• United States
by Barry Nance, Network World Global Test Alliance

Network management tool box

Dec 15, 200316 mins
Data CenterData Management

The right tools for your network needs.

We review an eclectic mix consisting of WhatsUp Gold 8.0, from Ipswitch; UniCenter Application Performance Monitor 3.5, from Computer Associates; VitalStats 2.0 from WebMetrics; PacketLogic 3.2.3 from NetIntact; NetCrunch 2.3 from AdRem Software; and OpalisRobot 4.0 from Opalis Software.

Mechanics who diagnose and fix Airbus aircraft have specific tools for fixing the engines. Mechanics for Boeing aircraft have somewhat different tools. Even United Airlines and American Airlines have somewhat different tools and test equipment for working on a particular model of aircraft.

You can view your own network in the same way. Your company’s tools and test equipment might be very different from another company’s, even though the two companies’ networks might bear more than a slight resemblance. Getting the right tool for the job is a matter of judging your company’s specific network needs (and budget) and finding solutions that meet your requirements.

How we did it

Archive of Network World reviews

Subscribe to the Product Review newsletter

In that sense, we decided to take a roundup look at a set of diverse tools to help you find the right one for your network. Our eclectic mix consisted of WhatsUp Gold 8.0, from Ipswitch; UniCenter Application Performance Monitor 3.5, from Computer Associates; VitalStats 2.0 from WebMetrics; PacketLogic 3.2.3 from NetIntact; NetCrunch 2.3 from AdRem Software; and OpalisRobot 4.0 from Opalis Software.

There are no winners or losers in this review, just good points and bad points, plus the realization that sometimes the best crowbar is a hammer, and sometimes the best hammer is a crowbar. These tools are just different ways of getting different jobs done.

WhatsUp Gold

WhatsUp Gold is a highly useful tool on small and midsize networks. Its quick and accurate discovery process and informative status and availability charts are a godsend to administrators who’ve struggled to improve availability and uptime by hand, without an automated monitoring tool.

WhatsUp Gold’s designers have made several improvements to the monitoring and alerting tool since we last reviewed it in the fall of 2000. WhatsUp Gold now can restart failed Windows services if you instruct it to monitor those services, can export data in XML  format and has a user interface that’s more responsive and more intuitive.

But there are still some limitations. WhatsUp Gold doesn’t offer graphical Management Information Base walking, nor does it offer usage baselines for device behaviors. WhatsUp Gold now sports two corrective action features. WhatsUp Gold has the ability to restart failed Windows services and it can also run a user-specified external program when a problem occurs. However, Ipswitch’s menus and User’s Guide refer to running the external program as a “program notification,” terminology we found rather unintuitive and obscure.

Furthermore, its network map lacks symbols for such basic items as switches, DSU/CSUs and telco interfaces, and it has a Windows NT icon but not a Windows 2000 icon. Choosing the tool’s Status display produces a garish, uninformative window that only becomes partly useful when you put the tool into “mini-status” mode. WhatsUp Gold then shrinks into a color-coded (green means OK, red means problems) status bar that you can move to the corner of your screen.

WhatsUp Gold is simple and uncluttered, has a good autodiscovery function, uses Internet Control Messaging Protocol (ICMP ) pings at a time interval you specify in a straightforward to check the network’s health and produces helpful reports. If you prefer, WhatsUp Gold can use IPX or NetBIOS packets to monitor a device.

Autodiscovery, which Ipswitch terms SmartScan, is impressive. It uses SNMP requests and data from router tables to find network devices quickly and accurately. In our tests, SmartScan turned its hierarchical connectivity data into a set of separate subnet maps instead of drawing one map containing all devices. An alternate but equally accurate discovery process uses a configurable combination of Network Neighborhood exploitation, ICMP pings, Hosts file entries and Windows Registry data.

At intervals, WhatsUp Gold polls the network to collect device status information. It also tracks network traffic associated with Simple Mail Transfer Protocol (SMTP), HTTP, DNS, FTP, POP3, Internet Message Access Protocol , telnet and other common services. It includes ping, port scanning and throughput utilities.

