Network Management on $1.19 a Day

Products that address a specific problem tend to be more efficient, easier to use and less expensive. Of course, the flip side is that network-management applications providing such simplification also offer fewer niceties. On the other hand, scaled-down versions of higher-end management products, available at greatly reduced prices, wave a magic wand at just about any FCAPS puzzle piece yet are limited in functionality.

These limitations partly revolve around what can--or can't--be done with SNMP. As a standard, SNMP is widely installed and leveraged by network-management vendors but is primarily limited to addressing the fault and performance portions of FCAPS. Frankly, even expensive network-management products are hamstrung when they rely solely on SNMP data, which is why many have proprietary agents. However, no matter what their cost, most fault and performance products do offer significant monitoring, diagnostic and planning capabilities.

Still, if you figure you're going to lose something by going with a midrange management application, you're right. You won't get high-availability and redundancy features or common object models for $10,000. Distributed event-stream filtering and correlation are out too. But you can get distributed-computing functions, like Web publishing interfaces and distributed polling.

Topological Layer 2 root cause or dynamic impact analysis? Nope. But you will get simple event and alarm management, plus these apps offer performance management, with surprising depth and ease in some cases.

Take note, however, that you won't find security accounting or configuration. This isn't surprising--packages that cover these areas are expensive and complex. Total security can't be had for less than $10,000. In fact, some say it can't be obtained even for a king's ransom (see "Secure to the Core"). We asked readers responsible for network management how they'd prioritize the FCAPS model based on two scenarios. First, we asked what areas they'd focus on if money were no object. It was no surprise that security was most important, chosen by 61 percent, followed closely by fault and performance, then trailing off a bit for configuration, with accounting bringing up the rear.Then we asked the same readers to prioritize FCAPS management functions if they had the budget to accomplish only one task. Security, while still holding the top spot, led by a smaller margin. Fault management remained strong, and performance and configuration held their own. Accounting may make sense, but it's not high on anyone's list, money or no.

So how much management bang can you buy for 10,000 bucks? Surprisingly, a lot. Managing 1,000 interfaces will get you control over the backbone, important network nodes and servers in a 10,000-node network.

But what about ROI and TCO? Those are big sticking points if you're doing the usual megabucks network-management thing, but how about $800--the price of our Best Value award winner? That eases worries about financial models, business impact and that nasty project creep.

Of course, even a single dollar is too much to spend if you're not going to benefit. That is not the case here: Automation of response and reporting improves productivity. Report distribution, via Web and portal delivery, improves intercompany communications and fosters self-service. For example, Web reports supplied to business groups give them availability information on their servers and the network, helping them identify downtime problems and direct their inquiries when a process is failing. Performance baselining can improve capacity planning and lead to more proactive management.

Most important is the time it takes to implement and maintain these products, which has always gobbled the biggest slice of the network-management implementation pie. Some inexpensive products, because they can't go beyond simple monitoring or performance gathering, aren't going to cost a lot. Others that limit their functionality based on price will, if expanded to cover other portions of the FCAPS model, increase TCO.You should also consider your network's growth prospects: If you see significant expansion in your future, then buying a product that will grow with you will let you leverage the installation going forward. The $10K capital expenditure limit implies that you have a dearth of resources dedicated to network management. This usually means a team of only one, maybe two. So while good fault and performance functionality is a must, you need products that can be implemented in a reasonable amount of time and that don't require full-time administration. No matter how good a network-management product is, if you're forever attending to its care and feeding, it'll end up on the shelf.

The size of the network that can be managed by any given product is constrained by the number of points the software can track or monitor. This is an artificial limit, determined primarily by the license, not the hardware or the network-management systems. Of course, there is a ceiling to the number of devices that can be contacted by a single server (somewhere between 5,000 and 10,000 instances, depending on type of devices monitored). In our tests, we limited ourselves to 1,000 monitored interfaces, and none of the entries broke a sweat.

Monitoring methods include ICMP ping, SNMP, TCP/UDP ports, system APIs, proprietary agents and applications. ICMP ping, SNMP and TCP/UDP ports are the most commonly gathered kinds of data. Each point monitored by a server adds to the load and limits the number of devices/nodes the server can monitor, but most low-priced network-management products now include distributed pollers, which poll devices and report back to the central or master server; thus you can poll many more devices than the physical limit of a single server. Also, this setup not only lightens the central server's load, it slashes the amount of network bandwidth needed for polling because the distributed poller-to-central-server communication is usually compressed and sometimes is bandwidth sensitive. This sensitivity is valuable when the poller and central server are separated by a WAN link.

Performance monitoring, another important and well-developed feature of more expensive network-management products, can be found in sub-$10K packages, though the implementations are not as extensive. Most rely on SNMP MIB II data, with the better products leveraging the fact that, by default, Microsoft Windows 2000 loads the Host MIB, which provides performance data for CPU, memory and volume.

Proprietary MIBs and agents are not as well supported in midrange products, except that some of these apps occasionally use an agent on the network-management server to proxy SNMP traffic. The side benefit is that, even at this low price point, we were able to gather quite a bit of system-performance data on our network-management server.Fault management, or the collection of event streams, was so-so in low-priced products. They'll be able to collect SNMP traps and events, and as long as the number of interfaces remains below 1,000, the volume of events will be manageable. Of course, if those interfaces are close to central backbone devices, the number of events--and their importance--will be greater.

Finally, missing from the most inexpensive products--except for those designed to grow--is event correlation. In some cases the app will filter and apply Boolean logic to the event stream so it can manage the number of events displayed to the operator. Correlations for downstream and duplicate event suppression are advanced functions usually available only on those network-management products that are more expensive, feature-rich and able to support much larger networks.

Bruce boardman is executive editor of Network Computing, testing and writing about network management and systems. He has 12 years' IT experience managing network and distributed computing for a financial services provider. Write to him at [email protected].

Andy Woods is a computer scientist for a federal law enforcement agency. You can reach him by e-mail at [email protected].

Post a comment or question on this story.If you've considered network management suites out of your league, it's time to re-evaluate. While you won't get champagne features on a beer budget, some lower-priced network management products do provide distributed computing functions, like Web publishing interfaces and distributed polling, as well as simple event and alarm and performance management.We set a budget of $10,000 to manage 1,000 nodes and sent out a call to the usual suspects. Castle Rock Computing, Computer Associates, Hewlett-Packard, Ipswitch and SolarWinds.Net send us products to test. We gathered the software in our Syracuse University Real-World Labs® and put them through their paces with the FCAPS model in mind.

We expected to find a product that would shine in the fault and performance areas, and SolarWinds.Net's Orion Network Performance Monitor confirmed our hunch. It offered depth, flexibility and functionality right out of the box--without making us jump through hoops--earning it our Editor's Choice award. But the other entries were not far behind; overall, we were impressed with what we could get--in some cases for less per day than a double latte.