Planet Network Management

Zenoss Newsletter - July 2010

Zenoss Blog — Sat, 31 Jul 2010 15:55:49 +0100

This month we released a major release in Zenoss 3.0 with a major redesign of the user interface. We also included many exciting new features, many developed by our community of users:

Over 50+ New Community Developed Extensions - Including integrations with configuration tools Chef, Puppet and Cfengine for automating IT infrastructure.
Product documentation in EPUB e-book format - So you can now read documents on iPhone, iPad and more
Upgraded versions of Python (2.6) and Zope (2.12) - This should improved compatibility and performance as well as make it possible to package binaries for your favorite Linux distro (Contact community@zenoss.com if you can help)

You can download the new version of Zenoss Core 3.0 or you can request a trial of Zenoss Enterprise 3.0 on the Zenoss website.

Vote for Zenoss in the Linux Journal Readers Choice Awards

Whether you subscribe to the magazine or read Linux Journal's online content you can make your voice heard in the 2010 Linux Journal's Readers Choice Awards. Zenoss Core has been nominated in the category of Best Monitoring Tool so cast your vote today and support Zenoss.

>> Read More

Tip of the Month: Upgrading ZenPacks for Zenoss 3.0

This month's tip is a collection of documents that cover the techniques for testing and upgrading your ZenPacks for ensuring Zenoss 3.0 compatibility. Zenoss 3.0 includes a number of significant technology upgrades, especially the upgrade to Python 2.6 and Zope 2.12. To help with this transition, we've published the ZenPack Conversion Tasks for Zenoss 3.0 document in HTML, EPUB and PDF formats. This document covers the updated requirements and techniques for upgrading your ZenPacks.

>> Read More

Summer of ZenPacks Contest

To help kick off the new Zenoss 3.0 release, we've decided to help jumpstart the creation and upgrading of ZenPacks with another Community ZenPack Contest! While we've had over 40 new ZenPacks so far in 2010, we're always eager for even more so to help jumpstart the process so we're announcing the 2010 Summer of ZenPacks Contest. To make it interesting we are offering some pretty cool prizes.

>> Read More

Try... and Fly!

Test drive Zenoss Enterprise between July 30th and September 1st and you could be packing your bags for Copenhagen, Denmark to attend VMworld Europe this October. Enter to win a trip for two!

>> Read More

Thank you for your interest and support of Zenoss.

Best Regards,

Mark R. Hinkle
Vice President, Community
Zenoss Inc.
Follow me on Twitter: twitter.com/mrhinkle

Getting Started with Zenoss

Learn how to install, configure and monitor your network with Zenoss Core in this one hour webinar with live questions and answers.

Events

8/12
LinuxCon
Boston, MA

8/20
Phoenix Area VMware User Group Conference
Phoenix, AZ

8/30 - 9/2
VMworld 2010
San Francisco, CA

9/10
Zenoss Community Day
Columbus, OH

9/11
Ohio Linuxfest
Columbus, OH

Latest ZenPacks

Microsoft Message Queue (MSMQ)

WMI Data Source

Distributed Collectors

2010 Dev-Jam – Day Six

Adventures in Open Source — Sat, 31 Jul 2010 14:07:23 +0100

The last day of Dev-Jam is always about commitment – well, commits to git anyway. After a solid week doing all things OpenNMS, parting is always bittersweet.

We took our group picture late, so we’re missing Bill and Matt R. The camera is Alex’s but the photo credit goes to Jen, one of the dorm advisor’s that Alex convinced to take our picture. I was stylin’ in my Doktor Kaboom t-shirt.

After we cleaned up the Club Room, 19 of us headed over to Town Hall Brewery for our last meal together this year. I think most people felt this was the best Dev-Jam ever: great facilities, awesome bandwidth and wonderful weather.

On Saturday the shuttle picks half of us up at 9am, while the rest will leave over the course of the day (well, except for Ronny who has decided to stay another week in the US). It will be nice to be home, but I’m not looking forward to a return to the hot and humid weather I’ve managed to avoid for the last two weeks.

We should be publishing a Dev-Jam wrap up in the next week or so, and I’m already looking forward to next year.

Buzzer Beaters (by Paul W. Smith)

Love My Tool — Sat, 31 Jul 2010 09:52:39 +0100

Author Profile - Paul W. Smith, a Founder and Director of Engineering with INVENTtPM LLc, has more than 35 years of experience in research and advanced product development. Prior to founding INVENTtPM, Dr. Smith spent 10 years with Seagate Technology in Longmont, Colorado. At Seagate, Dr. Smith was primarily responsible for evaluating new data storage technologies under development throughout the company, and utilizing six-sigma processes to stage them for implementation in early engineering models. While at Seagate, he was a proud member of the team that brought the world’s first notebook disk drive with perpendicular recording technology to the market.... Paul W. Smith

Buzzer Beaters (by Paul W. Smith)

Love My Tool — Sat, 31 Jul 2010 09:52:39 +0100

Author Profile - Paul W. Smith, a Founder and Director of Engineering with INVENTtPM LLc, has more than 35 years of experience in research and advanced product development.

