Network monitoring.2 10pt - University of Utahitil.it.utah.edu/downloads/fits_netmon.pdf · Network...

Network Monitoring

Framework for ICT Technical Support

Network Monitoring NM 1 Topic introduction – Aim and objectives of this topic . . . . . . . . . . . . . . . . . . . . . . . .1

NM 2 Overview – An introduction to the process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1

NM 3 Implementation guide – How to implement the process . . . . . . . . . . . . . . . . . . . . .4

NM 4 Operations guide – The ongoing operation of the process . . . . . . . . . . . . . . . . . .11

NM 5 Review – Summary and checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

Appendices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

KeyGlossary term: Glossary term

Cross reference: Cross reference

© Becta 2004You may reproduce this material free of charge in any format or medium withoutspecific permission, provided you are not reproducing it for profit, material orfinancial gain. You must reproduce the material accurately and not use it in amisleading context. If you are republishing the material or issuing it to others, youmust acknowledge its source, copyright status and date of publication.

Publication date March 2004Originally published online in September 2003 as part of the Becta websitehttp://www.becta.org.uk/tsas

While every care has been taken in the compilation of this information to ensure that it is accurate at the time of publication, Becta cannot be held responsible for any loss,damage or inconvenience caused as a result of any error or inaccuracy within thesepages. Although all references to external sources (including any sites linked to theBecta site) are checked both at the time of compilation and on a regular basis, Bectadoes not accept any responsibility for or otherwise endorse any product orinformation contained in these pages, including any sources.

British Educational Communications

and Technology Agency,

Millburn Hill Road,

Science Park,

Coventry CV4 7JJ

Network Monitoring

NM 1 Introduction to Network Monitoring

Would you like to detect network problems proactively before those using the networkreport them? Network monitoring helps you to achieve that and more…

NM 1.1 AimThe aim of this section is to introduce network monitoring and to help youimplement the process in your school with a minimum of preparation and training.

NM 1.2 ObjectivesThe objectives of this section are to enable you to:

• understand the concept and benefits of network monitoring

• understand what is involved in the process of network monitoring

• implement network monitoring in your school

• continue to operate network monitoring

• review your implementation and summarise your progress.

NM 2 Overview

NM 2.1 What is Network Monitoring?In this document, by network we mean local area network, although some of theadvice could be applied to a wide area network. If you are not sure what these termsmean, please click on the underlined links for a definition before reading on.

As school networks grow more complex, it is important to find a way of monitoringtheir performance in order to:

• help ensure that the network is available to users

• respond more quickly to hardware and software incidents and problems

• determine where the network is performing well or otherwise – for example,where there might be bottlenecks in bandwidth, preventing parts of the network from operating efficiently, or at all (this is particularly important for school networks where network usage often follows an unusual pattern such as the peaks in use of the network as pupils log on and off at the start and finish of lessons)

• identify trends and determine how to optimise the network by changing network configurations, replacing network devices and so on – this will help establish where you are likely to obtain the best return on future investment in network hardware and software

• improve the visibility of network status – you will be able to see instantly what parts of the network are working or not at any given time (this will help improve response times when part of the network does fail).

Some of these tasks can be performed manually but, for larger or more complexnetworks, it may become necessary to use dedicated software to monitor andmanage the network.

FITS Network Monitoring© Becta 2004 1

Network Monitoring

Unlike individual computers, a network has no central ‘brain’. Network monitoringsoftware can help by functioning as the eyes and ears of the network, revealing asense of the whole network and keeping track of its overall health.

Network monitoring software provides four main areas of functionality: mapping,polling, notification and reporting.


Mapping

Polling

The program sends messages out across the network and uses the responses ofthe various components to build a virtual model of the network. This model is auseful tool for documenting the network configuration.

Once the map is built, the software sends frequent status requests to the networkcomponents. This can give early warning of potential failures.

NotificationThe software can also collate error traps from network devices. These errors canrange from overheating processors to stuck mail queues. Information about errorscan be displayed centrally or even sent as an SMS message to a mobile phone.

Reporting

Statistics on the use and efficiency of the network can be produced for techniciansor management to use. These statistics can be used to identify bottlenecks in thesystem performance or determine where components may need replacing.

NM 2.2 Why use Network Monitoring?A network monitoring system can monitor the entire school network in search ofcritical events that could potentially interrupt service and cause loss of time andresources. It can be configured to execute certain tasks in order to prevent or correctcritical events before they have an effect on the network.

Network monitoring will allow collection of data on historical and current usage,remaining capacity and system failures so that you can identify and analyse trends.This information provides a valuable input to the ICT strategy and budgeting process.This is where running suitable network monitoring software really helps the school,providing a variety of useful reports, graphs, and so on for use by the leadership team.

NM 2.3 Who uses Network Monitoring?In schools, it is usually the technical people managing the network who monitor thenetwork. They often use network monitoring tools that can be complex pieces ofsoftware requiring both a degree of understanding of network principles and of theactual organisation of the network to be monitored. If properly configured, thesoftware will usually produce statistics on network use and capacity that non-technical staff can understand.

NM 2.4 How does Network Monitoring work?Network monitoring essentially consists of taking a snapshot of the state of thenetwork and continually monitoring changes to that state. The Network Monitoringprocess flowchart below illustrates this.


Document the

Check cabling

Choose

Establish

Network Monitoring

Incident Change

Network Monitoring process

updateupdate

Network

network

monitoringmethods

baseline

Managementprocess

Managementprocess

process

documentation

step

:st

ep:

step

:st

ep: 01

02

03

04

NM 2.5 How does network monitoring software work?Network monitoring tools operate by monitoring the network at the data link andtransport layers in the open system interconnection (OSI) reference model. The toolscapture network traffic to help analyse incidents and problems, determine networktrends and troubleshoot applications.

Most functions of network monitoring tools use a protocol called simple networkmanagement protocol (SNMP). They also allow the network manager control of thenetwork via a central screen. The tools commonly use remote monitoring (RMON) toachieve this.

Network information is generally stored in a management information base (MIB).

NM 2.6 What does Network Monitoring cost?You can do some network monitoring manually by using the tools already built intomost servers. Other tools are available free or as low-cost shareware. A range ofcommercial software is available at prices ranging from a few hundred pounds up tohighly functional systems costing over £50,000 and suitable for huge corporatenetworks.

Schools are unlikely to need anything but the simplest commercial software for sometime to come. The more advanced software is also time-consuming to install andmanage and tends to have a steep learning curve. The Network MonitoringImplementation guide (NM 3) describes how to select an appropriate networkmonitoring tool.

NM 3 Implementation guide

NM 3.1 What needs to be done? As described in the overall FITS implementation approach, we recommend a phasedapproach o implementing new processes.

The FITS ethic is ‘keep it simple’. FITS alsopromotes a cyclic approach to its implementation:start small and make continuous improvements.

This first set of material introduces the processes with easy-to-follow instructions andsimple tools to use. When you have implementedthe processes, you will use the tools to gatherinformation to make further improvements andthus enter the next cycle.

This process of refinement allows you toimplement best practice in manageable,bite-size pieces. You will therefore reap thebenefits from an early stage and not beoverwhelmed by extra work.

