Networks are critical for business success
The exchange and the possession of information has formed the basis for the development of mankind. Since 1968, when a small research group developed the forerunner of today's internet with ARPAnet (Advanced Research Projects Agency Network), in all of human history the exchange of information has never been easier.
As part of the ARPAnet, the research group networked four computers at four universities. The aim of the first network was, through exchanging data, to make better use of the limited computing capacities available at the time. A further advantage was that all of the networked computers thus had access to the same database.
Since then, network technology has developed rapidly, underpinning its indispensability as an enabler of global information exchange. Regardless of technological trends such as cloud computing, The Internet of Things (Iot) or Big Data, today's companies in almost all industries depend on the rapid exchange of data and its uninterrupted availability.
Many companies have built up their network infrastructure over years – increasing its complexity – regardless of whether the networks are small or large. Keeping track of this can quickly turn out to be a Sisyphean task, but this is essential to be able to provide a high-performance network. Holistic network monitoring can also shed light on such complex IT infrastructures.
What should an organization look for when choosing its network monitoring solution? Which functions should monitoring software provide to keep the effort for installation and maintenance as low as possible in both small and large IT infrastructures? Which devices, performance metrics and network interfaces should be monitored? Why do many companies waste potential by only checking the status of their network? What are the benefits of network analysis? In this article we will try to answer these and other questions in more detail.
A functioning network monitoring is, in fact, indispensable for maintaining the business operations of any company – regardless of size, industry and product portfolio. Only with a functioning network can employees work efficiently, production lines produce faultlessly, and services be provided with high performance. No company can afford network failures or performance losses. Holistic monitoring can however help them to minimize these risks.
Benefits of network monitoring
Discover hidden issues impacting the performance of your infrastructure with the help of a holistic network monitoring. Using real-time and historic data ensures you to identify problematic trends.
Gain visibility into your whole network
A powerful monitoring helps you to gain visibility into your whole network including all network interfaces. So there are no more blind spots in your infrastructure that can be a potential source of problems in your network.
Quick elimination of potential sources of problems
It enables you to find faster solutions for critical issues by quickly eliminating potential sources of problems.
Why is network monitoring important?
Companies that monitor their network infrastructure are able to get an overview of their entire infrastructure. This means there are no more blind spots, and that undetected problems which can affect the performance of the network are a thing of the past.
Furthermore, a powerful monitoring helps companies to resolve faults more quickly, since potential sources of problems can be quickly eliminated. The analysis of real-time and historical data also makes it easy to identify critical trends in the IT infrastructure. This also leads to a significant reduction in the workload of IT teams, as they are able to prevent problems in advance instead of investing a lot of time in researching causes and rectifying faults – this allows them to devote themselves to other, more productive tasks.
In principle, the effort for IT operations teams should be reduced by using a monitoring software. This can be accomplished already during the installation: Depending on the approach, the implementation and operation of a monitoring tool can be simple and easy to manage. Once installed, it not only helps to monitor the network, but can also – depending on the functional scope of the monitoring software – provide an all-encompassing view of the IT infrastructure including the IP (Internet Protocol) devices used. This includes classic network components such as routers, switches, access points or firewalls as well as other devices connected via IP such as sensors, printers, servers, etc.
With such an IT monitoring, the administrator can, among other things, monitor the status of the devices in the network, detect abnormalities and identify bottlenecks.
What belongs in a network monitoring?
Technological trends such as Smart Home, Smart Office or IoT have ensured that more and more devices are connected to a network via IP. So which devices should be included in network monitoring? The answer is simple: all of them. Monitoring should always claim to monitor the entire IT infrastructure – and preferably with an all-in-one approach. This means that the monitoring tool used should be capable of monitoring the entire IT infrastructure.
This enables a holistic view of the entire IT infrastructure and the consolidation of all information in a central location. The use of different specialised solutions not only leads to monitoring silos, but also increases the chance that something important is overlooked, or not being taken into account at all. Such blind spots will take their revenge if there is a disruption or a drop in performance.
