.
IBM, in the mainframe-oriented heyday of the 1980s, was the first company to develop an enterprise management system capable of monitoring and controlling networks consisting of thousands -- even tens of thousands -- of hosts and terminals. That software package, called NetView, opened up a new range of applications that ranks today as one of the data communications industry's hottest markets, which includes competitors from powerhouses such as Computer Associates, Digital Equipment, Hewlett-Packard, and Sun Microsystems.
This emerging range of enterprise management applications has changed significantly over the past decade,
creating new capabilities that enable network administrators to monitor and control remote computers and other devices. But many managers of mega-networks, whose jobs are on the line, say the technology has not evolved rapidly enough for their liking.
Setting the Standard
The problem, MIS executives say, is that most so-called network management tools -- such as Cisco's CiscoWorks and Novell's ManageWise -- are designed to manage only particular devices or systems, such as routers and LANs, in the enterprise, not the entire network. These applications (collectively known as
element management systems
), which include modem, hub, and multiplexer management systems, gather data about the operating status of specific types of network devices (e.g., LAN servers, routers, and hubs) and display it on a Unix workstation or PC monitored by the network administrator.
Element management systems typically are included with network devices, which means that the corporate network admin
istrator who manages equipment purchased from many different vendors might have as many as 100 different consoles to monitor. This has created a need for "swivel-chair network management": the act of swiveling or rolling one's chair among many different consoles in an effort to locate the genesis of a network failure (see the figure
"Swivel-Chair Management"
). It's kind of like walking around with binoculars strapped to your head; you can see one focused area, but you can't step back and look at the whole picture.
Enter the enterprise management platform, usually a high-powered Unix-based workstation that can run many element management system applications simultaneously. The goal of the enterprise management platform is to provide a single workstation (or group of workstations) that can run many different element management applications and, ultimately, integrate the data from these applications to provide a "big picture" view of the entire enterprise network.
A good idea? Defin
itely. The problem is that not all element management systems speak the same language or report their status information in the same format. A standard protocol for transmitting and handling network management information is required. Most network devices today use SNMP, a standard published in 1992 by the Internet Engineering Task Force (IETF), the same body that sets guidelines for the Internet.
SNMP defines a method for collecting and formatting information about the devices to be managed through a small piece of software known as an
agent
. An SNMP agent can be installed on any intelligent device. Non-SNMP devices can be managed through
proxy agents
that translate any kind of status information sent to an intelligent agent.
Today, most network devices come with built-in SNMP agents that let them transmit status information to an SNMP-based management system. An administrator sitting at the console of one of the more popular SNMP-based enterprise management platforms, such as HP's
OpenView and Sun's SunNet Manager, can gather and correlate data from a variety of SNMP-compliant devices and systems. This provides a broader view of the topology and status of the entire network (
see the figure
). Most smaller networks do not require SNMP because they don't have the wide variety of hardware and software required in big networks.
Under Construction
Over the past several years, SNMP agents have been added to many network devices, and enterprise management platform vendors have been improving their products as they fight a pitched battle for industry leadership. Yet despite these steps forward, many corporate network administrators say they're still far from their goal of developing a common set of tools for enterprise management.
One problem is that many network elements still cannot be managed by SNMP. For example, most firms haven't scrapped their mainframes, which generally employ IBM's Systems Network Architecture (SNA) protocols. These SN
A networks cannot be fully monitored via SNMP, which leaves huge blind spots in the network administrator's view of the enterprise. Similar problems occur at the LAN level, where companies such as Microsoft and Novell have only recently begun to deploy SNMP in their server products.
To complicate matters, many network administrators now find themselves responsible for managing not only the corporate network but also the hardware and software at the end of each link. Increasingly, systems and applications management are tied to network management, but only network devices typically have built-in SNMP agents.
In addition, many administrators have been disappointed thus far with the lackluster performance of SNMP-based enterprise management platforms. One of the most important problems is a lack of scalability. Initial releases of several SNMP platforms -- including offerings from HP, IBM, and Sun -- were based on a single Unix server that couldn't share information with other management servers.
"In
that world, you could see the entire environment, but only if it was small," explains Andy Vanagunas, product manager for HP OpenView. "In the larger environments, it was a little like driving with your windshield half-covered."
Under these limitations, the so-called enterprise management platforms could realistically manage only around 1000 nodes -- only a slight improvement over some higher-powered LAN management systems. Although some vendors -- notably Cabletron Systems, Groupe Bull, and HP -- have fixed this problem to provide high scalability in current releases, many potential buyers are still stinging from the failure of those early releases to meet their high expectations.
Another deficiency in many currently available enterprise management platforms is the absence of communication between element management applications running on the same platform. While administrators may have reduced the number of consoles to be monitored, they still must correlate in their heads the data gathered by mul
tiple applications.
For example, a router failure on a network might terminate communications with 100 systems attached downstream from that router. Sitting at the SNMP enterprise management console, the network administrator is suddenly swamped with 101 alarms that indicate a system failure. Yet only one is the cause of the problem; the other 100 are only symptoms. In many cases, it's left to the network administrator to determine which is which.