The FITS Network Monitoring implementation approach is for people with little freetime to spend on implementing processes and procedures and whose day-to-dayactivities are unpredictable and must take priority.


FITS implementation

Structured implementation of best practice processes

processtools

information

for continuous improvement.

for continuous improvement.

Our aim is to help you begin to removesome of the unpredictability byintroducing best-practice processes insmall steps and so begin to realise thebenefits as quickly as possible.

A school network consists of connecteddevices. Some devices can be uniquelyidentified on the network by means of aunique address. Each identifiable deviceis known as a node. Examples of nodesinclude servers, workstations, switches,routers, bridges, printers, scanners,and even devices such as electronicwhiteboards and other peripherals that can be shared. Network devices

such as cables and hubs are passive and do not have unique addresses.

All devices need to be monitored to gain the best performance from the network.Nodes can be monitored using a variety of methods:

• network protocol analysers – dedicated hardware tools which can be connected almost anywhere in the network and passively monitor network traffic as it passes down the cable

• software built into servers

processtools

information

Network monitoring implementation approach

Network Monitoring


• specialist software installed on a server or a separate workstation.

Passive network devices, which cannot be easily monitored using software programs,need to be monitored using manual means.

This implementation guide will help you to:

• identify network monitoring activities you can carry out with little or no capital outlay

• prepare the network for monitoring activities

• specify, choose and set up basic network monitoring using low-cost network monitoring software.

NM 3.2 Prepare to implementThe first step before implementing network monitoring activities is to determine theneeds of the school.

Some factors to consider

• What budget is the school likely to make available for monitoring tools? There will be an initial outlay for software as well as ongoing licensing and support costs.

• What time is available from technical support providers to install, learn and manage from day-to-day any installed software?

• How complex or large is the school network? What is the anticipated growth in the size or complexity of the network?

• Are there any current known issues with network performance?

• What level of reporting is required on network availability or usage?

• Are there any security issues relating to the network?

When preparing to implement new systems it is advisable to use the FITS ChangeManagement process to prepare for any ICT changes and consider a fallback plan incase of failure. You can do this using the request for change form provided anddescribed in Change Management. You may wish to look at an example request forchange form (Appendix A) for installing network monitoring software.

If you wish to implement network monitoring tools before you have implementedChange Management, here is an outline of the key points to bear in mind:

• Ensure that the network monitoring software you have selected is compatible with your server operating system and investigate the experiences of other installers.

• Plan the installation carefully and make sure you have everything you need before starting.

• Schedule the installation to minimise impact on day-to-day operations and agree the timing with senior staff.

• Inform users of any downtime, its duration and what the impact of the downtime may be. (Don't assume that they will know what you mean if you simply say that ‘file server x’ will be unavailable.)

• Before you start, think through what could go wrong with the installation and be prepared to return the server to its original state just in case you have to.

NM 3.3 Implement • Step 1 – Document the network

• Step 2 – Check the quality of the network cabling

• Step 3 – Choose a monitoring method

• Step 4 – Establish a baseline


Create a map of the physical topology of your network. Thisdocument should describe each physical component andillustrate the ways in which the different components areconnected.

Physical topology

Item Requirement

Example physicalmap (see Appendix B)

Create a map of the logical topology of your network. This mayor may not match up with the physical layout of the network.The logical map shows the relationships between componentsand the flow of information through the network. For anythingbut the smallest network an application designed specificallyfor creating network maps should be considered.

Logical topology

Example logicalmap (see Appendix C)

Record your cabling and patch panel information.Documenting should include equipment and componentlabels, electronic and physical records, drawings, work orders,and reports. Every piece of network hardware should belabelled. This includes cables, patch panels, equipment racksand anything else that will help you develop a meaningfulview of the system.

Cabling and patch panelinformation

FITS ReleaseManagement

Further information

Step 1 Document the network

The single most important element of monitoring a network is to know what it is youare monitoring. The following table details some of the elements to consider whendocumenting your network:

It is good practice to standardise and document settings forcomputers, file servers and other configurable equipment inthe infrastructure. A standard process is outlined in ReleaseManagement and this section should be used to help youdefine, test and document default settings.

Default settings


List all the applications on all the computers, as well assoftware versions, patch levels and so on. Keeping track ofwhich applications are in use and how they are configuredwill help you plan for upgrades as you will more easily beable to see which applications (and the operating systemparticular versions are often tied to) might interact whenchanged. Applications and other software should have astandardised and documented set-up. A standard process toachieve this is outlined in Release Management.

Softwareinformation


Record information about the user accounts and theassociated permissions and rights, for the users and usergroups on the network. It is good practice to define anddocument standard rules for creating network accounts. TheRelease Management process enables this.

Networkadministration


Describe the network overview. You may wish to include thisin a user handbook, which could cover all aspects of ICTinformation as required.

User guidesFITS7.3.1 Userhandbook


Item Requirement

Keep track of incidents as they arise. Make sure that causeand resolution are recorded on incident/request sheets.Also monitor incidents to spot recurrences and trends thatmay indicate an underlying problem and use thediagnostics sheet. Always document the solution.Incidents and

problems

IncidentManagement:

• Incident/requestsheet (Appendix D)

• Incident diagnostics sheet(Appendix E)

ProblemManagement

All documentation including maps should be stored asconfiguration items in the configuration managementdatabase.

Storingdocumentation

ConfigurationManagement

Further information

Step 2 Check the quality of the network cabling

The quality of the network cabling has a considerable effect on networkperformance. If the cabling is not of high enough quality, monitoring the networkmay be problematic and you may have difficulty in obtaining accurate results fromeven the best network monitoring software. The following factors determine howsignals are degraded as they travel around the network:

The physical network topology restricts the length of certain segments in thenetwork.

Cable length

This is the loss of the electrical signal as it passes down the cable.Resistance

Poor connections at cable ends will almost certainly result in noise and interferenceto the signals and may in time cause the network signal to be completely lost. Ifthe fault is intermittent it is often extremely difficult to locate and fix the cause.

Poor connections

Interference may come from other cables that are bundled together or fromoutside sources such as fluorescent lighting.

Noise

As the cable encounters resistance travelling down the cable and part of the signalradiates outwards the signal weakens.

Attenuation

Because the insulation has to be removed from the cable where a connector is addedto make a connection to another device there is a greater potential for interferencebetween the wires at the end of the cable where the signal is generated.

Near-end cross-talk (NEXT)


The best way to test the cabling is to use a cable tester. But there are three optionshere, as the table below illustrates:

• The tester is available any time for regular testing whenever a cabling fault is suspected.

• You can hire out the tester to local schools to recoup some of the cost.

• You and your staff will know best where your network hotspots are likely to be.

Buy a cabletester

• This is the most expensive option.Cables testers vary in price from a few hundred to a few thousand pounds.

• Hiring the most expensive tester is a fraction of the cost of buying.

Hire a cabletester

• You will need to hire the tester every time the cabling needs testing.

• If the model you are used to is not available, you have to learn a different set of instructions.

• The company will test the entire network with state-of-the-art equipment.

• There is no need to buy or hire a cable tester.

• The company’s report should be a professional document that will give you a thorough understanding of the network capabilities and weaknesses.

Have the cablingtested by aprofessionaltesting company

• You will need to hire the tester every time the cabling needs testing.