Prior to founding INVENTtPM, Dr. Smith spent 10 years with Seagate Technology in Longmont, Colorado. At Seagate, Dr. Smith was primarily responsible for evaluating new data storage technologies under development throughout the company, and utilizing six-sigma processes to stage them for implementation in early engineering models. While at Seagate, he was a proud member of the team that brought the world’s first notebook disk drive with perpendicular recording technology to the market.

Dr. Smith holds a doctorate in Applied Mechanics from the California Institute of Technology, a Master of Mechanical Engineering from the University of California, Santa Barbara and a Bachelor of Science in Mechanical Engineering from the University of California, Santa Barbara.

It is the spring of 1968, the waning months of my senior year in high school, and thoughts of homework and exams have given way to the giddy anticipation of the best time of any young person’s life; the summer between high school graduation and relocation to a college dorm. My school’s basketball team, the Bulldogs, has scratched and stumbled its way to the state championship game, my team-mates and I are soaked in sweat and shaking from the potent combination of fatigue and adrenaline overdose. Thirty seconds remain in the biggest game of our lives, and we trail by 2 points. As our opponents prepare to in-bound the ball, their coach shows his cards, putting his 5 best ball-handlers in the game. Scoring and defense have been demoted – the clear path to victory is simply this - dribble and protect the ball.

The ball is in play, the dribbling begins, and the five of us run around helplessly, counting backwards from 30 in our heads. 25 seconds remain, then 20, now 15. Our coach hollers “FOUL ‘EM!” and our best player takes a wild swing which appears likely to cause serious injury. Miraculously, he contacts nothing but the ball, which flies out of their point-guard’s hands and bounces straight to me. 10 seconds remain, now 5. The tick of time abruptly slows, the noise of the crowd recedes, and everything in my field of vision begins to blur. Only one thing remains sharply focused – that tiny orange ring suspended from the ceiling. Without hesitation, I turn, square up, and release my best 3-point jump shot. Moments after the ball leaves my hand, the backboard lights up, and the stunned silence of the crowed is interrupted by a clamorous wail......

“Paul, wake up, what the heck are you doing!” In a heartbeat, I am transported from the high school gym to our bedroom. Mumbling softly, I slip out of bed and retrieve my wife’s pillow from the far side of the room. I resent the fact that she does not sleep more soundly; I am disappointed that I awake before seeing my shot go in and hearing the crowd explode.

The buzzer beater is an icon of our society. It is a symbol of that perfect moment of triumph – the instant when everything changes, life goes from awful to wonderful, and one person becomes an immediate, temporary celebrity. A slow, deliberate victory holds no appeal; we either seek to shred our opponents with a fusillade of scoring, or crush them emotionally with last second, sniper-like precision. Although I never played high school basketball, I have dreamt the dream of that instantaneous change of fate many times in multiple arenas.

Over the last four decades of the 20th century, John Updike created his signature “Rabbit” books, two of which won the Pulitzer Prize. The protagonist, Harry “Rabbit” Angstrom, was a depressingly typical American male. The term “rabbit” is sometimes used in basketball to refer to a poor or novice player. An angstrom is a very small thing, and these days, we all know what “angst” is. Updike’s character was a high school basketball star who surely basked in the glory of many “buzzer beaters”, but graduated to live an unspectacular life selling used cars. His efforts to succeed are half-hearted, and he is cursed with just enough intelligence to fully grasp the emptiness of his existence. He lives his life longing for the lost glory of the “buzzer beater”, while the very skills which made it possible are slipping into decay.

Carmelo Anthony, the All-Star forward for the Denver Nuggets, was known last season for the unusual number of buzzer beaters he put through the hoop. As a highly paid professional, “Melo” is expected to be good at that sort of thing, but even in the rarefied world of the NBA he stood out. One of the promotional ads run by the league shows Anthony alone in a dimly lit gymnasium, shooting the same jump shot over and over. In a voiceover, he talks of how he relishes having the ball with the game on the line, because he has already made the shot. It is both a comment born of healthy swagger and a commentary on the power of mental and physical preparation.

