Home


About Network Testing Labs

Contact Network Testing Labs

Independent Reviews of Network Hardware and Software

 

NETWORK TESTING LABS REVIEW

Entry-level Monitoring

 


In a group of truly excellent products, a wealth of features earns ipMonitor top billing.
By Barry Nance


If you despair because you think the cost of a good network monitoring tool exceeds your company’s total revenue for a year, take heart. Several vendors offer entry-level network monitoring and management tools that are feature-rich, mature, reliable, easy to use, able to monitor a diverse network and, of course, affordable. In fact, many of these tools have features you thought you’d find only in their more expensive distant relatives.

For any size network, the ideal monitoring tool efficiently and accurately discovers servers, clients, routers, switches and other devices. It revealingly and helpfully displays a map of the discovered nodes, it continually and faithfully checks for connectivity problems and it smartly and accurately notices performance problems such as excessive network utilization or an overburdened server. It quickly alerts you to these problems via e-mail or pager, and it can escalate its alerts by e-mailing or paging multiple people until the problem’s fixed. It can in some cases automatically solve a problem by restarting a program, running a script or running an external program. It produces useful reports that show

the health of your network, measure the utilization of the network and its components over time and forecast trends to help you plan the network’s future capacities. The ideal monitoring tool is reliable, secure and easy to use. Last but not least, the cost of the ideal monitoring tool for a small- to medium-sized network is commensurate with the size of the network.

To find out which entry-level monitoring tool comes closest to meeting our criteria, we asked 16 vendors to ship their brightest and best to our Alabama lab. Seven responded, with nine products. We tested DartWare’s Intermapper, Avocent’s LANDesk Server Manager, ipMonitor’s ipMonitor, Heroix’s Longitude, AdventNet’s OpManager, Fluke’s NetTool Inline Network Tester and LinkRunner Network MultiMeter and Neon Software’s LANsurveyor and CyberGauge.

While all these tools showed their mettle, maturity and merit by faring well in our tests, ipMonitor edged out the competition by virtue of its accurate discovery, pervasive device and application monitoring, ease of use and good security. ipMonitor earns itself a Clear Choice Award.


ipMonitor
If your network is primarily Windows-based and you want to closely watch for connectivity problems and Windows application or operating system faults, ipMonitor is your tool of choice. ipMonitor keeps watch over devices, applications, databases and servers. It recognizes and monitors Windows server (NT, 2000, XP, 2003), Microsoft Exchange, Microsoft SQL Server, Oracle, Dell servers, Hewlett-Packard servers, Cisco routers, Foundry Networks switches, APC back-up power protection systems and even NetBotz environmental monitors. The protocols it monitors are HTTP, HTTPS, FTP, POP3, IMAP4, ICMP/ping, SNMP, HTML/ASP, SMTP, DNS, Lotus Notes, LDAP, RADIUS, Telnet and SNPP.

ipMonitor tracks Windows Services, event log entries, free disk space, Active Directory, Kerberos and specific key files that you designate. ipMonitor keeps tabs on Unix-based servers via ICMP/ping and via the network protocol streams emitted by the Unix-based servers. The tool also generates synthetic transactions to “tickle” Web, e-mail, directory and database servers to make sure their applications are up and running.

ipMonitor quickly and accurately scans a network to discover applications, servers, devices and services on part or all of a network. ipMonitor groups the results by IP address or domain name, and it helpfully suggests what to monitor based on its findings during the scan.

ipMonitor has an especially strong alerting feature. For instance, when the tool detects a Quality of Service (QoS) degradation, a particular pattern of network traffic, activity levels that exceed setttable thresholds or a server or application failure, ipMonitor immediately lets you know via e-mail, pager, wireless device (e.g., Blackberry) and network message broadcast.


To fix problems automatically, ipMonitor can run an external program, reboot a server or restart a Service for alerts you designate. The browser-based Web interface is a highly configurable, responsive and easy to navigate window into ipMonitor.

Its Live Status reports display current, up-to-the-minute health and status of servers, applications and devices, and ipMonitor’s period-settable historical reports and recent activity reports reveal trends, help with problem follow-up and quantify your network’s uptime and availability. The reports detail such information as uptime, response time and failure durations.

Security is ipMonitor’s forté. It uses SSL (Secure Socket Layer), certificates and credentials, password-challenge authentication methods, IP address filters and delegated administrative accounts.

ipMonitor runs on various flavors of Windows (XP, 2000 and 2003).