• If the model you are used to is not available, you have to learn a different set of instructions.

Option Pros Cons

Which option you go for may depend on such factors as:

• the budget available

• how much cable there is on the network (or, conversely, how much of the network is wireless)

• the age and state of the cable installation

• the quality of cable and connectors used

• whether the cabling is suspected of causing network dropouts and so on.

Step 3 Choose a monitoring method

The first level of network testing consists of making sure that the underlying physicalcabling structure is performing as expected. The next level is to monitor and test thenetwork traffic and messages generated by the network protocols to be sure thatyou have a healthy network. There are a number of ways of achieving this.

• Option 1 – Do it manually

• Option 2 – Built-in server utilities

• Option 3 – Use a LAN protocol analyser

• Option 4 – Buy specialist network monitoring software


Option 1 Do it manually

Network monitoring products operate by monitoring the network at the data linkand transport layers in the OSI reference model (see NM 2.5 How does networkmonitoring software work?). It is difficult to perform this task manually, but activitiesthat can be performed manually include:

• drawing logical and physical maps of the network and implementing a system of keeping them up-to-date (these tasks are supported by configuration management, which is used for storing records of infrastructure items, including documentation, and change management which is the update method for configuration management)

• learning to interpret simple network management protocol (SNMP), which can be used to interrogate network devices and check on their status

• checking the server logs and using the data to manually produce usage charts for the network.

Option 2 Use the built-in server utilities

Most servers have built-in utilities that will aid in monitoring the state of the network.These vary depending on whether the server runs Microsoft, Novell, Apple or UNIXnetworking software. The available tools may also depend on which version of theoperating system is installed. It is worth checking the online documentation on theserver to find out which utilities are available as it maybe that some of these were notloaded during the installation of the server operating system. The resources section(NM 3.5) also lists some useful links.

Note: This method relies on the network consisting of at least one server. It is notpossible to monitor peer-to-peer networks in this fashion.

Option 3 Use a LAN protocol analyser

A LAN protocol analyser is a stand-alone hardware monitoring tool. It can beconnected almost anywhere on your network and allows you to intercept networktraffic as it passes through the network in real time and save the data for lateranalysis. A good analyser should be able to produce useful statistics about the trafficon the network, decode the protocols used into meaningful results and filter the dataso that only the relevant information is displayed.

LAN protocol analysers are not cheap, but have the advantage that they need not beinstalled on the network and need virtually no setting up. LAN analysers are small,robust devices and can be hired out to other schools to offset some of the purchasecost.

This option should be considered where a number of schools want to share networkmonitoring costs and where each networks involved is small enough not to needconstant monitoring.

Option 4 Buy specialist network monitoring software

There is a wide selection of network monitoring software available. These tools,which have been developed specifically to monitor networks, represent the mostthorough method of monitoring and controlling a network.

Packages range from free up to £50,000 or so. The free packages are usually limitedin scope but may represent a worthwhile download for schools on a tight budget orthose running a simple network. The more sophisticated packages used by majorcorporations are capable of managing global networks – they have prices to match.

A school that already has a fairly complex network, or that is planning to get one,should seriously consider purchasing one of the mid-price ranged products.

Factors to consider when choosing a network monitoring tool include the following.

• How much is the school prepared to spend on a network monitoring tool? Consider the ongoing costs, too, such as training and upgrade and licensing fees.

• Do you want to run the software on the server or on a workstation?

• Is your network interface 10BASE-T or FDDI or token ring?

• Does your network need to support more than one protocol?

• What level of statistical reporting will be required?

• Do you need extra memory and buffers? You may need extra buffering capabilities if you have a gigabit Ethernet.

• Does the analyser provide sufficient filters to allow you to look through large volumes of data efficiently?

• Can you import and export files to a disk to transfer to and from other workstations for analysis?

Download the evaluation form (Appendix F) and criteria (Appendix G) to help create a shortlist of suitable monitoring tools. First identify two or, at most, threecandidates. Then, before making your final choice, consider testing the packages tosee which one works best for you in practice. Most commercial network monitoringpackages are available as a downloadable free trial version. Download the ones youare interested in and test them in situ on your network.

This can be done one at a time or by comparing the products side by side (most willco-exist quite happily). This should give you an idea of how the products will workon your particular network and allow you to decide which has the most appropriatefeatures. The trial will also allow you to get a feel for how intuitive the user interfaceis for each product – an important factor, as these are generally quite complex piecesof software.

Once you have made your choice, if the software is running from a trial version, it isusually possible to upgrade to a full version using a key provided by the supplierwithout needing to reinstall the software. It is important to remove any free-trialsoftware from other manufacturers, though.

Note that these programs have steep learning curves and usually require you to havea good understanding of network structure and protocols in order to set up thesoftware or make meaningful judgements about the data you collect.

Step 4 Establish a baseline

Once you have chosen the network monitoring method and installed it to themanufacturer’s instructions, you will need to establish a baseline for your network.This means collecting and documenting information about the network to establisha starting point for interpreting the results of monitoring the network from day today, giving you something with which to compare future measurements.

Baseline data is used to define the normal operating environment for a system andprovides a reference for monitoring and troubleshooting efforts. Remember that youdocumented the network set-up in step 1, so here you are adding to that informationusing the network monitoring tools.

Most tools will collect the necessary data automatically. Some will even draw alogical map of network devices for you. The tools are not foolproof, however, and it isworth checking the output against local knowledge of the network. In addition thefollowing information should be collected manually and added to the baseline data:

• location of equipment in the network

• type of equipment in use

• the number and distribution of users

• protocols in use.


The Configuration Management process deals with the gathering and storing ofinformation about the infrastructure. You may wish to take this relationship intoaccount when gathering the above data and consider either implementingConfiguration Management first to help with the implementation of NetworkMonitoring or using the data you gather here in any subsequent implementation ofConfiguration Management.

NM 3.4 Review the implementationTo check that network monitoring is working, compare any logical map drawn by thetool with the physical map you drew in step 1. If the two match pretty well (it isunlikely that the maps will match perfectly) then you can be fairly sure the tool isfunctioning correctly and will be able to monitor the network adequately.

It is worth repeating this process whenever you add new devices to the network. Thiswill ensure that new devices are included in network monitoring activities and thatthe network monitoring software is able to detect changes to the network topology.

NM 3.5 Resources • Running server utilities on Microsoft Server 2000 (Appendix H)

• Network monitoring tool evaluation form (Appendix F)

• Network monitoring tool evaluation criteria (Appendix G)

• Network monitoring tool evaluation checklist (Appendix I)

NM 4 Operations guide

NM 4.1 What needs to be done? The status of the network needs to be monitored to ensure that you are getting thebest performance possible. There are a number of regular tasks that need to beperformed to keep the network monitoring system operating efficiently.

NM 4.2 When does it need to be done? Many network monitoring activities can be configured to execute automatically.However, there are a number of manual tasks to be performed, both to ensure theefficient running of the software, and to act upon the data collected by the monitoringsoftware. These include daily, weekly, monthly, quarterly and annual tasks. The tasks arein addition to any set out in the manufacturers' guides for correct product operation.

NM 4.2.1 Daily

Check server error logs and usage logs to identify potential problems.