The software can notify administrators of problems via e-mail or pager. Setting up an e-mail alert that told us of unavailable devices and showing the last several lines of the Windows NT event logs took just a few minutes to configure. The product’s network event and statistics reports are useful for tracking device and service outages.

The interactive Web page interface was a joy to use and encompassed all the functions of the Win32 native interface. For example, it let us check the status of any network device from a remote location, using only a dial-up connection and Web browser.

WhatsUp Gold has come a long way from its simple beginnings as a freeware download. It’s a reliable monitoring tool that administrators of small and midsize networks can quickly begin using without a lot of training.

Bottom Line
WhatsUp Gold 8.0
Company: Ipswitch, (781) 676-5700 Cost: Starts at $1,090 with annual service agreement. Pros: Accurate discovery of devices; useful status charts. Cons: Can’t run a program or script to correct a problem. Best suited for: A small to midsize company whose network administrators prefer simplicity.

Application Performance Monitor

Tracking application response times with CA’s Application Performance Monitor (APM) is more accurate and less labor-intensive than using a stopwatch. It’s an excellent tool for measuring formal service-level agreements regarding acceptable response times. Less formally, it’s a good way to keep developers honest when a software vendor or group of your programmers has promised, for example, sub-2-second response times for a new application or transaction subsystem.APM, a UniCenter component that’s separately available from CA, monitors response times by detecting the beginning and ending network events associated with a transaction. Its agent module collects the benchmark timings in a local data store throughout the day. Periodically, all the agents send the resulting statistics to the central APM Manager. Except for Web-based applications, you have to install the agent module on each client. Fortunately, the agent installation is simple and takes just a few moments. For Web-based applications, APM works on the Web server to gather response time data. CA ships an extensive knowledgebase of transaction detection triggers for applications such as Microsoft Exchange and SAP/R3, but you’ll have to get your hands dirty with the technical details of your company’s network transaction messages if you want to monitor customized software. We found setting up knowledgebase entries for unique transactions to be technically challenging at first, but fairly easy once we understood the process. The lack of good documentation on the topic means you’ll suffer through some trial and error before you get it right.

APM also includes a Transaction Server module for recording and later replaying a transaction’s events and messages. Transaction Server stores transactions in the form of JavaScript or VBScript programs, whose replay you can schedule to occur when you like.

APM’s Web Reporting Server can produce several browser-based reports in four categories: Alerts, Applications, Clients and Servers. Different types of reports are available – Enterprise Reports summarize data from all agents; Group Reports reveal results for certain computers; Host Reports show information from a specific agent; and User Reports provide information based on Windows logon user names. In addition to the pre-configured reports in each category, the Web Reporting Server has report templates that make creating your own custom reports a breeze. Scheduling the production of the reports is similarly easy.

APM also includes a handy Data Viewer diagnostic tool for connecting to an agent to see real-time transaction statistics.

Bottom Line
UniCenter Application Performance Monitor 3.5
Company: Computer Associates, (800) 225-5224 Cost: Starts at $7,500 per server. Pros: Excellent, customizable reports. Cons: Doesn’t detect JavaScript operations. Best suited for: A company with in-house programmers who need to make applications more responsive.


With one minor exception, VitalStats was a no-brainer to use in the lab. A service, VitalStats consists of WebMetrics (the company) monitoring one or more of your Internet-accessible servers for problems with network connectivity, CPU usage, memory and hard disks. In our tests, we used the service to keep an eye on a Microsoft Internet Information Service machine.

A VitalStats software agent that you install on a Web server communicates at 5-minute or 1-minute intervals with one of WebMetrics’ points of presence. We tested the 5-minute monitoring service. The software agent sends server utilization statistics to WebMetrics, which collects the utilization figures and presents them as graphical charts and log files that you can view when you log on to WebMetrics’ Web site.

If the central WebMetrics monitoring software detects a problem, such as server resource overutilization or communications failure, it sends e-mails or it can page you.

An e-mailed alert might contain the message, “Page download time exceeded timeout of 30 sec” or “Can’t get page http://(your IP address)/Scripts/vital2000.v2.0.exe,” followed by a traceroute display of the network links between WebMetrics’ site and yours. At its Web site, WebMetrics can show you performance graphs for specific time periods.

