The company I work for required a remote probe solution that allowed us to completely manage, monitor and troubleshoot every aspect of their network.The criteria was vague enough to be intriguing. So, since we have a large number of management tools at our disposal,
I thought that I would spend an evening plotting how to take over the world using a virtualization distribution system.
Here is the work thus far.
We decided to use tools that would allow us to do:
1>Perform realtime hardware and software audits.
There are an immesureable amount of tools out there that can do this, but most of them are scheduled, or on demand audits. Or the ones that are maintained current cost an arm and a leg. For several years I tried things like login scripts to export MSinfo32, or MSD like data to network shares, or using enterprise tools like
Panda Invent (which by the way is a top notch program with a virtually unlimited non-expiring trial which is dreadfully expensive to licence). Now I always flog an essential tool called FPINGER.
This software only costs about $50, but it can do things well that are normally reserved for things like HP openview or some other clunky large scale solution. In this setup, we will use it to monitor VPN connectivity, server and service availability and ofcourse, to perform hardware and software audits upon login and logoff. The data can be exported automatically into html imagemap of a visio drawing. This allows you to view the realtime data of any machine on your network via a webpage. It can also export to SQL if required.
2>Monitor server and workstation connectivity and service availability
Fpinger can also be configured for email, network and scripted alerts when a service fails or a device or link goes down.
3>Monitor VPN connectivity and generate historical reports
Fpinger can provide html reports on drops and reconnections which can be parsed by excel to create frequency graphs, but this only gives part of the picture. If the device is on a local network segment, then it is probably a device or service failure. If it is remote, then you have to follow the path of success to the fault. This is best accomplished with a tool like Ping Plotter, or 3D Traceroute, depending on your eye candy threshold.
3D traceroute is pretty like a shirly temple.
Ping Plotter is pretty like a jug of moonshine. It get the job done quicker.
4>Monitor and analyze WAN paths, and setup alert notifications for problems
Ping Plotter is excellent for supplying detailed latency, packet loss, and route information. It is my preferred data export tool of choice when faced with proving wrong stupid, arrogant and useless ISPs (shaw...cough cough).
5>Connect to the desktop, command line, registry, or filesystem of every computer in the enterprise, all from one console
Ipscan. Hands down the best 100k remote connection tool. You can set up network ranges to scan for ICMP and specific ports. You can also configure plugins to connect via vnc, remote desktop, citrix, freeNX, radmin, command line with psexec, ssh, ftp, SMB, remotely run scripts with a psexec addon, remote registry, remote computer management console, remote IDS testing.
6>Monitor Sonicwall devices with a viewpoint server
If you have Sonicwall routers deployed, then Viewpoint can provide bandwidth, gateway antivirus and IDS statistics. A good product. A slim version of their Global Management System.
7>Deploy patches, service packs and other software updates to all machines
The standard in patch management is Shavlik. It is often rebranded, but still the same.
8>Provide managed antivirus via mcafee protection pilot and generate reports
Mcafee provides a poor consumer AV, but their enterprise product is top notch. Their managed solution is very good, but for managing your own installations and saving the money, use protection pilot. For superior in ease of use and stability to Symantec solution.
9>Monitor all SNMP traps and low level network analyses with an n-able probe
n-able N-Central is a large centralized management and monitoring console, similar to openview and nagios, big brother or silverback.
10>Troubleshoot network congestion, errors and traffic with a protocol analyzer
Ethereal is good, but I find MyNetMon to be just a little bit simpler to find the important packets.
11>Secure remote access to the probe behind any firewall by allowing a Sonicwall Global VPN client to “call home”.
Then from the VPN endpoint, you connect back into the remote client and have at the management tools.
12>No system is complete without an IDS scanning system.
Strata Guard Free is a free version of a comercial IDS that uses snort. You can get it from http://www.stillsecure.org/ .
For a detailed write-up on this software you can see a post on Security Zero detailing its features and installation. It is also possible to get it as a VMWare virtual appliance.
This is a work in progress, as I have found that somethings have to be redesigned in order to work properly. For example:
-Viewpoint has to be the only database on the VM, otherwise it freaks out.
-In order to have a virtual machine within a virtual machine, you have to use QEMU, since vmware does not support it with its own VMplayer.
So there are some glitches to work out.
0 comments:
Post a Comment