Planet Network Management

The Paessler CEO's Network Monitoring Blog

How to Avoid Flaws in Identity Management

I recently gave a presentation at the IDC Asia Pacific CIO Summit 2010 around Identity & Access Management (IAM) and security. It struck me that I should write up and share what I discussed and let you see the slides. Basically, my presentation comes down to the fact that IT managers need a secure and cost-effective approach to IAM.

Security threats are increasingly becoming focused on where an enterprise keeps its critical data: the servers, databases, directories and in other technologies. If these are accessed by unauthorised users, the risk of a business critical data breach, revenue loss, and compliance fines could emerge. With the best of intentions, a simple mistake within a directory-based application among which the above technologies are acting as ‘managed resources’ can knock out access for many people, and for some organisations, can cost equally impressive amounts of money.

A significant challenge faced by organisations today is related to the implementation of intelligent and integrated management of user activity and their access to appropriate systems. Time, money, and effort are invested in collecting security trends about what is happening. However, the problem arises when getting a long list of "whats" does not contribute much to addressing the issue unless it is paired with the “who" and the “when”. Correlation of identity, event, and data provides the most direct route to identifying threats before significant damage is done, but subtracting any one of those reduces the significance of security information so much that the value is doubted.

Distributed environments and complex data centres are already hard enough to manage. If you add an army of power users within an organisation that needs appropriate access to all this technology, it’s imperative that an identity management solution is implemented effectively and timely. IT managers need a secure and cost-effective approach to identity and access management by:

Centralising and automating administration
Eliminating the complexity of managing multiple identities
Enforcing controls necessary to achieve compliance
Capturing and securely storing audit events and
Easily producing meaningful reports.

However, there are three major flaws or stumbling blocks to proper implementation of such solutions. Let’s take a closer look.

Flaw 1: Employee de-provisioning

It has been an ongoing problem for organisations to properly de-provision a user who has left the company. Too often, accounts are still active, or some kind of accessibility to enter the corporate network from an external location is possible. This gives an opportunity to take information or—if the person is of the right mindset—leave corruptive malware behind. There is a need for organisations to tighten their security measures and workflows for de-provisioning to eliminate former employees’ accessibility.

Integration with the human resources databases to ensure faster response on the elimination of accessibility is the key. Also, watch shared accounts and be prepared to raise the level of activity monitoring if needed. Finally, automated workflows would be the safest approach to ensure all accounts are dealt with and fully documented so they can always be referenced.

Flaw 2: Lack of a centralised identity management solution

Organisations should consolidate and centralise the access controls with one directory service. From here, the access can be extended to other systems and applications to encourage consistent security and configuration policies. Drive down the management headache

and drive down the management cost.

Risking having multiple accounts to manage on various systems gives way for a lack of synchronisation and upkeep and multiple points of a breach that can be hard to track if there are many diverse systems. It’s easy to stay under the radar when not everything is accessible from a central location and a generic system that isn’t centrally managed may be the back door that allows for unauthorised access.

Flaw 3: No secure privilege delegation

As we delve deeper into IT security and privilege in the data centre, we must understand how the definition of privilege is evolving. The excessive privileged and access control rights for users have critical financial impact on organisations with regard to the risk of a data breach, revenue loss and compliance fines.

To reduce the chances of unduly solicitation of data by outsiders, it is recommended that organisations implement tighter control by reducing the number of administrators. It eliminates the risk of accidents by managing tightly who can do what, improve auditing, streamline and simplify compliance.

To summarise, managing the identity and integrating identity into an organisation helps protect assets and reduce the impact of a breach. Risks can be properly mitigated, compliance penalties may be avoided, and in general, the overall access to critical information is under tighter control.

New Features in PRTG 8 - Part 5: A Little Slideshow

While the beta test of PRTG 8 is running we are posting a series of blog articles about new features! In the last blog entries, a lot of new features have already been introduced. To give you an extensive insight into the new Ajax web interface, we've compiled a series of screenshots so you can directly dive into the new look & feel of PRTG.

Devices Tree View

The tree view lists all of your devices in hierarchical order. Here, the Root group is shown with groups and devices, and the sensors for the devices. On the right side, summary charts for monitoring data are shown, as well as a geographical map indicating the location for every device.

Device Detail View

The detail view of a device lists all sensors, monitoring different aspects, such as Ping, different protocols, and ports with status and mini-graphs. Here, a hardware firewall is shown. On the right side, summary charts for monitoring data are shown, as well as a geographical map indicating the location of the device.

Detailed Graph

Detailed graphs visualize your monitoring data. Here, a graph for a Ping sensor is shown. Every line shows one channel of the sensor, such as downtime, minimum and maximum response time, and average Ping time, and Packet Loss in percent.

Toplists Show Bandwidth Usage

NetFlow, sFlow, and Packet Sniffing sensors support customizable toplists. They show the bandwidth usage by IP address, protocol, etc. Here, a toplist of the Top Talkers for a time span in August is shown. The chart shows the bandwidth usage by IP in percent.

Stacked Graphs

Stacked Graphs visualize the components of the total bandwidth usage. The screenshots below show:

Packet Sniffer graph, with traffic split into different protocols.
The traffic of Paessler's fiber optic connection. Traffic in and out are split at the x-axis, showing traffic out mirrored to traffic in.
CPU load graph. Each CPU's load is shown in one graph; the single stacked graphs show the CPU total usage.

Easy Sensor Setup

You can choose from over 80 different sensor types. You can choose a sensor by category, or simply search for a sensor type name.

Alarms and Warnings Lists

The Alarms list shows all sensors that are currently in an Alarm or Warning status. It assists you to gain an overview of all problems in your network very quickly. The list shows the sensors' states, last value, message, and a mini-graph.

Create Own Maps

Using the Maps feature, you can create your own overviews of your network. Simply add objects from your setup, for example, icons, data tables, or graphs. You can make every Map publicly accessible, if you like.

Create Own Maps—Add Objects

Adding new objects to your Map is easy: Simply select an appropriate icon from the list. You can also choose from geographical maps. Additionally, you can draw lines between objects to visualize network connections.

Cluster Status

Keep track of your cluster's status at any time. The Cluster Status page shows which nodes are connected to the cluster and if there are any connection or performance problems.

Beta Test it Today

Why not go and see for yourself? Download the latest Beta version today and have a look! All information can be found on the PRTG 8 Beta web page.

ManageEngine Blogs

Reduce one step from your usual Server Troubleshooting Handbook.

Last time I posted about Applications Manager's ability to monitor custom applications. However today I will post about an interesting question we got in support from one of our customers. Basically it will help you reduce one step from your usual server troubleshooting handbook. Interested ? Please read on.

Can I/you generate a list of all system processes by CPU/Memory usage when a CPU threshold is violated on a Server monitor?

Answer is YES! We can generate a snapshot of all processes arranged in descending order based on the usage (CPU/Memory) for each process on occurrence of a CPU or Memory alert for Server monitors. This can be done by associating a Threshold and Email Action to the CPU Usage % or Memory Usage% attribute of the Server Monitor. Please refer Threshold configuration and creating Email Actions from our Online Help Document.

The alert when triggered from this setting will have a link to a report that shows the processes by CPU usage and percentage Memory used for each process arranged in the descending order, based on the usage for each process at the time the alert occurred. You can also reach the report in the Web Client, by clicking on the threshold icon from the Server monitor details page, when the monitor is in warning / critical status.

This snapshot view could assist us in determining the server process that could have caused the unusually high CPU Usage . It will then help you take remedial action accordingly, which I believe should be really handy when configured for all busy servers as it will reduce one troubleshooting step.

As always, if there is something that you think will make life easy for you while using Applications Manager, do post your comments or vote your idea up, via our community portal.

Thanks & Regards,
Paul Jacob

The OpenNMS Blog

OTRS package updated

Just a quick post to say that I have updated the OTRS package for OpenNMS. It no longer depends on the hard-to-find Perl SOAP::DateTime module and should therefore be a smoother install for new users. No new capabilities are added in this release so you can skip it if you’re already up and running. Thanks to Michiel Beijen of OTRS for the suggestion.

More details can be found in the OpenNMS wiki.

OpenNMS VMWare Appliance

Just a short note that Ronny Trommer has modernized the OpenNMS VMWare Appliance.

There is a wiki page with details, and it can be downloaded from both the Virtual Appliance Marketplace as well as Sourceforge.

Reductive Labs

Bay Area Developer Training

Puppet Developer Curriculum (3 Days)

This training is ideal for those who want a Puppet jumpstart. Newer members at an organization already using Puppet, or experienced sysadmins wanting to bring Puppet into their team will get everything they need to deploy solutions.

Prerequisites:

Attendees should have at least the equivalent experience of a junior Unix/Linux administrator.

Topics covered include:

Day 1: Introduction to Ruby
Day 2: Extending puppet
- Overview of API that can be used to extend Puppet
- Custom facts
- Custom functions
- Custom reporting
- External node classifiers
Day 3: Writing custom types and providers in Ruby

The topics are covered over 3 days. Sessions will mix theory and practice, balancing lectures with hands-on exercises. (Each student should bring a WiFi enabled laptop with VMWare installed to participate in the labs.)

Pricing

$2,195.00 by September 27, 2010; $2,395.00 on or after September 28, 2010.

Event registration for Puppet Labs Developer Training: Bay Area powered by Eventbrite

Change is good, except when it isn’t

The last two years have been a wild and crazy ride for most companies. Mergers, acquisitions, layoffs, unexpected growth, and reorganization – it all comes down to change. They say that change is good and should be embraced, but sometimes change can have bad results, specifically when organizations don’t change their processes to support changing business models.

The 2010 Verizon Data Breach Report has received some pretty serious media coverage lately, primarily because it highlights a disturbing trend – the threat of the insider. After all, 48% of breaches were caused by insiders last year. At the end of the day, companies depend on their workforces to drive productive and profitable business. Those workforces are made up of people (insiders if you will) who have specific opinions and feelings about change. Organizations should consider how their people will react to change – will it be embraced, will it cause consternation and morale issues?

Enter process, stage left. If organizations don’t consider both people AND process during a time of change, the consequences can be very negative. One of the most visible processes to consider during times of change is user provisioning. If organizations quickly align employee access with new roles and revokes unnecessary access, the threat of employees abusing their privileges is significantly reduced. Furthermore, by removing access of those employees no longer employed, organizations are closing doors that could easily be exploited by insiders posing as someone else or as outsiders gaining access to systems via dormant accounts.

I happen to believe that people are good and will do the right thing, but I’m also a realist. I recognize we live in a time of real uncertainty that can cause folks to act in ways they normally wouldn’t. As organizations adapt to new business environments, to ensure their future success it’s incumbent upon them to consider BOTH people and process.

Hey Chart, get in my Report! (Part 1)

That was an old Austin Powers reference for those who missed it ;-) So, what do I mean by this? Well, a question we get asked all the time by customers is “How do I get the pretty charts I see on my Orion website into a report that I can send to my boss on a regular basis to make him/her happy?”. Seems like a reasonable request, right? But, before I dive into this topic, you’ll need to ask yourself what types of reports does your boss care about seeing? Does she want the charts as well as the detailed data behind the charts? Or, would she be perfectly happy with the Orion website pages she’s seen while looking over your shoulder?

Let’s start with the latter use-case since it’s the simplest and requires only a few steps in Orion Report Scheduler.

How to send an existing Orion website page as a scheduled HTML email to your boss:

To begin, you’ll need to open the Report Scheduler app on your Orion server (Start > All Programs > SolarWinds Orion > Alerting, Reporting, and Mapping > Orion Report Scheduler). Click the Add+ button to create a new report job. You’ll see the following screen where you’ll want to fill in the job name and click Continue.

On the next screen, you’ll see a prompt to add a link to a Web Report or Page in Orion.

Rather than try to find this URL manually, simply click on the ‘…’ button and you’ll see a browser pop up where you can navigate to the Orion website page you want. In this example, I’d like to send the “Top 10 List” page so I’ve logged in and navigated to that page below.

When you click the “Use Current URL” button, this will automatically populate the previous screen as you can see below. Notice that I’ve also checked the “Retrieve a Printable Version of this Page” option. This will remove the banner and the menu bar from the page. BTW, if you’re like me and you can’t stand to wait, try adding “&printable=true” to the URL in Orion to see what the page will look like when it’s sent.

When I click “Continue”, you’ll see I can set up my schedule. In this case, I’m going to send it every morning at 8am. You can also schedule it to be sent weekly, monthly, or just this once.

Finally, you’ll need to enter the email address of the folks you want to send it to. If you want the email to actually go anywhere ;-), make sure to also fill out field on the “Email From” and “SMTP Server” tabs.

