Integrated Network Monitoring in System Center 2012 Operations Manager
Manage non-computer devices and computer-to-device relationships
April 2, 2012
Microsoft System Center 2012 Operations Manager is an upgrade to System Center Operations Manager 2007 R2. The new version ofOperations Manager is evolutionary, building on a successful framework rather than reinventing too much. The upgrade offers both under-the-hoodimprovements and UI usability enhancements. In addition, this version of Operations Manager adds a few major features to the core Operations Managerproduct, one of which is a new capability for managing devices that are not computers. A default installation of Operations Manager now includes anetwork-device discovery and monitoring engine that positively identifies specific network devices and graphically correlates computer-to-devicerelationships.
What's New
Operations Manager can monitor hundreds of devices such as network switches, routers, and firewalls, and load balancers at the port level, and cancorrelate this information with server- and application-health models. Figure 1 shows the default Network Monitoring views. Note that routers, HotStandby Router Protocol (HSRP) groups, switches, and Virtual LANs (VLANs) have dedicated state views on the left. The network devices that arediscovered on this small business network include a few Cisco routers and HP switches, some HP and Lexmark network printers, and a few other devices,such as an HP tape backup library. Also note the Certification column on the right; I'll cover this in more detail later.
Figure 1: Network Devices state view
After Operations Manager has discovered the devices on your networks, a correlation pass identifies interfaces on network devices that match up withinterfaces of previously discovered devices and Windows computers. These automatically selected interfaces on network devices are monitored forperformance, errors, and availability. This viewing of network-device health, in the context of computers that are interconnected by devices, ispowerful and logical. The automatic selection of only key interfaces for monitoring is a clever approach that avoids collecting too muchinterface-performance data.
What's Now Old
At a programming level, previous versions of Operations Manager included a rudimentary, generic network-device monitoring capability that's based onthe Microsoft.SystemCenter.NetworkDevice Library, which is deprecated in System Center 2012 Operations Manager. All existing third-party and in-housecustom Operations Manager 2007 management packs for network devices are built on this library for SNMP device monitoring. This news isn't too bad: Theearlier library was known to have scaling and performance issues, and not many IT shops have used Operations Manager extensively for network-devicemonitoring so far. The new version of Operations Manager includes backward-compatible support for legacy management packs written to use the olderlibrary.
The new, scalable, full-featured network monitoring in Operations Manager uses the System.NetworkManagement Library for SNMP monitoring. Publishers ofcommercial network-device management packs for Operations Manager 2007 will need to update those packs to use the new SNMP library, which includessupport for the more secure SNMP version 3 (SNMPv3) protocol. Evolving beyond clear text, community string-based SNMPv1 and SNMPv2 security to encoded,cryptographic SNMP V3 security is important for confident automation of network device management.
Deciding to Deploy Operations Manager 2012 Network Monitoring
It's impossible to manage an enterprise network by monitoring only network devices but not servers and applications. Likewise, monitoring only serversand applications, without monitoring the network devices that interconnect and support those servers and applications, is insufficient. Experiencednetwork admins will agree that isolating intermittent or complex connectivity issues to the application or physical layer can be a time-consuming task.Any solution that integrates both layers by highlighting application-to-device dependencies is a great innovation. Such a solution speeds faultisolation and even provides input to automatic recovery workflows. Whether you decide to deploy this feature of Operations Manager might depend onwhich level of integrated network monitoring you already have in place.
Monitoring both the physical and application layers of the network in a single pane of glass is a goal of most IT pros. The new Operations ManagerNetwork Monitoring feature is Microsoft's first serious attempt to deliver that desirable, holistic picture. Many organizations today use multiplemonitoring applications to instrument both the physical and application layers. It isn't uncommon for an IT shop to run Operations Manager 2007 formonitoring servers and applications, as well as running another application, such as SolarWinds Orion Network Performance Monitor or Ipswitch WhatsUpGold Premium, for switch and router monitoring.
Where does Operations Manager Networking Monitoring fit into the management space, and should you consider deploying this feature? When making thatdecision, remember that monitoring network devices is not free when you use commercial software. SolarWinds charges about $2,500 for 100 interfaces;Ipswitch charges about the same, but more generously licenses 100 devices with unlimited interfaces. The license model for network devices inOperations Manager is based on the type of network device that is being monitored. There is no charge to monitor devices that operate at network Layer3 and lower, such as conventional switches. Devices with OS environments that function above network Layer 3 require a System Center 2012 standardmanagement license, which is about $1,300. Consider the following scenarios, which might apply to organizations that use Operations Manager to monitortheir networks.