For monitoring, this means that in addition to the classic network components such as switches, routers, access points, firewalls, sensors, UPSs, network printers, etc., as well as all other end devices should also be included in the monitoring, regardless of their operating system (such as Linux, Unix, Windows, etc.). Monitoring server platforms – whether they are physical or virtual and based on Linux, Windows or any other operating system – is also no problem with the right network monitoring software.
In addition, good network monitoring includes the monitoring of all ports in a network environment.
Which parameters of a network should be monitored?
To know what is happening in the corporate network, it is necessary to monitor various parameters of the network components. The monitoring tool used should be able to monitor, among other things, packet rates, error rates, bandwidth, and the state of the ports on the various switches and routers – regardless of the manufacturer. The IT team needs to monitor not only whether the devices are performing, but also whether the switches and routers themselves are still functioning. To do this, the team should also be able to keep an eye on other performance parameters such as CPU load, fans, power supply, temperature, etc. with the help of the software they use.
For firewalls, it is also useful to include the general status, the status of VPN tunnels, the level of availability, and other key indicators in the monitoring. This is the only way to ensure the security of the network. Learn more about VPN monitoring.
For organizations that operate a WLAN in addition to a wired network infrastructure, the monitoring tool used should also be able to provide some metrics such as the status of access points and WLAN routers, signal strength and connected devices. WLAN monitoring can help to reduce problems when operating a wireless environment in the company. Since a functioning WLAN is highly dependent on external influences, it is essential for a company to include the infrastructure components for the wireless environment in the monitoring.
IP monitoring eases the hurdle
Network monitoring as an elementary component of a functioning IT infrastructure should also be possible without a great deal of experience in this field. This already starts with the required amount of work when integrating all components in the network. A good monitoring tool not only supports the majority of all device manufacturers, but also knows how to deal with the characteristics of the various components independently.
This means that after installation, the tool automatically scans the entire network, a specific IP range or subnet for existing devices and then automatically integrates the devices found into the monitoring process. In the ideal case, during the scanning process the monitoring software recognizes the type of device and from which manufacturer it comes and, based on this knowledge, automatically includes the relevant metrics into the monitoring.
In this way, the monitoring software monitors the most important performance parameters of the respective devices from the outset, and defines meaningful threshold values as standard, the exceeding or falling below of which will trigger an alarm or notification to the IT manager. Manual configuration of the monitoring instance is thus reduced to a minimum – for monitoring both small and large network infrastructures.
This has two enormous advantages: Inexperienced users, who for example are looking for a monitoring tool for a network environment with few devices for a small company, benefit from a low entry hurdle. For administrators of large corporate networks with a large number of diverse network devices, the effort involved in manual configuration is significantly reduced, allowing them to set up comprehensive IT monitoring for scalable infrastructures within a short time.
How to monitor large IT infrastructures
For the monitoring of large and complex networks with different locations and differently connected components, a monitoring software that works with a rule-based configuration is also suitable. With a few simple steps administrators can use rules to define a policy – such as monitoring only the error rate of all access ports – for monitoring a large number of similar devices.
This makes sense, because behind each access port there is a user with his terminal device. If this user switches off his PC, the administrator receives an alarm because the port is offline, although this is actually a common procedure. For the IT manager, however, the error rate of the access ports is an important value that he should monitor. Using rules, they can therefore define that no more alarms should be sent if an access port goes offline, but simply want to stay informed of the error rate of the ports. In this way they will receive all important information and not be drowned in a flood of ‘false alarms‘ simply because a user has shut down his PC.
The IT administrator defines the desired policy in the form of one or more rules. A rule-based monitoring solution then handles the monitored systems based on this policy. For example, a specific policy can be automatically enforced for all devices at a particular location or device group or with a particular operating system. If necessary, the administrator can also change this policy at any time with a few simple steps, without having to touch thousands of data records. Exceptions are also possible at any time and are documented via rules. Automation via rules also makes it easier and less error-prone to include new hosts in the monitoring.