The buzzer beater, then, is the intersection of a desperate situation and a lot of hard work and anticipation. Harry Angstrom failed to grasp that, and saw his dreams fade and die. Some professional athletes (John Elway and Magic Johnson come to mind) have proven that the same principles that apply in sports can lead to success in business and in life. Pros like Carmelo Anthony continue to work at turning the next buzzer beater into just another routine shot.

Buzzer beaters are in the formative stages all around us. The economy has done its part to set the requisite stage of desperation. In my dreams, I run around a dimly lit gym, shooting basket after basket with razor-sharp precision. Awake, I interview with the dashboard of my Prius, practice firm handshakes with every door handle I encounter, and make eye contact as I summarize my many talents to the family Shih Tzu. (The little guy wags his tail vigorously each time I pause, which is just a little creepy).

The scoreboard clock is counting down, the ball is in my hands, and another buzzer beater is in the making.

Continue reading other exclusive posts by Dr. Paul W. Smith »

New and Updated ZenPacks for July

Zenoss Blog — Sat, 31 Jul 2010 06:12:46 +0100

New and updated Community ZenPacks arrive all the time and we want to help get the word out on these new and useful extensions to Zenoss. Here's the list of updated ZenPacks for July:

APC PDU Aggregate A/B Monitor (NEW!): Aggregates and monitors the total AMP load from two APC PDUs.
HP Printer Trap Transforms (NEW!): Transforms JetDirect enabled printer traps into their human readable form.
MS SQL Server 64-bit SNMP(NEW!): Provides performance monitoring/graphing for 64-bit MS SQL Servers.
SNMP Location NEW!): Provides a community.snmp.LocationMap modeler that reads the sysLocation OID and moves the device to that organizer under Locations.

There are actually a tremendous number more in the ZenPack Publishing Backlog, the 2010 Summer of Community ZenPacks Contest has already had a tremendous response!

We're always happy to have more Community ZenPacks and we have a ZenPacks forum dedicated for their discussion. Email us at community@zenoss.com if you have any questions or new ZenPacks you want to send in!

Happy System Administrator Day from Zenoss

Zenoss Blog — Fri, 30 Jul 2010 20:34:29 +0100

Today is System Adminstrator Day and we would like to give everyone of you a virtual pat on the back. Being a sysadmin is tough, answering pages in the middle of the night, changing passwords for users who habitually forget them and thanklessly working weird hours to make sure maintainence windows don't affect anyone's busy work day. According to the folks that organize Sysadmin Day all System Administrators across the globe, will be showered with expensive sports cars and large piles of cash in appreciation of their diligent work.

Since you are already are getting these cool gifts we thought we wouldn't want to overhelm you:) So in the interest of not overcrowding your garage or your bank account we'd just like to wish everyone of you that keeps our web servers, printers, file servers, email and other IT services running a great day. Thanks again for your support and interest in Zenoss.

Ten Technologies Every Network Administrator Should Know - #7 SNMP

Geek Speak from Josh Stephens, SolarWinds — Fri, 30 Jul 2010 20:30:00 +0100

SNMP - the Simple Network Management Protocol - is a pretty cool protocol to get to know and no matter how well you know - it there's always a bit more to learn. As a network engineer or system administrator your first exposure to SNMP was probably...(read more)

Friday film review: "Inception" explores “The Matrix” of the mind

Network Performance Daily — Fri, 30 Jul 2010 19:37:02 +0100

A dreamy, entertaining look at the workings of the subconscious mind amid corporate espionage, dazzling scenery and some basic human emotions.

By Denise Dubie

Dreams have long been used in film to allow directors to play with the unreal, present visually stunning scenes and explore character motivation based on flashes into their subconscious mind. With “Inception,” dreams take center stage as the vehicle upon which the plot, characters and entertainment depend.

Director (and writer in this case) Christopher Nolan, of “The Dark Knight” and “Memento” fame, introduces the audience to a world of corporate crime that involves skilled players dropping into the minds of wealthy businessmen to steal their most protected secrets. It sounds involved, and it is in theory, but “Inception” offers movie-goers a mix of entertaining options without requiring them to think too much. Viewers can enjoy the cinematic beauty of the film, analyze what is dream and what is reality, or simply get lost in the fast-paced action sequences that are reminiscent of a James Bond flick. (And the formula seems to work: “Inception” to date has raked in some $251+ million worldwide since opening July 16, 2010.)

To start, “Inception” asks viewers to suspend reality themselves and believe that invading people’s minds while they sleep for the purposes of stealing their most secret thoughts is a known practice and even a lucrative profession for some, such as Leonardo DiCaprio’s Cobb. The practice is so common that businessmen with a lot on their mind actually pay experts to help them counteract such an attack with their own subconscious security teams. Using a series of needles, tubes and perfected sleep aids, these sleep thieves can get in and out of a person’s mind without seeming to leave a trace of their crime.

