Home


About Network Testing Labs

Contact Network Testing Labs

Independent Reviews of Network Hardware and Software

 

NETWORK TESTING LABS REVIEW

Mid-Range Monitoring and Management Tools

 


Sophisticated monitoring, accurate discovery, flexible alerts and useful reports earned H-P’s OpenView and Argent’s Extended Technologies the top spots in a two-tier competition.
By Barry Nance


A medium-sized network of from 1,000 to 20,000 nodes exhibits virtually all the same complexities and troubleshooting challenges as a mega-network with more than 50,000 nodes. Monitoring and management products for mid-range networks need to be extremely capable.

The ideal management and monitoring tool efficiently and accurately discovers servers, clients, routers, switches and other devices. It revealingly and helpfully displays a map of the discovered nodes, it continually and faithfully checks for connectivity problems and it smartly and accurately notices performance problems such as excessive network utilization or an overburdened server. It quickly alerts you to these problems via e-mail or pager, and it can escalate its alerts by e-mailing or paging multiple people until the problem’s fixed. It can in some cases automatically solve a problem by restarting a program, running a script or running an external program. It produces useful reports that show the health of your network, measure the utilization of the network and its components over time and forecast trends to help you plan the network’s future capacities. The ideal monitoring tool is reliable, secure and easy to use.
To find out how a group of mid-range monitoring and management products would measure up against our criteria, we tested Netmon’s Netmon Professional Edition 4.5, Network General’s NetVigil Enterprise 4.2 SP1, Hewlett-Packard’s Mercury SiteScope 8.5 and Hewlett-Packard’s OpenView Network Node Manager 7.51 and OpenView Operations Manager 7.5, Argent Software’s Extended Technologies 8.0A and Netcordia’s NetMRI Enterprise Network Analysis Appliance 2.0 and NetMRI Operations Center in our Alabama lab.
Because “mid-range” is a broad term, we sub-divided monitoring and management tools into two price tiers (based on “starts at” pricing), a $2k to $30k price range and a $30k to $60k range. We designated SiteScope, Extended Technologies, NetMRI and Netmon as lower-cost tools in the first tier, while OpenView and NetVigil fell into the second, more expensive tier.

H-P’s OpenView and, in the second tier, Argent Software’s Extended Technologies earned top honors in our evaluation. They each exhibited accurate discovery, excellent monitoring, high-quality user interfaces and useful reports. OpenView and Extended Technologies each win a Clear Choice Award.


Argent Software Extended Technologies
Extended Technologies excelled in virtually every area of testing, from discovery to the graphical display of the network, from monitoring to alerting and from corrective actions to reports. Extended Technologies’ accurate discovery feature gleaned device data from ICMP ping operations, SNMP queries, DNS lookups and other actions to enumerate our routers, switches, servers and clients. We gave Extended Technologies ranges of IP addresses to define the network, and we were able to import network definitions from a spreadsheet. When we pointed Extended Technologies at a particular router, it intelligently found the network links, nodes, devices and computers connected to that router.

Extended Technologies’ monitoring uses a sophisticated set of thresholds to detect problems. These thresholds let us specify abnormal traffic levels and unhealthy server behaviors by time of day and day of week. Without requiring agents deployed across the network, Argent’s central software examined traffic and PerfMon protocol streams to note problems.

Extended Technologies can monitor a range of server operating systems, including Windows, Solaris, HP-UX, SCO, AIX and a wide variety of Linux flavors. On each server, Argent offers application-specific monitoring modules that watch over, for example, Oracle, SQL Server or Exchange. Extended Technologies can also keep an eye on BlackBerry Servers Lotus Notes, Brocade, Checkpoint, Cisco, Compaq, Dell, H-P, Intermec, Legato, Liebert, NetWare, Nokia, Nortel, Lotus Notes, Omnitronix, Sonic, WebSphere and WebLogic. Argent includes more than 2,000 pre-defined application- and device-specific rules in Extended Technologies, which made it immediately useful, right out of the box. Argent’s True Round Trip Time measurement, which tests an Exchange server by actually sending and receiving real e-mail messages and noting elapsed times, gives early warnings of potential Exchange faults and performance problems. On all servers, Extended Technologies notified us of server CPU utilization, disk space, low memory and network adapter issues. On Windows servers, it monitors Windows services, Active Directory and system registry health.