Click “Continue” one more time, enter the Windows credentials you want this job to run under (use a service account whose password doesn’t change often), and then you’re done! You should see your new job listed in the Report Scheduler window. If you want to run it now to test, simply right-click and select “Run Selected Job Now”. Just be aware that if it works, your boss will be getting the email each time you run the job!

NOTE: Some of you may have issues with your email server gobbling graphics in HTML pages. If you can’t work around this, fear not because we’ve got a solution in the works. As noted on this post, we’re working on enhancing Report Scheduler to allow you to send Orion pages and reports as PDF email attachments in addition to HTML.

Ok, but what about first use-case? That is, the management team that wants their charts and their detailed table-based data too? Well, you have a couple of options in Orion to address that need. It’s a little more involved so I’ll talk you through that in part 2 of this series.

In the meantime, have a great weekend and please let me know in your comments if there’s anything else you’d like covered in part 2!

Tenable Security Showcase - New York City

Please join Tenable's own Ron Gula, Renaud Deraison, Marcus Ranum and Paul Asadoorian for a Security Showcase on October 6, from 8:30am to 2:00pm at the New York Marriott East Side, 525 Lexington Ave. at 49th Street in New York... Paul Asadoorian

The Open Monologue

This blog has moved!

This blog was a test for me personally to see if there was any interest in network monitoring and news and stuff related to op5 where i work. The test has been successful, so I have now moved this blog to our new official op5 blog. We have set up a blog platform in order to collect the 5 different blogs, individuals at op5 has started. We hope to make it easier for you as a user to find and follow the posts from any of us.

Icinga Blog

Icinga vs. Nagios –Tabled

It’s coming to a year since our first RC 1.0, and we’re still getting much interest in Icinga. Of course, the age old question arises time again–“What’s the difference?”

We’ve tried it in words, we’ve tried it on YouTube and now we’ve tabled it! Thanks to a clever suggestion made by an Icinga user – kudos to Dorian Gray!

Check out the Feature Comparison Table, which puts the latest Icinga 1.0.3, Nagios 3.2.1 and Nagios XI side by side. But as always, the best way to compare is to try it for yourself- download it and let us know what you think.

IT Management and Cloud Blog

10 AppManager Forum Highlights for a Northern Hemisphere Summer!

...or the Southern Hemisphere's Winter. We have a few members from Australia and New Zealand on this forum so I don't want to leave them out! As many of you know, I live 2 degrees north of the equator and it's a permanent summer for me Cool

In my absence, due to my circumnavigations, I did not provide any forum highlights last month. So, I've decided to give you a larger update with 10 posts worth noting from the last two months. I would like to send out a special THANKS to my friend and colleague in the London (Staines) office - Alain Salesse - for doing a smashing job providing some very useful custom scripts at the requests of several members of the forum.

Happy Reading and enjoy!

BotchagalupeMarks for July 9th – 06:35

These are my links for July 9th through September 1st: 500 Internal Server Error – 500 Internal Server Error 500 Internal Server Error – 500 Internal Server Error Seattle Met Magazine / Real Estate / Real Estate Articles / Detail – 107 Neighborhoods by the Numbers -

Continue reading other LoveMyTool posts by Tony Fortunato »

Network Janitor: So Simple, Even My 13th Year Old Niece Did It (by Tony Fortunato)

While working at a customer site, I overheard some technicians complaining about an upcoming cutover. Their main concern was that many of the cables connected to the switch were not documented. At one point a tech remarked, "I wonder how many of those connections are even in use?".

They did not want to blindly move the cables and configuration over since they suspected that the majority of the ports were not in use. They suspected could get away with less equipment resulting in less space, etc. I asked how much time we had before the cutover and was surprised to hear that we had 1 month, but that included ordering new equipment.

Of course, we started with the basics;

We noted which ports did not have link lights. I found out that This proved unreliable since many of the staff are nomadic and are not permanently at their desks. To complicate things further, many of them who were at their desks, used their wireless connection, since it was more convienant.
we traced the cables that terminated at a punch-down block or patch panel. Unfortunately, the majority of the cables went up into the ceiling tiles, or under the raised floor.
lastly, many of the office cubicles and desks were blocking the wall jacks.

I suggested that they take their current methodology a step further;

Use the port description field within the switch config to "label" all known ports.
Clear the port counters
Then we can check the interface statistics to see if any of these ports had any traffic, and check the 'cam' table to get the mac address. Then we check the DHCP database to get the users information. Finally, we fill in the switch port description field and clear the port counters again.
Then I told them that I could easily write a small perl program that will do this every hour and log the findings.
I recommended that they also send out an email blast to all laptop users to use their wired connection as much as possible for the next few days.

I also had my Fluke Optiview Integrated Analyzer (INA) performing an inventory scan, which identified switch port, MAC address, IP address and machine name to ensure we didn;t miss anything.

I explained that this tool made the manual/perl script process a little easier. I also proved that the manual method was as accurate as the INA since we used some of the same methodologies.

Within a week, we had identified and labeled approx 80% of the connections and physically unplugged all connections that were not in use. At this point, it was easily to determine that we only needed HALF the number of switches, with plenty of extra ports. This saved them a considerable amount of time, money and more importantly - space.

Now the biggest issue remaining was deciding who would come in on the weekend to do the work. Unfortunately the cutover fell on one of our Canadian long weekends, so they were no takers. Since I was the closest to the office, and was confident that the cutover would go quickly, I volunteered to come in. They asked who else I would bring since there was a considerable amount of work to be done.

I explained that since the cables were labeled and the new switch was already configured and mounted, I would bring my neice in with me and we 'should' be done within an hour.

They chucked with the typical, "yeah right".

My neice, Monica came in with me on the Sunday and we noted which ports were active and cut them over first and ensured that the link lights all came on. Then we proceeded with moving over the remaining connections, rerouting the odd cable and tidying things up.

We were done within an hour and were home for dinner with time remaining.

I have concluded that networking is very simliar to home renovation. If you take the time to do your homework and put a plan together, you will spend less time doing the actual work, but will have less surprises along the way.

Tony_fortunato Author Profile - Tony Fortunato is a Senior Network Specialist with experience in design, implementation, and troubleshooting of LAN/WAN/Wireless networks, desktops and servers since 1989. His background in financial networks includes design and implementation of trading floor networks. Tony has taught at local high schools, Colleges/Universities, Networld/Interop and many onsite private classroom settings to thousands of analysts. Tony is an authorized and certified Fluke Networks and Wireshark Instructor. His Pine Mountain Group CNA Level I and II certification demonstrates his vendor neutral approach to network design, support and implementations. Tony has architected, installed and supported various types of Residential Wireless High Speed as well as hundreds of WIFI hotspots. Tony uses a variety of technologies from Powerline, Wireless and wired technologies to find the most cost-efficient and reliable solution for his customers. Tony combines custom programs, open source and commercial software to ensure a simple support infrastructure.

Nagios News

Nagios Core 3.2.2 Released

Nagios Core 3.2.2 has just been released and can be downloaded from www.nagios.org/download. Thanks to everyone in the community that contributed to this release! This latest stable release include several bug fixes, so we recommend you upgrade your older Nagios instances when you get the chance. The changelog is available here.

Improving Network Recording and Storage Efficiency with Taps, Aggregation and Filtering

Introduction

Most large computer networks are improving their storage infrastructure to meet compliance and security standards. The deployment and resources required to improve security are under constant assessment. Business and technology are both driving the requirements for improved storage solutions.

Framework

Providing adequate storage solutions throughout a network is not always technically or financially feasible. While storage costs per terabyte continue to decline, methods to efficiently manage storage facilities must evolve.

Figure 1 - Typical Network Diagram With Probe Deployment using Port Mirror

Network recording has become commonplace for security, compliance and network analysis purposes. Frequent backups of databases and other high volume traffic can drastically decrease the amount of available storage. Backing up databases across a network for offsite storage requires adequate bandwidth and is often done so that all data is stored at another location.

Recording traffic as it moves from one location to another is conveniently done at egress points of a local network. Recording of database transfers is often not necessary for compliance or security purposes on a local recording device. The database is fully transferred to another location, and this becomes the backup copy. Network data, VOIP conversations, web and application traffic is what is necessary to be recorded. Eliminating only database backups at the egress recording location has been problematic until the development of filtering TAPs.

Filtering TAPs allow network engineers the ability to make identical copies of network traffic. This is accomplished by placing a TAP inline between network devices, such as a router and a firewall. As traffic flows through the TAP, a copy of the network traffic is made. The copy is typically sent to analysis, security or recording appliances. In this case, the recording appliance will receive the traffic.

The advantage of a filtering tap allows the engineer to eliminate only the database backups from being recorded. This is typically done by filtering traffic coming from the IP address of the database server, with a specific port or port range. The combination of IP address and TCP or UDP port information, uniquely identifies the database backup traffic and eliminates it from being recorded. The database backup is still sent to the remote location and is available for business continuity purposes. The database backup is not recorded by the recording appliance, allowing the appliance to store a significant amount of additional traffic before archiving or other storage media is required.

Tapping the Link

A network TAP (Test Access Point) makes a copy of information in a network connection. The TAP is designed so that it does not become a point of failure in the network. TAPs are designed so that traffic on the network link should continue to flow, even if the TAP loses power. TAPs also minimize latency between the network link and the monitor port on the TAP. TAPs provide additional features that make analysis more convenient.

TAPs will aggregate duplex traffic onto a single output port, while providing buffering capability to handle traffic utilization surges. TAPs can also provide identical copies of traffic so that multiple tools all see the same data. These “regeneration” TAPs are deployed when redundant probes or security tools need to have 24X7 visibility to a network segment. The failure of one security device does not create an issue, since the other security device sees the same network data from the TAP.

Figure 2 – Common Network TAP Locations

Solution:

By combining several Data Capture technologies, we can craft a solution to exclude backup traffic from our Network recorder while ensuring complete visibility of the network to our other analytical tools. In Figure 3, SPAN ports and tapped links are brought into a filtering and aggregating device that combines the various streams of data and filters out the backup traffic.

The backup traffic can be identified in several ways. For example, bidirectional traffic between server IPs and the IP address of the backup server could be considered backup-related traffic. In addition, the backup agents on target PCs could communicate with the backup server using a specific network port; this network port could be filtered from the data stream being sent to the network recorder.

Figure 3 – Aggregation Solution With Backup Data Filter At Network Recorder

Conclusion

Filtering & Aggregation TAPs can be deployed to significantly increase the amount of information that recording appliances store by eliminating database backups from the recording stream while still providing full visibility to other tools on the network. This method can be successfully deployed to increase recording times, achieve compliance and provide additional information for network analysis and troubleshooting.

The use of aggregation in addition to filtering can reduce the number of probes or analysis tools needed. This can provide significant cost savings while still providing full network visibility.

Author Profile: Tim Crofton is currently the Product Manager of Datacom Systems. Prior to Datacom, Tim worked as a Manager for NEC Unified Systems. Tim hold and MS in Computer Science from SUNY IT and plays a mean set of bagpipes.

Author Profile: Rob Buckland
is currently a Sales Engineer at Datacom Systems. Prior to Datacom, Rob worked as a Senior Enterprise Management Specialist for Universal Healthcare Systems. Rob holds a Ms in Management Science from SUNY IT and is a soccer fanatic.

Since 1992, Datacom Systems has been providing a full product line for passive test and monitoring access and traffic visibility into network links, enabling customers to access critical data from anywhere in their network. With tens of thousands of systems installed globally, Datacom Systems provides best of breed data capture infrastructure for all major troubleshooting, security, and application monitoring tools.

OpenNMS Patterns and Scripts

I just wanted to share a site we came across through a response to our survey (which is still open if you haven’t had a chance to check it out). It is called OpenNMS Patterns and Scripts and it is definitely worth a look. It’s subtitled “Implementing OpenNMS in an enterprise IT environment” and it consists of issues that one might face when deploying OpenNMS along with corresponding solutions. Hat tip to Doug Bakewell for making this happen, and I look forward to his future posts.

Iron Men

As I was checking out the OpenNMS iPhone app today, I noticed that it was published on September 1, 2010.

The OpenNMS Group opened for business on September 1, 2004, so happy anniversary to us. We’ve been so busy I almost forgot about it.

One of the traditional gifts for the sixth anniversary is iron, and I have been blessed to work with the best team one could ever hope to put together – they are Iron Men, every one.