We encountered a minor stumbling block during installation. WebMetrics sends a software agent to each new customer, and a network administrator installs the agent by placing it in the Web server’s Scripts directory and making that directory Internet-accessible. Unfortunately, we had “hardened” the Web server by installing Microsoft’s URLScan, applying all current security patches and deleting unnecessary directories. We had to put the software agent in a new directory, publish the new directory on the Internet via Windows Server’s Internet Services Manager and, after logging on to WebMetrics’ main site, configure WebMetrics’ central monitoring software to “see” the new directory.

Bottom Line
VitalStats 2.0
Company: WebMetrics, (877) 524-8299 Cost: Standard service (monitors every 5 minutes) is $60/ month/monitored server; Gold service (monitors every minute) is $180/month/ monitored server. Pros: Lets you outsource network monitoring to a third party. Cons: You still have to be expert enough to fix the problems that VitalStats detects. Best suited for: A company that prefers to outsource network monitoring.

WebMetrics offers specific services for Web servers, database servers and application servers. Customers don’t install a software agent for application servers. Instead, WebMetrics tests for server availability by sending “keep alive” network messages to the server and noting the server’s response. WebMetrics says its GlobalWatch network is in more than 17 cities worldwide, with POPs throughout North America, Asia and Europe.


NetIntact’s PacketLogic is an accurate, well-designed network monitoring tool. It’s easy to set up, and a traffic-flow analysis that is practical and highly relevant. PacketLogic might well give you a new perspective on your network.

The PacketLogic product is a rack-mount appliance that you connect to your network so that traffic passes through it. The appliance is an Intel-based computer running Linux, which automatically boots the appliance’s PacketLogic software. In addition to the PacketLogic software, NetIntact also developed a custom TCP/IP protocol stack and optimized drivers to help the appliance more efficiently handle high traffic loads. Our test unit processed up to 25,000 to 30,000 packets per second (depending on packet sizes and contents) before we noticed any delays in traffic flow. You administer PacketLogic through a client module that you download from NetIntact’s Web site.

Using Layer 7 protocol detection, PacketLogic classifies network traffic for threshold detection (for example alerting) and statistical purposes. The appliance can optionally shape (prioritize) traffic and act as a firewall. We tested all four functions – alerts, statistics, shaping and firewall.

PacketLogic examines each packet’s contents, not just its destination port number, to determine the packet’s protocol. It recognizes more than 80 protocols, including Gnutella, Kazaa, Direct Connect, Citrix, HTTP, FTP, POP3, IRC, SMTP and Secure Shell. PacketLogic tracks network utilization by application, user and connection, and produces several statistical reports. These reports reveal, for example, which application uses the most bandwidth during a given time interval and which user is consuming the most bandwidth – and what the user was doing with the bandwidth.

PacketLogic’s alert mechanism has variable thresholds for detecting high or unwanted traffic. Its rules are time-of-day- and day-of-week-sensitive, and NetIntact groups the rules in eight categories: Client, Server, Server Port, Client Port, Server Interface, Client Interface, Service and Time Object. PacketLogic can apply a rule threshold to one computer or a specified group of computers, and it can apply a rule to all traffic destined for a specific port. PacketLogic inserts its alerts into a log file that the PacketLogic client displays in much the same way the Windows Server Event Viewer does.

During busy times, the appliance decides which packets to send first and which to put at the end of the queue by using quality-of-service rules the network manager specifies. In our tests, PacketLogic excelled in forwarding critical packets before emitting less-important messages. We even tested high-volume mixtures of non-TCP/IP and TCP/IP traffic to see how the appliance would behave. TCP has an internal throttling mechanism that typically fails in the presence of other protocols. The mechanism senses overall TCP traffic levels to know when to backpressure itself, but the traffic level detection ignores other protocols as it decides how many packets it can send in a “window” before expecting a response from its session partner. The PacketLogic appliance flew through the traffic quite nicely as it prioritized, for example, database transactions over e-mail messages.

The PacketLogic client’s firewall editor uses a collapsible-tree view to make setting up a firewall in the appliance nearly painless.