While rule-based monitoring is not absolutely necessary in small environments with, for example, two hosts, it can be used to full effect in larger environments with hundreds of hosts, saving the administrator a lot of time when implementing and configuring new devices into the monitoring. On the other hand, with a monitoring tool that takes a template-based approach, the administrator may need to manually configure each device to be monitored on the network.
Agentless Monitoring with SNMP
In order for the monitoring software to provide the desired metrics, it must be able to retrieve the necessary data from the various devices. Various options are available for this purpose: SNMP (Simple Network Management Protocol), Microsoft's WMI (Windows Management Instrumentation), agents of the monitoring software, or proprietary interfaces (APIs).
Most common is monitoring with SNMP, which has become the de facto standard in network monitoring since its introduction in the late 1980s. The protocol is supported by almost all manufacturers, which means that they have implemented an SNMP stack on their hardware. The monitoring instance is thus able to retrieve the data required for monitoring from almost all devices by default – such as the CPU load of the firewall, the toner level of the network printer, the temperature in the server room, or all information on the interfaces of a switch. Read more about SNMP monitoring.
Since most manufacturers do not allow the installation of third-party software on their hardware, SNMP is in any case a good way to monitor these devices – provided the device supports the protocol, and when the implementation of the SNMP stack also complies with standard guidelines. If this is not the case, SNMP monitoring can quickly lead to problems.
SNMP monitoring is often mistakenly referred to as agentless monitoring. In fact, with the SNMP implementation, an agent, or software, is actually located on the devices that processes the queries and collects the information. The correct description would therefore be monitoring without additional installation effort on the network devices – somewhat more complicated than agentless monitoring.
But the installation of an additional monitoring agent is not a bad thing per se. It often provides much more detail about the network device than the SNMP implementation. Especially in server monitoring, the use of a monitoring agent can provide much deeper insights.
In addition, it is possible – if the monitoring software supports this, for example with a specially developed agent – to retrieve the monitoring data via the API of the respective manufacturer, if such an API is available. This API is often more stable than the existing SNMP implementation and is therefore often better suited for monitoring. Finally, from time to time, programming errors or poor implementations can cause problems with SNMP monitoring. Read more about SNMP stories from hell.
Network topology for a holistic view
Monitoring software that is able to detect all components in a network or in a specific IP range, and retrieve the data required for the monitored metrics, enables the administrator to obtain a holistic view of even complex network infrastructures.
Due to the complexity of many network infrastructures, however, companies are wasting a lot of potential if they only use monitoring to detect errors. It can be much more helpful if the monitoring software gives the administrator via this kind of IP monitoring a clear overview of the IT infrastructure.
Some network monitoring solutions display the network infrastructure in the form of an onscreen overview map. This gives IT managers a graphical overview of their infrastructure and may allow them to click on a display ‘button‘ to see the connections below it. Other network monitoring tools display the network in a tree structure or table. The table display has the advantage that several pieces of information in a condensed form can be viewed at a glance.
In addition to the graphical preparation of the network topology and the provision of metrics in different variations, the graphical representation of the retrieved performance parameters can be a simple method to view the current monitoring data in context while increasing historical data: How has the bandwidth on the network interfaces of the core switch developed? What is the status of the individual ports in the network environment? Are there abnormalities in the error rates? The graphical presentation of this data allows the administrator to quickly identify patterns, such as expected or unexpected performance peaks. In addition, the administrator can also use a graph to more easily derive trends for the future.
All network interfaces in view
Regardless of whether you are monitoring a small network environment or a large, distributed IT infrastructure, it always makes sense to monitor all network interfaces. Only then is the monitoring software able to identify problems that may even be unknown to the administrator. For someone who monitors the error rate of his access ports, for example, an error on a port can be a sign that a cable may have broken. This is in any case a possible problem that should be looked into.
Although it is recommended to include all ports in the monitoring, this may increase the rate of false positive alarms, since, by default, an alarm is triggered when an access port goes offline in response to a shutdown of the connected PC.
So in order not to receive an alarm during such a normal operation, it is necessary to put a little more work into the configuration of a good and powerful port monitoring. After all, the administrator only wants to receive the information that is relevant to maintaining smooth operation of the switch when monitoring the switch. With a rule-based configuration, however, such a switch monitoring can be set up quickly.