Case Studies: Clickability & MorphLabs

Reductive Labs — Fri, 30 Jul 2010 18:59:15 +0100

We are always eager to share the experiences our customers have using Puppet to automate their infrastructure. We recently added two more case studies.

Clickability: Puppet helps Clickability dramatically increase their speed of deployment and ensure consistency across all servers. Download the case study
MorphLabs: MorphLabs uses Puppet for configuration management automation and to quickly deliver custom cloud services. Download the case study

From the start, we saw Puppet as a key enabler of the services we offer our customers. Puppet let us deliver an easy to manage, customized system, cheaper and more efficiently compared to other configuration management tools on the market. Using anything else would consume too much time and resources for our customers.

—Guy Naor, founder and CTO, Morphlabs

There are several more case studies in the works. If you want to share details on your use of Puppet, please let us know.

Great News! WhatsUp Event Archiver was awarded the U.S. Army’s Certificate of Networthiness (CoN)

The Daily Network Monitor — Fri, 30 Jul 2010 18:11:17 +0100

As of July, WhatsUp Event Archiver, an important tool for audit requirements and regulatory compliance, has been certified for compliance with all U.S. Army and Department of Defense (DoD) standards of security, compatibility, and sustainability.

The Certificate of Networthiness (CoN Cert #: 201004611) allows WhatsUp Event Archiver to serve as an enterprise software product that can be deployed in the Army Enterprise Infrastructure Network utilized by the U.S. Army, all National Guard, Army Reserve and DoD organizations. Event Archiver enables the Army to streamline the process of clearing, collecting, consolidating, and storing log data for auditing and compliance purposes, while at the same time exceeding the strict security, sustainability, and interoperability requirements that are in place.

Event Archiver automates log collection, clearing, and consolidation as part of the WhatsUp Event Log Management Suite. The Suite also includes WhatsUp Event Analyst, for event examination, log trends analysis, and reporting; WhatsUp Event Alarm, for monitoring, alerting, and real-time notification of key events; and WhatsUp Event Rover, for on-the-fly forensics and log data mining.

To learn more about WhatsUp Event Archiver and the rest of the Event Log Management Suite, click here.

Try it free for 30 days!

Fox

Reductive Labs — Fri, 30 Jul 2010 17:00:58 +0100

2010 Dev-Jam – Day Five

Adventures in Open Source — Fri, 30 Jul 2010 16:56:49 +0100

Things are starting to blur together now, so I can’t really remember all I worked on Thursday. I know I played around more with RT, and in the early afternoon, Ethan came over and we did a podcast with John Willis and Michael Coté.

I’ll post a link when Coté puts it up, but I think it was one of my favorite podcasts of all time. Willis got to gloat when I said that I liked “the cloud” and I got to talk about some of the scalability features of OpenNMS, such as the ability to discover and manage devices with 32,000 interfaces each (virtual, of course) and a test we ran for the Department of Energy where OpenNMS was handling 125,000 syslog message a minute – more than the Netcool/Omnibus syslog probe could handle.

Oh, and OpenNMS did it for 8 straight hours before we stopped the test.

Ethan got to talk about Nagios XI and we had a friendly debate on the open source services model and the commercial software model. If you are in to that sort of thing, it will be worth a listen.

For dinner that night we ate leftovers, and then went to Big 10 for the weekly pub quiz. We started to play but got distracted by a game that Ben introduced to us called Mafia.

There is a moderator, who removes all of the aces and face cards from a standard deck, except for two aces, a king and a jack. They then add enough “plain” cards so that everyone playing gets one, and they are dealt out.

The people with the two aces are “mafia”. The person with the king is the “inspector” and the person with the jack is the “doctor”. All of the rest are villagers. The moderator then launches into a story about night falling on a village and every goes to sleep. Everyone playing shuts their eyes.

He then instructs the “mafia” to open their eyes, and then silently decide which person in the game they wish to kill. Once a decision is made, the moderator has them shut their eyes.

He then asks the “inspector” to open their eyes. The inspector can then indicate a person at the table and ask the moderator if that person is mafia. The moderator will then indicate “yes” or “no” and the inspector closes their eyes again.

Finally, the “doctor” opens his eyes and the moderator asks them to indicate if there is a person at the table they want to save, and then they close their eyes.

The moderator starts their story again, stating that dawn has come to the village, and tragically someone has died. The game is then opened up for discussion and the villagers must decide on someone to lynch. That player “dies” and the game repeats until either all of the mafia are dead or all of the villagers are dead.

If the mafia targets the person the doctor chooses to save, no one dies in the night.