For most people, seeing the business behind OpenNMS get another year older is a non-event. But if you had been a part of it, and had to listen to those “in the know” telling you time and time again how you can’t possibly run a business where you give the software away, that you can’t succeed without outside investment and you can’t possibly grow, each year we’re here is more proof that they are wrong.

I love my job, and I just want to thank everyone who makes that possible. Six years down and many more to go.

Everything is a Freaking DNS problem

OpenNMS iPhone App Now Available

UPDATE: There have been some people reporting that it does not run on iOS 3. We are working on determining the issue, but it is confirmed to work on iOS 4 devices.

After nearly a year of work, the OpenNMS iPhone App is now available from iTunes.

It costs US$4.99 and folks with commercial OpenNMS support subscriptions should just drop me a note for a free voucher code.

As I know there will be a few questions about this, I’ve tried to anticipate a couple of them.

Q: Hey, OpenNMS is free software. Why you chargin’ me $5?

OpenNMS is 100% free and open source software, and the iPhone app is no exception. The code is hosted in our git repository and there are complete instructions for downloading and building it on your own.

But, it was not a painless or inexpensive process to get this app created. In fact, the main reason it got completed is that we sent Ben off to the Apple Worldwide Developers Conference and he learned what he needed to finish it (as well as to make it iPad compatible). That little junket cost us about $2000 – or nearly 575 copies of the app once Apple takes their cut.

So we decided to charge for the app but make sure than those who want to take the time have full access to the code.

Q: What about an Android app?

I would love to have an Android version of this app, but at the moment no one has stepped forward to own it. We do have a Nexus One at the office so the hope is that it will happen, and happen soon, but no promises.

Pidgin and OAUth

So earlier today the nice folks over at twitter figured it was a good time to change all the authentication to oauth ... they might have announced it all over the place .. but it never catched my attention

The onlything that did catch my attention was that after not having ued pidgin for about 2 weeks I didn't have access to twitter anymore.

I`m using the purple-microblog plugin and the default version of that plugin in Fedora 12 wasn't really up2date. The plugin supports OAuth as of 3.0 which was released ages ago.

The version in fedora-updates-testing however was already recent enough ..

So enabling that repo and running
yum update purple-microblog
quickly solved my proble .. till I disabled twitter in my pidgin again as there was way to much talk about some weird fruit ...

Share with Shareomatic!

Trackback URL for this post:

http://www.krisbuytaert.be/blog/trackback/1016

Hyperic Blog

vFabric Hyperic weaves performance management into cloud applications

I’d like to follow up this week’s announcements of VMware’s IT as a Service strategy and VMware vFabric by zeroing in on the challenges surrounding cloud application performance management, and how vFabric Hyperic can help you meet those challenges.

As our CEO Paul Maritz mentioned at yesterday’s VMworld keynote, our industry has hit a tipping point where virtualization has surpassed the physical computing paradigm, due to a need for IT to quickly respond to dynamic business needs at ever-improving price points. To ensure even greater agility and value, the next destination for our industry is cloud computing. Making this shift requires a pragmatic, evolutionary approach that leverages investments in existing architecture.

Yesterday, Rod Johnson, SVP of VMware’s Cloud Application Platform Division, described how VMware vFabric is a key element of enabling our customers to reach this next destination of cloud computing. Delivering the agility and value promised by cloud computing requires a new kind of application — cloud applications — that have their own unique characteristics:

Dynamic architectures
Elastic capacity
Extreme scalability
Open choice

How do cloud applications change performance monitoring?

These characteristics of cloud applications bring new requirements to application performance monitoring. For instance, dynamic architectures and elastic capacity imply a datacenter defined by constant flux, with pools of hundreds, even thousands of VMs continually being started and stopped, vMotioned, reverted to snapshots, and so on.

This blistering rate of change is a natural outgrowth of responsiveness to business needs. But it is impossible to manage with manually maintained, complex configuration files used by legacy monitoring tools. The only way to get ahead of it is to use a monitoring product that can automatically discover changes to your entire application infrastructure — everything from the application code itself to the vSphere host. Hyperic Autodiscovery does exactly that, updating itself within moments of app infrastructure changes.

The extreme scalability required by cloud applications requires a lot of virtual machines – which leads to a firehose of performance data. For instance, a typical Hyperic customer will collect a million performance metrics per minute. It’s not at all hard to get to this volume of metrics, since we have a number of customers running 1000 (or more!) virtual machines, each with a Hyperic agent collecting about 1000 metrics. So, even though we’re not talking about Google-level scalability, application performance data become a performance problem in itself if not managed properly. Thankfully, Hyperic is engineered to handle high volumes of application performance data.

Open choice means that cloud applications can be built from a wide range of components. For instance, as Rod pointed out yesterday, cloud applications might use WebSphere, WebLogic, JBoss, and our own vFabric tc Server, as well as public cloud platforms, for their Java application server tier. It’s critical to have a monitoring tool that supports a range of popular web application technologies out of the box. But no one tool can support every conceivable technology. It’s understandable – there’s no way one vendor, no matter how innovative, can keep up with the thousands of other innovative companies in our industry. So in addition, it’s critical to have a monitoring tool that makes it easy to build custom monitoring plug-ins, and makes its built-in plugins open source to provide a wide range of code to reference and leverage. Hyperic delivers on this front, providing approximately 50,000 performance metrics for 75 web application technologies, as well as open source plugin code and a fully-supported plugin API that has been used by third parties to extend the range of technologies monitored by Hyperic.

What’s next for Hyperic?

We’re demonstrating vFabric Hyperic live at VMworld, in the main VMware booth. Come see for yourself how Hyperic adjusts to changes in virtual infrastructure in near real-time. Later this month, we’ll demonstrate Hyperic at Oracle Open World in San Francisco, September 19-23, and after that, we’ll be at Spring One 2GX in Chicago, October 19-22.

We’re committed to making Hyperic the leading choice for monitoring cloud applications, with their inherent dynamicism, scale, and openness, and we’re looking forward to working with you — our open source community, our users, and our customers — to make this happen.

Reductive Labs

5 Reasons to Attend Puppet Camp

As I tore off the first month of my over-sized school-year calendar I was reminded of my first week at Puppet Labs. I woke up early, made breakfast, and caught a bus into downtown arriving 30 minutes early only to be reminded that I didn’t yet have a key to the office. I plopped down in front of the door to wait for someone else to arrive, and opened my notebook to review the topics for my first official meeting with my new boss. Scrawled in my notebook are limited, and partially illegible jottings I took from our previous conversation. Unfortunately, between his Australian accent, frequently altered speech tempo, and foreign use of commonplace terms, and the fact that my penmanship skills hover around a 3rd grade level, all I could make out is one line: “Puppet Camp-do it.”

With that extravagant amount initial information, the last four weeks, James’ guidance, and the help of our wonderful in-town event planner Julie, I have hobbled together what I think will be a pretty awesome event. So without further ado I give you the top five reasons to attend Puppet Camp:

Reason 1: You Own It

Puppet, and Puppet Camp are user driven. Without the community the product, and the event would fall to pieces. With that in mind Puppet Camp is run as an “unconference” or “open-space” conference. Essentially, while we have some morning lectures planned, they can be influenced by the audience and deviate from their topic or forget about it all together depending on your wants. Similarly our afternoon breakout sessions are completely user generated. During morning break and lunch you have the opportunity to suggest any number of topics for afternoon breakout sessions. Speaking of breaks of course brings us conveniently to…

Reason 2: The Edibles and Drinkables

We’ve got a pretty reasonably sized breakfast of fresh fruit, yogurt, bagels and cream cheese, and muffins to serve along with juice, coffee and tea. Breaks are accompanied by cookies, and soft drinks, and lunch features a soup, salad, roasted veggies, and a sandwich bar buffet with chicken, roast beef, and hummus. While you may be on your own for dinner, we are offering an open bar at Swig on Thursday night which will offer…

Reason 3: Networking Potential

Short of sharing a plate of spaghetti, there really isn’t a better way to forge relationships than over a pint and one of Swig’s 150 whiskeys and whiskies. Whether you want to find your next employer, meet Volcane, or just swap stories with other Puppet users, Puppet Camp provides the opportunity. Because of the events’ flexibility, it caters to novice Puppet users, Puppet Masters, and everything in between, behind, and around. You’ll be amazed by the people you’ll meet, the industries and companies they hail from, and the size of their Puppet implementations. As you converse, hopefully…

Reason 4: You’ll Learn, Learn, Learn

You’ll learn more about Puppet in 2 days that you could have in a month. You’ll learn about our future goals for the product, trade-secret work-arounds, and a whole host of other information. No matter how active you are in the community there is really no equal to learning, face to face, from other users. The exchange of knowledge Puppet Camp induces is by far its most valuable aspect, which leads me to want to end here but…

Reason 5: You Really Ought to Attend Developers Training

If you can stay the weekend you can sign-up to attend Puppet Developers Training starting on Monday, October 11th and ending Wednesday the 13th. Developers training teaches you how to extend Puppet by adding custom facts, types and providers, and more. This class is offered on a limited basis so be sure to sign up if you have the chance.

In addition to all opportunities and benefits listed above, you’ll get some exclusive Puppet Camp swag, and get a well deserved opportunity to visit San Francisco. You can reside with us at the Serrano Hotel using our group discount code or take to the city and explore. I hope you join us for Puppet Camp 2010. We’ve got an awesome line up of presenters and entertainment waiting for you in San Francisco.

XtraVirt: vSphere Client RDP Plug-in

How to manage VMware vSphere for free

VMworld 2010 session offers insight into myriad tools that can help IT managers track performance, storage and more in virtual environments – without spending budget dollars.

By Denise Dubie

VMworld 2010 in San Francisco is flush with sessions on technologies to manage, secure and optimize VMware environments. Yet one session educated conference attendees on tools that could help them do all this – at no cost.

David Davis, vExpert, VCP, CCIE and video training author at TrainSignal and Kendrick Coleman, vExpert and blogger, teamed up to present a list of several free IT tools for vSphere management. The joint presentation offered insight into more than 10 tools and each speaker offered their take on why the free application helped monitor performance, migrations or storage, for instance. The endorsements by Davis and Coleman should cause many IT managers to at least check out the no-cost technology.

Here in no particular order are 10 of the many free tools mentioned during the presentation.

VMware Guest Console

Veeam FastSCP

Trilead VM Explorer

VKernel Capacity View

vSphere Mini Monitor

RVTools

Vizioncore vFoglight QuickView

Xangati for ESX

SolarWinds VM Monitor

Also for more information on vSphere management and additional detail on free tools, check out Davis’ blog here and catch up with Coleman’s posts here.

What free tools do you depend on to manage your virtual environment? Are there downsides to using no-cost applications? Please leave a comment here or let me know directly via e-mail at Denise.Dubie@ca.com.

Do you Tweet? Follow Denise Dubie on Twitter here.

splunk > blogs

Event Correlation

It has been a while since anyone has written a direct blog entry on event correlation here at Splunk so I thought I would write one today. Event correlation can loosely be defined as a technique to relate any number of events with some identifiable patterns (and optionally act upon the relationship). Security vendors may narrowly claim that event correlation is the ability to correlate security related events and alert upon their existence. This is a subset of what event correlation can be. For instance, in a hypothetical case, I can correlate that if it rains on a major Monday holiday, end of day total sales are lower than average sales for a brick and mortar retail shop. This case would have nothing to do with security, but it is a form of event correlation, that can be performed in Splunk as soon as the data is indexed. In fact, I would ascertain, that event correlation is an important aspect for use cases that not only involve security, but also, fraud detection, data intelligence, root cause analysis, operations support, and general mean time to resolution.

With Splunk, because of Universal indexing of all the search terms in your data and search time field extraction capabilities, event correlation becomes a natural feature for it. There are multiple ways to achieve different types of event correlation within Splunk. What I will do is provide a non-exhaustive list of some of the methods that can be used to accomplish this.

Manual Event Correlation

Every time a Splunk user performs an ad-hoc search and pivots on results to find what else happened in the same time line, he or she is manually performing event correlation with time being the universal pattern to relate events. For instance, the user can use the Splunk time picker to narrow down a time and then type something as general as “error” into the search bar to search.

After receiving results, the user can then use the histogram to zoom in on a particular event’s time line and then use * as a search term to see what else happened at that particular frame in time. Events are correlated by search using time as the pivot. This is what I call manual event correlation, which is just as important as automatic event correlation, for troubleshooting. In what follows, I will discuss the various ways Splunk can be used to automate different types of event correlation.

Transaction Search

Splunk has created “Transaction Search.” What this means is that if events have similar values for extracted fields or starting/ending terms, Splunk can automatically correlate these events as a result of a search and group the returned results. Rather than repeat what has already been said about transaction search, I encourage you to read this blog entry by Maverick for an in-depth example. You can also see my SOA article for a real world use case on using transaction search to correlate event activity across application tiers.