Like the other products in this review, Extended Technologies can take corrective actions, either by running a program, running a script, restarting a failed Windows background service or rebooting a server. Impressively, Argent Extended Technologies can also issue SQL statements (to trigger, for example, the running of an Oracle process).

Extended Technologies uses SuperMaps to graphically depict the network. The underlying  maps can contain whatever images you wish (such as GoogleEarth satellite photos or campus and building drawings). Drilling down through the various SuperMaps reveals a wealth of data regarding each trouble alert. Extended Technologies also offers a completely customizable dashboard to give you at-a-glance information on the health and level of activity on your network.

Extended Technologies supplies its customers with a run-time version of Crystal Reports, and designing new custom reports is a breeze. Out of the box, Extended Technologies’ reports are perfectly suitable for tracking problem resolutions, following historical trends and planning for future network capacity.

Argent Extended Technologies’ documentation is comprehensive, easy to follow and accurate, although it’s online rather than in hardcopy form. Extended Technologies can be installed in less than 10 minutes.


Netcordia NetMRI network appliance
A NetMRI appliance’s forté is problem analysis. Each NetMRI device contains a large body of expert system knowledge. Netcordia says that, using these expert rules, the appliance can assess, audit and proactively detect more than 200 configuration and QoS issues. In our tests, NetMRI promptly and unerringly pinpointed and alerted us to all the network, application and server problems we threw at it – outages, slowdowns and overburdened devices, degraded links and overtaxed computers. NetMRI notifies administrators – and others, via escalation, if the problem persists – using e-mail and pager. For problems susceptible to automatic repair, NetMRI can run scripts and external programs, reboot a server and restart a failed background service.

NetMRI’s discovery feature quickly and efficiently gave us an accurate inventory of our network devices and computers. Starting with either IP address ranges we specified, a seed router we pointed at or Comma Separated Value (CSV) data we imported, the NetMRI unit identified our routers, switches, servers and clients. At a frequency you specify, NetMRI automatically thereafter looks for and catalogues new devices on the network.

NetMRI’s monitoring function has a sophisticated threshold facility that can easily and precisely express unacceptable activity levels on your network at specific times of the day for specific days of the week. NetMRI’s Routing Neighbor Analysis is especially helpful. It alerts you to changes in currently-in-effect routing pathways, thus telling you about not only WAN link outages but also those links that shoulder the new traffic burdens as a result of those outages.


Netcordia’s central console, Operations Center, greatly enhances NetMRI’s scalability by coordinating, controlling and collecting data from multiple NetMRI devices. The vendor says one NetMRI Operations Center can monitor a network of 20,000 or more routers, switches and firewalls.

The NetMRI device has an intuitive, browser-based user interface. Categories of user interactions, such as Reports, Issues, Results, Settings and Tools, appear across the top of the browser window. Within each category, you see an expandable tree of views and actions you can select. Out of the box, NetMRI’s reports are perfectly suitable for tracking problem resolutions, following historical trends and planning for future network capacity.

NetMRI’s documentation is comprehensive, easy to follow and accurate. A NetMRI appliance can be installed in less than 10 minutes. While other appliances typically require ASCII-terminal-based initial configuration, NetMRI uses a browser-based wizard upon initial access that painlessly and quickly configures NetMRI.


H-P OpenView
Of the myriads of OpenView modules, Network Node Manager is the key monitoring and managing component. Network Node Manager accurately discovered our network, tracked device status, graphically displayed our network, alerted us to problems, fixed problems automatically, gathered statistics and processed SNMP alerts.