Network documentation helps to combat blind spots and shadow IT
All in all, the monitoring tool of choice should be able to provide holistic monitoring of the IT infrastructure with as little manual effort as possible. In this way, monitoring solutions not only help to avoid blind spots in your own IT infrastructure – an additional benefit is the detection of shadow IT, i.e. hardware or software that employees have connected to the company's IT infrastructure without the knowledge of IT.
The problem with shadow IT is that these are often consumer products. These usually do not have the necessary security features, or are not provided with the required security patches by their producers, so that such hardware or software can quickly prove to be a gateway for cyber attacks into the corporate network.
If a business department uses a cloud service without the knowledge of the corporate IT department, it is also possible that corporate data ends up in the cloud – thus compliance rules can be violated. Comprehensive network documentation can significantly reduce the problem of shadow IT. At the same time, the company can prevent a potential gateway for cyber attacks into the corporate network.
The network scanner in a monitoring software tries to identify as many components as possible when scanning the IP ranges. The result is not only a topology of the network infrastructure, but also information about all hardware components and software solutions in the network.
In addition to a network scanner for IP monitoring, good monitoring tools also have an inventory function. This means that software with such an optional module allows documentation of the devices and software packages located in the network. This can be, for example, the software version on a server, the expansion of RAM components on a server, the BIOS version of a mainboard, serial numbers of the installed hard disks, or which ports of a switch have not been used for a longer time and could therefore be free.
The monitoring solution can then pass this data on to a third-party solution, such as a license management system. This data can also help to check whether a particular software package has been installed on a server. The monitoring tool can also alert the administrator if there has been a change to the hardware or software. Ideally, with only a single, good network monitoring solution, an IT manager should be able to comprehensively monitor the status of his entire IT infrastructure. He also receives complete documentation of the company‘s IT, and is able to track changes to the hardware and software without having to use another third-party solution such as an inventory scanner.
Detailed insights into networks for analysis and optimization
The use of a proper tool for monitoring the network environment provides a company with the opportunity to monitor what is happening in the IT infrastructure from a central location. This allows the administrator to see the status of his switches, routers, firewalls, access points, etc. at a glance.
They are also able to monitor various network variables, such as used bandwidth, packet runtimes, error rates, the status of ports, etc., user statistics, such as users logged in, sessions, etc., or the status of VPN tunnels and the level of device availability.
Identify anomalies in bandwidth, CPU load or memory usage
Enriched with historical data, an IT manager thus obtains a holistic view of the status quo of his or her IT infrastructure and can analyze what is going on in it. In this way it is possible for the administrator to identify anomalies in bandwidth, CPU load or memory usage. The monitoring tool enables them to detect possible performance bottlenecks by monitoring various metrics. This not only helps to identify bottlenecks, but also to avoid potential problems before they occur. In this way, the monitoring software also functions as a tool for network analysis, and supports the IT department, for example, in managing the capacity of the IT infrastructure.
For example, by analyzing the monitoring data, an IT manager can determine that the existing performance of the firewalls in use may no longer be sufficient, and that they must therefore be replaced by more powerful devices in order to continue to provide a high-performance and a secure network.
Should a problem occur, the holistic monitoring of the network including all of its interfaces helps to quickly isolate the cause of a failure. In this way, companies can save significant time in the search for the cause and speed up the resolution of the problem.
How to monitor network traffic
Since many companies rely on SNMP to monitor their network environment, the analysis of network traffic is limited to the data provided by the SNMP agent – such as the bandwidth on the various network interfaces. This gives the administrator a very good insight into the utilization of their network. However, in order to gain a more precise understanding of what is going on in their IT infrastructure and what the interrelationships are, they must conduct a deeper analysis of the network. This requires special network analysis functions and protocols that provide a more thorough insight into the traffic in the network environment.
The traffic analysis can be done by a packet sniffer, for example, which processes and evaluates the collected data, and thus can contribute to the analysis of a problem. In addition, packet sniffers also provide details from other information such as packet lengths, type of network protocols, response times, connection points, IP addresses, or which components talk to each other. This can help to detect suspicious network traffic, for example.