NM 4.2.2 Weekly

Check and record server disk space to look for potential problems and trends whichcould highlight the need to free up additional space or install a new hard disk. Youcan use the disk usage report (see Appendix J) to keep your records. See theexample disk usage report (Appendix J) for the type of information to record.

Check disk space and other factors on the computer hosting the network monitoringsoftware to ensure its efficient running. You can use the disk usage report (seeAppendix J) to record disk space for any server or workstation.

Produce and collate management-level reports for network usage and performance.The layout of these can be changed via the monitoring software. The reports areparticularly useful in monitoring the overall health of the network and can be used to


identify where resources (financial and time) may best be deployed to deal withnetwork performance issues.

Run any server routines for producing network reports and logs. The actual reportsand logs available will be determined by which operating systems you are running.There is good advice on system logging available on the relevant manufacturers’websites.

NM 4.2.3 Monthly

Check that error traps are correctly configured and working by testing the software.This might include introducing a fault to the network (for example, unplugging acable or switching off a device) to ensure that the error is trapped and the correctaction performed.

Check that the network monitoring software has automatically updated its logicalmap to reflect any physical changes made to the network during the month.

NM 4.2.4 Quarterly

Identify trends and determine how to optimise the network by changingconfigurations, replacing network devices and so on. This should not be a licence totinker with the network, but an opportunity to see how the network set-up affectsnetwork performance and to deal with any identified underlying issues. The activityneeds to be undertaken as part of the Change Management process. The reportsfrom the Problem Management process are particularly useful inputs to this review.

NM 4.2.5 Annually

Review the suitability of the monitoring software in use on your network. It isimportant to check that the monitoring software is providing adequate coverage andreports on your network. It may be possible that, over the year, your network hasoutgrown the monitoring measures you have in place.

NM 4.3 Who does it? The person responsible for technical support in the school should perform the abovetasks. It should be noted that some of these tasks require technical expertise and athorough understanding of network technologies.

NM 4.4 How is it measured? You should record weekly the disk space available on the server, plotting on a graphthe free disk space against the maximum capacity of the disks. Record any reasonsfor major changes noted (for example, new disks added or loading of extraapplications) and input the graph to the Service Level Management process forreporting. You could use or adapt the disk usage report (see Appendix J) provided orlook at an example disk usage report (also Appendix J) to get an idea of theinformation you can collect. Dodo, in diagram please add 'Disk' in front of 'capacity'(vertical axis), which will then no longer need initial capital.


The log can be used to identify trends and action taken before lack of disk spacestarts to affect network performance. The first action is to try and reduce the amountof disk space used by:

• running disk-cleaning utilities to clear out temporary files (temporary web browser files can be a particularly large consumer of disk space)

• removing unnecessary or infrequently used software applications

• deleting or moving personal data that has been inappropriately stored on the server.

The above actions need to be carried out each time disk space is running low buteventually you will probably need to consider:

• installing extra disks

• replacing smaller disks with larger units

• installing a separate disk array to store large volumes of data.

The person responsible for technical support in the school along with the schoolleadership team should conduct an annual review of the suitability and costeffectiveness of the network monitoring software. The weekly reports of networkperformance and the output from the Problem Management process should beinputs to this review.

If the right network monitoring software has been chosen and appropriatelyconfigured, and the management tasks have been rigorously followed, then it shouldbe possible to detect a measurable improvement in network performance. If this isnot the case, the review should determine whether the correct solution has been chosenor whether the set-up or day-to-day management of the software could be improved.


NM 4.5 Resources • Running server utilities on Microsoft Server 2000 (Appendix H)

• Disk usage report example and template (Appendix J)

NM 5 Review of Network Monitoring

The purpose of this section is to help you review your implementation and ongoingoperation of network monitoring, check your understanding of the process, examine whata successful implementation should look like and consider what you have achieved byintroducing it into your school. This will help you to assess how successful its introductionhas been and point you back to the relevant sections in the Network Monitoring processthat you should revisit to make improvements, if these are necessary.

Start by reading the sections included in the recap of Network Monitoring. When youhave refreshed your memory and considered your own implementation alongsidethese descriptions, work through the checklist to identify any areas you should revisitand perhaps re-implement or reinforce.

NM 5.1 Recap of Network Monitoring In Network Monitoring we introduced the concept of monitoring the performance ofyour network and proactively detecting underlying problems. We gave you anoverview of network monitoring and an implementation guide giving step-by-stepinstructions to help you implement a network monitoring process that we believe isappropriate for the needs of schools. An operations guide gave you a list of ongoingactivities required in order for you to keep the process going and reap the benefits.

Check your understanding of the process by going through NM 5.1.1 to NM 5.1.4.

NM 5.1.1 Network Monitoring summary


Document your network so that you know what you are monitoring, by:

• creating a map of the physical topology of your network

• creating a map of the logical topology of your network

• labelling and keeping records of cabling, patch panel information and other network hardware

• standardising as far as possible and documenting the settings for computers,servers and other configurable equipment in the infrastructure

• listing all the software on all the computers, including the software versions and patch levels

• recording information about the users' accounts and user groups, including associated permissions and rights

• describing the overview of the network and including it in a user handbook for your school

• recording all incidents with resolutions to allow you to spot trends that may point to an underlying network problem

• storing all documentation, including network maps, in the configuration management database.

Document thenetwork.

Step Tasks


Test the quality of your cabling with a cable tester or third-party company to ensurethat there are no underlying problems affecting the stability and performance ofyour network.

Check the quality of the networkcabling.

Monitor and test the network traffic and messages generated by the networkprotocols to be sure that you have a healthy network. For this there are four options:

• manually drawing logical and physical maps and checking server logs

• using the built-in server utilities

• using a protocol analyser to intercept network traffic and produce statistics on network performance

• using network monitoring software to report on network performance issues,produce statistics and provide network documentation such as maps and diagrams.

Choose amonitoringmethod.

Use the network document information to establish a starting point for interpretingthe results of monitoring the network from day to day. This will help to define thenormal operating environment and provide a reference for monitoring andtroubleshooting.

Establish a baseline.

NM 5.1.2 What you should expect now that you have implemented network monitoring

• You have a regular monitoring schedule for the network and servers, which those responsible follow to identify underlying network issues.

• Your staff use network documentation to help identify network equipment and understand the relationships between them to help with incident and problem resolution.

• All cabling has been tested to eliminate the possibility that it may be causing any underlying issues.

• If you use any network monitoring software, it has been configured to report potential issues, which the person responsible for technical support then works to resolve.

NM 5.1.3 What you should have achieved through network monitoring

• Efficiency in resolving incidents and problems has improved because you now have accurate labelling of cabling and network equipment and also up-to-date records of that equipment and the relationships between them.

• You are now able to detect proactively and resolve underlying issues relating to cabling, network traffic, failing network equipment and server capacity before these have an impact on the ICT users.

• You can identify and plan ahead for additional disk, network traffic or processor capacity that will be required.

• You can produce statistics on network performance and server capacity, and use these to make improvements.

• Your school's ICT users now have a stable and reliable network available for use when they need it.

NM 5.1.4 Benefits of having implemented network monitoring

• You will be monitoring your network to minimise the occurrence of network problems before they affect users.

Step Tasks


• You will be looking at the capacity of your network equipment and traffic to allow you to carry out any necessary actions.