On the other hand, as to not to have you leave this post, I’ll provide a small example on using transaction search. On Splunkbase, you can download an app that indexes on a daily basis the world’s most malicious IP source addresses, according to one source. Here’s a gratuitous screenshot.

Needless to say, you would want to know if any of these IP addresses appeared as source IP’s in your own logs. An example search such the as one below would group events that included the offending IP addresses in your own events.

sourcetype="ip_watchlist" OR (sourcetype="sshd" login accepted)|transaction offending_ip,src_ip maxspan=1d connected=f|eval count_sourcetypes=mvcount(sourcetype)|where count_sourcetypes>1

What this search does is say if someone has logged in using SSH and their source IP is one that is in the list of malicious IP addresses (the transaction command does the grouping) within a day’s span, and the number of sourcetypes in the grouping is greater than one so we know both sourcetypes were in in the grouping, then return results. You can save this type of search, schedule it to run on an interval, and then have Splunk automatically create an alert to notify you, if events are matched.

A variant of transaction search is statistical aggregation, where numerical aggregations of different fields are grouped by other fields. Here’s a simple example usage using mail logs that counts the number of bytes coming into each relay.

sourcetype=email|stats count(bytes) as byte_count by relay|sort - byte_count

There are times where you would rather use the Splunk stats command over the transaction command and this is described here.

Sub Searches

Another way to automate event correlation is to use the concept of a sub search. If you like the approach of an outer join in database terms, note that Splunk can perform sub searches to narrow down the criteria for one event and then perform another search on the first set of results. Again, as to not repeat what has already been written, here’s an article describing this feature for Event Correlation.

Although a related feature is not used as much, If you would like to join events stored with Splunk itself, Splunk does have a join search command. There may be use cases where performing the logical union of related events is necessary.

Lookup

Splunk has the capability to correlate with data that is external to Splunk using the lookup command. The most basic use for this is when you have some fields that are in your Splunk event that need to correlate to fields in an external CSV file. At search time, Splunk will perform the look up and introduce new fields from the external CSV file as patterns are matched. In essence, this enriches your existing indexed data with external sources at search time.

If you would like to correlate events with the same field value between external database tables and events within Splunk, Splunk’s lookup command can also be used to accomplish this. The basic idea is that a user written program will be called to perform the SQL to bring in new fields at search time. This is called a dynamic lookup as opposed to the static lookup accomplished by using a CSV file. In fact, because the program is developed by the user to perform the external lookup, you are not limited to CSV files or databases to perform lookups. Anything can be correlated using the lookup command if you have programmatic access to it. Examples could include a call to a web service, an external DNS lookup, or calling whois for an IP address.

Conclusion

In this entry, I have provided a non-exhaustive list of the most common ways event correlations are performed in Splunk. There are more subtle ways to accomplish this, but since this is a blog entry, I decided to start with the most prevalent usages. The main point I want to leave you with is that event correlation and subsequent alerting can be performed on any type of events that you choose to index giving you a powerful technique to analyze, aggrandize, and interpret data.

Continue reading other exclusive posts by Dr. Paul W. Smith »

iPhone Home (by Paul W. Smith)

Do you think it might be the antenna?

Students have recently returned to colleges across the land for the fall semester. Their dorm rooms are crammed with iPods, Mac Books, iPhones, flat screen TV’s, mini-fridges and microwaves. They will soon plug in their ear buds, flip open their laptops, thumb through their text messages, open their doors to admit the social scene of the hallway, and begin searching for a spot to prop open a textbook. To the complete befuddlement of educators, learning will happen.

When I was a college student, a typical evening began with a cup of ramen noodles and a liter of Mountain Dew, followed by many long hours at a quiet, isolated study desk in the library. In order to ask a question of a classmate, I would walk down four flights of stairs to the lobby, borrow the phone at the front desk, and hope someone who might know the answer was home. At some point - just about the time panic was setting in and I realized that I had seriously underestimated the difficulty of the material - a kindly security guard would usher me to the main library door. As the lock clanged shut behind me, I would begin the 30 minute walk home. Factoids, equations, rules and unsolved homework problems swam around in my head, colliding, splitting, re-connecting and settling gently to the floor of my overwrought brain. By the time I walked through my door, I was calmer, somewhat balanced, and just a little more knowledgeable.

Studies at the University of California, San Francisco and the University of Michigan confirm that we need downtime to organize and solidify our inputs, converting them into a form suitable for long term storage. Rats in these studies experienced more permanent learning when they took occasional breaks from their brain-stimulating forays into new territory. People integrate existing thoughts and create more original ones when strolling in the woods – less so when traveling through a chaotic urban environment. Thomas Edison considered his partial deafness a blessing, because it spared him from the distractions of small talk and gave him “…time to think out my problems.”

Information junkies nevertheless remain energized by their mobile electronic devices; they relieve the tedium of long lines and traffic jams, converting the smallest slice of time into an opportunity for making calls, checking calendars, or surfing the internet. Every waking moment has the potential for being productive, or at least entertaining. They live from micro-moment to micro-moment, with no breaks and no downtime.

Smart phones are coveted by every non-Luddite, and Apple has the best on the planet. Their magical toys continue to build their reputation as the artsy maverick. Steve Jobs and team have purposefully colored our world in black and white – geeky, stodgy John Hodgman is pitted against cool, hip Justin Long. The lines are clearly drawn - right vs. left brain, sandals vs. wingtips, piercings vs. cufflinks, Shaggy Rogers vs. Daddy Warbucks – to be cool you must have a Mac and a closet full of iStuff.

Apple has learned the lessons well as their iPhone has matured. A short three years ago, the original device had only a single screenful of software icons, and users were unable to install new ones on their own. Today, the iPhone app store features over 225,000 downloadable programs, nearly 4 times as many as the Google Android site.

Clearly, all the good ones are taken and being an app programmer these days is a bit like trying to find a fresh idea for a reality TV show (how about a bunch of programmers trying to come up with new apps to avoid being kicked off the island – the consolation prize as they leave, a Blackberry). One app I would love could combine face recognition software with the cell phone camera and my contact list, reminding me of people’s names and associations. Or how about an app that gives me directions to a location with a good cell signal?

Among the features that consumers apparently liked about Apple’s latest offering were a slimmer case, a higher quality display, and a “front-facing camera”. The first accessory I would like to see for the iPhone4 is a little plastic cover that flips down over that camera. There is powerful Feng Shui in being sure that no one is watching me while I’m playing with my phone.

Based on an informal poll, I have learned that many people also use their smart phones to make calls. I have given up on doing this with my kids and the rest of their generation; they will ignore a call from me, only to text back immediately and ask me what I want. Although the future (and perhaps even the present) may belong to the swift of thumb, there is still some value in a live phone call. It is wonderful to be able to play games, check the weather forecast, look up movie times, or locate a good restaurant, but there may be a market for an app that completes an old fashioned call and supports it long enough to have a conversation. In the world of mobile phones, “magical”, at least for some, means being able to phone home.

The buzz around the introduction of the iPhone4 was palpable, and its pre-orders on the first day of availability outnumbered the iPhone 3GS by 10 to 1. It will become the gadget du jour in college dorms across the land. The newest device does pretty much everything its devoted cult of followers demands. It bridges the gaps, fills the spaces, and ensures a continuous flow of information to the hungry consumer. It is a powerful exterminator of downtime. It even has an additional, initially unadvertised feature that greatly enhances its educational value for the lucky owner. If you hold it just right, it doesn’t work.

Author Profile - Paul W. Smith, a Founder and Director of Engineering with INVENTtPM LLc, has more than 35 years of experience in research and advanced product development.

Prior to founding INVENTtPM, Dr. Smith spent 10 years with Seagate Technology in Longmont, Colorado. At Seagate, Dr. Smith was primarily responsible for evaluating new data storage technologies under development throughout the company, and utilizing six-sigma processes to stage them for implementation in early engineering models. While at Seagate, he was a proud member of the team that brought the world’s first notebook disk drive with perpendicular recording technology to the market.

Dr. Smith holds a doctorate in Applied Mechanics from the California Institute of Technology, a Master of Mechanical Engineering from the University of California, Santa Barbara and a Bachelor of Science in Mechanical Engineering from the University of California, Santa Barbara.

Wireshark Certified Network Analyst – Answers to the Top Questions (by Chris Greer)

Since the launch of the Wireshark Certified Network Analyst exam last week, there have been several questions that have come up about it. In a series of four webinars, Laura Chappell from Wireshark University explained the details of the training, the study guide, the practice exam, and how to go about getting certified for one of the most popular analyzers in the industry, Wireshark.

In this article, I’ll cover the highlights of the webinar series and include the links for the recorded version, as well as answers to the more common questions about the certification.

Certification Training

There are thirty-three areas of detail covered in the exam. Check out this list.

To brush up on these areas, public training courses can be attended through Global Knowledge, online or on-site custom courses can be scheduled through Chappell University.

Get the Wireshark Study Guide – the 800 page book from Laura at Amazon.com and other major online booksellers. It covers the thirty-three areas of testing in detail. There is also an Exam Prep Guide which has over 300 sample questions. These two study books cover all details needed for the exam.

The Exam

To earn the WCNA status, the WCNA-100 Exam and obtain 20 CPE (Continuing Professional Education) credits each year of certification.

Where is the exam taken? – Through a company called Kryterion, delivered in over 80 countries. Kryterion is a full-service test development and delivery company. What if you aren’t close to an exam center? Arrangements can be made for the test to delivered via an online proctored exam. Check it out at this link – www.kryteriononline.com

The exam itself is closed book and consists of 100 questions. The exam time limit is 2 hours. The cost is $299 USD per exam sitting. There is also an online practice exam available for $29 USD. All questions on the exam are either True/False or multiple choice with a single correct answer. Many questions include Wireshark screens that you must interpret correctly in order to answer the question correctly.

CPE Credits

These continuing education credits are required to maintain the certification. Online training to achieve these credits is made available free of charge to all Wireshark Certified Network Analysts through an Online Portal. This Portal makes it easy for the WCNA to obtain 20 credits a year and keep the certification current. Many of the Online Portal training courses can be used for credits in other certification programs, such as CISSP.

After three years, the Wireshark Certfied Network Analyst status will expire and the certification exam will need to be retaken.

These are some of the highlights of the new Wireshark Certification exam. If there are any questions that have not been covered in this article, check out the certification exam packet and Exam FAQs at http://www.wiresharktraining.com/, or feel free to comment at the end of the article with further questions.

Continue reading other LoveMyTool posts by Chris Greer »

Chris_greer Author Profile - Chris Greer is a Network Analyst for Packet Pioneer. Chris has many years of experience in analyzing and troubleshooting networks. He regularly assists companies in tracking down the source of network and application performance problems using a variety of protocol analysis and monitoring tools including Wireshark. When he isn’t hunting down problems at the packet level, he can be found teaching various analysis workshops at Interop and other industry trade shows. Chris also delivers training and develops technical content for several analysis vendors.

Chris can be contacted at chris (at) packetpioneer (dot) com.

Are You My Server? APM’s Application Discovery Process Explained

Science and engineering types like to know things. Knowing feels good, even when it lacks practical application. It feels even better when it is practical. With this axiom in mind, this post will explain Orion APM’s Application Discovery process.

In the discovery wizard, you select a group of servers first:

Next, you select a set of application templates.

With the servers and application templates chosen, you provide a set of credentials that should work on the target servers. I guess you could try credentials that you don’t expect to work, but that seems pointless. Still, to each his own.

APM takes these three sets of data and conducts its discovery. It considers each server in turn. It will take the first server, the first set of credentials and the first application template and test the template against this server to see if there is a match. What determines whether there is a match? Under Advanced Scan Settings, there are four settings

Minimal Match = at least 1 component in the template works on the target node

Partial Match = at least 35 percent of the components in the templates work on the target node

Strong Match = at least 65 percent of the components in the templates work on the target node

Exact Match = all of the components in the templates work on the target node

To be complete, we compute percentage as (number of successful components)/(total number of components), where success is a component in the Up, Warning, or Critical states.

Here’s the full discovery process as a flowchart:

So what can you do with this info? One takeaway is that the discovery process is serial. If you pick a large number of servers, a larger number of application templates, and a lot of different credentials, the process will take unnecessarily long. Use Domain Admin credentials, or similarly broad credentials, if you have them. Furthermore, break your servers into groups such as Windows, Linux, Unix. Break them down further if you have have naming schemes that tell you which servers are running apps such as Exchange. There are different Exchange templates for different roles, and the discovery process will automatically sort that out.