Longitude
If your network is a bit more complex and heterogeneous than the average small network and you need a monitoring tool that can handle diversity, Longitude is in your future. Longitude does a superior job of monitoring a wide range of applications and operating environments. Longitude comprehensively measures hundreds of operational metrics that it uses in its alerts, reports and charts. Longitude gathers just the right user- and business-related metrics, user-defined transaction metrics and usage trend data.

Longitude keeps tabs on Windows Server 2000/2003, Windows XP, Red Hat Linux, SuSE Linux, Sun Solaris, Hewlett-Packard HP-UX and IBM AIX. Longitude collects and reports performance details for Web servers (Microsoft IIS and Apache), databases (SQL Server, Oracle and MySQL), J2EE application servers (WebSphere, WebLogic and JBoss), messaging environments (Exchange Server 2000 and 2003), user transactions (DNS, FTP,  HTTP, Ping, Port, SMTP, etc.), and infrastructure (Active Directory and DHCP).

We found Longitude to be the perfect Service Level Agreement (SLA) tracker for documenting server uptime and availability. While other Longitude components measure the performance of individual servers and applications, the SLA feature can rather neatly aggregate servers (whether or not they’re linked into a cluster) to show, for instance, overall uptime for a group of servers that logically share a particular workload.

If one of five related servers suffers downtime but the healthy other four servers continue to ensure application availability to the business community, Longitude on the one hand accurately and correctly notes the server’s downtime on its dashboard and in its monitoring reports. On the other hand, just as accurately and correctly, its SLA feature reports the overall availability of the shared-server application as “good.” Similarly, if an SLA specifies that multiple resources (Web server, application server and database server, for example) must all be available at the same time, Longitude unerringly displays and reports SLA violations when one of the resources fails.

When it detects a problem, based on threshold criteria you’ve set up, Longitude uses its pre-configured internal SMTP server to send e-mail to the appropriate people. Longitude’s e-mail note contains a problem description along with sufficient detail to help a network administrator know exactly what to do to fix the problem.

Longitude’s browser-based user interface is intuitively easy to navigate and understand. Longitude has thoughtfully-designed real-time dashboards with pin-point drill-down capabilities. Portions of an overall network, or specific roles within the overall administration of the network, can be delegated to a local administrator.

Longitude runs on Linux (Red Hat and SuSE) as well as Windows Server 2003.


OpManager
If your network experiences problems everywhere, you need a Swiss army knife monitoring tool – OpManager. It expansively and comprehensively monitors virtually every possible network nook and cranny, including WAN links, servers (availability plus CPU, memory and disk usage), switches, routers, printers, Windows Event log entries, Web site URLs, TCP/IP services, specific applications, Windows Services, APC UPS devices, network and application performance and Active Directory. OpManager includes a switch port mapper and MIB browser, and it integrates with the help desk product ServiceDesk Plus.

OpManager’s device discovery didn’t see one of our printers in one test (but did see it in a subsequent test). It groups discovery results onto neatly organized maps of switches, printers and other devices. The switch map displays, at a glance, the status of each switch and its ports. The router map depicts the health of each interface.


OpManager’s router monitoring function collects over 25 statistics from Cisco devices. The TCP/IP services function tracks activity for many common protocols (HTTP, FTP, SMTP, POP3, IMAP, DNS and others). Its application monitor babysits Microsoft Exchange, Lotus Notes, MySQL, Oracle and SQL Server. It tells you if a Windows service (Alerter, Net Logon, RPC, Print Spooler, etc.) has failed. The CPU, memory and disk space monitoring function lets you stay ahead of server capacity problems. If you have lots of servers, you’ll find OpManager’s Top Ten view helpful – it shows the busiest servers for CPU, memory and disk utilization.

When it detects a threshold violation, OpManager alerts you via e-mail and pager. It can send SNMP traps to a network management system such as OpenView, and its configurable problem escalation rules ensure that someone in your company will definitely learn that a problem has occured. OpManager’s abundance of reports and graphs reveal every possible network statistic or metric.

OpManager runs on Windows (2000, 2003 and XP) and Linux (Red Hat and Debian).


