Computer Network 2_Chapter8

IntroductionNetwork Administration TasksBasic ToolsNetwork Analyzer and MonitoringNetwork Management SoftwaresSNMP-based SoftwaresSMIMIBNetwork Management Plat-formsNetwork BackupChapter 8 : Network Management

Trng HBK TP.HCM - Khoa Khoa hoc & Ky thut may tinh 2008*Computer Network 2Network ManagementObjective : Maintenance of computer hardwares and softwares that comprises a computer networkDeployment, configuration, maintenance and monitoring of active network equipment>>>>>>> Network AdministratorsA related role is that of the Network Specialist, or Network Analyst, who concentrate on network design and security

Trng HBK TP.HCM - Khoa Khoa hoc & Ky thut may tinh 2008*Computer Network 2Network Administration TasksInstalling and maintaining networking hardwares and softwaresAssigning names and addresses to each computer or device on the networkAssigning names and identification numbers (IDs) to network users and groupsPerforming the commands required to share, remove, and restrict resourcesUpdating all appropriate networking files on your network's machinesTroubleshooting network activityPerformance tuningReport in regular basic

Trng HBK TP.HCM - Khoa Khoa hoc & Ky thut may tinh 2008*Computer Network 2Basic Tools (1/3)

Trng HBK TP.HCM - Khoa Khoa hoc & Ky thut may tinh 2008*Computer Network 2Basic Tools (2/3)

Basic Tools (3/3)

Network Analyzer and Monitoring Softwareshttp://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html

Trng HBK TP.HCM - Khoa Khoa hoc & Ky thut may tinh 2008*Computer Network 2Network Analyzer and MonitoringWireshark, Sniffer Pro, Packet Tracer

Infrastructure for Network Managementmanaged devicemanaged devicemanaged devicemanaged devicenetworkmanagementprotocol

managing entityBasic components * Managed device = Slave device * Agent = software which runs on Slave device * Network management system (NMS) = software which runs on Master

Network Management StandardsOSI CMIP: Common Management Information Protocoldesigned 1980s: the unifying net management standardtoo slowly standardizedSNMP: Simple Network Management ProtocolInternet roots (SGMP)started simpledeployed, adopted rapidlygrowth: size, complexitycurrently: SNMP V3de facto network management standard

Trng HBK TP.HCM - Khoa Khoa hoc & Ky thut may tinh 2008*Computer Network 2SNMP-based AdministrationSNMP v.1/2c/3 : SNMP is used in network management systems to monitor network-attached devices. It consists of a set of standards for network management, including an Application Layer protocol, a database schema, and a set of data objectsImplementations * Net-SNMP (Net-SNMP: Open source SNMP implementation) * Netsnmpj: Open source SNMP for Java * SnmpB: Open source MIB Browser * OpenSNMP: multi-threaded SNMPv3 engine * PySNMP: pure-Python module, BSD license * Ruby SNMP: Open source SNMPv1 and v2 for Ruby * iReasoning MIB Browser / SNMP Manager (Free) * Net::SNMP : a pure Perl module that implements SNMPv1, v2 and v3 on IPv4 and IPv6 * SNMP4J - Free SNMP API for Java Managers and Agents * Nstrument Snmp Library for .Net * Snmp++/Agent++ Libraries * SNMP Manager LoriotPro free edition * BSNMP - mini SNMP daemon

Internet-standard Management FrameworkSNMP protocolconvey managermanaged object info, commandsStructure of Management Information (SMI): data definition language for MIB objectsManagement information base (MIB):distributed information store of network management dataSecurity, administration capabilitiesmajor addition in SNMPv3

SNMP Component Translation

Simple Network Management ProtocolSNMP defines the format of packets exchanged between a manager and an agent. It reads and changes the status (values) of objects (variables) in SNMP packets

SNMP is an application program that allows:a manager to retrieve the value of an object defined in an agenta manager to store a value in an object defined in an agent an agent to send an alarm message about an abnormal situation to the manager

Trng HBK TP.HCM - Khoa Khoa hoc & Ky thut may tinh 2008*Computer Network 2SNMP Protocol