• You can refer to accurate documentation of your network set-up when resolving problems.

• You will improve reliability by ensuring that all network cabling is functioning correctly.

• You can produce network capacity reports to help you make better planning decisions.

NM 5.2 Checklist Use this checklist to identify any areas of network monitoring that have not yet beenentirely successful. Then reinforce them by revisiting and re-implementing therelevant section of the FITS process.

NM 3.3 Step 1Document the network You have created a map of the physical and logicaltopology of your network.

NM 3.3 Step 2 Check the quality of the network cabling

You have had the cabling tested to ensure that it is notcausing any underlying network issues.

NM 3.3 Step 3 Choose a monitoring method

You have implemented a suitable network monitoringmethod for your school.

NM 4.2 When does it need to be done? You have established a baseline for your network tocompare day-to-day measures against the normaloperating environment.

NM 4.2 When does it need to be done? You have implemented a regular network monitoringschedule to check network traffic, network equipmentand server capacity.

NM 4.4 How is it measured? You are producing regular network monitoringmeasurements such as server disk capacity or reports,using network monitoring software, if available.

Item Related area to visit

If the above characteristics are all true of your school, congratulations onimplementing a successful network monitoring process! The next steps for you are tocontinue operating the process as described in the Network Monitoring Operationsguide (NM4) and establish the process firmly. Work through this checklist at regularintervals to help you check that everyone responsible continues to carry out allaspects of the process. You can then refer to the relevant sections above to addressany shortfalls as they arise.

Appendices

NM Appendix A Request for change – example and template


You can download the template from the FITS websitehttp://www.becta.org.uk/tsas/index.cfm?refsect=ntss&bcsect=default&sect=change&id=tt5142

Network MonitoringFramework for ICT Technical Support (FITS)

© Becta 2003 http://www.becta.org.uk/techicalsupport/published September 2003

page 1 of 1

Request for Change

Unique identifier

Name of item

Asset tag 21383

Compaq file server [server name], B Block Computer Room

Brief descriptionof change

Reason forchange

Installation of CheckIT network monitoring software on server

Evaluation of network monitoring software

Impact onservices and users

None

Impact and riskof change failure

• Failure may require CheckIT software to be removed and server rebooted

• If CheckIT software installation caused the server to corrupt the server may have to be rebuilt

• Estimated time to rebuild, restore and recover: 6 hours

• Impact on services and users as above

• Risk is low – CheckIT software is compatible with server operating system

Fallback plan • Remove CheckIT software and reboot server

• If the server is still corrupt restore operating system and data from tape

• Restart server

• Test server and data

NB Tapes required on site in advance of change

Date of change Friday 26 September 2003

Time of change 18:00–19:00

Originator Andrew Powell, Network Manager

Approval signatures

D WigginsInitial approver Debbie Wiggins, ICT Co-ordinator

J BurkePeer reviewer James Burke, Supplier Representative

D Wiggins

Success Failure

Final approver Debbie Wiggins (for School Head)

Implementer Andrew Powell, Network Manager

Full details ofchange

• Check backups successful

• Install CheckIT software

• Check all services are still operational

• Test CheckIT software

✓


NM Appendix B Example physical map It is not important what tool you use todiagram your network. It is importantthat you do it.

Below are examples of networkdiagrams created with software tools.If you don't have a software tool forcreating a network diagram, simplycreate one with pencil and paper.

NM Appendix C Example logical map The logical network diagram dealswith upper layer information(protocols, applications and so on). Itprovides detailed information on howtraffic gets from one device to anotherlogically.

Internet

Logical network diagram with upper layer protocol information

Serial IP Address10.0.0.1

Ethernet IP Address192.168.3.254

High School LAN192.168.3.0/24

Web Server192.168.3.253

www.myschool.k12.mo.us

Mail Server192.168.3.252

mail.myschool.k12.mo.us


NM Appendix D Incident/request sheet

You can download the template from the FITS websitehttp://www.becta.org.uk/tsas/index.cfm?refsect=ntss&bcsect=default&sect=servdesk&id=dw1040

Service Desk / Incident ManagementTechnical Support Advisory Service (TSAS)

Incident/request sheetUser to complete

Equipment Unique ID Name of person Date & Time of Incident or request

Details of incident or request – continue overleaf if necessary

Number of users affected (please circle) System usage in hours per week (please circle)

1, 2-5, 6-10, 11-30, 30+ 1, 2-10, 11-20, 20+

Service desk to complete

Equipment required for use by Suggested alternative equipment Alternative equipment set up (date and time) by (date and time)

Self serviceavailable to user

Check incident log Check userknowledge base

Check schoolknowledge base

Check detailson internet

Y/N Y/N Y/N Y/N Y/N

Incident to be resolvedat next scheduled visit

Date of nextscheduled visit

Does incident requireChange Management

Follow-up date

Y/N Y/N Y/N Y/N

Y/N Y/N Y/N Y/N

Y/N Y/N

Technician required Technician or 3rd party contacted –date and time

date and time of response

Y/N

User notified of action

Incident resolver

How was the incident resolved? (Add further pages as necessary)

Further action required

Was equipment removed, installed or swapped as a result of this incident/request?

Configuration-management database updated

Equipment that caused the incident

Notification given(date and time)

Incident/request owner Technical supportprovided by


page 1 of 1


NM Appendix E Incident diagnostics sheet

You can download the template from the FITS websitehttp://www.becta.org.uk/tsas/index.cfm?refsect=ntss&bcsect=default&sect=incident&id=dw1127

Incident ManagementTechnical Support Advisory Service (TSAS)

What was expected to happen?

What did happen? Can the incident be recreated?

When did it last work?Has it EVER worked?

What has been changed recently?

Write down any error messages displayed.

Can you or anyone else perform the same task onother equipment?

Equipment Unique ID Name of person Date & Time of -Incident / Request

Establish current status

Which area is the likely cause?

Which area of hardware is affected?

Which part requires replacing?

Which spare equipment is available?

Install spare or order replacement or other, (please detail).

HardwareCheck the knowledge base and fact sheets

Incident Diagnostics Sheet

Actions to take


page 1 of 2

Use this form as a guide, but do not leave out detail. Continue on further sheets if necessary

Which application or operatingsystem is in error?

Result of checking the error messagethrough tools (eg, the internet).

Does software require reinstallation ora patch? Please give reasons.

SoftwareCheck the knowledge base and fact sheets

From the answers above is the problem likely to be hardware, software, network,user guide, other (details please).


NM Appendix E Incident diagnostics sheet

You can download the template from the FITS websitehttp://www.becta.org.uk/tsas/index.cfm?refsect=ntss&bcsect=default&sect=incident&id=dw1127

Results of reinstallation or patchapplied.

Does the network error affect one or many computers?

Can the area affected be identifiedor isolated using diagnostics?

Which replacement equipment canbe installed?

Actions to take.

Results of actions taken.

NetworkCheck the knowledge base and fact sheets

User GuideCheck the knowledge base and fact sheets

Which user guide is in error, does auser guide exist?

Can the error be corrected withtraining or documentation?

Actions to take.

Results of actions taken.

OtherCheck the knowledge base and fact sheets

What was the cause of the incident?

What actions have been taken?

Which further actions are required?

Has the incident been resolved?

What was the final outcome?