Scenario 1:Large organizations.Organizations with thousands of monitored network devices might already have deployed a high-investment network-monitoring solution. Operations ManagerNetwork Monitoring is not designed for thousands of devices like heavyweights HP OpenView and IBM Tivoli. In this scenario, consider adding OperationsManager device monitoring to speed problem isolation in specific applications. Examples of such situations include co-monitoring of iSCSI SAN switchesand network load balancers that support a critical distributed application running on Windows servers.
Scenario 2:Midsized-to-large organizations.Organizations with several hundred network devices might have deployed some device monitoring. In this case, take a hard look at the features inOperations Manager Network Monitoring. Can you retire an existing, secondary SNMP monitoring tool? You gain a lot with the Network Monitoring,computer-to-device correlation feature. However, you don't want to pay twice to monitor the same device. A hybrid approach might be to use OperationsManager for your datacenter core devices and to use another dedicated SNMP monitoring tool for large populations of edge switches and routers. Considerusing a connector into Operations Manager, such as the SolarWinds Orion Management Pack, for those devices that aren't monitored natively by OperationsManager.
Scenario 3:Small-to-midsized organizations.Organizations that deploy few network-device monitoring tools might consider Operations Manager Network Monitoring for all network devices. The insightinto availability metrics on your devices, and the ability to correlate network issues to server issues (without deploying any additional software),could be a big success story.
Certified vs. Generic Network Devices
Be aware that Operations Manager Network Monitoring classifies network devices as certified or generic, depending on their status in the OperationsManager network-equipment database. Generic (or unrecognized) devices are monitored for ping or SNMP responsiveness; port monitoring looks for genericdevices that support standard SNMP interfaces. Certified devices are recognized and specific additional monitoring applied. For example, the left sideof Figure 2 displays the Operations Manager health model for a certified router from Cisco. This model includes monitoring of memory and processorutilization. The right side of the figure shows the health model of a different Cisco router. This model includes only generic Operations Managermonitoring support.
Figure 2: Health models of two network devices
System Center 2012 Operations Manager doesn't include the ability to import or compile MIB files that you supply, or to add devices to the certifieddatabase. The database of supported network devices is static and expected to be updated centrally by Microsoft. Before expecting enhanced monitoringto work with a particular model of router or firewall, test that you can monitor your key device or devices or consult the link about supported devices inthe "Learning Path."
How to Deploy System Center 2012 Operations Manager Network Monitoring
One of the under-the-hood enhancements in System Center 2012 Operations Manager is the concept of management and gateway server resource pooling. Inprevious Operations Manager releases, provisioning of redundant monitoring for network devices required multiple watcher nodes against the samedevices. In this version of Operations Manager, fault tolerance of monitoring nodes is automated by assigning groups of managed network devices tomultimember management or gateway server resource pools. In the resource pool model, two or more monitoring servers transparently load-balance andprovide failover coverage for one another.
Larger organizations (i.e., those with more than several hundred network devices to monitor) need to pay special attention to the placement and distribution of Operations Manager management and gateway servers that are members of a network-device monitoring pool. Prerelease sizing documents from Microsoft suggest that a System Center 2012 Operations Manager management group, employing two resource pools of three management servers each, can monitor about a maximum of about 2,000 network devices.
Midsized organizations (i.e., those with up to several hundred network devices) might consider two or three servers for a dedicated (and highly available) network-device management resource pool.
Smaller organizations (i.e., those with a few dozen network devices) can deploy the Operations Manager Network Monitoring feature on a single server, without any complications.
Your Operations Manager management group is limited to a maximum number of unique discovery rules, equal to the number of management and gatewayservers in the management group. In other words, each management server or gateway server can be assigned exactly zero or one discovery rules. Adiscovery rule can run on the server once per day at a given time or manually only. Figure 3 illustrates how a discovery process is performed by aselected Operations Manager server and then monitored by a specified resource group.
Figure 3: Discovery and monitoring processes
Best practice is to consolidate all discoveries into as few rules (and servers) as possible, and to allow the automatic daily discovery process to run,optionally with the recursive discovery type selected. The intelligent process that enables both monitoring on server-connected interfaces and correctdiagramming in the Network Vicinity Dashboard requires existing computers and devices to activate monitoring on discovered interfaces. Firing thatdiscovery process daily keeps the dashboards accurate and useful, even as the server and device topology changes.
Introducing the Network Dashboard Views
In addition to all the familiar Operations Manager view folders, such as alerts views and performance views, Operations Manager Network Monitoringintroduces four new network dashboard views to convey data: the Network Summary, Network Node, Network Interface, and Network Vicinity dashboards.