Manager-Agent Exchanges

Trng HBK TP.HCM - Khoa Khoa hoc & Ky thut may tinh 2008*Computer Network 2

SNMP Protocol: Message TypesGetRequestGetNextRequestGetBulkRequestMgr-to-agent: get me data(instance,next in list, block)Message typeFunctionInformRequestMgr-to-Mgr: heres MIB valueSetRequestMgr-to-agent: set MIB valueResponseAgent-to-mgr: value, response to RequestTrapAgent-to-mgr: inform managerof exceptional event

SNMP Message Format

Message Format Explanation

Trng HBK TP.HCM - Khoa Khoa hoc & Ky thut may tinh 2008*Computer Network 2SNMP v.3 Message Format

Structure of Management InformationSMI defines the general rules for naming objects, defining object types (including range and length), and showing how to encode objects and values. SMI defines neither the number of objects an entity should manage, nor names the objects to be managed nor defines the association between the objects and their valuesSMI use an adapted subset of ASN.1 Language

ASN.1: Abstract Syntax Notation 1ISO standard X.680used extensively in InternetDefined data types, object constructors like SMIBER: Basic Encoding Rulesspecify how ASN.1-defined data objects to be transmittedeach transmitted object has Type, Length, Value (TLV) encoding

Object AttributesAll objects managed by SNMP are given an object identifierThe object identifier always starts with 1.3.6.1.2.1.

SMI Naming : Object Identifier

SMI: Data Type DefinitionPurpose: syntax, semantics of management data well-defined, unambiguousBase data types: straightforward, boringOBJECT-TYPEdata type, status, semantics of managed objectMODULE-IDENTITYgroups related objects into MIB moduleBasic Data TypesINTEGERInteger32Unsigned32OCTET STRINGOBJECT IDENTIFIEDIPAddressCounter32Counter64Guage32Time TicksOpaque

SMI: Object, Module ExamplesOBJECT-TYPE: ipInDelivers

ipInDelivers OBJECT TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The total number of input datagrams successfully delivered to IP user- protocols (including ICMP)::= { ip 9}MODULE-IDENTITY: ipMIB

ipMIB MODULE-IDENTITY LAST-UPDATED 941101000Z ORGANZATION IETF SNPv2 Working Group CONTACT-INFO Keith McCloghrie DESCRIPTION The MIB module for managing IP and ICMP implementations, but excluding their management of IP routes. REVISION 019331000Z ::= {mib-2 48}

Base Data Types

SMI : Encoding Format

SNMP : MIBOBJECT TYPE:OBJECT TYPE:OBJECT TYPE:objects specified via SMIOBJECT-TYPE constructMIB module specified via SMI MODULE-IDENTITY(100 standardized MIBs, more vendor-specific)

A management information base (MIB) stems from the OSI/ISO Network management model. It comprises a collection of objects in a (virtual) database used to manage entities (such as routers and switches, etc) in a network

MIB Tree

SNMP NamingQuestion: how to name every possible standard object (protocol, data, more..) in every possible network standard?Answer: ISO Object Identifier tree: hierarchical naming of all objects, each branchpoint has name, number1.3.6.1.2.1.7.1ISOISO-ident. Org.US DoDInternetudpInDatagramsUDPMIB2management

MIB Browser

MIB Example: UDP ModuleObject ID Name Type Comments1.3.6.1.2.1.7.1 UDPInDatagrams Counter32 total # datagrams delivered at this node1.3.6.1.2.1.7.2 UDPNoPorts Counter32 # underliverable datagrams no app at portl1.3.6.1.2.1.7.3 UDInErrors Counter32 # undeliverable datagrams all other reasons1.3.6.1.2.1.7.4 UDPOutDatagrams Counter32 # datagrams sent1.3.6.1.2.1.7.5 udpTable SEQUENCE one entry for each port in use by app, gives port # and IP address

UDP Variables and Tables

Trng HBK TP.HCM - Khoa Khoa hoc & Ky thut may tinh 2008*Computer Network 2Usage of SNMP v.3 ObjectsUsage : Monitoring device uptimes (sysUpTimeInstance)Inventory of OS versions (sysDescr)Collect interface information (ifName, ifDescr, ifSpeed, ifType, ifPhysAddr)Measuring network interface throughput (ifInOctets, ifOutOctets)Querying a remote ARP cache (ipNetToMedia)

Trng HBK TP.HCM - Khoa Khoa hoc & Ky thut may tinh 2008*Computer Network 2SNMP Applications

SNMP v3 Security and AdministrationEncryption: DES-encrypt SNMP message Authentication: compute, send MIC(m,k): compute hash (MIC) over message (m), secret shared key (k)Protection against playback: use nonceView-based access controlSNMP entity maintains database of access rights, policies for various usersdatabase itself accessible as managed object!