It’s actually a pretty fun game. Even if the inspector knows who a mafia member is, it is doubtful that they would flatly state they were the inspector since the remaining mafia member would obviously target them next. It is also doubtful that the doctor would save anyone but themselves in the beginning (although if the inspector identified himself the doctor might protect them in the next round).

In our game the mafia targeted me in the second round, but the doctor saved me so I didn’t die (you don’t learn this during the game but I was told afterward). The villagers were victorious but it had nothing to do with me, since the final mafia member was Antonio and I kept arguing that it was stereotypical to blame the only Italian at the table.

I was wrong. (grin)

10 Upcoming NetIQ Events

NetIQ Qmunity — Fri, 30 Jul 2010 16:05:00 +0100

Time flies and August is upon us, which means it’s time for NetIQ’s guide to our upcoming conferences, webcasts, gatherings and training events where you can catch up with us and learn more about our solutions. For more upcoming event listings, check out NetIQ’s events page.

August 3-5, 2010, Tampa, FL: The 2010 LandWarNet Conference brings government and industry together to openly communicate commercial best business practices and government implementations. From rugged computers to intelligence gathering solutions, if you are looking for new products, services or solutions the LandWarNet exhibit hall is the largest and most complete defense, communications and information technology show in the Southeast US. We'll be there, on booth 1507, with a specific focus on migration and Active Directory security and automation.

Aug 3-5, 2010, Herndon, VA: This Secure Configuration Manager Essentials lecture/lab-style, three-day course will help you understand, deploy and successfully use NetIQ Secure Configuration Manager. Designed with real-world content and an emphasis on hands-on exercises, you will learn to install and use Secure Configuration Manager to examine the weaknesses in Windows, UNIX, web-server, and database systems; manage and inventory IT Assets and determine the vulnerabilities present on managed systems; apply industry standard baselines and criteria such as the SANS / FBI Top 20, HIPAA, and Sarbanes-Oxley to determine weaknesses; develop your own customized checks for specific vulnerabilities. You will also practice using features within Secure Configuration Manager to remove these vulnerabilities and lock down Windows and UNIX computers systems, IIS web-servers, and Microsoft SQL-Server database servers.

August 4, 2010, Online: NetIQ Security Manager v6.0, released in 2007, is moving to “Continued Support” status on October 29, 2010. Beyond that date, support for NetIQ Security Manager 6.0 will be limited to online support, and hotfixes and service packs will no longer be actively developed. Join us to learn how to have a successful and seamless upgrade to NetIQ Security Manager v6.5. Register now for "Maximize the Value of NetIQ Security Manager: Seamless Upgrade to 6.5" to gain valuable insight from our Professional Services experts on planning best practices and lessons learned from years of experience working with NetIQ Security Manager users just like you.

August 11, 2010, Auckland, New Zealand: We are proud to continue supporting The Future of Banking & Financial Services events organized by FST Media as they consistently provide a strong foundation for the exchange of ideas and information on business-enabled technology amongst CxOs and IT decision makers.

Aug 17-19, 2010, Herndon, VA: NetIQ Aegis Process Automation is a three-day lecture course that will help you understand, install, and successfully use NetIQ Aegis. In this course, you will learn about the Aegis lifecycle, how to use the Workflow Designer, and process revision control. In addition, you will learn how to manage, maintain and make decisions with Aegis. Through discussion, examples, and lab exercises with real world content, you will learn how to: identify and create notification workflow processes; set user and permission sets and handle basic Aegis troubleshooting.

August 24-26, 2010, Rivera Maya, Mexico: We are a gold sponsor of this years CIO Summit Latin America which will once again serve as an arena for senior level executives to engage in clear and focused dialogue with their peers and examine their management objectives in a relaxed and vibrant environment.

Aug 24-27, 2010, Houston, TX: In this instructor-lead AppManager 7 Essentials course you will learn how to gain greater control over the IT Environment by using features such as automated detection and deployment, policy exception management, secure delegation and self-maintaining service maps. In addition, you will learn to prioritize problem response and how to map IT resources to business applications and services.

Sep 1, 2010, London, UK: IDC's IT Security Conference 2010 enables end user IT professionals to discover what they should be targeting to ensure their organisation's safety in a complex environment. We, with one of our customers, will be presenting a case study - more details to follow.

Sep 7-10, 2010, Staines, UK: In this instructor-lead AppManager 7 Essentials course you will learn how to gain greater control over the IT Environment by using features such as automated detection and deployment, policy exception management, secure delegation and self-maintaining service maps. In addition, you will learn to prioritize problem response and how to map IT resources to business applications and services.