What is network flow
Another possibility for a deep analysis of the network traffic is the evaluation of the network flow. A flow packet provides a number of different pieces of information, such as the IP address of the sender and receiver, the source and destination ports, Layer 3 protocol types, the classification of the service, and the router or switch interface. All packets with the same contents are grouped together in a flow, and then the packets and bytes are added together.
These network flow records provide the administrator with the information needed to understand who, what, when and where on the network, and how network traffic flows. This enables them to see which devices are talking to each other, what the so-called ‘top talkers’ are, where there are potential bottlenecks and whether there is a potential problem at any point in the network.
The flow technology can also help them with capacity planning, for example by showing them how a new application, such as VoIP, affects the network bandwidth. Network flow also provides the necessary information for the sensible use of QoS (Quality of Service), i.e. the classification of services, and for the optimisation of resource utilisation. It can also support IT security by detecting DDoS (Distributed Denial of Service) attacks, malware distributed in the network, and other unwanted network events.
Switches and routers make this data available via special flow protocols, such as NetFlow. This protocol was originally developed by Cisco and provides information about data flow and traffic volume. The aim of Cisco technology is to provide insight into critical areas by means of improved visibility in the network. These areas include application and network usage, network productivity and use of network resources, the impact of network changes, network anomaly and vulnerabilities, and long-term compliance issues.
In the meantime, other manufacturers, such as Juniper Networks or Huawei, are also using flow technologies. With IPFIX (Internet Protocol Flow Information Export), the IETF has introduced an industry standard based on NetFlow Version 9. Network flow collectors collect and process the flow data records of routers and switches. These then transmit the processed data to an analysis console, which provides the administrator with the desired insights. Learn more about network flow monitoring.
Monitoring and analysis of wireless networks
The triumphant advance of mobile devices has ensured that in addition to a wired infrastructure, more and more companies are setting up a WLAN environment – or have already done so. Especially with concepts such as ‘Modern Work‘ or ‘Modern Workplace‘, which are based on flexible workstations, WLAN offers a simple way to connect employees' end devices to the network without the need for extensive cabling.
In IoT environments it is also possible to integrate many distributed sensors via Wi-Fi or other radio technology without having to implement expensive cabling. However, a powerful and area-wide WLAN supply is usually much more difficult to achieve, as it is much more dependent on external influences than, for example, a wired connection. The realisation of a WLAN in organisations, however, usually requires a certain amount of planning and know-how in order to guarantee a smooth operation of the wireless environment.
Environments struggling with poor WLAN coverage or a weak WLAN signal can with a Wi-Fi analysis quickly identify and counteract causes and possible sources of interference.
In addition, network monitoring should also take into account the infrastructure for the provision of the wireless network. The administrator must therefore include WLAN access points, WLAN routers and WLAN controllers in the network monitoring. Here it is not only advisable to monitor the bandwidth used on the WLAN components, but also other parameters such as the status of the individual devices, the number of subscribers or the signal strength.
With this data network administrators can not only ensure that the WLAN infrastructure is equipped to meet the necessary requirements in terms of bandwidth, access points and coverage – they can also use the monitoring data to put the capacity planning of their WLAN environment on a fact-based footing, enabling them to take the necessary measures even as the demands on the infrastructure increase and thus avoid WLAN failures or performance drops. Read more about Wi-Fi monitoring and analysis.
Whether large, distributed IT infrastructures or small networks with only a few hosts, whether wired or wireless: network monitoring is indispensable for organisations to ensure that business operations run as smoothly as possible. Companies that decide on a network monitoring software that provides all the functions listed above benefit, among other things, from a holistic view of their network. They also receive all of the important information they need to identify problems in their IT infrastructure, to detect bottlenecks early or to identify trends. In this way, the administrator no longer has to react, but can instead focus on other projects.
The range of services provided by Checkmk includes all of the above-mentioned requirements for a modern, holistic network monitoring. Convince yourself – test it now.