Trng HBK TP.HCM - Khoa Khoa hoc & Ky thut may tinh 2008*Computer Network 2RMON v.1/2The Remote Network MONitoring (RMON) MIB was developed by the IETF to support monitoring and protocol analysis of LANsRMON is designed for "flow-based" monitoring, while SNMP is often used for "device-based" managementA minimal RMON agent implementation could support only statistics, history, alarm, and eventThe RMON1 MIB consists of ten groupsThe RMON2 MIB adds ten more groups

Trng HBK TP.HCM - Khoa Khoa hoc & Ky thut may tinh 2008*Computer Network 2RMON Applications

Trng HBK TP.HCM - Khoa Khoa hoc & Ky thut may tinh 2008*Computer Network 2Configuration using RMONUsing RMON to analyze and monitor network traffic data within remote LAN segments from a central location

Detect, isolate, diagnose, and report potential and actual network problems before they escalate to crisis situations

Trng HBK TP.HCM - Khoa Khoa hoc & Ky thut may tinh 2008*Computer Network 2Network Administration PlatformsA suite of software applications which allow large-scale system and network management of an organization's IT infrastructure. It included optional modules from property company as well as third parties which connect within the well-defined framework and communicate with one anotherExample : HP OpenView, IBM Tivoli, Computer Associates Unicenter, Cabletron Spectrum, Cisco Network Assistant, and some OpenSource like ZenOss, Nagios, MRTG, RRDTools, etc

Trng HBK TP.HCM - Khoa Khoa hoc & Ky thut may tinh 2008*Computer Network 2Introduction of ZenOss SoftwareZenoss (Zenoss Core) is an open source application, server and network management platform based on the Zope application server. It's released under the GNU General Public License (GPL) version 2Zenoss Core provides a web interface that allows system administrators to monitor availability, inventory/ configuration, performance, and eventsPlatforms : Red Hat Enterprise Linux / CentOS (4, 5), Fedora (Core 6, 7, 8), Ubuntu (6.10, 7.04, 7.10, 8.04), FreeBSD (6.1, 6.2), Debian (Sarge), SuSE (10, 10.2), Solaris 10, Gentoo, Mac OS X, VMWare Appliance

Trng HBK TP.HCM - Khoa Khoa hoc & Ky thut may tinh 2008*Computer Network 2ZenOss : Functional DevicesZenoss delivers a single product to monitor the entire IT infrastructure:Networks - Routers, Switches, Firewalls, Access PointsServers - Microsoft Windows, Linux, Unix, HP, NetApp, DellVirtualization - Complete VMware Virtual Infrastructure (VI3) Management, XenSource Monitoring Applications - Processes, Ports, Web Apps, Web Services, Databases, Middleware, Commercial Apps

Trng HBK TP.HCM - Khoa Khoa hoc & Ky thut may tinh 2008*Computer Network 2ZenOss : A unique approachUsing agentless collection and standards-based management protocols : WMI, PerfMon, SNMP, JMX, HTTP, Telnet, SSH, Syslog, ICMP, FTP, SMTP, etc.

Trng HBK TP.HCM - Khoa Khoa hoc & Ky thut may tinh 2008*Computer Network 2ZenOss : A full lifecycleConfiguration Management - Auto-discovery, inventory, CMDB, change trackingAvailability Management - Active tests up and down the stackPerformance Monitoring - Collect and analyze metrics up and down the stackEvent/Log Management - Central collection and management of alarms and breachesAutomatic Remediation - Respond to and resolve issues as they occur

Trng HBK TP.HCM - Khoa Khoa hoc & Ky thut may tinh 2008*Computer Network 2Network Backup : FeaturesOpened File Backup, Continuous backupMulti-platform, Multi-siteOnline Access to filesData CompressionDifferential Data CompressionData EncryptionBandwidth UsageCost factors : total amount of data, number of machines, maximum number of versions

Network Management: SummaryNetwork ManagementExtremely important: 80% of network costASN.1 for data descriptionSNMP protocol as a tool for conveying informationNetwork management: more art than scienceWhat to measure/monitorHow to respond to failures?Alarm correlation/filtering?

Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Network administrator is a modern profession responsible for the maintenance of computer hardware and software that comprises a computer network. This normally includes the deployment, configuration, maintenance and monitoring of active network equipment. A related role is that of the network specialist, or network analyst, who concentrate on network design and security. The Network Administrator is usually the highest level of technical/network staff in an organization and will rarely be involved with direct user support. The Network Administrator will concentrate on the overall health of the network, server deployment, security, ensuring network connectivity throughout a company's LAN/WAN infrastructure, and all other technical considerations at the network level of an organizations technical hierarchy. Network Administrators are considered Tier 3 support personnel that only work on break/fix issues that could not be resolved at the Tier1 (helpdesk) or Tier 2 (desktop/network technician) levels.Depending on the company, the Network Administrator may also design and deploy networks. However, these tasks may be assigned to a Network Engineer should one be available to the company.The actual role of the Network Administrator will vary from company to company, but will commonly include activities and tasks such as network address assignment, assignment of routing protocols and routing table configuration as well as configuration of authentication and authorization directory services. It often includes maintenance of network facilities in individual machines, such as drivers and settings of personal computers as well as printers and such. It sometimes also includes maintenance of certain network servers: file servers, VPN gateways, intrusion detection systems, etc.Network specialists and analysts concentrate on the network design and security, particularly troubleshooting and/or debugging network-related problems. Their work can also include the maintenance of the network's authorization infrastructure, as well as network backup systems.The administrator is responsible for the security of the network and for assigning IP addresses to the devices connected to the networks. Assigning IP addresses gives the subnet administrator some control over the professional who connects to the subnet. It also helps to ensure that the administrator knows each system that is connected and who personally is responsible for the system.Trng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Administration TasksSecurity Administration Scan for "Trojan Horse" violations Scan for "Backdoor" violations Intrusion Detection - Run checksums on allsystem directories to determine if anychanges have been made Scan for unsecured directories and files Scan for user accounts with no password Look for any new Operating System errorsthat may have been logged Monitor for suspicious failed "login" attempts Monitor for suspicious failed "su" attempts Log all ".rhosts" files Scan root's PATH variable for securityproblems Monitor system owned world writeable files Monitor user owned writeable files Identify rogue (misplaced) devices Log deletion of system owned files Log deletion of user owned files Monitor changes to access (owner, group orpermissions) on secured files Scan for potential problems in /etc/passwdfile, such as:no matching entry in NISgroup ID not in /etc/groupinvalid home directoryduplicate loginsduplicate UIDsroot entry missingroot entry is not the first entryunexpected value for shellshell is Set UIDshell is Set GID Kill idle users Any new orphan files? Monitor for the removal of the sticky bit ondirectories Audit security and suggest improvementchanges Transfer all data between AdminUXs asencrypted and certified Monitor TCP/IP ports for change in status Can root log in on non-console devices? Does PAM have any breathtakingconfigurations? Create a daily security diaryNetwork Administration Poll devices on network and determine if anynetwork hosts are down Poll the network to determine if any networkinterfaces are down Determine if collision rates are abnormal onall network interfaces Determine if packet error rates are abnormalon all network interfaces Poll URL to determine if the web page exists Poll URL to determine if the web page haschanged Alert if an inactive TCP/IP port becomesactive Alert if an active TCP/IP port becomesinactive Audit for ports that should not be active Distribute matrix changes to a workgroup ofAdminUXsPerformance Administration Log benchmarks Run sar reports for yesterday's data Analyze buffer performance Analyze cpu performance Analyze disk performance Analyze memory performance Look for any new Operating System errorsthat may have been logged Was there an unauthorized date/time change? Was the last boot expected? Determine if the system needs to beshutdown. Determine if collision rates are abnormal onall network interfaces. Determine if packet error rates are abnormalon all network interfacesAdministration Tasks swww.adminux.comRev. E - Green Light Advantage, LLC/ P.O. Box 920639 / Norcross, GA 30010-0639 / Toll Free 888-750-60332003 Green Light Advantage, LLC. AdminUX (patents pending) is a registered trademark of Green Light Advantage, LLC.Page 2ADMINUX Process Administration Monitor for failed daemons Restart any stopped daemon, if permitted Monitor for orphan processes Kill orphan processes, if permitted Monitor for runaway processesFilesystem Administration Monitor if all filesystems are mounted Monitor if there is adequate filesystems space Monitor if there is adequate swap space Model free blocks and forecast if the resourcewill be exhausted in 90/60/30 daysFile