Expanding your view of the net

With the proliferation of networks, federal users are relying heavily on monitoring tools to deliver fast network response and to prevent downtime.

No one single product can monitor everything on a network, and standards have not been fully developed. But today's tools have matured to the point where they may be used together to provide reliable analyses of networks and applications.

"The state of network monitoring has improved dramatically in the last two to three years, particularly the level and quality of information [that] these tools are able to deliver to administrators," said John McConnell, analyst and president of McConnell Associates Inc., Boulder, Colo.

The U.S. Postal Service is a prime example of how agencies have become increasingly dependent on the quality of information provided by network monitoring tools.

"The Postal Service is so large, and we are doing so many different things, that you need network monitoring tools to help you predict the effect of user population changes on the net," said Jim Walters, the network performance manager for USPS' Telecommunications Service in Raleigh, N.C. "You want to see how many users you can put on the wire before it starts failing."

And the agency's need for network monitoring tools will only heighten as USPS realizes its ambitious plans to expand the network from 810 connections at 125 locations to about 25,000 connections at 3,000 to 4,000 locations, Walters said.

USPS depends on Ganymede Software Inc.'s Pegasus product to monitor its local- and wide-area networks 24 hours a day, seven days a week. Pegasus monitors the networks to detect any deterioration in performance, to perform network trend analyses and to generate alerts if there is a problem. In conjunction with Pegasus, the agency uses Ganymede's Chariot product for application testing and simulation.

"These tools work hand in hand," Walters said. "Chariot allows you to stress-test the net. It predicts in real time what effect it would have on my network if I bring on 10 more users. We use Pegasus to generate daily, weekly and monthly reports. It gives me historical and trend information, such as rate of utilization."

For example, when users request additional bandwidth, Walters uses Chariot to simulate whether a 56 kilobits/sec fractional T-1 line would be sufficient or whether he will need a full T-1 line to meet the request. The agency also uses Router PM from Network Associates Inc., Santa Clara, Calif., to monitor the utilization of routers.

Dream Product

Although Walters is satisfied with these products, he has a dream product that he would like to see on the market. Rather than having to deploy different tools to monitor different aspects of the network, he wishes he could monitor everything on LANs and WANs with one product.

Despite the wishes of Walters and others like him, today's users must deploy complementary tools to get the job done right. Matthew Guessetto, an engineer at the United Space Alliance, Kennedy Space Center, Fla., noted that agencies often run extremely heterogeneous networks combining products from different vendors running on old and new equipment. Consequently, users need different tools to trouble-shoot problems.

Guessetto added that he sees no way out of this cycle. "There will always be legacy equipment, and we'll always be taking on newer products to keep up with the increased bandwidth needs of our user community," he said.

Guessetto's organization, the Network Systems and Services Division at the United Space Alliance, uses Network Associates' Sniffer product to get a detailed look at network activity, along with Hewlett-Packard Co.'s OpenView to monitor network devices or any component that uses the Simple Network Management Protocol, a widely used network monitoring protocol for processing network reporting activity.

OpenView is a de facto standard product used to monitor network devices such as routers, servers, switches or modems. On top of OpenView, the agency also uses monitoring tools from Cisco Systems Inc. and 3Com Corp.'s Transcend product.

OpenView is an example of the device-centric position from which the network monitoring tool market has evolved. "As the need for network management matured, so did the need to move beyond the device-centric view to a broader view of the whole network," said Elisabeth Rainge, an analyst at market research firm International Data Corp.

Leading network monitoring tool vendors such as Network Associates have released a steady stream of add-on modules to their core products to cover an ever-broadening view of the network. For instance, Guessetto uses several flavors of the Sniffer product to provide trouble-shooting from all angles across a heterogeneous network. These include distributed and portable Sniffers for Token Ring, Ethernet and Fiber Distributed Data Interface network topologies.

In fact, monitoring tools have matured to the point where they monitor not just the network but the applications on the network as well. "Sniffer can drill all the way down into the application to look at how well it is performing over the network," Guessetto said.

However, the degree to which a monitoring tool can measure application performance on the network is limited by the applications. "Most applications were poorly designed to be managed on the network, so they don't provide any information about how they perform on the net," analyst McConnell said.

HP, Tivoli Systems Inc. and other companies have released a standard method by which applications can be built for monitoring: the Application Response Monitoring standard.

But McConnell pointed out that vendors must re-engineer their applications to comply with the standard. New applications can be written to comply with the ARM standard, but that approach does not solve the problem affecting most legacy applications in use today.