Network Node Manager’s discovery feature took note not only of network devices and servers but also virtual network services.

Network Node Manager uses Management Information Base (MIB) data from several sources, including routers, switches, bridges and repeaters. It captures some Layer 2 data, but for the most part it maps Layer 3 details. HP supplies numerous predefined MIB expressions, which Network Node Manager applies. The impressive list includes utilisation and error percentages, total packets by category (in, out and errors), retransmits, Cisco memory utilisation and full-duplex utilisation percentage.

Network Node Manager collects network health data, stores it in a relational database (provided by HP), analyses the stored device-status and event data, and reports results in useful charts and graphs. The system's root-cause problem analysis, dubbed Advanced Intelligent Diagnosis for Networks, was especially helpful in zeroing in on a specific device that was causing an outage or performance problem, while its path-analysis capability is similarly helpful in pinpointing problems and performance degradations involving network pathways and linkages.

Network Node Manager's automatic baseline feature sets alarm thresholds for you by analyzing collected device status and event data, thus giving it the ability to more realistically detect exceptions, faults and errors. After Network Node Manager created a baseline for our network, we manually added a few thresholds of our own. Network Node Manager thereafter generated prompt and highly informational alarms, via pager or e-mail, to notify us when the thresholds were exceeded.


Network Node Manager’s distributed architecture scales well to handle larger and more complex network environments. Network Node Manager even monitors itself to ensure it's running normally. It pages an administrator or sends e-mail alerts if the self-monitor finds that Network Node Manager, or its server, has died. Network Node Manager has both native Windows and Web-based versions of its user interface.

OpenView Operations integrates with Network Node Manager to provide a central console for event management, performance monitoring and automated alert processing. OpenView Operations has a high-level Visual Basic Script-like language for customers who want to tailor its processing.

OpenView Internet Services tracks Web transaction-oriented service-level agreement (SLA) violations. For services we defined, from general Web access to particular e-commerce transactions, it noted availability and response-time details, and alerted us when SLA parameters were exceeded. Alerts took the form of pager calls, e-mail notices and SNMP traps, and we could tell the module to execute a command in response to an alert. OpenView Internet Services has a productive dashboard-metaphor user interface with tree-based navigation, SLA health indicators and a helpful troubleshooting and analysis tool.

HP OpenView documentation is only online. Despite its complexity, the software was easy to install and begin using.


H-P Mercury SiteScope
SiteScope is a Java tool that runs as a background process, monitoring network and server activity, sending alerts and generating summary reports. It consists of six broad categories of objects: WebPage, Scheduler, Monitor, Alert, Script Alert and Reports. WebPage displays the browser-based user interface, Scheduler specifies when each monitor (i.e., each device or server status tracking process) runs, Monitor gathers statistics for each monitored device or server, Alert sends e-mail, pager messages and SNMP alerts when SiteScope detects a problem, Script Alert can run a script when a problem occurs and Reports generates Web pages that contain network statistics in either graphical or tabular form.

Using what was formerly known as the Topaz Watchdog, SiteScope’s monitoring feature even monitors itself.

The Script Alert object can restart a background service, reboot a server or run an external program.




SiteScope includes monitoring components for systems, applications, Web servers and network devices. The systems monitors collect basic server metrics, such as CPU utilization, memory usage, DNS/DHCP, file sizes vs. free disk space and TCP/IP services (FTP, Telnet, etc.). The applications monitors watch over specific software products, such as WebLogic, Cisco Works, Citrix, IBM DB2, WebSphere, ColdFusion, Exchange, Internet Information Server, SQL Server, Oracle and SAP. The Web server monitors keep an eye on Web sites (Apache, Netscape Enterprise, Netscape FastTrac, Microsoft IIS or O'Reilly WebSite), Web site links, e-business servers and SOAP-based Web Service sites. The network service monitors detect, for example, device and port availability via ping operations.