Administration Restore any missing critical file, device orsymbolic link Archive/trim defined system logs Remove defined garbage files Does /dev use more space than expected? Any new large mailboxes? Any new orphan files? Reassign orphan files' ownership to a validuser Error check /etc/gettydefs Error check /etc/inittab Error check /etc/passwd Locate and log large files Monitor the growth of large files Locate and log huge directoriesBackup Administration Did the Autobackup Administrator complete? Has the Autobackup Status been checkedrecently? Is tonight's tape(s) inserted? Did the Autobackup run the normal length oftime? Is the Autobackup Administrator enabled? If applicable, create the volume groupconfiguration backup files Synchronize AdminUX's logs onto other hosts(Logs are available if this machine goes down) Synchronize application logs/files onto otherhosts for backupUser Administration Enable/Disable a login Kill idle users Monitor user application logs for a definedevent Look for user posted events to alarm Randomly select a new message-of-the-day Change file names in users' home directoriesif file name contains meta characters Enforce certain time of day login rule Assign a menu command to the login Assign a time zone to the login if needed If applicable, display a login greeting If applicable, display any birthdays for today If applicable, celebrate the login's birthday Prevent a user from logging in from more thanone device Allow a user to run a super user commandPrinter Administration Monitor if the print scheduler is running Monitor if all printers are enabled Monitor if all print destinations are acceptingrequests Monitor if there is a default print destination Restart lp spooling system's sequencenumber each yearAdministration Tasks swww.adminux.comRev. E - Green Light Advantage, LLC/ P.O. Box 920639 / Norcross, GA 30010-0639 / Toll Free 888-750-60332003 Green Light Advantage, LLC. AdminUX (patents pending) is a registered trademark of Green Light Advantage, LLC.Page 3ADMINUX Keep A Record Create a daily security diary If applicable, create the volume groupconfiguration backup files Create a table of all files on the localfilesystems (FILES.tab) Create a table of everything known about theprint spooling system (LPPERMS.tab) Maintain 24 hour status logs to diagnosesystem problems (STATUS00.log -STATUS23.log) Log kernel system log errors (ERRPT.log) Log deleted system owned files(MISSING.log) Log response time benchmark(RESPONSE.log) Log active users (USERS.log) and terminals(TERMS.log) Log removed garbage files (CLEANUP.log). Log current disk space (DISK.log). Log current directory space (DU.log). Log current space for users' home directory(DUUSR.log). Log orphan files (FORPHANS.log) Log large files (LRGFILES.log) Log huge directories (HUGEDIR.log) Log security concerns (SECURITY.log) Log failed login attempts (FAILEDLGIN.log) Log failed "su" attempts (FAILEDSU.log) Log all "su" attempts (SU.log) Log all system boots and shutdowns(BOOT.log,SHUTDOWN.log) Log a history of all repairs made by AdminUX(REPAIRS.log) Log all ".rhosts" files (RHOSTS.log) Log all SGID files (SGID.log) Log all sticky bit files (STICKYBIT.log) Log all SUID files (SUID.log) Log system uptime (UPTIME.log) Log all files that are writeable by users(USERSWRITE.log) Log all world writeable files(WORLDWRITE.log) Log system configuration settings(SYSTEM.log) Log resource data (DB.log)Alarm Administration Send notifications if an alarm is set Send alarm to Tivoli Send alarm to OpenView Send alarms to other machinesBoot Administration Make certain that the console is linkedcorrectly If applicable, do an fsck on all filesystems Re-create /tmp and /usr/tmp if missing Remove lock and obsolete control files Ask for a new date/time if unreasonable Restore any missing files, devices andsymbolic links Re-create any missing lost+found directories Re-create utmp file if missingTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Trng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Trng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*SNMP Version 3 (SNMPv3) General Message Format Field NameSyntaxSize (bytes)DescriptionMsg VersionInteger4Message Version Number: Describes the SNMP version number of this message; used for ensuring compatibility between versions. For SNMPv3, this value is 3.Msg IDInteger4Message Identifier: A number used to identify an SNMPv3 message and to match response messages to request messages. The use of this field is similar to that of the Request ID field in the PDU format (see Table 218), but they are not identical. This field was created to allow matching at the message processing level regardless of the contents of the PDU, to protect against certain security attacks. Thus, Msg ID and Request ID are used independently.Msg Max SizeInteger4Maximum Message Size: The maximum size of message that the sender of this message can receive. Minimum value of this field is 484.Msg FlagsOctet String1Msg Security ModelInteger4Message Security Model: An integer value indicating which security model was used for this message. For the user-based security model (the default in SNMPv3) this value is 3.Msg Security ParametersVariableMessage Security Parameters: A set of fields that contain parameters required to implement the particular security model used for this message. The contents of this field are specified in each document describing an SNMPv3 security model. For example, the parameters for the user-based model are in RFC 3414.Scoped PDUVariable And now, let's look at the PDU format for SNMPv3. Ah ha! We are spared this, because SNMPv3 uses the protocol operations from SNMPv2; this is described in RFC 3416, which is just an update of RFC 1904

