I have a network with Cisco, Juniper, Nokia, Checkpoint, F5, Aventail, Windows, Linux, Solaris, HP-Ux, etc...
I need to come up with an network monitoring system with the following requirements:
- Plug-and-Play appliance. In other words, I am not interested in Off The Shelf (OTS) software such as Solarwinds, HPOpenView, Ciscoworks, LMS, etc...
- Web-based application. Configuration/Monitoring must be done via browser. No client is needed to be installed on the client side,
- Ability to monitor bandwidth/CRC/errors on interfaces such as GRE, serial, Ethernet, ATM, etc...
- Ability to alert personnel when certain threshold has exceeded via either email, instant messenging, pager, etc...
- Ability to monitor CPU, memory, diskspace utilization on the device. I am not only interested in network devices but also servers running Windows, Solaris and Linux as well. For example, if a server is quad processors quad-core, I want to be able to see utilization on all 16 cores. Alert personnel when certain thresholds exceed
- Ability to see monitor a device up/down on network devices. For example, let say that my serial interface flaps about ten times a day, I would like to be able to detect this and generate reports daily, weekly, monthly and yearly on this device,
- Ability to find a device on the network if I know the IP address or MAC address of that device, or just part of it. If a device was plugged into the network six months ago but is no longer connected to the network now, I still want to know about it,
- Ability track down the switchport where a device is connected to if I know the switchport description,
- Ability to measure the latency between the monitoring system and any other devices on the network and keep a history of this data for historical trending,
- Ability to collect IP SLA data from Cisco devices and plot it on a graph for historical trending,
- Ability to collect connections/sec, sessions from network devices, particularly from VPN concentrators and non-cisco firewalls,
- Ability to backup network devices configuratition for both Cisco and non-cisco devices,
- Ability to look at network devices configuration, cisco and non-cisco devices in close real-time, to determine if the network is in compliance with whatever compliance required, and the ability to generate reports on these via some type of dashboard so that Management can view them,
- Ability to detect network configuration changes, in real-time. For example, let say a user decide to add a static route on a network device, I want to be able to detect this in real-time and an alert notification sent out,
- Ability to monitor services such as smtp, mySQL, msSQL, Oracle, http/https, ftp, ssh, etc... on any network and server devices and send a notification via pager or email to appropriate personnel. Ability to generate reports on how many times these services were un-available and so forth,
- Ability to do device inventory on both cisco and non-cisco devices and servers as well such as IOS code, server solaris unix, wireless, patch level,
- Ability to view the switch with device connected the switchport along with mac-address "show int status and show mac-address-table" combined,
- Ability to querry VLAN and all the switchports associated with that VLAN,
- Ability to search syslog and non-cisco firewall logs quickly,
- Ability to collect NetFlow data and provide useful analysis,
- Ability to support for two-factor authentication such as RSA,
Anyone know if there is such a system out there that can perform these things in a form of an appliance?
I think you are restricting yourself too much by putting the appliance restriction, seems pretty rigid.
However for log management/netflow/SIM/syslog analysis and collection you may look at Cisco MARS (CS-MARS):
http://www.cisco.com/go/mars (highly recommended)
Another logging appliance is:
http://www.loglogic.com/ (But not as intelligent as MARS).
Another option is SNARE, but the online demo seems rigid, less customizable:
For other features (Systems/OS/Disk/Processes/Database/Alerting/SMS), I would highly recommend BMC Patrol Central Operator (Performance Manager), but its not an appliance AFAIK.
For network monitoring, you could use CA Spectrum, Solarwinds, Manage-engine etc. Another option is the BMC Dashboard, but its a little buggy, but still its an OK tool for Network monitoring.
Ciscoworks is excellent if you have a Cisco shop.
And all for less than 2,000 euros for an unlimited number of devices I'd bet. Otherwise I'd say this was a sales call.
HP's NNMi can do all that but it'll cost you about half a million in total and its not an appliance.
Thank you for your reply. can you tell what you meant by less 2,000 euros?
One of our network engineers did look at HP NNMi but it did only about 50% of our requirements and that it was very difficult to setup and maintain. We only budget about $50,000 for this project. Company is downsize and we lost of half of the supported staffs. Half a million for this project is not possible.
I would say you are looking for a 'Eierlegende Wollmilchsau' (that's how I would describe it in german.. ;-) ). One Tool for everything and without so much configuration...but many features and reports out-of-the-box. Sorry, but that is a dream many people have when dealing with management software .
I think you should look out for a tool that comes closest to your dream... :-)
A Tool that is at least worth to look at is 'TheGuard! Network Manager' form RealTech (as its vendor independant and can be used to monitor Servers as well as network devices or anything else that talks at least snmp or icmp)
for an overview:
and for details about 'theGuard! NetworkManager':
Contact Realtech and you can get a free trial.
(but it is not an appliance, it is software only for windows platform!!)
Thank you very much for the information. This product runs on Windows platform, corrrect? Not sure if management will like it since this is not a web-based application.
Yes, the software runs only on a windows platform, but there is web-based access; So this should not be an issue.
If you are used to any kind of management software like CiscoWorks LMS, HP Network NodeManager or IPSwitch WhatsUp Professional in the first step the way it is built-up could be a little confusing. It has its own concept of alarming and you must define the events which are relevant for you. But in general this must be done with every software - there is no general concept that fits in all and every network and can work out of the box.
If you have the budget (and it sounds like you do) I would suggest Zenoss. Look at the highest level, with support. You can get it as a VM I think others will sell you a hardware appliance.
You can get them to install RANCID and the integration. That should do most if not all of what you are looking for.
It will take some config to get it to work as you want, but you can make Zenoss do that for you.
I'm looking for all that as well, but in the $5000 - $10000 range. I have decided to break the parts down and get multiple products.
Good luck let us know what you find.
Take a look at solarwinds Orion with the different modules, it will do most of these things, however the twofactor auth I have not seen, but it is fixable with a 5505 and a vpn tunnel to it.
if you want to monitor all the things i would start with a unlimited NPM and build it from there.
however it is not an appliance.
why rsa ? why not Cryptocard ?