Midtier management tools register high marks

Argent, HP earn top honors for sophisticated monitoring and flexible alerts

A midsize network ranging from 1,000 to 20,000 nodes exhibits virtually all the same complexities and troubleshooting challenges as a mega-network with more than 50,000 nodes. Monitoring and management products for midrange networks, therefore, need to measure up to that challenge.

The ideal management and monitoring tool efficiently and accurately discovers servers, clients, routers, switches and other devices. It revealingly and helpfully displays a map of the discovered nodes. It faithfully checks for connectivity problems, and it intelligently notices performance problems.

It provides alerts via e-mail or pager, and it can alert multiple people until the problem is fixed. In some cases, it can automatically solve a problem by restarting a program, running a script or triggering an external program. It produces useful reports that show the health of your network, measures use of the network and its components over time, and forecasts trends to help you plan the network's future capacities. The ideal monitoring tool is reliable, secure and easy to use.

It's a pretty tall order. While we invited more than two dozen vendors to participate in this Clear Choice Test, five vendors stepped up, entering a total of six products. We tested Argent Software's Extended Technologies 8.0a, HP's Mercury SiteScope 8.5, HP's OpenView Network Node Manager 7.51, OpenView Internet Services 6.0 and OpenView Operations Manager 7.5, Netcordia's NetMRI Enterprise Network Analysis Appliance 2.0 and NetMRI Operations Center, Netmon's Netmon Professional Edition 4.5 and Network General's NetVigil Enterprise 4.2 SP1 in our lab (see "How we did it,").

Because "midrange" is such a broad term, we subdivided these tools into two tiers according to base price. We set the first price range between $2,000 and $30,000, and the second between $30,000 and $60,000. SiteScope, Extended Technologies, NetMRI and Netmon fell into the lower-cost tier, while OpenView and NetVigil are in the more expensive one. In general, the more expensive products are more comprehensive in the diversity of devices they support, more scalable and more mature.

Argent's Extended Technologies picked up our Clear Choice honors in the first tier, while HP's OpenView came out on top in the more expensive tier. Both products weighed in with highly accurate discovery tools, excellent monitoring capabilities, high-quality user interfaces and useful reports.

Argent Software Extended Technologies

Extended Technologies excelled in virtually every area of our testing, from discovery to the graphical display of the network, from monitoring to alerting and from corrective actions to reports. Running on a Dell Latitude notebook, it closely monitored 20 servers and 12 network devices in the lab with ease.

Extended Technologies' accurate discovery feature gleaned device data from ICMP ping operations, SNMP queries and DNS lookups to enumerate our routers, switches, servers and clients. We entered ranges of IP addresses to define the network, and it was able to import a spreadsheet of network definitions we built. When we pointed Extended Technologies at a particular router, it found the network links, nodes, devices and computers connected to that router.

Extended Technologies' monitoring capabilities use a sophisticated set of thresholds to detect network problems. Argent includes more than 2,000 predefined application- and device-specific rules in Extended Technologies, which made it useful right out of the box. Modifying these thresholds let us specify abnormal traffic levels and unhealthy server behaviors by time of day and day of the week. Argent's central software examined traffic as well as Windows PerfMon protocol streams.

Extended Technologies can monitor a range of server operating systems, including Windows, Solaris, HP-UX, SCO, AIX, NetWare and a wide variety of Linux flavors. On each server, Argent offers application-specific monitoring modules that watch over, for example, Oracle, SQL Server or Exchange. Extended Technologies is equally good at monitoring BlackBerry servers; Lotus Notes; Brocade storage switches; Legato backup servers; Check Point firewalls; Cisco, HP, Nokia and Nortel network gear; Compaq and Dell servers; Intermec hand-held bar-code scanners; Liebert UPSs; Omnitronix environment monitors; SonicWall firewalls; and the WebSphere and WebLogic application servers.

For all servers, Extended Technologies notified us of CPU use, disk space, low memory and network adapter issues. On Windows servers, it monitors Windows services, Active Directory and system registry health. Argent's True Round Trip Time measurement feature, which tests an Exchange server by sending and receiving real e-mails and noting elapsed times, gave us early warnings of potential Exchange faults and performance problems.

Like all the products tested, Extended Technologies can take corrective actions, either by running a program, running a script, restarting a failed Windows background service or rebooting a server. Impressively, Argent Extended Technologies also can issue SQL statements (to trigger, for example, the running of an Oracle process).

Extended Technologies uses Argent's concept of SuperMaps to graphically depict the network. This feature let us supply a variety of underlying maps, which could contain any images we chose (such as Google Earth satellite photos, schematics or campus and building drawings), as well as the location on the maps of the network's devices and servers. We used SuperMap hot links to designate hierarchical maps. As it monitored the network, Extended Technologies encoded device or server status in color. Drilling down through the various SuperMaps revealed a wealth of data regarding each trouble alert. Extended Technologies also offers a completely customizable dashboard to give you at-a-glance information on the health and level of network activity.

Extended Technologies supplies its customers with a run-time version of Crystal Reports, and designing new custom reports is a breeze. Out of the box, Extended Technologies' reports are perfectly suitable for tracking problem resolutions, following historical trends and planning for future network capacity.

Extended Technologies' documentation is comprehensive, easy to follow and accurate, although it's presented in an online rather than a hard-copy format. Extended Technologies installed in less than 10 minutes.