That’s a fairly complete explanation of how the application discovery process works, but please post questions if there’s more you want to know.

Technorati Tags: APM,discovery,application templates

??Don’t Network Engineers have enough problems with GOOD packets?? (by Tim O'Neill)

You want to save bad packets and review them to the bit level?

I hear a lot of ideas and I love most of them as they lead to better products, better statistics and information. This was recently asked of me - I want to capture and save every packet – good and bad/invalided packets for later review. In reality to capture every Bit, Nibble and Octet including the InterFrame Gap!

Now this is a huge task!

By – Tim O’Neill – The Oldcommguy™

Special Thanks to Maureen Rozenhart of Anue Systems for her support!

Some initial thoughts!

I agree that in today’s world of Compliance, Security..Etc one should and needs to save lots of data, maybe even all the data for a long time, maybe even for years.

I do not agree with saving the InterFrame Gap (IFG) and bad packets. I believe that one should just be able to save the bad frame statistics and only save the real data frames for later review, evidence and loss mitigation.

Why would one save the Bad Frame Statistics? The only reason for reviewing Bad Frames, in my humble opinion, is for hardware developers that want to see how their firmware and drivers are functioning in a real world environment. There are certain security reasons where a hardware analyzer is needed but this is a subject for future discussions.

Everyone needs to do baselining on a regular basis to make sure that the application layers (layer 4 up) are running on a solid foundation. The Foundation of a data network are layers 3 and down. If one is getting lots of bad frames and thus lots of retransmissions the network and thus the application efficiency is going to be lower. Bad Frame counts and Retransmissions are only a few of the important items in a Base Line Analysis but are essential in any analysis.

It is the old sage – Do not try to build a 5 story network on a one story foundation. So Baselining is an essential element for day to day and maybe even hour to hour in a good monitoring plan.

What is needed -

So what tools do you need to carry out this VERY demanding task of Capturing every bit, being able to Review in a filtered and focused format (with relevant and comprehensive statistics) and be able to Analyze and Look at all the data at the bit level…..

1) Capturing large amounts of data for historical and diagnostic view – I recommend the reasonably priced GigaStor from Network Instruments with its full capture capability.

2) To Filter, Focus and Review the data - I recommend the Anue Systems Net Tool Optimizer. It is reasonably priced and has a full and comprehensive GUI that anyone can use effectively to look at any data characteristics.

3) To look at the data, every bit of it - I recommend the Absolute Analysis Investigator. The AAI is a full bandwidth hardware based analyzer that even sees the IFC and all the bad frames/bits, which we cover in more detail below.

a. If one needs a higher level focused analyzer I suggest the Network Instruments Observer.

There are other products that can capture, filter and analyze but those I recommended above are my favorites.

Please remember that to carry out this huge task out one must have REAL Access to the network, through a TAP where every bit, nibble and octet is passed regardless!

My favorite TAPs are from Network Instruments and Network Critical, depending on the final need.

What is a Bad Frame and What types are there?

There are different types of Bad Frames – Here are the main ones that should always be included in a Baseline Analysis, alongside your data for full relevance.

Short Frame (Runt) – Any frame under 64 bytes (512 bits).

Long Frame (Frame to long) – Usually any frame that has more than 1,518 bytes or one that has exceeded the MTU (Maximum Transmission Unit typically 1500 bytes in Ethernet).

Symbol Error – this is the number symbols (bytes) received that the system could not decode correctly.

Fragments – This is where there is a count of the fragments sent over the network. Fragmentation occurs when a packet is too large to be sent in a network link. When the packet/frame is too large, the original packet is split into smaller packets that the network can handle; each fragment contains enough information to allow the destination device to reassemble them back to their original state/size at the conclusion of the transmission. Fragmentation typically is initiated by a router. Once a packet is fragmented, it will only be reassembled by/at the destination device.

Collisions – A Collision is indicated when two devices detect/sense that the network is idle and try to send packets at exactly the same time (within one round-trip delay). Because only one device can transmit at a time, both devices must stop sending and attempt to retransmit.

There are 4 collision types –

1. Single - packets sent after one collision after wait period

2. Multiple - packets sent after multiple collisions

3. Late - packets aborted during sending because of collisions after 64 bytes

4. Excessive - packets not sent because of too many collisions

Alignment Error - Frames are made up of a whole number of octets (FCS). If a frame arrives and part of an octet is detected missing (number of bits not divisible by 8), this generates a Frame Check Sequence (FCS) error; this is labeled as a Alignment or Offset Error.

Frame Check Sequence error (FCS) – Similar to the CRC error, an FCS error indicates that the frame received did not have an integral number of octets. The CRC below will tell if any of the bits in the frame have been corrupted in transit.

Errored Frame Check Sequence - A Cyclic redundancy Check (CRC) is the polynomial remainder calculated mathematical image of the Frame to confirm total frame integrity. It is a combination of FCS and Alignment errors. These errors below indicate how the packets were received with which error -

A bad FCS and an integral (whole) number of octets (FCS Errors)
A bad FCS and a non-integral (not divisible by 8) number of octets (Alignment Errors)

The CRC is a 4-byte polynomial mathematical code checksum remainder value. The CRC is calculated by the source station. The CRC calculation is on all the bits in the frame from the Destination MAC Address through the Pad fields (that is, all fields except the preamble, start frame delimiter, and frame check sequence). The source station stores the value in CRC field of the transmitted frame. When the frame is received by the destination station, an identical check is performed and compared to the transmitted value. If the calculated value does not match the value in this field, the destination station assumes an error has occurred during transmission. The frame is usually discarded by the Network Interface card (NIC). If one has more than 3-5% CRC/Alignment errors then this should be considered excessive and analysis should be performed to identify the offending NIC/physical layer device.

Note - There are other Physical Layer issues – Jams, Late or Early collisions, Dribbles, Jabbers, Giants…etc. that are not relevant to this discussion but can be important in lower layer analysis.

Most modern data filtering devices can acquire and save these errors and more as shown in the current Anue Systems Net Tool Optimizer GUI below.

Many more statistical events can be captured and shared when the RFC 2665 dot 3 and RFC 1757 MIBs are employed.

Anue's Net Tool Optimizer easy to use and powerful statistical view of errored frames!

Now if you did save every bit, nibble and octet and you need to look at bad frames what do you need.

Well you need a hardware analyzer like the Absolute Analysis Investigator and you need access to the full, data stream to see bad frames. See picture below -

Absolute Analysis Investigator - Bit by Bit view including Bad CRC recognition and bad frame!

Let’s talk about saving all frames for historical review/analysis –

Is it practical to capture everything, every bit that flows – depending on one’s needs and finances, yes it is possible.

If one wanted to capture all the bits and frames in a small network with say five 10G links and one 1G link….my example

The minimum speed in this case is 1G and five 10G and they want to capture for future analysis every packet (actually every bit including InterFrame Gaps) – good and bad.

OK let’s start with capturing every packet – some basic math…

One 1G circuits = 2 Gb/Second max to save

Five 10G circuits = 100 Gb/Second max to save

This will require at least five 10G full bandwidth of 20G each capture devices and one 1G, actually 2G capability capture tool. This calculates out to 102Gbits per second capture rate.

Most if not all capture devices will only capture good Ethernet frames which are defined by the RFC as legal frames, this does not include errored, short, bad CRC…etc frames (we discussed above) because almost every NIC will drop the bad frames, especially if one is using SPAN or VACL access, the Switch and Router will drop all the bad packets for you.

Now let’s say you can afford –

1) The cost of and support of five 10G and one 1G capture engines with many Terabytes of storage. The size would depend on the time you need to keep the data.

2) That you have the time to review 6120 Gb/minute or 367,200 Gb/hour or for 24 hours 8812.8 Tb or 1101.600 TB and at an average of 512B per frame with 12B for IFG that is 2.102 trillion frames a day or let’s put that into some easily handled numbers – It is Way toooooo MUCH!!!.

Most Network Analyst’s say that to review one packet takes at least 30 seconds. So analyzing trillions of frames is absurd. So what does a network engineer do to handle this mass of data and review it effective and in a timely manner.

Ok, so this is where filtering devices come into play, like the Anue Systems Net Tool Optimizer to filter out just what you need and forget about trying to review every packet. One can save all the packets but with the new advanced filtering technology one can easily review only the suspect data or a specific application flow or conversation while using the most advance MIB’s for keeping an eye on the fundamentals of your networks efficiency and stability during the time in question.

Statistics and Focus is the Key where saving every bit, nibble and bytes may not be the best this but may be a necessity for your success.

In conclusion -

You can capture everything on your network, analyze and review the data to the bit level if you have the correct tools and the skills. Is Capturing everything needed in every network to the bit level, Yes to a point based on one’s absolute need for review and potential for mitigation of an incident. Do you need to see every bit and be able to review and analyze to the bit level No that is not for everyone. Most Network Engineers analysis is focused on good frames with statistics on the bad stuff is more than sufficient, economical, and reasonable. Focusing on Good frames seems to keep most engineers quite busy. Does everyone need TAP access to the Network, ABSOLUTELY YES! Does everyone need Advanced Filtering technology to review with a focus; Yes I think so because technology can work for you and focus on your analysis and monitoring needs to make your analysis quicker, easier and more successful.

Be sure to check out my favored vendors:

Anue Systems, Net Tool Optimizer at www.anuesystems.com

Absolute Analysis Investigator at www.absoluteanalysis.com

Network Instruments GigaStor, Observer and TAPs at www.networkinstruments.com

Network Critical TAP systems at www.networkcritical.com

Be sure to check out all our super sponsors - They all have great solutions -The ones above are the ones that I have used, that is all the difference and I am sure the others are super also!

Be sure to read my upcoming article on today’s easy to use data filtering technology devices.

I wish each of you Great Success with Less Stress – Oldcommguy™

Editor Profile Tim O’Neill is an independent technology consultant. He has over 40 years experience working in the WAN, Analog, ISDN, ATM and LAN test market. Tim has worked with companies like Navtel, Network General, Ganymede and ClearSight Networks and is now helping companies get technology verification and market validation. Tim is also the Chief Contributing Editor for LoveMyTool.com, a website designed to help network managers gain access to valuable information and real world solution stories. Tim is a patent holding, published and degreed engineer, who has seen this technology grow from Teletype (current loop) data analysis to today’s 10 Gigabit LAN’s focused on business applications with heavy compliance demands. Tim is heavily involved with helping Law Enforcement gain network and analysis knowledge and a regular speaker and trainer.

Tim can be reached at tim (at) oldcommguy (dot) com

Tenable Receives Passive Network Monitoring Patent

Tenable Network Security recently received a patent for monitoring network traffic and analyzing it to perform discovery of systems, applications and vulnerabilities. This is the core function of Tenable's Passive Vulnerability Scanner and also a core component of our Unified... Ron Gula

Zenoss Blog

New and Updated ZenPacks for August

New and updated Community ZenPacks arrive all the time and we want to help get the word out on these new and useful extensions to Zenoss. Here's the list of updated ZenPacks for August:

Advanced Device Details (updated): displays additional hardware details when used with a number of other ZenPacks.
Alvarion Wireless (updated): monitors performance of Alvarion Wireless devices.
BlueArc Storage (NEW!): provides SNMP monitoring for BlueArc storage devices.
Chef Client(NEW!): provides modeling (and eventually some monitoring possibly) for devices managed by Chef using the ohai command.
Cisco Adaptive Security Appliance (updated): monitoring for Cisco Adaptive Security Appliances (ASA).
Dell Monitor (updated): provides additional monitoring options for Dell machines.
Distributed Collectors (updated): provides UI for configuring multiple collectors with Zenoss Core.
Domain/SSL Certificate Expiration Monitor (updated): watches for the expiration dates of domain and SSL certificates.
FDS 389 LDAP Servers (updated): provides SSH and SNMP-based monitoring of FDS-based 389 LDAP Server.
Fortigate SNMP Monitor (updated): monitor CPU usage, memory and number of sessions for Fortigate Firewalls.
Funkwerk Router Monitor (updated): monitors performance of Funkwerk brand routers.
Google Search Provider (NEW!): a search provider that incorporates Google results to the search catalog.
HP EVA Monitor (updated): models and monitors HP EVA 4X00/6X00/8X00 devices.
HP ProLiant Monitor (updated): provides full support for HP ProLiant Servers.
Memcached Data Source (updated): a custom MemcachedStats Data Source which automatically brings over the stats for monitoring Memcached.
MGE UPS (updated): monitoring for MGE UPS devices.
MRV Wireless (updated): monitors performance of MRV Wireless devices.
MS SQL ODBC Database Monitor (updated): ODBC-based monitoring of MS SQL databases.
MySQL ODBC Database Monitor (updated): ODBC-based monitoring of MySQL databases.
Netasq (updated): monitors the performance of Netasq firewalls.
nginx Status (NEW!): monitoring for the nginx HTTP and reverse proxy server.
ODBC Data Source (updated): provides the framework for providing ODBC Data Sources.
PostgreSQL ODBC Database Monitor (updated): ODBC-based monitoring of PostgreSQL databases.
Raytalk Wireless (updated): monitors the performance Raytalk Wireless devices via SNMP.
RDBMS Monitoring (updated): provides basic "database" component class.
Show Graph Portlet (updated): adds a portlet called "Show Graph" which enables users to show any graph/multi graph reports on their dashboard.
SQL Data Source (NEW!): a new zenperfsql daemon and SQL data source that can be used with a variety of databases.
Tokyo Tyrant Data Source (NEW!): a custom TokyoTyrantStats Data Source for monitoring Tokyo Tyrant NOSQL databases.
Virtual IP (updated): allows you to create a Device object for Virtual Cluster resources.
WBEM Data Source (updated): creates a new Web-Based Enterprise Management (WBEM) Data Source.
WMI Data Source (updated): creates a new zenperfwmi daemon for making Windows Management Interface calls via a WMI Data Source.
WMI Windows Performance (updated): WMI-based ZenPack models and monitors Windows machines.