Sep 7-10, 2010, Herndon, VA: This Security Manager 6.x Essentials course is a four-day lecture style class designed to help you understand, deploy, and successfully manage Security Manager. You will learn Security Manager Architecture and how to use it to secure the organization’s computers. Through discussions, examples, and lab exercises with real world content, you will learn to defend both Windows and UNIX systems. In addition, learn how to: Architect, install, and configure Security Manager; install and configure Windows and UNIX agents; configure Change Guardian for Windows, Active Directory and Group Policies; and develop event correlation procedures.

American Airlines iPhone App

Adventures in Open Source — Fri, 30 Jul 2010 14:27:06 +0100

Just a heads up to everyone who has missed it – American Airlines has a sweet new iPhone app.

ntop on Ubuntu

NTop Blog — Fri, 30 Jul 2010 08:31:13 +0100

The ubuntu community has published a post that explains how to compile/use ntop on Ubuntu. This is the URL of the post.

Finding out who is downloading in the Network

Colasoft Blog — Fri, 30 Jul 2010 08:01:29 +0100

There comes the moment when the local network becomes very slow and they are suspicious of downloading in their network. To ensure the normal use of bandwidth, they need to find out who’s downloading in the network quickly and stop them to make sure everyone can work with efficiency. But many just don’t know how where to get started. 0

ManageEngine NetFlow Analyzer - Advanced Security Analytics Module

ManageEngine Blogs — Fri, 30 Jul 2010 06:51:40 +0100

Advanced Security Analytics Module (ASAM), is one of the most significant Add-Ons for any enterprise class network looking to utilize flow based monitoring technology. Without any additional hardware or export configurations, this simple Add-On to NetFlow Analyzer can act as your network Intrusion Detection System leveraging on the prevailing flow data collection in place.

Compelling reasons to choose a flow based security analytics system over complex and expensive signature based threat detection systems is ease of deployment and cost effectiveness. ASAM does not require any base lining period and manual intervention for it to detect network anomalies. ASAM starts reporting on anomaly events immediately after the installation of the module.

Below are the salient features of the ASAM Add-On for NetFlow Analyzer:

1. Real time threat detection

ASAM, built using the state-of-the-art "Continuous Stream Miner" technology, helps identify numerous threats in your network in real time. The underlying engine is optimized for scalability with very less memory and CPU footprints.

2. Security Snapshot Report

Security snapshot gives you a quick understanding of different types of intrusion activities over a configurable time period.

3. Highly Customizable

Discarding and White listing based on

* Security Events

* IP addresses

* Flows matching specific criteria

ASAM, giving more power to the you, helps see threats based on your specific requirements also. Ensures near zero false positives occur by filtering known good data.

Additionally ASAM does not require signature or pattern definition updates to detect security threats, instead the analytics engine is capable of identifying threats by correlating transactions using a robust "date time span offset" clustering algorithm, delimited based on active and inactive time outs and threshold violations for various flow fields.

To know more about ASAM and the anomaly types detected by ASAM, check the link here.

Try the 30 day fully featured trial of NetFlow Analyzer with ASAM Add-On. Feel free to talk to the support team for any questions on NetFlow Analyzer and ASAM.

Thanks

Raj

Download | Interactive Demo | Product overview video | Twitter | Customers

Cloudy Operations and Devops Presentation at OSCON 2010

Opscode Blog — Fri, 30 Jul 2010 01:43:33 +0100

Cloudy Operations – OSCON 2010

View more presentations from John Willis.

GPGMail 1.3.0 – Open Source In Action

Adventures in Open Source — Thu, 29 Jul 2010 23:11:25 +0100

Yes, I use a Mac. Yes, I hate freedom. Yes, I use Mail.app.

And I am a bit of a security nut.

One of the most useful pieces of software I’ve used over the years is a plug-in for Mail.app called GPGMail. It was originally written by Stéphane Corthésy and released under an open source license, and it allows one to easily decrypt, encrypt and sign GPG messages right from Mail.app.

The problem is that Apple doesn’t really have an API to make such an integration easy, so with every new release of Mail.app it would usually break the plug-in, and Stéphane was responsible to fix it.

Well, after awhile Stéphane wanted to move on to other things, and with the advent of Snow Leopard GPGMail was broken – seemingly for good.

Stéphane writes:

I’ve just read the latest emails on the list, without participating. Actually I haven’t participated to the project since a very long time, for personal reasons. Situation will not change in the future, I guess.