We noted SiteScope’s ping monitor sometimes missed detecting up and running devices. Although easy to get used to and navigate, SiteScope’s user interface is somewhat sluggish. We were also put off by SiteScope’s automatic daily restart – a monitoring tool should be robust enough to run more than 24 hours without causing problems.

SiteScope’s clear and comprehensive online documentation is easy for even novices to follow. It installs in less than an hour.


Network General NetVigil Enterprise
NetVigil is especially good at relating business functions to network components, applications and servers. It uses the concept of business containers to show how network problems affect specific business workflows and groups of users. NetVigil primarily uses SNMP to gather statistics and note problems. Each time NetVigil emits an alert, it clearly displays the business functions associated with the failing infrastructure components. Furthermore, NetVigil is geared to send notifications to both IT staff and business community staff.

Once we created a container for each business function in our simulated medium-sized company, we assigned network infrastructure elements to business functions by putting the elements into the containers. We found the process is a tedious one for a company of non-trivial size, but it’s a one-time process. Thereafter, NetVigil presented us with highly useful correlations between network faults and the various workflow units of our simulated company. NetVigil’s event management console offers status grouping, severity filters and one-click drilldown to help pinpoint network problems. We liked that NetVigil presents a separate dashboard for each container.

NetVigil’s discovery process was quick and accurate. It inventoried our devices, applications and servers and properly detected the relationships among the components. The vendor says NetVigil’s discovery process finds and identifies ATM disks, controllers, VLANs, file systems, fiber channel switches, printers, SAN and NAS devices as well as multiple redundant paths in the network. The discovery process notes the capabilities, size and capacity of each network component. It also identifies software processes running on each computer, such as databases, Active Directory, RADIUS, DNS, e-mail, Web application servers.


NetVigil can notify administrators via e-mail or pager, and it’s smart enough to suppress transient threshold breaches. NetVigil’s problem escalation feature ensures that, if front-line troubleshooters do not respond to a problem and the problem persists, other IT staff and business community staff in the organization will be alerted.

NetVigil’s reports show network event histories and problem resolutions, and they provide useful data to capacity planners. Moreover, business community people will find the reports showing network events and activity levels for each business container (i.e., department or workflow unit) highly illuminating.

NetVigil comes with clear and comprehensive online documentation. It installs in less than an hour.


Netmon Professional Edition
The Netmon appliance went to work quickly to establish a baseline of network activity and begin identifying network problems. Augmented by its built-in protocol analyzer, the Netmon appliance pinpointed network trouble spots by decoding key packets in addition to depicting the problematic network devices and servers. The Netmon device comprehensively monitored network traffic, specific protocols, bandwidth utilization, TCP/IP-based network services, switches, routers, servers, network printers, UPSes and application performance (responsiveness). It also detected half/full duplex mismatches, frame collisions and other low-level network issues. The Netmon appliance integrates closely with Cisco NetFlow to gather statistics from Cisco devices.

You’ll especially appreciate the Netmon appliance if you like solving network problems at a low level (i.e., “bare metal”). The device, through its browser-based Visual Network Explorer component, shows network activity in real time. And you can display the packet decodes from Netmon’s raw packet-level capture facility in a protocol analysis display utility such as Ethereal or Wireshark. The vendor says Netmon can decode thousands of protocols.


The Netmon devices notifies administrators via e-mail or pager when network activity exceeds thresholds that you set. However, the thresholds aren’t nearly as sophisticted as those in the other products in this review.

The Netmon appliance collects Windows performance statistics to display the status of Windows background services as well as CPU, memory and disk utilization. The device includes a port scanner for monitoring switch and router health, and it examines router ARP tables to identify new network nodes as they appear on the network. It keeps a close eye on event logs and security logs across multiple servers.

Netmon comes with clear and comprehensive online documentation. It installs in just a few minutes.


Conclusion
Each of these six monitoring and management products lived up to its particular design goals, and each impressed us with its capabilities. However, H-P’s OpenView and Argent Software’s Extended Technologies did a superior job of pinpointing network problems, accurately discovering our network, alerting us to problems, graphically depicting our network and providing us with useful reports.