Network Summary.The Network Summary Dashboard is the only new dashboard view that is exposed in the View folder hierarchy (in the navigation pane of the OperationsManager console). Therefore, this dashboard is often the first place you'll look for a high-level overview of the health of your monitored networkdevices. The other network dashboards are invoked from the Network Summary Dashboard or from the task pane of any selected Windows computer or networkdevice.
Figure 4 shows the components in the Network Summary Dashboard. These tools help you to identify the network devices and interfaces that are slowest,are busiest, or have the most errors. Use the Network Summary Dashboard to select nodes and interfaces for further analysis, then right-click the selectedobject or use the task pane to pivot to the Network Node Dashboard or Network Interface Dashboard.
Figure 4: Network Summary Dashboard
Network Node.A node is any device that connects to a network. Switches and routers are among the most common kinds of nodes. The Network NodeDashboard provides details about the health of a particular device. The upper portion of the dashboard consists of the Network Vicinity view for thatnode, as well as "speedometer" gauges for node availability today, yesterday, in the past week, and in the past month. (Periods that were not monitoredare counted as available in the availability statistics so that newly discovered devices don't appear to have had outages in the gauges.)
The lower portion of the dashboard includes a list of all monitored interfaces on the node. From this view, you can manually override OperationsManager's automatic selection of which interfaces to monitor. Also, by right-clicking specific interfaces, you can pivot to performance or reportingviews that drill down into the near- or long-term history of an interface. In Figure 5, the Interface Packet Analysis report for port 4 on switch 1during the previous week appears in a second window.
Figure 5: Interface Packet Analysis report
Network Interface.An interface, such as a port, is a physical entity with which network connections are made. By default, Operations Manager monitors only ports that areconnected to other monitored Windows computers or devices. The interface dashboard is the most detailed view of a particular interface. You can usethis dashboard to zero in on a specific counter for problem investigation and capacity planning.
Figure 6 shows key counters for the previous 24 hours on a particular interface. In this case, we're looking at port 1 on switch 4, the interface thatwas listed in the Interface with Most Receive Errors (Previous 24 hours) section at the bottom of the Network Summary Dashboard in Figure 4. In thisscenario, you get more details about the interface. Specifically, you can now answer the question, "How significant are the errors on this interface?" TheSend/Receive Error and Discards Percentages chart in the lower right of the figure shows just one low spike, so the answer to that question is "Probably not veryserious."
Figure 6: Network Interface Dashboard
Network Vicinity. Perhaps the most compelling view in the new Operations Manager Network Monitoring feature is the Network Vicinity Dashboard. This view diagrams a node,as well as all Window agent computers and other nodes that connect to that node. You can toggle up to five hops, and you can decide whether to viewconnected computers. Selecting a particular connection in the diagram allows you to identify which physical switch or router ports are involved; theseappear in the Instance Details area of the dashboard, as Figure 7 shows.
Figure 7: Network Vicinity Dashboard
There are some limitations in the first release of the Network Vicinity Dashboard. For one, it only works with Windows computers (not Linux computers).Second, it doesn't take into account Microsoft Hyper-V host/guest relationships. And third, it doesn't show network interface teams as teamed. Anotherconstraint is that only members of the Operations Manager Administrators group can open the dashboards, so there is no model for extending dashboardaccess to users who have limited-scope roles in Operations Manager.
The Network Vicinity Dashboard, like all the network dashboards that I describe in this article, works in both the full System Center 2012 OperationsManager console and the Operations Manager web console. (Figure 7 is a screenshot of the web console.) All the rich alert notification channels inOperations Manager, such as email and SMS text messaging, are available, as is scheduled publishing (or emailing) of network utilization reports, usingstandard Operations Manager reporting services. You can author a granular Operations Manager distributed application that includes individualnetwork-device elements, to realistically model your most crucial services.
Closing the Gap
System Center 2012 Operations Manager adds significant new features that will be useful to many customers. Microsoft closes a gap that hasexisted in the Operations Manager product and makes the System Center 2012 suite more appealing. Although not a complete replacement for conventionalnetwork-monitoring tools in all environments, these features are probably sufficient, even excellent, for most small-to-midsized environments. Largeorganizations can instrument key datacenter devices for valuable insight into application versus physical network layer correlations that are difficultor costly to achieve with other solutions.
Learning Path
For information about rewriting legacy network device management packs:
"Migrating Operations Manager 2007 R2 Network Monitoring"
For a list of certified network devices with Operations Manager 2012 extended monitoring capabilities:
"System Center Operations Manager 2012: Network Devices with Extended Monitoring Capability"
About the Author
You May Also Like