There are actually a tremendous number more in the ZenPack Publishing Backlog, the 2010 Summer of Community ZenPacks Contest has already had a tremendous response!

We're always happy to have more Community ZenPacks and we have a ZenPacks forum dedicated for their discussion. Email us at community@zenoss.com if you have any questions or new ZenPacks you want to send in!

Are you afraid of the dark?

Alright, so I don’t mean afraid of the dark meaning no lights on in the room. What I do mean is being in the dark if the server Orion is on fails due to a hard drive or OS failure (for example) and you have no visibility into monitoring your network.

What do you do if this happens? Sleep sound, my dear friend, we’ve got your covered with the new SolarWinds Orion Failover Engine. The Failover Engine -- or FoE for short -- will monitor and protect Orion, including all of the installed modules, additional pollers and even EOC if you have this. As you can see in the below marketecture graphic, you can monitor and protect all of your Orion machines.

Let me take you on a feature tour of FoE. The FoE client, which can be run from the Orion server or loaded on your desktop, allows you to configure failover settings and monitor the current status of all your FoE installations.

The FoE monitors all of the SolarWinds Orion services, including the IIS web server on both the primary and secondary Orion servers. Based on your preferences for each service you can define the behavior of what happens if a service stops/fails. This allows you to define some self-healing behavior into the FoE instead of just doing a flat out failover. For example, say the Orion Information Service stops. Since this is the first time, let’s go ahead and re-start the service. Hmm, nope that didn’t work, it won’t start and stopped again, maybe there is a dependency on one of the Orion services, so let’s go ahead and re-start the entire Orion application. OK, the service didn’t start that time either, something must be wrong, lets go ahead and initiate a failover to the secondary server.

The Orion FoE doesn’t just monitor the services, it also monitors key OS, server and web server statistics and just like above, you can define the behavior on first, second and third event. For example, if the server hard drive space gets to 15%, then send an email to user A. If it gets to 10%, then email user B. If it gets down to 5%, then initiate a failover to the secondary server.

The Orion FoE also has a built in alerting engine, independent of the Orion alerting infrastructure, which will notify you on any key statistic or event occurring with the FoE or the details it is monitoring.

Let’s get into more of the specifics here on some of the details going on in the back end. The FoE can support multiple hardware deployment configurations:

Physical to Physical
Physical to Virtual
Virtual to Virtual

Once you get Orion installed and setup, the FoE will create a clone of key critical configuration, registry and file system parameters which get restored to the secondary server. Once that initial setup is complete, a set of real-time file and registry filters as you can see below, replicate any file system and registry changes to the secondary. This way you secondary Orion server is always up to date with what is going on within the primary Orion server.

Let’s walk through the specifics of how it works in a high availability scenario using the below diagram as our guide.

The Orion primary and secondary servers are located within the same subnet and share the same identity including IP Address. Since two identical IP’s cannot be on the network at the same time, a packet filter is installed on the secondary public NIC so it is not broadcasting or receiving traffic. A second NIC exists between the two servers which handles the heartbeat and real-time data replication between the primary and secondary.

When a failover condition occurs the following sequence of events occurs:

the remaining Orion services on the Primary Orion server that are still running are shut down
the packet filter is removed off the secondary NIC and the Orion services are started on the secondary server and the secondary server is now the active server
the primary Orion server which is now down is now the passive server and if the server is still online, a packet filter is placed on its primary NIC

Your downtime is minimized to the time it takes for the server failover to initiate and the services to start on the secondary Orion server. The other beautiful thing here as well, since both servers have the same IP Address, is you do not have to reconfigure your network to send any Syslog, SNMP Traps or Netflow traffic to a new IP Address.

This is just one specific use case that the Orion Failover Engine can handle. In another post I will walk through additional use cases and scenarios.

If you need more information, please check out the product page here and you can request a demo from one of our SE’s by emailing your sales rep or clicking here.

Integrien Alive addresses virtual performance

Things that make me go hmm: VMware set to acquire Integrien

VMware announces at VMworld 2010 San Francisco that it plans to acquire management software maker Integrien, with company leaders declaring VMware’s intentions to became an IT automation provider.

By Denise Dubie

Mergers and acquisitions happen often in the high-tech industry, but some stand out more than others either for their huge price tag, their strategic nature or the "game-changing" implications of the deal. VMware’s announcement Tuesday that it entered into an agreement to acquire management software maker Integrien proves the hypervisor vendor wants to make more money with customers by selling them management and automation technology.

At the opening keynote during VMworld 2010 San Francisco, Stephen Herrod, chief technology officer and senior vice president of R&D at VMware, revealed the hypervisor vendor had entered into agreements to acquire Integrien and separately security vendor TriCipher. Both planned acquisitions seem to address the need to provide management and automation, as well as security for the hybrid cloud environments VMware says it wants to enable.

“We need to innovate in this layer primarily around automation and management. We need to make it cheaper to operate this new infrastructure and automation has to span all of the resources in the data center,” Paul Maritz, president and CEO of VMware, said during the keynote Tuesday, reinforcing the upcoming news. Maritz went on to explain that VMware is talking about delivering “data center management and data center automation."

Reductive Labs

New York City Training

Puppet Master Curriculum (3 Days)

This training is ideal for those who want a Puppet jumpstart. Newer members at an organization already using Puppet, or experienced sysadmins wanting to bring Puppet into their team will get everything they need to deploy solutions.

Prerequisites:

Attendees should have at least the equivalent experience of a junior Unix/Linux administrator.

Topics covered include:

Configuring Puppet and Puppetmaster
Resource Types and the Resource Abstration Layer
Virtual Resources, Exported Resources and Stored Configs
Meta-parameters, Dependencies and Events
Classes, Modules and Definitions
Tags and Environments
Puppet Language Patterns and Best Practices

The topics are covered over 3 days. Sessions will mix theory and practice, balancing lectures with hands-on exercises. (Each student should bring a WiFi enabled laptop with VMWare installed to participate in the labs.)

Pricing

$2,195.00 by September 27, 2010; $2,395.00 on or after September 28, 2010.

Event registration for Puppet Labs Training: New York City powered by Eventbrite

Tenable Network Security Podcast - Episode 48

Welcome to the Tenable Network Security Podcast - Episode 48 Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst Announcements Several new blog posts have been published this week, including: Tenable Network Security on the Inc 5000 List The... Paul Asadoorian

Zenoss Blog

Zenoss Developer IRC Session Thursday September 2

Zenoss developers will be available for questions on Thursday, September 2 at 11am EDT in the #zenoss IRC channel on irc.freenode.net (port 6667). Please drop in and bring your questions, answers, suggestions and feedback. Zenoss Developer Eric Miller will be attending and answering questions. We can discuss the Summer of ZenPacks Contest, the upcoming Free Training at Zenoss Community Day at Ohio LinuxFest or any other recent or upcoming events in the Zenoss community and anything else.

We’ll log the session and repost them in IRC if you can’t make it.

Don’t forget you can search for answers to common questions by visiting the Forums.

How to use virtualization to leap into the cloud

What’s virtualization without management? Difficult, survey says

Reflex Systems survey shows that enterprise IT managers continue to face challenges managing virtual environments.

By Denise Dubie

Virtualization has its benefits, but enterprise IT managers admit without being able to adequately manage virtual environments, those advantages can be more difficult to achieve.

Reflex Systems this week at VMworld 2010 in San Francisco released the results of a survey of 300 enterprise IT managers. The data showed that many of those polled experienced challenges when approaching traditional IT management practices in the virtual realm. And perhaps part of the reason lies in the fact that many say they have already virtualized or plan to virtualize more of their environment by year-end.

For instance, more than half of the respondents said “at least half of their business critical applications will be virtualized by the end of this year,” according to a Reflex Systems press release. That figure represents a 17% increase from current utilization, the virtual systems management and security vendor reports. Survey respondents said in addition to hypervisors they also plan to invest in virtual storage and virtual management tools in the next six months. Among the reasons cited for investing in additional management tools (above and beyond those provided by the hypervisor vendors) were performance, security and auditing/reporting, Reflex Systems reports.

Zenoss Blog

Zenoss Newsletter - August 2010

Zenoss 3.0 has been out for over a month and we have gotten a lot of feedback on the new interface, we also have released some updates and updated numerous new ZenPacks. Download Zenoss Core today and see what's new!

Free Zenoss Training at Ohio Linuxfest

Would you like to get a free day of training on how to install, configure and use Zenoss Core to monitor all your infrastructure? Then come to the Zenoss training day in Columbus, OH on Friday, September 10, 2010 from 9:00 AM - 4:30 PM. We'll be doing this in conjunction with the Ohio LinuxFest (free registration available) at Columbus Convention Center. Take a look at the schedule and sign-up today space is limited.

Tip of the Month: Writing Search Providers with Google Example

In the new Zenoss 3.0 user interface, device search is provided by the Global Device Search ZenPack. While similar in functionality to the device search in previous releases, it actually takes advantage of a new API for plugging in new search providers. There are a pair of interfaces (ISearchProvider and ISearchResult) provided by the Products/Zuul/search/interfaces.py that specifies the need to provide a few basic methods for plugging in your own search.

Summer of ZenPacks Contest

We're off to a great start to the 2010 Summer of Community ZenPacks Contest with quite a few updated and new ZenPacks. So far we have published 15 new ZenPacks developed by the Zenoss Community and we have many more coming in every day. Stop by and check them out or upload your own and earn a chance to win prizes.

2010 Trends in Open Source Systems Management

Zenoss conducted surveys on systems management in 2006, 2007, 2008 and 2009 to determine systems management usage trends among IT professionals. Visit the Zenoss blog and find out the biggest trends in Open Source Systems Management in 2010.

Thank you for your interest and support of Zenoss.

Best Regards,

Mark R. Hinkle
Vice President, Community
Zenoss Inc.
Follow me on Twitter: twitter.com/mrhinkle

Getting Started with Zenoss

Learn how to install, configure and monitor your network with Zenoss Core in this one hour webinar with live questions and answers.

Events

8/30 - 9/2
VMWorld 2010
San Francisco, CA

9/1
Overcoming the Challenges of Building and Managing Cloud infrastructures
Webinar

9/7
Getting Started with Zenoss
Webinar

9/9
Virtualize More, Monitor Everything
Webinar

9/10
Zenoss Community Day
Columbus, OH

9/10 - 9/12
Ohio Linuxfest
Columbus, OH

9/23
Virtualize More Servers...and Manage them too!
Webinar

Geek Speak from Josh Stephens, SolarWinds

The Three Legged Stool Of Vulnerability Management

Don't Fall Off The Stool When I developed the course "Advanced Vulnerability Scanning Techniques Using Nessus", I wanted to mention some of the trade-offs we make when we perform vulnerability scans using different configurations. Nessus creator Renaud Deraison helped point... Paul Asadoorian

Ten Technologies Every Network Engineer Should Know - #5 VMWare - and BTW, Hello from VM World 2010!!!

OK, so maybe VMWare isn't a technology. VMWare is a company and the technology is virtualization , but I want to be specific. If you're in IT, anywhere on the infrastructure side - network engineer, system administrator, storage administrator...(read more)

VMworld draws huge crowd, drives cloud discussion

Virtualization offers a lot of benefits, one of them being a clear path to developing a private cloud.

