Delivering ‘plugand-play’ network monitoring
OCULAN 250 NETWORK APPLIANCE
Is plug-and-play network monitoring a misnomer – or the future? Installing traditional network monitoring software on a dedicated machine or a non-busy server isn’t too difficult. However, the idea of getting a monitoring tool pre-installed on a keyboardless, rack- mountable computer is intriguing and compelling, especially for small networks with few spare computers.
Oculan says its Oculan 250 appliance is the right tool for companies that want comprehensive network monitoring but don’t want the hassle of buying a server, configuring and installing the monitoring package along with, perhaps, Web server and database server components.
We found that the Oculan 250 offers excellent device discovery, a range of useful monitoring features, timely notifications of network events, helpful reports and an intuitive, responsive user interface. On the other hand, we found some bugs, such as the software occasionally crashing or emitting Web pages with missing pushbuttons, and we had problems with the documentation (see How we did it at www.nwfusion.com, DocFinder:6433).
A heavy-duty appliance
The Oculan 250 is a rack-mountable, 2U, Intel-based computer running Red Hat Linux. An Apache Web server provides the user interface’s HTML, and a Postgres database stores network event details and asset inventories. Most Oculan software is written in Java and, although it runs within one computer, the software has a three-tier architecture.
The Oculan 250′s monitoring features are certainly comprehensive. The device detects outages, records network events, sends notifications, tracks assets, produces reports, identifies vulnerabilities, monitors Windows server performance factors, measures network performance and watches for intrusions.
One appliance can monitor a network of up to 25 devices, 25 servers and 250 desktops, making it appropriate for small to midsized networks. You can install multiple 250s on a network, but the devices don’t coordinate with others by sharing event data or asset lists. For larger networks, Oculan points to its recently announced OpticNerve product. The Oculan 250 polled the services running on our servers and devices every 5 minutes (the default), and we could set each separate service’s polling interval to one of five choices: 1 minute, 3, 5 or 15 minutes, or 1 hour. But it missed detecting momentary events where the failure and recovery occurred within the polling interval. The device can only peripherally monitor for service-level agreement compliance.
The appliance can poll about 22 types of network services, including Citrix, Domino Internet Inter-ORB Protocol, DNS/Dynamic Host Configuration Protocol, FTP, HTTP, Simple Mail Transfer Protocol, POPS, Internet Message Access Protocol, SNMP and Lightweight Directory Access Protocol. It also can poll database servers running Informix, MySQL, Oracle, Postgres, SQL Server and Adaptive Server. The appliance separately monitored our Internet connection and, once we enabled each server’s Windows Management Interface, gathered asset detail and performance statistics from our Windows-based servers.
Net Results
Statistics monitored include CPU utilization, physical memory, network adapter and disk information, operating system details, installed applications, services running in the background and resource usage figures. Collecting and reporting this level of asset and performance data is a big help.
The appliance made quick work of discovering the devices on each network segment (IP address range) we asked it to monitor. The notification feature promptly sent us e-mail and pager alerts for different types of problems, including “authenticate failure” and “interface down.” Furthermore, we could set up separate targets for categories, such as “admin,”"desktop” and “security.” To our delight, the notification feature was more sophisticated than we expected.
Similarly, report selection let us choose the kind of data, the time interval to report on and whether we wanted the report in Adobe Acrobat PDF,Web page or e-mail format. However, some reports were available only in one format. The reports displayed SNMP data and performance, availability and outage details, security summaries, intrusion attempts, vulnerabilities, system inventories and system performance data.
The intrusion-detection system worked well, as did the vulnerability scan, which recommended specific security patches and configuration changes for the servers we scanned. Oculan says vulnerability knowledgebase updates and the intrusion-detection library of exploits and signatures are included in the one-year warranty. Thereafter, maintenance fees will keep the device’s knowledgebase and library up to date.
Use and care
The appliance’s Web interface is well designed and responsive. Its top-level menu is a set of links to data displays or further menus on outages, events, notifications, assets, reports, vulnerabilities, system lists, security, performance tools (such as traceroute and ping), appliance administration and product help. To avoid showing stale data, the interface automatically refreshes every minute.
Specifying our network’s segments to the device by supplying our IP address ranges was painless. Because the Oculan 250 tracks each IP address or address range separately, we easily could delete or modify an address or range without disturbing the others. This thoughtful design is apparent throughout the interface’s various Web pages.
We encountered a few bugs when adding an IP address range on the Intrusion Home Network Configuration page: The tool told us a “save settings” option would next appear. It appeared but was unclickable. On occasion, performing a vulnerability scan crashed the Oculan software. Infrequently, other stray bugs revealed themselves by displaying Java error codes. To its credit, the tool gracefully recovered from these bugs.
We were disappointed in the documentation provided, which consisted of a pair of Adobe Acrobat PDF files downloadable from the device. Using the product’s help button redirected the browser window to Oculan’s support site, which offered no help on the 250.
We ignored the single-page installation guide Oculan supplied with the unit because it was wrong. A technical support call pointed us to PDF files, which accurately guided us through the installation and initial configuration. For after-hours support, we left voice mail, but callbacks occurred within an hour or so.
All things considered, we liked the Oculan 250. Many of its features are especially noteworthy. The intrusion-detection component is state of the art, the vulnerability checker is quite thorough, and the Windows server asset detail collector is encyclopedic. It’s a worthwhile monitoring tool for small networks, and it indeed is plug-and-play.
Nance, a software developer and consultant, is the author of Introduction to Networking, 4th Edition and Client/Server LAN Programming. He can be reached at barryn@erols.com. Nance is also a member of the Network World Global Test Alliance, a cooperative of the premier reviewers in the network industry.
Copyright Network World Inc. Jun 23, 2003