Managing TCP/IP Networks with NTManage

LANology's Network Monitor

Network monitoring is an important aspect of any well-run network. With theInternet's increasing popularity, TCP/IP-based monitoring systems are becomingmore valuable and necessary every day. LANWARE, an affiliate of LANology, offersWindows NT users a new product, NTManage, to monitor systems. With such aproduct, you can improve the security and increase service uptime for mostenterprise networks. Both these improvements lead to monetary savings.

How can a network monitor increase your security effectiveness? Well, mostnetwork break-ins occur on inadequately monitored networks, and a monitoringservice can help you discover intrusion attempts when they begin instead ofafter it's too late to stop them. Denial-of-service attacks, in which hackersbombard services with traffic and requests until the services can no longerhandle the load, are common on the Internet. NTManage can detect an overloaded,nonresponsive service, and take offensive action toward remedying the situation.Suppose an intruder accesses a service at a command level and simply issuescommands to bring the service down. A good network monitor can restartnon-responsive or stopped services automatically, hindering an intruder fromkeeping them down or offline.

Service uptime is a huge concern in any network environment. One area towatch is preventing services from crashing and locking up a server on a weekendor after hours. Downtime at the wrong time means your network administratorsspend their off hours working on your network, which costs your firm money inovertime expenses.

Service uptime and availability is often a direct reflection of yourbusiness. With so many businesses adopting Internet technologies such as emailand Web servers as tools of commerce, people expect those services to beavailable when they need to use them. You don't want a hot prospect sending yoursales staff important email, only to have that email bounce back to the prospectbecause your mail server was down all night or all weekend. And likewise, youdon't want to spend money advertising your Web address only to find your Webserver was down during the ad campaign. NTManage can help eliminate thesepossible fiascos. Let's look at NTManage and what it can do for you and yournetwork environment.

NTManage is a TCP/IP and Simple Network Management Protocol (SNMP)-basedmonitoring system that notifies administrators about network problems throughonscreen, email, and paging interfaces. The product also includes rules-basederror reporting and notification that can spawn an application, run a separateVisual Basic script per device monitored, page or email an administrator, andwrite the errors to a log file.

NTManage supports SNMP 1 Management Information Bases (MIBs), andfortunately, most major software and hardware manufacturers support SNMP 1. SNMP2 support is expected in NTManage's next update. The SNMP protocol requires aMIB for each device it manages to understand what management features andfunctionality the particular device supports. The software ships with severalgeneric MIB types for monitoring and controlling devices and NT services,largely without requiring a product-specific MIB. NTManage has a built-in MIBmanager and a MIB compiler and ships with several MIBs for common networkservices, including Dynamic Host Configuration Protocol (DHCP), FTP, Gopher,HTTP, Windows Internet Name Service (WINS), Gateway, Systems ManagementInterface (SMI), Microsoft Internet Information Server (IIS) MIB, LAN ManagerMIB-2, and MIB-2.

The product sports a nifty split-screen, graphics-based network-monitoringdisplay that looks like a cross between NT's Perfmon and Network Monitor. Thedifference is that the monitor is built into NTManage for quick access and cangraph data from remote SNMP devices. You can view total bandwidth utilization,network traffic errors, and various packet counts for a given remote device.

NTManage includes configurable menu entries for quick access to externalTCP/IP utilities such as whois, ping, traceroute, telnet, FTP, and commandscheduler. Also, the product has a built-in IP address-assignment database fortracking enterprisewide IP usage.

Four features in particular make this product shine. First, if your networkservices, such as a SQL server or a mail server, run on an NT server or NTworkstation, NTManage can attempt to restart a failed service across thenetwork. NT servers monitored on the network map (created using NTManage tomonitor your network devices) export all services to NTManage so that if aservice fails, NTManage can attempt to restart it. If NTManage cannot restartthe service, it generates an error condition that follows the rules-based errorreporting you've defined. For example, if your SMTP mail server runs as an NTservice and fails, NTManage will try to restart the NT service automatically. Ifthe restart fails, NTManage will report the error using the methods and rulesspecified in the configuration for that device.

Second, you can instruct NTManage to cleanly shut down and reboot an NTserver or NT workstation from a remote monitoring location. NTManage runs as adesktop application, which means it inherits the security policies of the userwho is currently logged on to the system. For the remote service restart andsystem reboot features to work, the user must have Administrator rights.

Third, NTManage has an auto discovery feature that can scan rangesof IP addresses to locate all listening devices and their associated services.Auto discovery works across routers and into subnets.