Trng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Trng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*RMONFrom Wikipedia, the free encyclopedia(Redirected from Remote monitoring)Jump to: navigation, searchThe Remote Network MONitoring (RMON) MIB was developed by the IETF to support monitoring and protocol analysis of LANs. The original version (sometimes referred to as RMON1) focused on OSI Layer 1 and Layer 2 information in Ethernet and Token Ring networks. It has been extended by RMON2 which adds support for Network- and Application-layer monitoring and by SMON which adds support for switched networks. It is an industry standard specification that provides much of the functionality offered by proprietary network analyzers. RMON agents are built into many high-end switches and routers.Contents[hide]1 Overview2 Important RFCs3 See also4 External links[edit] OverviewAn RMON implementation typically operates in a client/server model. Monitoring devices (commonly called "probes" in this context) contain RMON software agents that collect information and analyze packets. These probes act as servers and the Network Management applications that communicate with them act as clients. While both agent configuration and data collection use SNMP, RMON is designed to operate differently than other SNMP-based systems:Probes have more responsibility for data collection and processing, which reduces SNMP traffic and the processing load of the clients.Information is only transmitted to the management application when required, instead of continuous polling.In short, RMON is designed for "flow-based" monitoring, while SNMP is often used for "device-based" management. RMON is similar to other flow-based monitoring technologies such as NetFlow and SFlow because the data collected deals mainly with traffic patterns rather than the status of individual devices. One disadvantage of this system is that remote devices shoulder more of the management burden, and require more resources to do so. Some devices balance this trade-off by implementing only a subset of the RMON MIB groups (see below). A minimal RMON agent implementation could support only statistics, history, alarm, and event.The RMON1 MIB consists of ten groups:Statistics: real-time LAN statistics e.g. utilization, collisions, CRC errorsHistory: history of selected statisticsAlarm: definitions for RMON SNMP traps to be sent when statistics exceed defined thresholdsHosts: host specific LAN statistics e.g. bytes sent/received, frames sent/receivedHosts top N: record of N most active connections over a given time periodMatrix: the sent-received traffic matrix between systemsFilter: defines packet data patterns of interest e.g. MAC address or TCP portCapture: collect and forward packets matching the FilterEvent: send alerts (SNMP traps) for the Alarm groupToken Ring: extensions specific to Token RingThe RMON2 MIB adds ten more groups:Protocol Directory: list of protocols the probe can monitorProtocol Distribution: traffic statistics for each protocolAddress Map: maps network-layer (IP) to MAC-layer addressesNetwork-Layer Host: layer 3 traffic statistics, per each hostNetwork-Layer Matrix: layer 3 traffic statistics, per source/destination pairs of hostsApplication-Layer Host: traffic statistics by application protocol, per hostApplication-Layer Matrix: traffic statistics by application protocol, per source/destination pairs of hostsUser History: periodic samples of user-specified variablesProbe Configuration: remote config of probesRMON Conformance: requirements for RMON2 MIB conformance[edit] Important RFCsRMON1: RFC 2819 - Remote Network Monitoring Management Information BaseRMON2: RFC 2021 - Remote Network Monitoring Management Information Base Version 2 using SMIv2SMON: RFC 2613 - Remote Network Monitoring MIB Extensions for Switched NetworksOverview: RFC 3577 - Introduction to the RMON Family of MIB Modules[edit] See alsoSNMPMIBNetwork performance managementNetwork tapNetFlowSFlow[edit] External linksRMON: Remote Monitoring MIBsRAMON: open-source implementation of a RMON2 agent