This problem has created a niche market for management software that can correlate network events and present the administrator with root-cause information. This correlation can take place in one of two ways: through filtering, which eliminates event data that's downstream from the root problem; or through true correlation, in which data from several different applications is intelligently reviewed and processed to determine the interrelationship between separate network events.
Although event correlation is still a fairly new idea, a number of related p
roducts have been on the market for several years. Seagate, for example, offers a package called NerveCenter that correlates SNMP events; other suppliers, such as Boole & Babbage, Maxm, and Objective Systems Integrators, sell products that focus on the correlation of events in non-SNMP legacy environments as well.
Sometimes the lack of data integration between management applications creates difficulties in pinpointing the origin of a network problem. For instance, the router might indicate that a problem is caused by an overflow of data from a particular server; meanwhile, the server may indicate that the problem is in the router. This situation, sometimes called
finger-pointing
, is a common complaint of enterprise management platform users.
Many enterprise management platform vendors hope to solve the finger-pointing problem by rebuilding their network management applications using object-oriented technology. This capability, which is already in development at companies such as Groupe Bull
and IBM/Tivoli, will let users share data across multiple applications, in much the same way that users of the Microsoft Office suite can share information across Word, Excel, and PowerPoint via OLE.
User Approaches
Besides dealing with the deficiencies of technology and tools, corporate network managers must also face the grim reality that no two organizations, or their networks, are alike. Therefore, the method of implementing enterprise network management platforms might differ significantly from company to company.
Some firms, particularly long-established IBM mainframe shops, have a central data center that controls most of the data network management functions in the enterprise. These organizations prefer a central point of control for monitoring all network activity, such as what the mainframe-based NetView provided in past years. This allows all troubleshooting, as well as other administrative tasks, to be handled by a centralized group of people and software.
In today
's client/server multivendor environment, this centralized method of control can even be applied to the use of SNMP-based enterprise management systems. The network manager might divide the enterprise into multiple management domains -- based on geography, applications, or traffic type -- each managed by local SNMP platforms. These local platforms would all be connected to a single, central platform that collects filtered data to create a high-level view of the entire enterprise.
However, the proliferation of client/server technology, as well as the decentralization of many large businesses, is making centralized management increasingly difficult. In many large enterprises, network management and administration decisions are made at a departmental or business-unit level. The central MIS manager is responsible for coordinating these distributed activities -- as well as distributed multivendor tools and personnel -- across the enterprise.
Unfortunately, there are no universal truths as to whether centra
lized or distributed approaches work best in the very largest networks. The decision to use centralized or distributed network management is much like the decision between centralized and distributed personnel management; how you do it depends largely on how the organization operates.
SNMP-based enterprise management platforms were designed to function in distributed environments, collecting data in many different formats across many different domains (
see the figure
). But, as previously mentioned, the lack of server-to-server communications capability in many SNMP platforms has made this approach hard to implement, since this capability is a prerequisite for scalability in very large network environments.
Whether centralized or distributed, it seems that today's enterprise management platforms have barely scratched the surface of the data they will eventually have to manage. In large organizations, the network management system is rapidly becoming the point at which the pulse is
taken for the entire IS environment.
For example, many enterprise management platform vendors are adding systems management capabilities to their network management platforms. These capabilities let an administrator monitor hardware parameters, such as I/O performance, response times, and storage utilization, as well as the performance of the network. In fact, some products, such as HP's IT/OperationsCenter and IBM's SystemView, actually subordinate the network management function to a higher-level system management function.
Large organizations have recently taken this evolution a step further by focusing on enterprise applications management. Administrators employ systems and network management tools only to support the end game of ensuring that specific mission-critical applications are available and are performing well. This approach makes sense to CEOs and end users, who seldom have a great deal of knowledge of network or systems management but know when their applications are not performing as
they should.
The addition of systems and applications management functions threatens to completely overwhelm today's enterprise management platforms, which have already proven to be deficient in handling network-specific data alone. How will these platforms be able to keep up?
One development that will help is the recent improvement in SNMP platform scalability. Several of the industry's leading platforms, including HP's OpenView and Cabletron's Spectrum, are now delivering server-to-server distribution capabilities that should enable them to scale to infinitely large networks. The ability of these systems to handle network and systems information -- even in environments of 10,000 nodes or more -- is improving significantly.
Object-oriented technology may make it easier for applications running on the same platform to share data. Companies such as IBM/Tivoli are advancing new object-oriented frameworks for building management tools; this should result in improved integration. Vendors are also inte
grating event correlation, rules-based reasoning, and even AI into network management systems to reduce reliance on human operation and make network administrators more productive.
Will tomorrow's enterprise management systems replace the human network administrator? Not in our lifetimes. But with new technology, administrators may be treated to a little more boredom and a lot less terror.
illustration_link (31 Kbytes)
illustration_link (25 Kbytes)
illustration_link (20 Kbytes)
Tim Wilson is a senior consultant at Decisys, Inc., an enterprise network consulting firm based in Sterling, Virginia. You can reach him at
twilson@decisys.com
.
See the Big Picture