Date and resolver’s name.

Incident outcome

Has the incident sheet and call log been updated? Has the user been informed?

Y/N

Y/N Y/N

Becta ict advice Technical Support Advisory Service (TSAS) Incident Management


page 2 of 2


NM Appendix F Network monitoring tool evaluation form

You can download the template from the FITS websitehttp://www.becta.org.uk/tsas/index.cfm?refsect=ntss&bcsect=default&sect=availcap&id=f130115

Network MonitoringTechnical Support Advisory Service (TSAS)


page 1 of 1

Review of network monitoring tools evaluation form

Tool information

Tool ID: Tool name:

Supplier:

URL:

Evaluation

Price: Including any educational discount

Licensing Per server or per network device

requirements:

Keyword-A1, keyword-A2... keyword-An; Keywords are abbreviated attributes of a tool Keywords: or its use

Abstract: Summary of the tool

Mechanism: High level technical details of how it works

Mapping, polling, monitoring, reporting, upgradeability/expandability, flexibility,Functionality: legacy systems support

Caveats, bugs Any warnings or cautions

or limitations:

Any hardware or software requirements, installation difficulty,Requirements: compatibility with other software

Usability: Ease of use, training required, support provided

Summary: Suitability for educational use, appropriate use, value for money

Notes:

Evaluated by: Date:


NM Appendix G Network monitoring tool evaluation criteria

Network monitoring tool evaluation criteriaName

• Tool name

Availability and contact point for information about this tool• how to acquire the tool.

• location/contact info to access/obtain tool

• price

• educational discount

• licensing requirements

Keywords• keyword-a1, keyword-a2,...,keyword-an; keywords are abbreviated attributes of a tool

or its use. To allow cross-comparison of tools, uniform keyword definitions have

been developed, and are given below.

Abstract• summary of the tool

Mechanism• high-level technical details of how it works

Functionality• mapping

• polling

• monitoring

• reporting

• remote operation?

• upgradeability/expandability

• flexibility

• legacy systems support

Caveats, bugs or limitations• any warnings or cautions

Requirements• hardware requirements to needed to run software

• any additional hardware requirements - e.g. separate console required?

• what operating systems can it run on

• any additional software requirements - e.g. SQL database required?

• installation difficulty

• compatibility with other software

Usability• ease of use

• training required

• support

Summary• suitability for educational use

• appropriate use

• value for money



page 1 of 2


NM Appendix G Network monitoring tool evaluation criteria

Keywords used to describe the general management area or functional role of a tool

Alarm A reporting/logging tool that can trigger on specific events within a network.

Analyzer A traffic monitor that reconstructs and interprets protocol messages that span several packets.

Benchmark A tool used to evaluate the performance of network components.

Control A tool that can change the state or status of a remote network resource.

Debugger A tool that by generating arbitrary packets and monitoring traffic can drive a remote network component to various

states and record its responses.

Generator A traffic generation tool.

Manager A distributed network management system or system component.

Map A tool that can discover and report a system's topology or configuration.

Reference A tool for documenting MIB structure or system configuration.

Routing A packet route discovery tool.

Security A tool for analyzing or reducing threats to security.

Status A tool that remotely tracks the status of network components.

Traffic A tool that monitors packet flow.

Keywords used to identify the network resources or components that a tool manages

Bridge A tool for controlling or monitoring LAN bridges.

CHAOS A tool for controlling or monitoring implementations of the CHAOS protocol suite or network components that use it.

DECnet A tool for controlling or monitoring implementations of the DECnet protocol suite or network components that use it.

DNS A Domain Name System debugging tool.

Ethernet A tool for controlling or monitoring network components on Ethernet LANs.

FDDI A tool for controlling or monitoring network components on FDDI LANs or WANs.

IP A tool for controlling or monitoring implementations of the TCP/IP protocol suite or network components that use it.

OSI A tool for controlling or monitoring implementations of the OSI protocol suite or network components that use it.

NFS A Network File System debugging tool.

Ring A tool for controlling or monitoring network components on Token Ring LANs.

SMTP An SMTP debugging tool.

Star A tool for controlling or monitoring network components on StarLANs.

Keywords used to describe a tool's mechanism

CMIS A network management system or component based on CMIS/CMIP, the Common Management Information System

and Protocol.

Curses A tool that uses the "curses" TTY interface package.

Eavesdrop A tool that silently monitors communications media (e.g., by putting an Ethernet interface into "promiscuous" mode).

NMS The tool is a component of or queries a Network Management System.

Ping A tool that sends packet probes such as ICMP echo messages; to help distinguish tools, we do not consider NMS queries

or protocol spoofing (see below) as probes.

Proprietary A distributed tool that uses proprietary communications techniques to link its components.

RMON A tool which employs the RMON extensions to SNMP.

SNMP A network management system or component based on SNMP, the Simple Network Management Protocol.

Spoof A tool that tests operation of remote protocol modules by peer-level message exchange.

X A tool that uses X-Windows.

Keywords used to describe a tool's operating environment

DOS A tool that runs under MS-DOS.

Server 2000 A tool that runs under Windows Server 2000 operating system

XP A tool that runs under Windows XP operating system

Win2000 A tool that runs under Windows 2000 operating system

Win98 A tool that runs under Windows 98 operating system

Windows A tool that runs under other Windows operating system

HP A tool that runs on Hewlett-Packard systems.

Macintosh A tool that runs on Macintosh personal computers.

OS/2 A tool that runs under the OS/2 operating system.

Standalone An integrated hardware/software tool that requires only a network interface for operation.

Sun A tool that runs on Sun Microsystems platforms. (Binary distribution built for use on a Sun.)

UNIX A tool that runs under 4.xBSD UNIX, Linux or related OS.

VMS A tool that runs under DEC's VMS operating system.

List of Keywords

Becta ict advice Technical Support Advisory Service (TSAS) Network Monitoring


page 2 of 2


NM Appendix H Running server utilities on Microsoft Server 2000

Running server utilities on Microsoft Server 2000

NETSTAT

Command: netstat -r

Found in: WinNT\system32 directory

Run using: DOS window (Run Command), navigate to correct directory then type netstat

Purpose: This command displays the connections and services available on a host server. It can also

provide a cumulative picture of the traffic into and out of a computer or display a routing table for

the network connections to the server

ARP

Command: arp


Run using: DOS window (Run Command), navigate to correct directory then type arp -a

Purpose: This command maps network addresses into MAC addresses

TRACERT

Command: tracert


Run using: DOS window (Run Command), navigate to correct directory then type tracerttarget_name

Purpose: To display links along a network path



page 1 of 1


NM Appendix I Network monitoring tool evaluation checklist

Network monitoring tool evaluation checklist

Purpose

To determine suitability of network monitoring tools for use on school networks.

Checklist

Price

• educational discount?

• value for money

• licensing

• availability

Functionality

• mapping

• polling

• monitoring

• reporting

• remote operation?

• upgradeability/expandability

• 3rd party plug-in support

• flexibility

• legacy systems support

Requirements

• hardware - e.g. separate console required?

• software - e.g. SQL database required?

• operating systems supported?