It’s been now 10 years since I started GPGMail. At that time we were working on Rhapsody, the ancestor of Mac OS X, the link between Mac OS 9 and Mac OS X. gpg had just gone 1.0. I started the project because it might have been a critical piece of code for us at Sen:te in the near future, and it was really fun to develop

Plugin was then made public, and received some interest in the Mac community, though it was still for geeks. Interest in PGP became bigger, the MacGPG project was born a year later, thanks to Gordon Worley. This encouraged me to go on with GPGMail development, and also MacGPG sub-projects. I spent many week-ends and nights coding for those, and have been very happy to see interest growing more and more.

Then time passed, it became hard to find people able to help on MacGPG development, and very few people were able to spend time to understand the underpinnings of (GPG)Mail, except me, unfortunately. By making the project open-source I had expected that people would come in and make the project go further. I was rather deceived by this, I must admit. There was no real momentum.

On my side, I wanted to explore also other projects, and became tired of working on GPGMail. I wanted something new. It was getting boring, I had less time to reply to user requests, and code had got very messy. GPGMail development quite stalled from that time, I spent time on it only after major system updates. I was still hoping some people would enter and help on the project in the long-term, not only for a single patch. Thus I opened up the project by putting it on SF, with a real OpenSource license that would’t prevent people from working on GPGMail.

To be honest, I waited a rather long time to upgrade to Snow Leopard specifically because GPGMail support was important to me. When Stéphane backed out of the project, the list was abuzz with people wondering about its future. Luckily, a number of people stepped up to take it over. The project launched a new website, the code and bug tracker was moved to github, and various patched versions started to come out.

Stéphane continues:

When Snow Leopard arrived, I was already spending no time on coding during spare time, and was not really willing to. Finally people entered into the dance and started coding, not only whining. And I must admit I’ve been really surprised by the results they obtained (congrats Lukas and others!). I kept telling myself I would update the project, and make a public release, when I’ll find time to, but the fact is that I cannot, for several reasons.

For so many years I’ve been hoping to find people helping me on the project in the long-term, without finding any, but now that time has come, project can fly without me. I hope there will always be enough people to take care of it. Till now, project was organized by only one person, and depended only on me. I took care of every details. It’s time to change that model and let the project be managed more flexibly. The bazaar model, as I would say.

So please, move the project out of SF, leave it opened to developers, designers, writers, aficionados of all kind. It’s no longer dependent on me, it will depend on all of you. I will close the SF project (and mailing list), and redirect the Sen:te web pages to the new site, once you completed the migration, then I’ll have a glance at the project, from time to time, probably to complain . My baby’s no longer a baby; it no longer needs me.

Thanks all for your support, and now take great care of GPGMail.

Today the team released version 1.3.0 of GPGMail, the first real release under the new model. It installed for me without incident, and I am happy that this project will live on. Thank you Stéphane and thanks to the whole GPGMail team for making this happen. Plus, none of this would have been possible if GPG itself wasn’t open source and packaged by a number of groups. Score one for the open source ecosystem.

Had GPGMail been commercial software, I would have been out of luck, but because it was open source, and that there were many who found it valuable, it lives on and propers.

Awesome.

Swinging Big

Groundwork Open Source Blog — Thu, 29 Jul 2010 22:56:12 +0100

It’s nice to be noticed. GWOS has had multiple tweets on our recent Wall Street Journal ad. Tireless Matt Assay “mjasay” has checked in, as did Erica Brescia, CEO of our partner Bitrock, and industry analyst Eric Goodness. Humbly, let me say that GroundWork Open Source is doing lots worth noticing lately.

I can’t say for sure which marketing campaigns will work and which won’t. Certainly, we swung big with our first-ever Wall Street Journal ad. But we are swinging big in a lot of ways these days - and the results are quite positive.

In June, we announced that our customer base has quadrupled in the last eight months.
On July 8, we launched V6.2, with special features for service providers and a new service from Neustar Webmetrics that allows our customers to view their internal and external monitoring side-by-side from a single console.
In another recent partnership, we’ve added Cloud Connector for Eucalyptus, which combines application and cloud health monitoring for Eucalyptus and UEC-based private clouds. It combines monitoring of private clouds and internal datacenters.
We’ve also launched a series of innovative marketing campaigns, including a program to offer free industry certifications to our new customers.
Meanwhile, we are still making GroundWork Monitor Community edition available for free for the community. We’re up to V6.0 now with more updates planned soon.

And we’re not finished by a long shot. Watch this space!

Free Online Orion NPM Customer Training

Solarwinds Orion Team Blog — Thu, 29 Jul 2010 21:27:00 +0100

One of the great benefits of Orion is that its really easy to install and easy to use. Nevertheless, new customers often find that they can get more out of the product if they invest a little time in training. Notice that I say time and not money, because SolarWinds offers quite a bit of online training for free. Here are a couple of useful resources for getting more out of what you’ve already bought.