LANsurveyor and CyberGauge
If you need to document your network and watch for intruders in addition to monitoring network health, you’ll want to look into LANsurveyor and CyberGauge. Besides monitoring the availability of servers, applications, devices and links, LANsurveyor automatically diagrams your network and, via SNMP, documents all the devices on the network. LANsurveyor options include intruder detection, which identifies potential intruders, disables access for unauthorized nodes and performs an analysis to determine node vulnerabilities, and a second agent-based option called Neon Responder for remotely controlling Windows, Macintosh and Linux computers as well as saving LANsurveyor data in a relational database.

When network activity exceeds a LANsurveyor threshold you’ve set, it sends e-mail, Windows Messaging alerts and SNMP traps (to, say, OpenView) to notify you of the problem. LANsurveyor can also page you, insert entries into a syslog and, for problems susceptible to automatic correction, launch a computer program. Rather smartly, LANsurveyor’s thresholds are sophisticated enough to let you specify that you want to be alerted only if available bandwidth falls below a certain percentage during the work day, or that alerts should be directed to a separate set of people on the weekend.

LANsurveyor’s discovery function is quick and accurate. Via its Custom Report wizard, LANsurveyor displays information on discovered nodes, SNMP data retrieved from network devices, agent data collected from Neon Responders and SIP VoIP statistics. For example, the Switch/Hub Ports Report is a complete list of all nodes connected to one or more managed switches or hubs. You can export report data into Excel.

LANsurveyor runs on Windows 2000, 2003 and XP


CyberGauge measures bandwidth utilization, and it uses SNMP to monitor devices such as routers, gateways, Network Attached Storage, servers, clients and printers. CyberGauge’s thresholds, called Cascading Alert Limits, are just as sophisticated as LANsurveyor’s when it comes to relating timeframes to network activity.

CyberGauge can send e-mail, Windows Messaging alerts and SNMP traps (to, say, OpenView) when it detects an unresponsive device or network overutilization. Its reports and charts show bandwidth utilization, traffic distribution, device availability statistics and daily, weekly, and monthly quality of service (QoS), utilization, and average usage. You can view CyberGauge’s reports as Web pages or export them as Excel worksheets.

CyberGauge runs on Windows 2000, 2003 and XP.


Intermapper
If you like the idea of a monitoring tool that displays a meaningful, easy-to-understand-at-at-glance map of your network and watches for connectivity problems like a hawk, then Intermapper is for you. Intermapper uses SNMP to monitor for connectivity and uses synthetic transactions to monitor e-mail, Web and directory server availability. It ensures particular Windows Services are running, can promptly alert you via e-mail or pager when problems occur, is easy to use and produces highly useful reports.

Intermapper probes the network via SNMP to accurately discover devices, servers and clients. It displays an active, real-time map of the network’s elements, and the map uses colors to depict distinct traffic flows through the network. Intermapper polls SNMP-aware devices (servers, routers, switches and hubs) to collect traffic and error statistics. It periodically sends harmless synthetic transactions to servers to make sure they’re still responding, and it notes whether specific Windows Services (such as RPC, Indexer, WinLogon and others) are running.


When it detects an outage or a performance problem, Intermapper sends you e-mail or pages you. Its useful reports, which contain a wealth of detail about traffic, errors, utilization and outages, include Status Windows, Strip Charts and Device Lists. For example, the Status Window report for an interface shows transmit/receive statistics, utilization rates, device name, link type, link description, link status, IP address and MAC address. For spotting trends, Intermapper graphs network data at day, week, month and year intervals to show the performance history of a device or connection. These graphs display percent utilization, error counts, packet counts and byte counts.

Unfortunately, Intermapper doesn’t take corrective actions for any of the problems it notes. Its user interface is thoughtfully-designed and intuitive, but it’s not quite as responsive as a native (non-Java) interface would be. Intermapper doesn’t need to use distributed agents to collect data.

The Java–based Intermapper runs just about everywhere – Windows (NT, XP, 2000 and 2003), Macintosh OS X, Solaris, Linux (RedHat, SuSE, Mandrake and Debian) and FreeBSD.


NetTool and LinkRunner
Do your network’s cables and connections give you headaches? If so, the handheld NetTool and LinkRunner testers belong in your toolbox. Fluke offers 4 versions of the NetTool Series II Inline Network Tester, from the top-of-the-line NetTool Series II Pro VoIP to the entry-level NetTool 10/100. The Pro versions contain more diagnostic tests, and the VoIP versions can test office phone connections. We found the Pro VoIP tester especially handy for verifying and troubleshooting VoIP links.