Trng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Typical featuresOpened File Backup The ability to back up files that are extensively opened, such as Outlook files (*.pst) or SQL database files can be useful. Such ability allows IT administrators to run back up jobs any time of the day, not requiring setting aside server maintenance time. Most online backup products need an add-on for this. Higher-end products support this natively. Multi-platform A Multi-platform backup service can back up multiple platforms such as the various flavors of Windows, Macintosh, and Linux/UNIX. Many newer entrants only back up Windows XP, for example. Multi-site A feature of some services is the capability to back up the primary site data plus remote offices and branch offices in a relatively seamless manner. Continuous backup allows the tool to back up continuously or on a predefined schedule. Both methods have advantages and disadvantages. Most backup tools are schedule-based and perform backups at a predetermined time. Some services provide continuous data backups which are used by large financial institutions and large online retailers. However, there is typically a tradeoff with performance and system resources. Online Access to files Some services allow you to access your backed up files via a normal web browser. Many tools do not provide this type of functionality. Data Compression typically data will be compressed with a lossless compression algorithm to minimize the amount of bandwidth used. Differential Data Compression A way to further minimize network traffic is to transfer only the binary data that has changed from one day to the next, similar to the open source file transfer tool Rsync. More advanced network backup tools use this method rather than transfer entire files. Data Encryption Encryption of data during transmission to vendor and encryption when stored at vendor Bandwidth Usage User selectable to use more or less bandwidth at various times [edit] Cost factorsOnline backup services are usually priced as a function of the following things:The total amount of data being backed up.The number of machines covered by the backup service.The maximum number of versions of each file that are kept.Vendors typically limit the number of versions of a file that can be kept in the system. Some services omit this restriction and provide an unlimited number of versions. Add-on features (plug-ins), like the ability to back up currently open or locked files, are usually charged as an extra, but some services provide this built in.[edit] Advantages of remote backupRemote backup has advantages over traditional backup methods:Remote backup does not require user intervention. The user does not have to change tapes, label CDs or perform other manual steps.Remote backup maintains data offsite. Perhaps the most important aspect of backing up is that backups are stored in a different location from the original data. Traditional backup requires manually taking the backup media offsite.Data storage abroad could be an advantage too.Some remote backup services will work continuously, backing up files as they are changed.Most remote backup services will maintain a list of versions of your files.Most remote backup services will use a 128 - 448 bit encryption and sent shrunk data packages via a https connection.[edit] Disadvantages of remote backupRemote backup has some disadvantages:Depending on the available network bandwidth, the restoration of data can be slow. Because data is stored offsite, the data must be recovered either via the Internet or via tape or disk shipped from the online backup service provider.Backup service providers have no guarantee that stored data will be kept private - for example, from employees. As such, most recommend that files be encrypted before storing.It is possible that a remote backup service provider could go out of business or be purchased, which may affect the accessibility of one's data or the cost to continue using the service.If encryption password is lost, no more data recovery will be possible.Trng HBK TP.HCMComputer Network 2*Computer Network 2Trng HBK TP.HCMTrng HBK TP.HCMComputer Network 2*Computer Network 2