Oculan 250 network appliance

The Reviewmeister loves anything that’s plug and play, so we decided to test Oculan’s new network monitoring appliance that claims to have plug and play capabilities.

The Oculan 250 is a rack-mountable, 2U, Intel-based computer running Red Hat Linux. An Apache Web server provides the user interface’s HTML, and a Postgres database stores network event details and asset inventories. Most of the Oculan software is written in Java and, although it runs entirely within a single computer, the software has a three-tier architecture.

The Oculan 250’s monitoring features are certainly comprehensive. The device detects outages, records network events, sends notifications, tracks assets, produces reports, identifies vulnerabilities, monitors Windows server performance factors, measures network performance and watches for intrusions.

One appliance can monitor a network of up to 25 devices, 25 servers and 250 desktops, making it appropriate for small to midsized networks. You can install multiple 250s on a network, but the devices don’t coordinate with others by sharing event data or asset lists. For larger networks, Oculan points to its recently announced OpticNerve product.

Statistics monitored include CPU utilization, physical memory, network adapter and disk information, operating system details, installed applications, services running in the background and resource usage figures. Collecting and reporting this fine level of asset and performance data is a big help, even on small networks.

The appliance made quick work of accurately discovering the devices on each network segment (IP address range) we asked it to monitor. The notification feature promptly sent us e-mail and pager alerts for different types of problems, including “authenticate failure” and “interface down.” Furthermore, we could set up separate targets for categories, such as “admin,” “desktop” and “security.” To our delight, the notification feature was more sophisticated than we expected.

Similarly, report selection let us choose the kind of data, the time interval to report on and whether we wanted the report in Adobe Acrobat PDF.

The intrusion detection system worked well in our tests, as did the vulnerability scan, which recommended specific security patches and configuration changes for the servers we scanned. Oculan says vulnerability knowledgebase updates and the intrusion detection library of exploits and signatures are included in the one-year warranty. Thereafter, maintenance fees will keep the device’s knowledgebase and library up-to-date.

The appliance’s Web interface is well designed and responsive. Its top-level menu is a set of links to data displays or further menus on outages, events, notifications, assets, reports, vulnerabilities, system lists, security, performance tools (such as traceroute and ping), appliance administration and product help. To avoid showing stale data, the interface automatically refreshes every minute.

Specifying our network’s segments to the device by supplying our IP address ranges was painless. Because the Oculan 250 tracks each IP address or address range separately, we could easily delete or modify an address or range without disturbing the others. This thoughtful design is apparent throughout the interface’s various Web pages.

All things considered, we liked the Oculan 250. A number of its features are especially noteworthy. The intrusion detection component is state-of-the-art, the vulnerability checker is quite thorough and the Windows server asset detail collector is encyclopedic. We feel it’s a worthwhile monitoring tool for small networks, and it indeed is plug-and-play.

For the full report, go to https://www.nwfusion.com/reviews/2003/0623revoculan.html