Connecting a NetTool between a device and its network cable gives you an excellent view of traffic to and from that device. For instance, the NetTool shows which protocols are in use along with frame counts and error counts, and the tester gives you a precise and detailed condition report on the cable itself, including cable length and internal wiring integrity.


In a VoIP environment, the NetTool divulges key boot events such as DHCP address acquisition, DNS lookup of call servers and gateways, downloading of operating files and call server registration. NetTool’s VoIP Log shows call control events, QoS configuration, call quality metrics, RTP configuration (including IP addresses and ports used), VLAN priority, Diff Serv, codec and quality metrics such as jitter and dropped packets.

The NetTool quantifies PoE and, via digital signaling, helps locate specific cables on an active network. Its display of MAC and IP addresses, subnets and services offered by active servers, routers and printers makes it a quick, portable tool for spotting available and owned network resources. The NetTool Pro and VoIP models can upload data to a PC for further manipulation in, say, a spreadsheet program.

The LinkRunner Network Multimeter is a cable tester that can verify a cable’s condition as well as show the speed, duplex setting and service type for an in-use cable. It can ping nodes, and the LinkRunner can help you identify which cables go where for documentation purposes.


LANDesk Server Manager
If your servers always seem to be at the root of your network’s problems, LANDesk Server Manager is just what the doctor ordered. LANDesk Server Manager focuses tightly on the heart of your network – its servers. With the same care and watchful eye as an excellent doctor, Server Manager monitors servers and their applications, tracks your various software licenses and automates the deployment of new software versions, updates and patches.

Server Manager’s monitoring function uses a customizable browser-based dashboard to quickly and accurately show you what’s running in your servers – and what’s not. In- or out-of-band (through the existing network or a separate link you establish) Server Manager displays a wealth of information about each server. It has a remote-control function so you can repair a server configuration without having to visit the server. Server Manager’s firewall-friendly remote agents collect server performance data via CIM, WMI, SMBIOS, WBEM and WfM, and Server Manager can examine log files for unusual events. You have to install the agents, but, once in place, they work unobtrusively and well thereafter.

Server Manager’s predictive failure analysis looks at historical trends and real-time error situations to help you understand the scope and the cause of a network problem. Server Manager’s reports are excellent for both showing detail on server health and identifying trends.

Server Manager includes an intrusion detection feature, which LANDesk terms integrated active vulnerability scanning, to alert you to security problems. To further enhance security as well as licensing agreements, Server Manager monitors software license activity and can deny the execution of unauthorized computer programs. Server Manager acts as a central repository for the distribution of application changes and even whole operating system deployments.

LANDesk Server Manager runs on HP-UX, SuSE, Red Hat Linux and Windows (2000, 2003 and XP).


Conclusion
We found all 9 products mature, feature-rich, robust, useful and affordable. Each one has strengths that make it appropriate for solving particular problems or monitoring certain kinds of networks. Overall, however, ipMonitor gave us the best mix of discovery, monitoring of diverse devices and applications, flexible notifications, useful reports and ease of use.



Blurred Lines
Why would a company (of any size) spend $50,000, $100,000 or more on Alcatel-Lucent’s VitalSuite, CA’s eHealth, IBM’s (formerly Micromuse’s) NetCool or other product if these “entry-level” products are so darned capable?

Sophistication – Their complexity lets the expensive tools monitor networks more accurately.

For instance, you can avoid more false alarms with the expensive products because you can set sophisticated thresholds: “Alert me if Link X’s utilization exceeds 5% on Saturdays and Sundays, 20% after 8 PM during the week, 50% during weekdays or 75% at 10 AM and 2 PM on weekdays.” The expensive products are also usually quite good at performing root cause analysis.


Scalability – The expensive products typically have a distributed, n-tier architecture that helps them scale upwards to handle 100,000 or more network nodes.

Integration – The expensive tools integrate well with third-party software and even with each other. For instance, both CA’s eHealth and Spectrum products integrate with CA’s network documentation tool, netViz.

Specific device support – Understanding the Babel of languages emitted by a widely heterogeneous collection of network devices is another forté of the expensive tools. CA’s eHealth, for instance, is an absolute polyglot that ships with over 1,000 MIBs.