While this may not be an urgent problem, it could become one in the near future, McConnell said. As electronic business becomes more prevalent and organizations are judged on their ability to respond quickly to online customers, applications increasingly will have to be written to the ARM standard.

Advanced Monitoring Tools

Meanwhile, vendors are not waiting for applications to become more network-aware. Instead, they have produced advanced monitoring tools to cover a wider array of conditions. For example, in June Network Associates will begin shipping Sniffer 3.0, with broadly extended capabilities.

The new version will include support for Microsoft Corp.'s Windows NT 5.0 and Exchange and Novell Inc.'s NetWare 5.0 as well as interfaces to Asynchronous Transfer Mode and Gigabit Ethernet networks, said Arvind Narain, director of product marketing at Network Associates.

To handle the move toward the Internet, Sniffer 3.0 also incorporates network analysis for Hypertext Transport Protocol and support for RMON2, a standard for the remote monitoring of switched networks. Also positioned to monitor the convergence of voice, video and data in one network infrastructure, the new version can monitor voice over Internet Protocol.

While they wait for these advanced applications to appear, users continue to grapple with the day-to-day operational problems of mixed technologies on their networks.

With 110 installed nodes, the Naval Criminal Investigative Service monitors two separate Ethernet LANs using twisted-pair wire connected via Cabletron Systems Inc. switches. The organization recently used Networks Associates' Sniffer with Cabletron's Spectrum network management platform to pinpoint incompatibilities between Compaq Computer Corp./Digital Equipment Corp. Alpha network cards and the Cabletron switches. The incompatibilities prevented the network from running full duplex, meaning that devices on each end of network circuits could not transmit and receive simultaneously.

Bill Von Storch, a computer specialist with the investigative service, chose to use Sniffer because of its ease of use and quality of information. "You can get down to a very detailed level, and it provides diagrams in a graphical drawing showing how all the devices are connected," he said.

Some federal users are content combining different tools and would prefer increased flexibility in their existing products rather than a single tool that does it all. The National Oceanographic and Atmospheric Administration uses Concord Communications Inc.'s Network Health monitoring tool along with Cisco's Works for monitoring router interfaces; HP's OpenView for monitoring other network devices; and Cisco's NetSys for simulating and testing changes on the network.

"Let's face it: All this network reporting information is stored in different databases," said John Kyler, the network manager at NOAA's Network Operations Center, Silver Spring, Md. "I need something similar to a software toolkit that allows you to do macros with the network like you can with desktop software."

Kyler would like to be able to customize the Concord RMON2 data collector probes he is using at his gateways. The remote monitoring probes collect 16,000 pages of data, but all Kyler wants is two pages. "I would like to be able to go in and sort it as if it were a relational database, to write a macro so I could run a report on just one workstation," he said.

Concord seems to be listening. Christine Washburn, director of marketing at the Marlboro, Mass.-based company, said Kyler's concerns will be addressed in a future release of RMON2.

That is not the only enhancement expected in the network monitoring market. Roger Lingle, vice president of marketing at Ganymede, Research Triangle Park, N.C., noted that network monitoring is moving from a technical to a business focus. He said future Ganymede product releases would respond to business needs by taking application response-time information, feeding it back into the network and automatically taking action to improve efficiency.

Lingle said other future capabilities will revolve around building directory-enabled networks, based on a common directory of all network objects, using a standard developed by Cisco called Lightweight Directory Access.

Cisco also is driving the development of the Common Interface Management standard, which is a common naming technique that will enable network managers to jump from one application to another. "Today what someone calls a router in one package is not the same as in another," Washburn said. "CIM would use the Web to navigate from one application to another. The common use of CIM would be network nirvana."

-- Gerber is a free-lance writer based in Kingston, N.Y.

***

AT A GLANCE

Status: Federal agencies have installed a hodgepodge of network monitoring products to keep LANs and WANs operating efficiently. These products can detect deterioration in performance, analyze network usage trends and generate alerts if there is a problem. Other products handle testing and simulation scenarios.

Issues: Some users long for a single tool that would monitor every device on their networks, but today's heterogeneous networks would make such a product difficult, if not impossible, to deploy. Users also have had problems using these tools to monitor the performance of applications on their networks because most applications were not designed for this function.

Outlook: Improving. Vendors are adding modules to their products to help monitor a wider range of network conditions. They also are placing their hopes on a new standard that will help manage application performance. Other product developments will focus on directory-enabled networking and common naming techniques to provide greater control of entire networks.