• installation difficulty

• compatibility with other software

Usability

• ease of use

• training required

• support



page 1 of 1


NM Appendix J Disk usage report – example and template

You can download the template from the FITS websitehttp://www.becta.org.uk/tsas/docs/nm_disk_use_report.xls

Framework for ICT Technical Support (FITS)

Network Monitoring example disk usage reportBecta | ICT Advice

Disk Space Used

Disk Space Available

Wee

k 1

Wee

k 2

Wee

k 3

Wee

k 4

Wee

k 5

Wee

k 6

Wee

k 7

Wee

k 8

Wee

k 9

Wee

k 10

Wee

k 11

Wee

k 12

Wee

k 1

Wee

k 2

Wee

k 3

Wee

k 4

Wee

k 5

Wee

k 6

Wee

k 7

Wee

k 8

Wee

k 9

Wee

k 10

Wee

k 11

Wee

k 12

10090807060 5040302010

0

60.00

50.00

40.00

30.00

20.00

10.00

0.00

40.00

35.00 38.00

10.00

50.0045.00

40.00 40.00 40.0035.00

30.0025.00

40 45 45 42

7075 80 80 80

8590

95

© Becta 2003http://www.becta.org.uk/techicalsupport/

published September 2003nm_disk_use_report_example.xls

page 1 of 1


Glossary

A networking standard that supports data transfer rates up to 100 Mbps (100megabits per second). 10Base-T is based on the older Ethernet standard but is 10times faster than Ethernet; it is often referred to as Fast Ethernet. Officially, the10Base-T standard is IEEE 802.3u. Like Ethernet, 10Base-T is based on the CSMA/CDLAN access method.

10Base-T

Inexpensive LAN (local area network) architecture built into all Apple Macintoshcomputers and laser printers. AppleTalk supports Apple’s LocalTalk cabling scheme,as well as Ethernet and IBM Token Ring. It can connect Macintosh computers andprinters, and even PCs if they are equipped with special AppleTalk hardware andsoftware.

AppleTalk

Component of a business process. Assets can include people, accommodation,computer systems, networks, paper records, fax machines, etc.

Asset

Ability of a component or service to perform its required function at a stated instantor over a stated period of time. It is usually expressed as the availability ratio: theproportion of time that the service is actually available for use by customers withinthe agreed service hours.

Availability

To ensure that ICT services are available for use consistently as agreed.AvailabilityManagement

The amount of data that can be transmitted in a fixed amount of time. For digitaldevices, the bandwidth is usually expressed in bits per second (bps).

Bandwidth

A snapshot or a position which is recorded. Although the position may be updatedlater, the baseline remains unchanged and available as a reference of the originalstate and as a comparison against the current position.

Baseline

A device that connects two LANs (local area networks), or two segments of the sameLAN that use the same protocol, such as Ethernet or Token Ring.

Bridge

A temporary storage area, usually in RAM. The purpose of most buffers is to act as aholding area, enabling the CPU to manipulate data before transferring it to a device.

Buffer

The final stage in producing a usable configuration. The process involves taking oneor more input configuration items and processing (building) them to create one ormore output configuration items (eg software compile and load).

Build

Ability of available supply of processing power to match the demands made on it bythe business, both now and in the future.

Capacity

To ensure that all ICT processing and storage capacity provision match present andevolving needs.

CapacityManagement

Classification of a group of configuration items, change documents, incidents orproblems.

Category

The addition, modification or removal of approved, supported or baselinedhardware, network, software, application, environment, system, desktop build orassociated documentation.

Change


The client part of a client/server architecture. Typically, a client is an application thatruns on a personal computer or workstation and relies on a server to perform someoperations. For example, an email client is an application that enables you to sendand receive email.

Client

The managed and recorded introduction of changes to hardware, software, servicesor documentation to minimise disruption to ICT operation and maintain accurateconfiguration information.

ChangeManagement

A network architecture in which each computer or process on the network is eithera client or a server. Servers are powerful computers or processes dedicated tomanaging disk drives (file servers), printers (print servers) or network traffic (networkservers). Clients are PCs or workstations on which users run applications. Clientsrely on servers for resources such as files, devices and even processing power.

Client/serverarchitecture

A database which contains all relevant details of each ICT asset, otherwise known asa configuration item (CI), and details of the important relationships between CIs.

Configurationmanagement

database (CMDB)

Implementing and maintaining up-to-date records of ICT hardware, software,services and documentation, and showing the relationships between them.

ConfigurationManagement

The library in which the definitive authorised versions of all software CIs are storedand protected. It is a physical library or storage repository where master copies ofsoftware versions are placed. This one logical storage area may in reality consist ofone or more physical software libraries or filestores. They should be separate fromdevelopment and test filestore areas. The DSL may also include a physical store (fire-proof safe, for example) to hold master copies of bought-in software. Onlyauthorised software, strictly controlled by Change Management and ReleaseManagement, should be accepted into the DSL.

The DSL exists not directly because of the needs of the Configuration Managementprocess, but as a common base for the Release Management and ConfigurationManagement processes.

Definitive software library

(DSL)

Any computer or component that attaches to a network.Device

A signal informing a program that an event has occurred. When a program receivesan interrupt signal, it takes a specified action (which can be to ignore the signal).Interrupt signals can cause a program to suspend itself temporarily to service theinterrupt.

Error trap

A LAN (local area network) architecture developed in 1976 by Xerox Corporation inco-operation with DEC and Intel. Ethernet uses a bus or star topology and supportsdata transfer rates of 10 Mbps. The Ethernet specification served as the basis for theIEEE 802.3 standard, which specifies the physical and lower software layers. Ethernetis one of the most widely implemented LAN standards.

Ethernet

A set of ANSI protocols for sending digital data over fibre optic cable. FDDInetworks are token-passing networks, and support data rates of up to 100 Mbps(100 million bits) per second. FDDI networks are typically used as backbones forwide area networks.

FDDI (FibreDistributed Data

Interface)

To ensure that the ICT and technical resources are implemented and managed in acost-effective way.

FinancialManagement


A system designed to prevent unauthorised access to or from a private network.Firewalls can be implemented in both hardware and software, or a combination ofboth. Firewalls are frequently used to prevent unauthorised internet users fromaccessing private networks connected to the internet, especially intranets. Allmessages entering or leaving the intranet pass through the firewall, which examineseach message and blocks those that do not meet the specified security criteria.

Firewall

A node on a network that serves as an entrance to another network. In schools, thegateway is the computer that routes the traffic from a workstation to the outsidenetwork that is serving web pages. In homes, the gateway is the ISP that connectsthe user to the internet.

Gateway

When used to describe data transfer rates, it refers to 10 to the 9th power(1,000,000,000) bits. Gigabit is abbreviated Gb, as opposed to gigabyte, which isabbreviated GB.

Gigabit

The underlying protocol used by the World Wide Web. HTTP defines how messagesare formatted and transmitted, and what actions web servers and browsers shouldtake in response to various commands. For example, when you enter a URL in yourbrowser, this actually sends an HTTP command to the web server directing it tofetch and transmit the requested web page.

HTTP (hypertext

transfer protocol)

A connection point for devices in a network. Hubs are commonly used to connectsegments of a LAN (local area network). A hub contains multiple ports. When apacket arrives at one port, it is copied to the other ports so that all segments of theLAN can see all packets.

Hub

The convergence of information technology, telecommunications and datanetworking technologies into a single technology.