Fourth, NTManage has an auto mapping feature. It builds a networkmap based on the information collected by the auto discovery feature.

Installation and Configuration
The installation process was smooth and straightforward. Once I installedthe version 1.0 software, I easily launched it from the NT 4.0 Start menu, wherethe installation program placed the software's folder. The software runs onWindows NT 3.51 and 4.0, if you've installed the SNMP networking components.

The user interface for NTManage is similar to NT Explorer's, with asplit-screen view that shows devices in a tree structure in the left pane andthe graphical network map in the right pane. The tree structure keeps everythinghighly organized, so you can design a network map with an unlimited number ofhierarchies or submaps. To navigate to maps, submaps, and devices, scrollthrough the tree structure in the left window pane and select the item from thelist.

You can monitor any TCP/IP- or SNMP-enabled device. NTManage's interfacemakes manually building a network map easy, or you can use auto discovery andauto mapping to complete the task. I built my map manually during thisevaluation, but I tested the automatic features and found them to be quick andaccurate. When you build a map manually, drag-and-drop procedures let you createthe network map quickly. To add items to the map, select the item icon type fromthe toolbar's speed buttons; then point and click on a blank spot on the mapwhere you want the icon placed. If you decide to move the icon later, drag it toits new location. You can quickly link objects with representational lines byclicking on the first object, holding down Shift while clicking on the seconddevice, and selecting Link Objects from the pop-up menu. If you reposition anobject on the map, the connecting lines also will move automatically.

NTManage classifies nine basic categories of network map and submapobjects: bridges, computers, hubs, printers, repeaters, routers, submaps,switches, and terminal servers. For each category, you can define numerous iconsto represent the network device, and the user can add icons. NTManage ships withnumerous icons in place for most popular brands and types of network devices,from Cisco routers to Windows 95 machines.

Each network map object has a set of adjustable properties: Device Info,SNMP/NT, Notes, Image, and Error Management. Device Info, shown in Screen 1,includes device name, IP address, type, person to contact, contact's emailaddress, device serial number, and device location. SNMP/NT includes SNMPcommunity names for Get, GetNext, Set, and Trap, and NT machine name forrestarting system services. Notes is a text-based device description andassociated notes. Image covers icon category type and icon file name. ErrorManagement, shown in Screen 2, offers switch setting to play a sound to signal adevice error, write an entry to the NTManage's status log, run a specifiedprogram when an error occurs, and perform a traceroute to the device withlogging.

To display a device's properties sheet, double click an object on the map.Once you place a device icon on the map, you have the options of no devicemonitoring, basic device monitoring using a simple ping routine, or extendeddevice monitoring if you select the services to monitor: If a device on the maphas no IP address assigned, NTManage will not monitor it; if a device on the maphas an IP address defined, but no services selected, NTManage will monitor onlyby pinging. And if a device on the map has services selected to monitor,NTManage will monitor those services at the port level or with SNMP.

You can selectively define the type of services to monitor for a networkdevice by right-clicking the device's icon and selecting ConfigurationManagement from the pop-up menu. The dialog in Screen 3 appears, and you canenable and disable the list of services by clicking the associated check boxes.Monitorable services include ping, SNMP, Post Office Protocol (POP) 3, SimpleMail Transfer Protocol (SMTP), HTTP, FTP, Domain Name System (DNS), Network NewsTransfer Protocol (NNTP), and Windows NT Services.

Once you place several icons on the map and set their associated propertiesand monitoring types, you can manually draw lines to visually represent theirinterconnectivity, or you can use the auto-linking feature. The lines enhancethe visual representation of your network map, letting you easily see whatdevice is connected to what other devices and how the devices are connected toeach other, as Screen 4 shows. For instance, you can have two SMTP mail serversin different locations connected with a T1 circuit and TCP/IP routers. In thiscase, you can drop two mail server icons on the map, drop two router icons onthe map, and draw lines between the devices to represent the connections. Thenadjust the device properties and status monitoring settings to check the SMTPmail service on port 25 of each server (all SMTP mail servers run on TCP port 25by default). NTManage will automatically check the services at the specifiedinterval, and according to the rules you define, notify the administrator if aproblem arises.

Ready When You Are
In less than 30 minutes, I had NTManage installed, configured, andmonitoring my small network of 20 workstations, 1 router, 3 dial-up servers, 5Internet servers, and a T1 link to the Internet. The product is well worth yourtime to check out, and it can really go a long way toward providing a moresecure and stable network environment, especially for TCP/IP-based services.