Net Results
Intermapper 4.5
Score: 3.5
Company: Dartware, LLC    877-276-6903        www.dartware.com
Cost: Monitors 100 devices for $1,395
Pros: Map depiction, monitoring and platform neutrality
Cons: No corrective actions


LANDesk Server Manager 8.7
Score: 3.5
Company: LANDesk Software, Inc. (an Avocent company)          800-982-2130        www.landesk.com
Cost: $129 per server node
Pros: Server monitoring, intrusion detection, predictive failure analysis and software distribution
Cons: No corrective actions

ipMonitor 8.0
Score: 4.7
Company: ipMonitor Corporation        819-772-4772        www.ipmonitor.com
Cost: $995 for 500 monitors
Pros: Discovery, monitoring of diverse devices and applications, flexible notifications, security
Cons: Needs deeper monitoring of Unix platforms

Longitude 4.0
Score: 4.6
Company: Heroix                   (800) 229-6500      www.heroix.com
Cost: Starts at $299
Pros: SLA monitoring, ease of use, excellent use of remote instrumentation techniques
Cons: Doesn’t monitor Lotus Notes or LDAP servers

OpManager MSP Edition
Score: 3.8
Company: AdventNet, Inc.   925-924-9500        www.adventnet.com
Cost: Starts at $795
Pros: Network maps, pervasive and comprehensive monitoring, alert escalation
Cons: No corrective actions

NetTool Inline Network Tester and LinkRunner Network MultiMeter
Score: 3.4
Company: Fluke Corporation              800-283-5853        www.flukenetworks.com
Cost: NetTool Inline Network Tester is $995, LinkRunner Network MultiMeter $450
Pros: Portable cable & connectivity testing
Cons: Small screen, few graphics

LANsurveyor 9.6
CyberGauge 7.0
Score: 3.7
Company: Neon Software, Inc.           925-283-9771        www.neon.com
Cost: LANsurveyor starts at $795, CyberGauge starts at $395 for 5 devices
Pros: Network documentation, discovery, alerting
Cons: Agent component should be included (not optional), needs to support more applications


Scorecard

 

Monitoring

 
 
(20%)

Reporting

 

(20%)

Ease of use

 (20%)

Notifications

 

(20%)

Corrective actions

 
(10%)

Installation,  Documentation

 
(10%)

Total

Score

ipMonitor

ipMonitor

 

5

 

4

 

5

 

5

 

5

 

4

 

4.7

Heroix

Longitude

 

5

 

4

 

5

 

5

 

3

 

5

 

4.6

AdventNet OpManager

 

5

 

4

 

3

 

4

 

2

 

4

 

3.8

Neon

LANsurveyor and CyberGauge

 

 

4

 

 

4

 

 

3

 

 

4

 

 

3

 

 

4

 

 

3.7

DartWare

Intermapper

 

4

 

4

 

3

 

4

 

1

 

4

 

3.5

Fluke

NetTool and LinkRunner

 

 

3

 

 

4

 

 

4

 

 

3

 

 

1

 

 

5

 

 

3.4

LANDesk Server Manager

 

3

 

4

 

4

 

3

 

3

 

4

 

3.5

 Scoring key: 5: Exceptional; 4: Very Good; 3: Average; 2: Below Average; 1: Consistently subpar

How We Did It
We evaluated each product's ability to manage, administer, update, monitor, report on, diagnose, troubleshoot, reset, reconfigure, and secure network devices, servers and clients. Virtually all our testing took place across WAN links.

The ability to resolve a problem automatically was a plus. We tested the sending of SNMP alerts as well as the processing of incoming alerts. We produced reports to show device and computer status information, network usage trends, security breaches, availability and uptime information, network baseline information and graphical maps of the network. We also tested any special features a product offered.

The testbed network consisted of six Fast Ethernet subnet domains routed by Perle and Cisco routers. Our lab's various computing platforms included Windows NT/98/2000/ME/XP, Solaris 8.0 and Macintosh System 8. The relational databases on the network were Oracle 8i, IBM DB2 Universal Database, Sybase Adaptive Server 12.5 and Microsoft SQL Server 2000. A Compaq Proliant ML570 computer with four 900 Mhz CPUs, 2G bytes RAM and 135G-byte hard disks, running Windows 2000 Advanced Server, was our test platform for all the products’ server components, while a Dell Latitude D505 running Windows XP was our monitoring client.


Copyright © 2012 Network Testing Labs


  
Home

About Network Testing Labs

Contact Network Testing Labs