It can be expensive and time consuming implementing network management systems which claim to do everything. This adds up to headaches for network managers and can result in wasted money. In my view, you have to get the basics right before you consider buying one of the many types of network management systems that currently exist. This list outlines the top 10 things that you need to do to manage your network effectively.
1. Create an inventory of your most important systems.
I am going to call this the critical infrastructure list. There are many ways to generate this, from walking around and documenting what you have to installing software which can scan your network. If you want to manually check your network, start at your core switch and document what is connected. Include things like servers, routers, firewalls, distribution switches and any device which is used to keep your network and users working. If you are unsure where to start, I looked at ways for discovering your network core in a previous post.
2. Develop a change control process
Once you have documented the most important systems on your network, look at implementing a change control process which makes sense for your network. Too often I see people copying change control processes from previous jobs, or, they do something basic to keep their bosses happy. For every system on your critical infrastructure list you should have a log of all changes and who implemented them.
3. Be aware of compliance standards. Understand what you need to monitor and for how long.
Before you look at trailing or installing network management tools, check if you need to comply with any compliance standards. This includes things like PCI, Sarbanes-Oxley and HIPAA. I sometimes see separate systems being bought so that compliance is achieved. This can result in separate systems for compliance and separate systems for troubleshooting the network.
4. Have a map with status icons
When you pick a system for managing your network, make sure it can create maps with status icons. Add an icon for all devices on your critical infrastructure list. Display this map in the same area where your support or helpdesk is located. Most systems that include this mapping functionality, allow multiple logons so that you can view the maps in different locations.
5. Look at dependencies
Within a network, certain systems are dependent on others. If you are monitoring a remote location, and the router fails at that site, you will be alerted that the router is gone down and any other device at that location that you are monitoring. Some network monitoring tools allow you to set dependencies so that if a router goes down, you don't end up with a series of alarms. You get one to say the site is gone off line which is all you really need to know.
6. Setup alerting
Alerting should be based on the working hours of the IT staff. Most of us don't have the luxury of a 24 hour support desk. Most medium and upwards sized businesses have a support desk during the day and an on call system for out of hours. Alerts about issues with your critical infrastructure should always go to these personnel. It can also be useful to send the alerts to specific server and application teams during business hours.
7. Decide on standards and security for getting network information
An alert to say that a system on your network is down or really busy is crucial, but it can help if this alert is backed up with additional information as to what may be wrong. This information can be gathered using one of the standard network management protocols like SNMP or WMI. Over on the EtherGeek Blog, Josh Stevens has useful information on what you need to do to prepare your network to be managed.
8. For all important systems and applications, look at getting supplemental data.
Too many times I have heard people say, we got an alert that there was a problem on the network but we did not have the data to investigate what caused it. At a minimum I would suggest you:
- Look at the logs on the devices and servers. Make sure that they have enough space to store events over wide time periods. If this is not possible, make sure you back them up on a regular basis.
- Capture the network traffic going to and from devices on your critical infrastructure list. Make sure you can track who is connecting to these systems and what data they are downloading and uploading
- Ideally you should be logging application specific information like what files are being accessed on your file shares, what database queries are being run and what pages are being accessed on you websites.
9. Don't forget about your network perimeter. Watch what is coming in and out
Too much trust is sometimes places on what firewalls and Internet filters do. While I agree that they are vital parts of any network, you should watch what is coming in and out of your network. You can achieve this by watching the traffic flows and implementing an intrusion detection system (IDS).
10. Have a process or system for tracking users and devices
Finally, when you have monitoring and alerting in place for all devices on your critical infrastructure list, you should looks at ways of identifying where everything is plugged in on your network. There are many guides out there for tracking down network hosts. You can do it manually by logging onto your switches and looking at MAC address tables. Recently have I come across a number of applications which can do this for you automatically and you can simply search for a MAC address, IP address or username.
Darragh Delaney is head of technical services at NetFort Technologies. As Director of Technical Services and Customer Support, he interacts on a daily basis with NetFort customers and is responsible for the delivery of a high quality technical and customer support service.