ITS Branded Powerpoint...Too many to go through here, but know your ... Most manufacturers publish...
Transcript of ITS Branded Powerpoint...Too many to go through here, but know your ... Most manufacturers publish...
Network Security
Practices You Can’t
Do Without
Presenter:
Steve Kuzma, IT Solutions
Who we are:
Why do we have network alerts?
• Knowledge
• Understanding
• Proactive response
• Reactive response
• Overall Preparedness
What should we be monitoring?
• Hardware
• Power
• Internet
• Internal Network
• Environmental Monitoring
• Event logs
• Applications
How to monitor alerts:
• Endpoint management software
• Scripts
• Solarwinds
• Spiceworks
• Windows
Hardware
• Event logs
• Manufacture’s System Tools
• Endpoint
• Hard Drives
• Memory
• CPU
Power
• UPS Management Software
• Run time
• Load
• Load battery self tests
• Battery status
* Some devices have the ability to do environmental monitoring
Internet
• Ping Checks
• Logic Monitor
• SolarWinds
• Up/Down
• Bandwidth
Internal Network
• Logic Monitor
• Ping Checks
• SolarWinds
• Built in administration• Firewalls
• Wireless
• Physical Access
Environmental Monitoring
• Room Alert
• IT WatchDog• Temperature
• Humidity
• Moisture
• UPS Add-ons
Event Logs
• Endpoint Management
• Windows
• Failures
• Processes
• Login Attempts
Applications
• Endpoint Management
• Windows
• Performance Monitor
• Services
• Utilization
Do I need all of these alerts?
• Proactive vs. Reactive
• You’re the authority
• Preparing for the future
Predictive Monitoring: Looking for Bottlenecks
Two Methods:
1. Know the limits of your equipment
• Routing/switching speeds on networking gear
• Throughput of inter-equipment links
• IOPS, transfer rates on storage
2. Find your baseline
• You can’t do trend analysis without a baseline
Trend Analysis
• Requires historical monitoring, you need a
monitoring engine
• Establish a baseline – a week of growth isn’t
necessarily a trend
• We’ll look at some common metrics, but if you’re
not sure, overdo it and monitor it all
• Overhead should be relatively insignificant
• Try to correlate the trend to a reason so you can
better understand and predict
Start simple with physical servers• CPU > 80%, RAM >80%, HD <15%
• Monitoring this is still not predictive!
Look at the trends:
• January RAM was 60%, February was 65%, March was
70%...when do you upgrade?
Is a RAM upgrade the right choice? New server?
• Depends on your BASELINE – is CPU trending as well?
• Also depends on business metrics – did this correspond
with increased web traffic due to a marketing push?
• Can you get the business forecast and prepare?
Monitoring Applications
Helps determine what is driving overall utilization,
but also critical for user/business impact
• Databases are disk dependent (read rate, write
rate, latency)
• Websites are network dependent (number of
connections, network throughput)
Too many to go through here, but know your
applications or build up a baseline
Monitoring networking equipment
• Most manufacturers publish metrics such as
maximum throughput with and without services
Network Metrics (router/switch/firewall)
CPU – most reliable “how hard is it working” metric
• In many cases, this is the bottleneck that drives the
published numbers
Interfaces of critical equipment – how much data is
the link pushing? Is it time to add more connections?
• Inter-switch links – a 1Gbps link isn’t that difficult to
saturate
Watch the trend and strategize!
SAN Metrics
• Controller CPU – overall performance
• Read and Write Latency – biggest determinant
in perceived speed
• IOPS – particularly in virtualization workloads,
how busy is the SAN?
• Throughput on network connections/FC ports –
is the interface an issue?
• Throughput to disk shelves – is it safe to add
more shelves?
Virtualization Metrics
• Host metrics: CPU%, Memory%, Network%
• Advanced host metrics:
• CPU Ready % - % of time VMs are ready to use CPU
but resource is unavailable
• Under 5% is generally considered acceptable
• vCPU Ratio – how many virtual CPUs per physical
core?
• Different opinions – consensus is 2:1 or 3:1 but it is workload
dependent. Try to keep biggest CPU users away from each
other.
More virtualization metrics…
• Memory swapping – host or VM
• Avoid it at all costs. Not only is it slow, but it overtaxes
storage resources as well.
• Storage throughput and latency from hosts
• Particularly NFS – even if you have multiple links,
there is no “overflow” so one data stream can still only
utilize one single link (i.e. 1Gpbs/10Gbps)
Business-type metrics
• Look at these types of things to see what is driving
your increased/decreased utilization:
• Number of connections (website, database, etc.)
• Inbound traffic from outside sources (router interface,
VPN, etc.)
• Accounts created, accounts deleted or inactive
• Might need to create custom counters within the DB
It’s not always about upgrading!
• Metrics that are trending towards problem areas are an
opportunity to grow or an opportunity to become more
efficient.
• Check with application owners and developers to see if
they have any input on your metrics.
• Yes, growing from 2 to 10 application users is a 5x
increase, but should you need another server at 10
users? Or is there efficiency to be gained by disabling
services or rewriting inefficient code?
Firewall Management and Best Practices
• Proactive monitoring / management
• Backing up running configuration
• Automating
• Ping checks
• Predictive monitoring
• Monitoring uplinks for traffic
• Port Lockdown and documentation
• Management Lockdown
Q&A
Next Webinar:
PC Security: How to Avoid Malware, Spyware and
Viruses
Wednesday, March 16, 2016
2:00 – 3:00PM (EST)