ICT

Any event which is not part of the standard operation of a service and which causes,or may cause, an interruption to, or a reduction in, the quality of that service.

Incident

To detect, diagnose and resolve ICT incidents as quickly as possible and minimisetheir adverse impact on normal operation.

IncidentManagement

The OGC IT Infrastructure Library – a set of guides on the management andprovision of operational IT services.

ITIL

A computer network that spans a relatively small area. Most local area networks(LANs) are confined to a single building or group of buildings.

LAN

The cabling scheme supported by the AppleTalk network protocol for Macintoshcomputers. Most local area networks that use AppleTalk, such as TOPS, also conformto the LocalTalk cable system. Such networks are sometimes called LocalTalknetworks.

LocalTalk

The logical topology is the way that the signals act on the network media, or theway that the data passes through the network from one device to the next withoutregard to the physical interconnection of the devices.

Logical topology

Each device on a network can be identified by its MAC address, a hardware addressthat uniquely identifies each node of a network. In IEEE 802 networks, the data linkcontrol (DLC) layer of the OSI reference model is divided into two sub-layers: thelogical link control (LLC) layer and the MAC layer. The MAC layer interfaces directlywith the network media. Consequently, each different type of network mediarequires a different MAC layer.

MAC (media access control)

address


A management information base (MIB) is a database of objects that can bemonitored by a network management system. Both SNMP and RMON usestandardised MIB formats that allow any SNMP and RMON tools to monitor anydevice defined by a MIB.

Managementinformation base

(MIB)

A group of two or more computer systems linked together. The two types ofcomputer networks of interest to schools are LANs (local area networks) and WANs(wide area networks).

Network

A network interface card (NIC) is an expansion board inserted or built into acomputer so that the computer can be connected to a network. Most NICs aredesigned for a particular type of network, protocol, although some can servemultiple networks.

Network interface card

(NIC)

The load on a communications device or system.Network traffic

A processing location. A node can be a workstation or some other device, such as aprinter. Every node has a unique network address, sometimes called a data linkcontrol (DLC) address or media access control (MAC) address.

Node

The OSI (open system interconnection) model defines a networking framework forimplementing protocols in seven layers. Control is passed from one layer to thenext, starting at the application layer in one station, and proceeding to the bottomlayer, over the channel to the next station, and back up the hierarchy.

OSI referencemodel

A piece of a message transmitted over a packet-switching network. One of the keyfeatures of a packet is that it contains the destination address in addition to the data.

Packet

Refers to protocols in which messages are divided into packets before they are sent.Each packet is then transmitted individually and can even follow different routes toits destination. Once all the packets forming a message arrive at the destination, theyare recompiled into the original message.

Packet switching

A type of network in which each workstation has equivalent capabilities andresponsibilities. This differs from client/server architectures, in which somecomputers are dedicated to serving the others.

Peer-to-peernetwork

The physical layout of devices on a network. Every LAN (local area network) has atopology – the way the devices on a network are arranged and how theycommunicate with each other.

Physical topology

In TCP/IP and UDP networks, an endpoint to a logical connection. The port numberidentifies what type of port it is. For example, port 80 is used for HTTP traffic.

Port

The underlying cause of an incident or incidents.Problem

The detection of the underlying causes of incidents and their resolution andprevention.

ProblemManagement

An agreed format for transmitting data between two devices.Protocol

A set of network protocol layers that work together. The OSI reference model thatdefines seven protocol layers is often called a stack, as is the set of TCP/IP protocolsthat define communication over the internet.

Protocol stack


A server that sits between a client application, such as a web browser, and a realserver. It intercepts all requests to the real server to see if it can fulfil the requestsitself. If not, it forwards the request to the real server.

Proxy server

To plan, test and manage the successful implementation of software and hardware.To define release policy and to ensure that master copies of all software are securedcentrally.

ReleaseManagement

Remote monitoring (RMON) is a network management protocol that allows networkinformation to be gathered at a single workstation. For RMON to work, networkdevices such as hubs and switches must be designed to support it.

Remotemonitoring

(RMON)

Form or screen used to record details of a request for a change to any CI within aninfrastructure, or to procedures and items associated with the infrastructure.

Request forchange

A device that forwards data packets along networks. A router is connected to at leasttwo networks, commonly two LANs (local area networks) or WANs (wide areanetworks) or a LAN and its ISP’s network. Routers are located at gateways, the placeswhere two or more networks connect.

Router

A section of a network that is bounded by bridges, routers or switches. Dividing anEthernet into multiple segments is one of the most common ways of increasingavailable bandwidth on the LAN.

Segment

A workstation or device on a network that manages network resources. For example,a file server is a computer and storage device dedicated to storing files. Any user onthe network can store files on the server. A print server is a computer that managesone or more printers, and a network server is a computer that manages networktraffic. A database server is a computer system that processes database queries.

Server

To minimise the impact on ICT service of an environmental disaster and put in placeand communicate a plan for recovery.

Service ContinuityManagement

The single point of contact within the school for all users of ICT and the servicesprovided by Technical Support.

Service Desk

Written agreement between a service provider and the customer(s) that documentsagreed service levels for a service.

Service levelagreement

The process of defining, agreeing and documenting required service levels andensuring that these levels are met.

Service LevelManagement

A set of protocols for managing complex networks. SNMP works by sendingmessages, called protocol data units (PDUs), to different parts of a network. SNMP-compliant devices, called agents, store data about themselves in managementinformation bases (MIBs) and return this data to the SNMP requesters.

Simple networkmanagement

protocol (SNMP)

A LAN (local area network) that uses a star topology in which all nodes are connected to a central computer. The main advantages of a star network are that one malfunctioning node does not affect the rest of the network and that it is easy to add and remove nodes.

Star topology

A device that filters and forwards packets between segments of a LAN (local areanetwork). Switches operate at the data link layer (layer 2) and sometimes thenetwork layer (layer 3) of the OSI reference model and therefore support any packetprotocol.

Switch


The suite of communications protocols used to connect hosts on the internet.TCP/IP uses several protocols, the two main ones being TCP and IP.

TCP/IP(Transmission

ControlProtocol/Internet

Protocol)

A type of computer network in which all the computers are arranged (schematically)in a circle. A token, which is a special bit pattern, travels around the circle. To send amessage, a computer catches the token, attaches a message to it, and then lets itcontinue to travel around the network.

Token ring

The shape of a LAN (local area network) or other communications system.Topologies are either physical or logical.

Topology

A connectionless protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP,UDP/IP provides very few error recovery services, offering instead a direct way tosend and receive datagrams over an IP network. It is used primarily for broadcastingmessages over a network.

User datagramprotocol (UDP)

A computer network that spans a relatively large geographical area. Typically, a widearea network (WAN) consists of two or more LANs (local area networks). Computersconnected to a wide area network are often connected through public networks,such as the telephone system. They can also be connected through leased lines orsatellites. The largest WAN in existence is the internet.

WAN

Any computer connected to a LAN (local area network).Workstation

Network monitoring.2 10pt - University of Utahitil.it.utah.edu/downloads/fits_netmon.pdf · Network...

Documents

Transcript of Network monitoring.2 10pt - University of Utahitil.it.utah.edu/downloads/fits_netmon.pdf · Network...