How We Did It
We evaluated each product's ability to discover, manage, administer, monitor, report on, diagnose, troubleshoot, reset, reconfigure and secure our network devices, applications, servers and clients. Virtually all our testing took place across WAN links (T1, T3 and Frame Relay fractional T1).

The ability to resolve a problem automatically was a plus. We tested the sending of SNMP alerts as well as the processing of incoming alerts. We produced reports to show device and computer status information, network usage trends, security breaches, availability and uptime information, network baseline information and graphical maps of the network. We also tested any special features a product offered.


The testbed network consisted of six Fast Ethernet subnet domains routed by Cisco routers. Our lab's various computing platforms included Windows NT/2000/2003/ME/XP/Vista, Solaris, Red Hat Linux and Macintosh System 8. The relational databases on the network were Oracle 8i, Sybase Adaptive Server 12.5 and Microsoft SQL Server 2000. A Compaq Proliant ML570 computer with four 900 Mhz CPUs, 2G bytes RAM and 135G-byte hard disks, running Windows 2003 Advanced Server, was our test platform for all the products’ server components, while a Dell Latitude D505 running Windows XP SP2 was our monitoring client.

Net Results
Netmon Professional Edition 4.5
Score: 2.8
Company: Netmon, Inc.       (800) 944-4511      www.netmon.ca
Cost: $6,795

NetVigil Enterprise 4.2 SP1
Score: 3.4
Company: Network General Corp.     (408) 571-5000      www.networkgeneral.com
Cost: $55,000 for 100 devices

Mercury SiteScope 8.5
Score: 2.8
Company: Hewlett-Packard Co.         (650) 603-5200      www.mercury.com
Cost: $2,000 for 25 monitors

OpenView Network Node Manager 7.51, OpenView Operations Manager 7.5 and OpenView Internet Services
Score: 4.1
Company: Hewlett-Packard Co.         (877) 686-9637      www.openview.hp.com
Cost: Network Node Manager starts at $6,650 (250 nodes), Operations Manager starts at $18,450 (20 servers) and Internet Services starts at $12,449

Extended Technologies 8.0A
Score: 4.2
Company: Argent Software, Inc.         (860) 674-1700      www.argent.com
Cost: $1,500 per server

NetMRI Enterprise Network Analysis Appliance 2.0 and NetMRI Operations Center
Score: 3.6
Company: Netcordia, Inc.    (410) 266-6161      www.netcordia.com
Cost: NetMRI appliance starts at $9,500. Operations Center starts at $15,000 for 1,000 devices.

Scorecard

 

Monitoring

 
(20%)

Reporting

 
(20%)

Ease of use

(20%)

Notifications

 
(20%)

Corrective actions

(10%)

Installation and Documentation

(10%)

Total

Score

Netmon

Netmon Professional Edition 4.5

 

3

 

2

 

3

 

3

 

2

 

4

 

2.8

Network General

NetVigil Enterprise 4.2 SP1

 

4

 

4

 

3

 

3

 

3

 

3

 

3.4

 

Hewlett-Packard

Mercury SiteScope 8.5

3

 

3

 

2

 

3

 

3

 

3

 

2.8

 

Hewlett-Packard

OpenView Network Node Manager 7.51 and OpenView Operations 7.5

 

5

 

4

 

4

 

4

 

 

4

 

 

3

 

 

4.1

 

Argent Software

Extended Technologies 8.0A

 

5

 

5

 

3

 

4

 

5

 

3

 

4.2

Netcordia

NetMRI Enterprise Network Analysis Appliance 2.0 and NetMRI Operations Center

 

4

 

3

 

4

 

3

 

 

4

 

 

4

 

 

3.6

 

Scoring key: 5: Exceptional; 4: Very Good; 3: Average; 2: Below Average; 1: Consistently subpar



Copyright © 2012 Network Testing Labs


  
Home

About Network Testing Labs

Contact Network Testing Labs