By Denise Dubie

Virtualization enthusiasts came out in droves Monday as VMware hosted its annual VMworld 2010 conference in San Francisco’s Moscone Center.

With more than 16,000 reported attendees, VMworld saw many shut out of sessions, due to long lines and a no standing-room only policy (everyone had to be seated). That led to some show goers passing the time with ping pong, air hockey or pool, while others lined up to get a coveted spot in the next session.

The day also featured presentations from folks such as Anil Karmel, solutions architect for the network and infrastructure engineering and production systems group at Los Alamos National Laboratory in northern New Mexico. In 2006, Karmel explained to attendees that his organization began its journey to the cloud by first implementing virtualization. He made it clear that “virtualization is not cloud computing,” but it is a great starting place for those hoping to establish a private cloud.

Other more artistic avenues also explored the “journey to the cloud.” Chalk artists created an image sponsored by CA Technologies that depicted the message “accelerate your journey to the cloud.”

And CA Technologies also drove the point home in its booth. The vendor is campaigning for IT organizations to “quit stalling” with their virtual deployments so they can expand into private clouds. With virtual sprawl comes virtual stall in some cases, but with the right technologies, processes and people, IT organizations can move past the management, security and other hurdles large virtualization deployments can represent, according to CA Technologies. (And with particular booth staff on hand, the ‘booth babe’ debate lives on at VMworld.)

What are you doing at VMworld? Which sessions did you find most interesting? What did you find disappointing? Please leave a comment here or e-mail me directly via e-mail at Denise.Dubie@ca.com.

Do you Tweet? Follow Denise Dubie on Twitter here.

VMworld draws huge crowd, drives cloud discussion

Virtualization offers a lot of benefits, one of them being a clear path to developing a private cloud.

By Denise Dubie

Virtualization enthusiasts came out in droves Monday as VMware hosted its annual VMworld 2010 conference in San Francisco’s Moscone Center.

With more than 16,000 reported attendees, VMworld saw many shut out of sessions, due to long lines and a no standing-room only policy (everyone had to be seated). That led to some show goers passing the time with ping pong, air hockey or pool, while others lined up to get a coveted spot in the next session.

The day also featured presentations from folks such as Anil Karmel, solutions architect for the network and infrastructure engineering and production systems group at Los Alamos National Laboratory in northern New Mexico. In 2006, Karmel explained to attendees that his organization began its journey to the cloud by first implementing virtualization. He made it clear that “virtualization is not cloud computing,” but it is a great starting place for those hoping to establish a private cloud.

Other more artistic avenues also explored the “journey to the cloud.” Chalk artists created an image sponsored by CA Technologies that depicted the message “accelerate your journey to the cloud.”

And CA Technologies also drove the point home in its booth. The vendor is campaigning for IT organizations to “quit stalling” with their virtual deployments so they can expand into private clouds. With virtual sprawl comes virtual stall in some cases, but with the right technologies, processes and people, IT organizations can move past the management, security and other hurdles large virtualization deployments can represent, according to CA Technologies.

What are you doing at VMworld? Which sessions did you find most interesting? What did you find disappointing? Please leave a comment here or e-mail me directly via e-mail at Denise.Dubie@ca.com.

Do you Tweet? Follow Denise Dubie on Twitter here.

splunk > blogs

What’s New on Splunkbase? PCI, Nagios, and Mapping Galore!

As our first monthly apps contest winds down (you have until tomorrow, 8/31, 11:59pm!), I wanted to highlight some of the apps that developers have added this month. This has been the best month ever for community contributions, by far.

Here are some of the greatest hits:

PCI App (Creative Commons Version) – Peter Bassill (aka BinaryArp) hacked on a newer and much improved version 1.0 of his PCI (Payment Card Industry) app in time for our Users’ Conference that took place earlier this month. And by the end of this month, he had already added 2 more revisions culminating in version 1.2 uploaded on 8/29. If you need to satisfy PCI compliance requirements, you might want to take a look.
Splunk for Nagios - Luke Harris posted his Splunk for Nagios add-on just as I was thinking about writing one myself. This is something quite a few users have requested, and now we have it, thanks to Luke. With this app, you can search Nagios alerts and notifications and graph problems over time.
Google Maps for Splunk – This add-on provides a module to display events/results of Splunk searches on a Google map. Thanks to Siegfried Puchbauer for writing up this one.

One of these may win the grand prize… or not! The contest hasn’t ended yet, and we haven’t commenced voting.

Think you have what it takes? Submit your app or add-on to Splunkbase and be eligible to win.

splunk > blogs

SplunkTalk – #12 – Double rainbow all the way across the podcast

Episode 12 brings us unparalleled agreement between Maverick and Jeff–a first in SplunkTalk history. On today’s show we answer questions about search performance, how to find “light speed” of your Splunk server, some thrilling questions on baselining and statistics, and oh so much more!. News, views, even some metrics on the Podcast–provided by Splunk!. Enjoy this week’s episode.

Episodes are recorded live every Friday at 11AM Central Time – Email us at splunktalk@splunk.com to ask questions and have them answered on air!

Enjoy listening!

OpenNMS Survey

I am hoping that my three readers will take the time to complete this short, 10 question survey on how they use OpenNMS. We are trying to get a better idea of our users so that we can tailor our work to more closely meet their needs.

12 NetIQ Events in September

September is going to be pretty busy, but lots of opportunities for you to catch up with NetIQ. For more upcoming event listings, check out NetIQ’s events page.:

Sept 1, 2010, London, UK: IDC's IT Security Conference 2010 enables end user IT professionals to discover what they should be targeting to ensure their organization's safety in a complex environment. We, with one of our customers, will be presenting a case study - more details to follow.

Sept 1-2, 2010, Singapore: We are proud to continue supporting The Future of Banking & Financial Services events organized by FST Media as they consistently provide a strong foundation for the exchange of ideas and information on business-enabled technology amongst CxOs and IT decision makers.

Sept 5-8, 2010, Durban, South Africa: NetIQ is delighted to be an exhibitor again at GovTech, South Africa’s premier conference for all stakeholders involved in public sector ICT.

Sep 7-10, 2010, Staines, UK: In this instructor-lead AppManager 7 Essentials course you will learn how to gain greater control over the IT Environment by using features such as automated detection and deployment, policy exception management, secure delegation and self-maintaining service maps. In addition, you will learn to prioritize problem response and how to map IT resources to business applications and services.

Sep 7-10, 2010, Herndon, VA: This Security Manager 6.x Essentials course is a four-day lecture style class designed to help you understand, deploy, and successfully manage Security Manager. You will learn Security Manager Architecture and how to use it to secure the organization’s computers. Through discussions, examples, and lab exercises with real world content, you will learn to defend both Windows and UNIX systems. In addition, learn how to: Architect, install, and configure Security Manager; install and configure Windows and UNIX agents; configure Change Guardian for Windows, Active Directory and Group Policies; and develop event correlation procedures.

Sept 9, 2010, Online: Recent security breaches bring an emerging trend into focus—outsiders gaining insider privileges so they can access sensitive data. Trusted insiders also present a potentially significant threat, particularly when their access rights to corporate data are inadequately controlled. Join Ira Winkler, Vice President of the Information Systems Security Association and author of Spies Among Us, and Todd Tucker of NetIQ, for Combating the Insider Threat: Vulnerabilities and Countermeasures, In this interactive webinar, Winkler will explore the evolving menace of insider threats and the effective countermeasures you can deploy to keep your mission-critical information and data secure. Furthermore, he will draw on his extensive first-hand experience with headline-grabbing security events, including the recent Twitter hacks and the ongoing WikiLeaks investigation, as he explains how outsiders can become insiders, steal information, and get away scot-free. In this webinar, you'll learn:

How to appreciate insider threats but focus on your underlying vulnerabilities.
Why technical countermeasures trump security awareness.
How to see the most common blind spots in information security.
Best practices for addressing threats to sensitive data.

Sept 14-17, 2010, Herndon, VA: With this instructor-led AppManager 7 Advanced course you can take your implementation of AppManager to the next level . Learn how to maximize your AppManager investment by using several tools in the AppManager Suite including: Control Center, Knowledge Base, SNMP Toolkit, Analysis Center and Diagnostic Console. Topics covered in this course include both advanced monitoring and troubleshooting techniques using the base AppManager application. The class employs a combination of discussion, demonstrations, and hands-on lab exercises.

Sept 21, 2010, Online: Organizations today are expected to be trusted custodians of personally identifiable information - whether portions of such customer and other internal corporate information are being shared internally among corporate users, stored on databases or backup tapes, sent over the internet to partners or customers, or housed on well-used portable devices. Data is the most valuable asset that the majority of organizations have, so guarding it effectively is a top priority. Formulating an effective line of attack for guarding this information is what this online event is all about. Join Louis Klubenspies and Scott Wilson for “NRG Energy Success Story: Rapid Results and Lessons Learned with Automated User Provisioning” to learn how NRG Energy, a Fortune 300 wholesale power generation company, leverages automated identity management solutions from NetIQ to cost-effectively address these issues. You’ll see how NRG Energy has taken a pragmatic approach to automating user account provisioning and deprovisioning, reducing excessive privileges to their Active Directory environment, managing accounts for temporary workers, and expediting other security-related processes.

Sept 22 - 23, 2010, London, UK: Gartner believes the next 18 months are crucial to the relationships between information security, risk management and the business. As organizations prepare for the return to growth they will continue to face major financial challenges. However, these challenges provide unique opportunities for security, risk and privacy professionals to become key partners in their organizations' strategies for renewed growth. This year's Summit will help you understand what you can do to protect your organization's information resources in the most efficient and effective ways and, by proactively managing risks, to enable new technology and business initiatives. The event will provide the information and networking opportunities to help you do your job better. NetIQ is a silver-level sponsor at this important event.

Sept 27-28, 2010, Baltimore, MD: The 6th Annual IT Security Automation Conference will provide public and private sector executives, security managers and staff, IT professionals, and developers of products and services with a common understanding for using specific open standards and new security technologies across various domains of interest. NetIQ will be showcasing and demoing our new SCAP Editor tool that makes creating, editing and managing XML SCAP files easier! Do stop by the NetIQ booth to find out more.

Sept 28-30, 2010, Houston, TX: NetIQ Aegis Process Automation is a three-day lecture course that will help you understand, install, and successfully use NetIQ Aegis. In this course, you will learn about the Aegis lifecycle, how to use the Workflow Designer, and process revision control. In addition, you will learn how to manage, maintain and make decisions with Aegis. Through discussion, examples, and lab exercises with real world content, you will learn how to: identify and create notification workflow processes; set user and permission sets and handle basic Aegis troubleshooting.

Sept 28-30, 2010, Staines, UK: NetIQ Aegis Process Automation is a three-day lecture course that will help you understand, install, and successfully use NetIQ Aegis. In this course, you will learn about the Aegis lifecycle, how to use the Workflow Designer, and process revision control. In addition, you will learn how to manage, maintain and make decisions with Aegis. Through discussion, examples, and lab exercises with real world content, you will learn how to: identify and create notification workflow processes; set user and permission sets and handle basic Aegis troubleshooting.

Adding Profiler Views to Orion

A lot of you are asking when Profiler and Orion are going to be integrated, and while I don’t have a date, you can see What We Are Working On. In the meantime, if you just have to have some Profiler goodness inside Orion, here is a way to do it. This is several steps long, and we are working to improve this process. I am assuming you are somewhat familiar with Orion navigation.

NOTE: While this gets Profiler views into Orion, it is far from a perfect user experience. A few caveats:

You have to log into Profiler in the same browser as Orion before these views will work
Occasionally you will break out of the Orion view into a new window or tab
There is no integrated navigation or breadcrumbs, drill downs in Profiler are generally one way.

Build a View:
In general, any Profiler view (summary, monitor, device) could be imported into Orion. However, we would recommend summary or monitor views, as they allow you to drill down to device views.