Bottom Line
PacketLogic 3.2
Company: NetIntact, (551) 208-1125 Cost: $11,230 for 128 managed IP addresses, including Surveillance and Statistics modules; Traffic Shaping module is $2,308; Firewall module is $1,949. Pros: Easy to set up and use; accurate protocol determination. Cons: You must periodically examine a log file to see alerts. Best suited for: A company that wants the convenience of a pre-configured monitoring appliance plus highly accurate protocol detection.


AdRem’s NetCrunch is good at discovering network nodes, displaying a map of a network and producing useful reports. It monitors SNMP-aware devices, and Windows servers and NetWare servers, and it can be installed as a Windows service that runs in the background.

NetCrunch uses ICMP pings and SNMP requests to unearth devices and computers on the network. Its accuracy in discovering nodes impressed us. Network discovery isn’t the easiest function to implement, but AdRem has done it correctly. For an SNMP-aware node, NetCrunch learns its device type – whether, for instance, the node is a switch, printer, NetWare server or router. You can tell NetCrunch to rescan the network periodically to discover devices not available during the initial scan.

NetCrunch shows what it’s discovered by displaying dynamic, hierarchical maps of subnets, with links between subnets. Changing a map’s colors, backgrounds and icons is easy, and NetCrunch highlights a problem device on the map by turning its icon red and making it blink. NetCrunch can detect whether a device or computer is up and running and, for Windows servers, whether a particular server’s resource (CPU, memory or hard disk) utilization is under or over a threshold.

If you don’t happen to be looking at NetCrunch’s network map when a problem occurs, don’t worry. NetCrunch can notify administrators via e-mail, SNMP alert (which it sends to a separate network management system, such as OpenView) or pager. It also can send notification messages to specific Windows-based client computers. For problems that can be fixed automatically, you can tell NetCrunch to reset a failed device, run a program or reboot a server. All of NetCrunch’s alerting and notification functions worked well in our tests.

Unfortunately, the NetCrunch Administrator’s Guide manual explains network concepts at length, but says little about how to use the product.

Bottom Line
NetCrunch 2.3
Company: AdRem Software, (212) 319-4114 Cost: Starts at $795 per administrator workstation. Pros: Excellent discovery and network map display. Cons: Lacks “how to” documentation. Best suited for: A company that wants highly visual network mapping plus good device discovery.

Opalis Robot

OpalisRobot is a sophisticated, highly visual scheduling tool. To our delight, we found we could use it to monitor critical aspects of our network and schedule back-up copy operations and other tasks.

OpalisRobot monitors event logs, text logs, SNMP traps (alerts), performance statistics and running programs. In this last category, OpalisRobot detects whether user-specified services and processes are running. It also monitors for file modifications, device presence (based on ICMP pings), up and running Web/

FTP/DNS/NNTP/Mail servers and database availability.

You can use these and other conditions to tell when OpalisRobot should run a program. For example, you can prevent a tape back-up operation from starting if a file’s modification date suggests the program that was supposed to update the file didn’t complete successfully. You also can instruct OpalisRobot to alert you, via

e-mail, pager and pop-up message, that an error condition exists and you need to fix it. For those problems that can be fixed automatically, OpalisRobot can run a program or reboot a server.

OpalisRobot’s user interface is a joy to use. It’s a drag-and-drop visual environment for setting up tasks to run on a schedule, based on dependencies you specify. The scheduling function contains an intelligent calendar where you indicate your company’s working days and that you can use to trigger the running of computer programs. You can freely use server and network events, via drag-and-drop, as conditional triggers for running programs or notifying you of an error situation. OpalisRobot makes network troubleshooting almost fun.

Bottom Line
OpalisRobot 4.0
Company: Opalis Software, (888) 672-5471 Cost: Starts at $995. Pros: Graphical scheduling and problem detection environment. Cons: No network map; no network discovery. Best suited for: A company whose network admini-strators prefer a graphical specification environment for setting up network-monitoring tasks.


Because nobody knows your network better than you, you can judge for yourself which of these tools might be appropriate for your network. Perhaps you want simplicity. A ready-to-use network appliance might appeal to you. Having a third party monitor your network might relieve your staff of a burdensome workload. You might be having a specific problem with application response times. A graphical alerting and monitoring tool might help you solve problems quicker. An easy-to-use scheduling tool can make life easier by running programs at certain times on certain days while it also an eye on your network. It’s your choice.