired from the Internet, we just want to know what has gone wrong and where. We want a piece of software that tells us “this router is being bombarded with xxx and it is coming from yyy”. The rest of the time we don’t want this software to say anything at all.
Naturally, it will be pointed out that all of these functions can be provided by
It should be clear by now that what we actually want is a set of tools - too much to hope for all of this in one package - that are really cheap and cheerful and don’t give us a hundred and one other functions that we don’t want at the same time. What's more, we should be able to use it straight out of the box without having to spend a couple of hours poring over the manual while our network runs wild in the background. And finally, we want these tools to be sold to us as proper commercial products with support.
Now I have to be honest and say that some of these management tools do exist. There are some good tools out there but I don't want to single any out for a special mention. Small scale inexpensive SNMP based NMSs are available and personally I wouldn’t pay more. I have in the past invested a large sum of money - £15,000 or so back in the early 90s - for an NMS which limped along for a few years before being thrown into the bin and replaced with something costing £500 that did 90% of the job - and certainly all that I needed.
I also eventually found a tool that gave me the functionality of MRTG but with a proper interface. This also cost only a few hundred pounds and the company listened sympathetically when I asked if it could be made to do some things it didn’t already do.
However, I still can’t find a system that will give me what I really want.
When the network is groaning I need to discover quickly what sort of attack it is suffering, where it is coming from and what ports and protocols are involved. Even given that these things are inevitably more difficult on our fully switched network I am staggered that we seem to be no nearer to having tools that can quickly provide this sort of information than we have even been.
Yes – I know it is a difficult problem, but the industry has been solving far harder problems for decades now. Perhaps this sort of thing is just not sexy, though I would have thought anyone coming up with a decent inexpensive tool would have the market to themselves.