Netcordia NetMRI network appliance

NetMRI's forté lies in problem analysis. Each NetMRI appliance, which typically connects to a central pathway on the network and can monitor as many as 2,000 devices, contains a large body of expert system knowledge developed by Netcordia. The company says the appliance can tap into these expert rules to assess, audit and proactively detect more than 200 system configuration and network QoS issues.

NetMRI promptly and unerringly pinpointed and alerted us to all the network, application and server problems we threw at it - outages, slowdowns and overburdened devices, degraded links and overtaxed computers. NetMRI notifies administrators - and others via escalation, if the problem persists - using e-mail and pager. For problems susceptible to automatic repair, NetMRI can run scripts and external programs, reboot a server and restart a failed background service.

While other appliances typically require ASCII-terminal-based initial configuration, NetMRI uses a browser-based wizard for painless and quick configuration.

NetMRI's discovery feature quickly and efficiently gave us an accurate inventory of our network devices and computers. Starting with IP address ranges we specified, a seed router we pointed at or Comma Separated Value data we imported, the NetMRI unit identified our routers, switches, servers and clients. At a frequency you specify, NetMRI automatically looks for and catalogs new devices on the network.

NetMRI's monitoring function has a sophisticated threshold facility that an IT manager can use to precisely express unacceptable activity levels on the network at specific times of the day for specific days of the week. NetMRI's Routing Neighbor Analysis feature is especially helpful in that it alerts you to changes in live routing pathways. This feature not only informs you about WAN link outages, but also specifies the links that will shoulder the new traffic burdens as a result of those outages.

The NetMRI device has an intuitive, browser-based user interface. Categories of user interactions, such as Reports, Issues, Results, Settings and Tools, appear across the top of the browser window. There is an expandable tree of views and actions you can select within each category.

Netcordia's central console, Operations Center, greatly enhances NetMRI's scalability by coordinating, controlling and collecting data from multiple NetMRI devices. The vendor says one NetMRI Operations Center can monitor a network of 20,000 or more routers, switches and firewalls -roughly 10 NetMRI appliances worth.

Out of the box, NetMRI's reports are perfectly suitable for tracking problem resolutions, following historical trends and planning for future network capacity. Operations Center's reports are aggregates of data from a group of individual NetMRI appliances.

NetMRI's online documentation is comprehensive and easy to follow. We installed the NetMRI appliance in less than 10 minutes.

HP Mercury SiteScope

SiteScope is a Java tool that runs as a background process on a computer with a connection to the central network. It monitors network and server activity, sending alerts and generating summary reports.

The object-oriented SiteScope components fall into six broad categories: WebPage, Scheduler, Monitor, Alert, Script Alert and Reports. The WebPage feature displays the browser-based user interface. The Scheduler specifies when each monitor (such as each device or server status tracking process) runs. The Monitor gathers statistics for each monitored device or server. The Alert module sends e-mail, pager messages and SNMP alerts when SiteScope detects a problem. The Script Alert program can run a script, restart a background service or run an external program when a problem occurs. The Reports code generates Web pages that contain network statistics in a graphical or tabular format.

Using what was formerly known as the Topaz Watchdog, SiteScope's monitoring feature even monitors itself. Once every day, or if SiteScope crashes (a situation we didn't encounter), the watchdog restarts SiteScope.

SiteScope includes monitoring components, called monitors, for systems, applications, Web servers and network devices. The systems monitors collect basic server metrics. The applications monitors watch over specific software products. The Web server monitors keep an eye on Web servers, Web site links, e-business servers and Simple Object Access Protocol (SOAP)-based Web service sites. The network service monitors detect, for example, device and port availability via ping operations.

Its monitoring generally worked well in tracking the status of each of our servers, applications and devices, but we noted SiteScope's ping monitor sometimes missed detecting devices that were up and running. Although easy to get used to and navigate, SiteScope's user interface is somewhat sluggish. We also were put off by SiteScope's automatic daily restart - a monitoring tool should be robust enough to run more than 24 hours without causing problems.

SiteScope used e-mail and pager messages to alert us, and its reports summarized overall network activity levels and error events. SiteScope's clear and comprehensive online documentation is easy for even novices to follow. It installed in less than an hour.

Netmon Professional Edition

The Netmon appliance went to work quickly to establish a baseline of network activity and begin identifying network problems. Augmented by its built-in protocol analyzer, the Netmon appliance pinpointed network trouble spots in our tests by decoding key packets in addition to depicting the problematic network devices and servers. The Netmon device comprehensively monitored network traffic, specific protocols, bandwidth utilization, TCP/IP-based network services, switches, routers, servers, network printers, UPSs and application performance.

You'll especially appreciate the Netmon appliance if you like solving network problems at a low level. Netmon Professional Edition lacked the application layer perspective of Extended Technologies. The device, through its browser-based Visual Network Explorer component, shows network activity in real time. You can display the packet decodes from Netmon's raw packet-level capture facility in a protocol analysis display utility such as Ethereal or Wireshark. The vendor says Netmon can decode thousands of protocols.

Netmon detected half/full duplex mismatches, frame collisions and other low-level network issues. The Netmon appliance integrates closely with Cisco NetFlow to gather statistics from Cisco devices.

The appliance collects Windows performance statistics to display the status of Windows background services as well as CPU, memory and disk use. It includes a port scanner for monitoring switch and router health, and it examined router Address Resolution Protocol tables to identify new network nodes as they appeared on the network. It also did a good job of keeping a close eye on our event logs and security logs across multiple servers.

1 2 Page 1
Page 1 of 2
SD-WAN buyers guide: Key questions to ask vendors (and yourself)