Go to Settings > Views > Manage Views
Click Add, then enter a name of the view (ex: Profiler Summary), choose Summary for Type Of View and click Submit.
Change the number of columns to 1, and width to 1000, click Submit.
Next to the Resources box, click the plus sign to add a new resource.
In the tree, open Miscellaneous folder and check Custom HTML, press Submit.
Press the Preview button at the bottom, this will take you to the view with one resource with no data.
Press Edit and change the title name to Profiler Main Console.
We will be using an iframe to connect show Profiler within a container on the screen. In this example, the link is to the Profiler Main Console, but at the end of the post I will give you some more sample URLs from Profiler.
Enter the following into the text Box:
<iframe src="http://<ProfilerServerNameOrIP>:<ProfilerServerPort>/MainConsole.do?actionName=showConsole" height= 400 width =950 name="text" id="contentFrame"></iframe>
where:
   src is the URL to Profiler
   ProfilerServerNameOrIP - the Profiler server's DNS name or IP address
   ProfilerServerPort - the port
   height is the height of the iframe
   width is the width of the iframe, generally you want this to be less than the width of the resource defined in Step 3.
   name and id are very important, make sure you copy them in there
When you are done, it should look like the image below. Press Submit.

If everything is correct, and you have already logged into Profiler in another tab, you should see something like this. Otherwise, you will see a Profiler login screen.
NOTE: Once you are successful, copy the URL of this page - you need it for the next step.

Add the new View to the list of Available items:
The view you built above is not available to be added to the menu bar until you manually add it.

Settings > Customize > Customize Menu Bars
Edit any menu bar (ex: Default Menu Bar).
Scroll all the way to the bottom of the list of Available items, click Add.
Enter a name, paste in the URL from the last step from above, and uncheck "Open a New Window", and press OK.
You should see Profiler Summary in the Available Items.

Add the new View to a Menu Bar:
You can now add any of the Profiler view you created to any existing tabs, just like any other view...

Settings > Customize > Customize Menu Bars
Edit any menu bar (ex: Default Menu Bar).
Drag and drop the new View to the menu bar, reorder as you see fit.
Press Submit under the selected items.
Next time the page refreshes, you should see the new View (Profiler Server) in the Tab.

Phew… I worked up a sweat, did you? When integration comes, all the heavy lifting will be done, so you won't have to do it.

As always, if you have any thoughts or suggestions, please let us know.

Use Cases and sample URL:

Summarize Profiler Data - show high level view of storage and virtualization
<iframe src="http://1.2.3.4:9000/MainConsole.do?actionName=showConsole" height= 400 width =950 name="text" id="contentFrame"></iframe>
Monitor Profiler events - Show Profiler event monitor in Orion
<iframe src="http://1.2.3.4:9000/EventMonitor.do?actionName=main" height=700 width =1100 name="text" id="contentFrame"></iframe>
Monitor Virtual and Physical server status
<iframe src="http://1.2.3.4:9000/ServerMonitor.do?actionName=main" height=500 width =1100 name="text" id="contentFrame"></iframe>
Run Profiler reports in Orion
<iframe src="http://1.2.3.4:9000/ReportList.do?actionName=listReports&reportListState=2" height= 400 width =950 name="text" id="contentFrame"></iframe>
Summarize your Virtual Infratructure
<iframe src="http://1.2.3.4:9000/VCConsoleServlet?state=vmware" height=500 width =1100 name="text" id="contentFrame"></iframe>
View a particular device - you must know Profiler's internal DeviceId
<iframe src="http://1.2.3.4:9000/ConsoleHostFrameServlet?DeviceId=1" height=500 width =1100 name="text" id="contentFrame"></iframe>

To build more, right click any link in profiler and copy it to a text file for review.

Tenable Network Security on the Inc 5000 List

As the CEO and co-founder of Tenable Network Security, I am very proud to announce our inclusion in the 2010 Inc 5000 list of fastest growing companies in the United States. We placed #1369 out of 5000 ranked companies. Tenable... Ron Gula

Wireshark News

Wireshark 1.4.0, 1.2.11, and 1.0.16 Released

Wireshark 1.4.0, 1.2.11, and 1.0.16 have been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available. New in 1.4.0 The packet list internals have been rewritten and are now more efficient. Columns are easier to use. You can add a protocol field as a column by right-clicking on its packet detail item, and you can adjust some column preferences by right-clicking the column header. Preliminary Python scripting support has been added. Many memory leaks have been fixed. Wireshark 1.4 does not support Windows 2000. Please use Wireshark 1.2 or 1.0 on those systems. Packets can now be ignored (excluded from dissection), similar to the way they can be marked. Manual IP address resolution is now supported. Columns with seconds can now be displayed as hours, minutes and seconds. You can now set the capture buffer size on UNIX and Linux if you have libpcap 1.0.0 or greater. TShark no longer needs elevated privileges on UNIX or Linux to list interfaces. Only dumpcap requires privileges now. Wireshark and TShark can enable 802.11 monitor mode directly if you have libpcap 1.0.0 or greater. You can play RTP streams directly from the RTP Analysis window. Capinfos and editcap now respectively support time order checking and forcing. Wireshark now has a "jump to timestamp" command-line option. You can open JPEG files directly in Wireshark. For a complete list of changes, please refer to the 1.4.0 release notes. In 1.2.11 and 1.0.16 A DLL hijacking bug described in Microsoft Security Advisory 2269637 has been fixed. See the security advisories and release notes for more details. Official releases are available right now from the download page.

CACE Pilot: Views and Capture Filters (by Joke Snelders)

Author Profile - My name is Joke (pronounced \yo-kə\ or Joan for those who do not speak Dutch). During the day, I work as a secretary for a non-profit organization providing assisted living for mentally handicapped people in the south of The Netherlands. In my spare time I like to use Wireshark. I find it interesting and necessary to monitor my home network to see what is going on. As a user I like to answer questions at the Wireshark Mailing List. What is in it for me? Well, I learn a great deal whenever I try to solve real-world... Joke Snelders

Re: RRDtool 1.4rc1 with RRDcached performance accelerator

Thanks to the upcoming World Basketball Festival, we now get a “USA” Air Jordan 2010 Team. It seems as if more people like the Air Jordan 2010 Team than the original Air Jordan 2010 because of the windowless side panels. I’m not one of those people who likes the team better; I think the original
Nike Shoes 2010 Shoes looks much better.Since this jordan Shoes Team is made for the USA team, the colorway should be clear. White can be seen on the side panels, toe, shoe laces, tongue, part of the midsole and the entire outsole. Navy blue covers the toe, heel, inner lining and above the midsole. Red accents appear on the tongue, toe, heel, lace panels and the midsole. The sneaker is constructed of perforated white leather with larger perforations placed on the side panels.

Re: RRDtool 1.4 - higher Performance and cool Features

Thanks to the upcoming World Basketball Festival, we now get a “USA” Air Jordan 2010 Team. It seems as if more people like the Air Jordan 2010 Team than the original Air Jordan 2010 because of the windowless side panels. I’m not one of those people who likes the team better; I think the original
Nike Shoes 2010 Shoes looks much better.Since this jordan Shoes Team is made for the USA team, the colorway should be clear. White can be seen on the side panels, toe, shoe laces, tongue, part of the midsole and the entire outsole. Navy blue covers the toe, heel, inner lining and above the midsole. Red accents appear on the tongue, toe, heel, lace panels and the midsole. The sneaker is constructed of perforated white leather with larger perforations placed on the side panels.

Re: RRDtool 1.3.9 a bugfix release

Thanks to the upcoming World Basketball Festival, we now get a “USA” Air Jordan 2010 Team. It seems as if more people like the Air Jordan 2010 Team than the original Air Jordan 2010 because of the windowless side panels. I’m not one of those people who likes the team better; I think the original
Nike Shoes 2010 Shoes looks much better.Since this jordan Shoes Team is made for the USA team, the colorway should be clear. White can be seen on the side panels, toe, shoe laces, tongue, part of the midsole and the entire outsole. Navy blue covers the toe, heel, inner lining and above the midsole. Red accents appear on the tongue, toe, heel, lace panels and the midsole. The sneaker is constructed of perforated white leather with larger perforations placed on the side panels.

Re: rrdtool 1.4.4 stabiliy updates and portability for Win32/OSX/Solaris

Thanks to the upcoming World Basketball Festival, we now get a “USA” Air Jordan 2010 Team. It seems as if more people like the Air Jordan 2010 Team than the original Air Jordan 2010 because of the windowless side panels. I’m not one of those people who likes the team better; I think the original
Nike Shoes 2010 Shoes looks much better.Since this jordan Shoes Team is made for the USA team, the colorway should be clear. White can be seen on the side panels, toe, shoe laces, tongue, part of the midsole and the entire outsole. Navy blue covers the toe, heel, inner lining and above the midsole. Red accents appear on the tongue, toe, heel, lace panels and the midsole. The sneaker is constructed of perforated white leather with larger perforations placed on the side panels.

Re: RRDtool 1.4.3 - bug fixes and some rrdcached improvements

Thanks to the upcoming World Basketball Festival, we now get a “USA” Air Jordan 2010 Team. It seems as if more people like the Air Jordan 2010 Team than the original Air Jordan 2010 because of the windowless side panels. I’m not one of those people who likes the team better; I think the original
Nike Shoes 2010 Shoes looks much better.Since this jordan Shoes Team is made for the USA team, the colorway should be clear. White can be seen on the side panels, toe, shoe laces, tongue, part of the midsole and the entire outsole. Navy blue covers the toe, heel, inner lining and above the midsole. Red accents appear on the tongue, toe, heel, lace panels and the midsole. The sneaker is constructed of perforated white leather with larger perforations placed on the side panels.

Continue reading other exclusive posts by Joke Snelders »

CACE Pilot: Views and Capture Filters (by Joke Snelders)

Author Profile - My name is Joke (pronounced \yo-kə\ or Joan for those who do not speak Dutch). During the day, I work as a secretary for a non-profit organization providing assisted living for mentally handicapped people in the south of The Netherlands. In my spare time I like to use Wireshark. I find it interesting and necessary to monitor my home network to see what is going on. As a user I like to answer questions at the Wireshark Mailing List.

What is in it for me? Well, I learn a great deal whenever I try to solve real-world problems. I am also a member of the NGN (the Dutch Network User's Group). I write articles about how to use Wireshark and the command line tools. And if there is still some spare time left, I like to go biking in the woods near my hometown with my husband and fellow geek.

CACE Pilot: Views and Capture Filters

CACE Pilot, a network visualization and analysis tool from CACE Techologies, is fully integrated with Wireshark.
Here you can read more about the latest release: version 2.3.

In this article I will show how to organize Views and how to add capture filters to Views.

Views
CACE Pilot is shipped with approximately 200 Views.
The Views consist of a collection of interactive display components like bar charts, strip charts, conversation rings, grids and so on.
After loading a capture file you can apply one or more Views. You can also use traffic from a live source: a wired ethernet adapter or a wireless adapter.

You can copy the Views, which you always want to use, to a custom folder.
When you want to analyze a capture file, you just have to drag and drop the custom folder on the capture file and all the Views in the folder are applied at once.

It is even more handy to create several custom folders for different companies, locations, networks and so on.
Copy the Views, you need to those folders. Next you can also set capture or display filters to those Views. These filters are saved in the Views. And again; you can apply them all at once by dragging and dropping the whole folder on a capture device or a capture file.

Enlarge the screenshot to get an idea of the custom folders.
It is also great to create folders to monitor your wired and wireless home network.

Want to see how this works?
Continue reading to see how to manage the folders and how to add capture filters.

Click on image to enlarge

Create Custom Folders
Right-click on Custom.
Select: Create Subfolder.

Click on image to enlarge

Scroll down and look for the Views you want to copy to the folders you have just created.
Select the View.
Use the CTRL-key to select multiple Views.
Right-click and select the appropriate folder.

Click on image to enlarge

Add a capture filter to a View

Right-click the View, you want to apply the filter to.
Select: User Filter
Select: Set

Click on image to enlarge

Choose one of the filters or create you own filter by hitting Add.
• Choose a name
• Select Wireshark Capture Filter (BPF)
• Add filter string

You can find more information about capture filters in the Wireshark User's Guide, the Wireshark Wiki or my previous articles about capture filter samples.

Click on image to enlarge

When you are done, drag and drop the folder to the capture device or the capture file.

Note
The filter symbols show which Views contain filters. You can also see the filter syntax on the left side.

Click on image to enlarge

Click on the banner to get a full-featured 10-day trial of CACE Pilot

Bounce and Track VMs with Free VM Console (by Josh Stephens)

Author Profile - Josh Stephens is the Head Geek and VP of technology at SolarWinds, a leading provider of network management software based in Austin Texas. Josh has extensive experience in network management systems, network engineering, and software development. His 15-plus years of experience in technology include designing and deploying advanced networks and network management systems within organizations including the US Air Force, Sprint, MCI/UUNET, and WalMart. He has received several industry certifications including those from Cisco Systems, Microsoft, and HP. Let’s face it. Virtualization, in all its glory, hasn't made managing IT environments any easier. From tracking the up/down... Denny K Miu