First, we’ve got a training session that’s already been recorded. Just click on the link below and start watching.

NPM Customer Training Part 1 (90 minutes)

During this 90 minute training session we’ll cover:
Optimizing hardware configurations for Orion
Understanding Orion’s architecture
Installation, discovery, and base configuration
Leveraging the information that Orion provides

Part 1 video is here

This class was designed for existing users of Orion NPM. The training is presented by Josh Stephens (Head Geek and VP of Technology), Chris LaPoint (Group Product Manager, Network products) and Brandon Shopp (Product Manager for NPM).

Part 2 of the training hasn’t occurred yet (as of July 29, 2010). You can sign up to attend the sessions live and ask questions. Still free! Sign up soon, because we can only handle 1000 folks in a session. If we fill our sessions, we’ll schedule more. We will also send you a link to the on-demand version as soon as it is available.

Level 2- Orion NPM 10 Customer Training" (120 minutes)

Using the Advanced Alert Engine
Customizing and building reports
Advanced uses for network maps
Customization of the Orion web console
Tuning the Orion polling engine

Thursday, August 12, 2010 10:00 AM - 12:00 PM CDT, GTW Part 2 Session 1: Click here to register for session 1
Thursday, August 19, 2010, 11:00 AM - 1:00 PM CDT, GTW Part 2 session 2 : Click here to register for session 2

Service Assurance Daily’s weekly reading list

Network Performance Daily — Thu, 29 Jul 2010 18:29:50 +0100

Black Hat: U.S. Infrastructure Vulnerable to Cyber Attack

Informationweek Thursday reported that the U.S. is vulnerable to cyber attack, based on an interview conducted by Elizabeth Montalbano with Randy Vickers, director of the United States Computer Emergency Readiness Team (US-CERT), during the Black Hat Technical Security Conference. Technology advancements, such as cloud computing and mobility, cause change to the existing infrastructure, making the environment prone to potential attacks, he said.

ATM back gives cash on demand

The IDG News Service’s Robert McMillan Wednesday relayed a story, also from Black Hat, about IOActive researcher Barnaby Jack and his ability to get ATM machines to spew cash by exploiting bugs. He was also able to demonstrate how he could get the machines to record sensitive data from the ATM card holders.

IT career site Dice launches network for tech recruiters, job hunters

For IT professionals in a pinch to find work or hiring managers having trouble landing the appropriate candidates, online job board icon Dice launched its Dice Talent Network, according to Network World’s Ann Bednarz. The site will allow IT job seekers and tech recruiters to use the latest social recruiting tools such as chat or IM windows during the job search process.

Shift happens: Handling things in transition

Gartner’s Mark McDonald this week uses a clever play on words to kick off his blog about change and how business and IT leaders can better handle it – and learn how to spot it before it takes them by surprise. He goes on to point out that savvy leaders not only spot change on the horizon, but are also able to leverage the incoming shift to their business’ advantage.

Forrester Blogs: Want to be Bought? Then Talk Cloud

There is no shortage of cloud content on the Internet. This week Forrester Research Vice President and Principal Analyst Peter O’Neill explores how companies with a cloud value proposition could find themselves with a financially beneficial exit strategy – if a big player catches wind of the cloud potential. Take Nimsoft and CA Technologies, for example.

“My personal view is that Nimsoft managed to complete their exit strategy so quickly and successfully because they focused all of their new product announcements and general positioning toward the cloud,” O’Neill wrote. “Coincidentally, CA has decided to turn up the heat on its own cloud campaign and promptly bought three technology companies to strengthen the cloud offering and show their commitment – Nimsoft, Cassatt and 3Tera.”

NASA identifies Top Ten space junk missions

Network World’s Layer 8 blog shares detail’s on NASA’s contributions to junk in space. According to the report, while more than 4,700 space missions have occurred, just 10 account for one-third of all “cataloged objects currently in Earth orbit and of that, six of these 10 debris producing events occurred within the past 10 years.”

Do you Tweet? Follow Denise Dubie on Twitter here.

Ça déménage chez MERETHIS !

Centreon Blog — Thu, 29 Jul 2010 16:34:00 +0100

MERETHIS, éditeur de la suite logicielle Centreon, change de bureaux et augmente son capital. Découvrez les dernières bonnes nouvelles de l'été.

Le déménagement,

C'est en avril dernier que les équipes de MERETHIS ont fait leurs cartons pour s'installer dans leurs nouveaux bureaux de 250 m2 fraichement rénovés. Chacun a pu investir son nouvel espace de travail et le personnaliser à son goût. MERETHIS possède dorénavant un LAB où ses Ingénieurs en Recherche & Développement peuvent laisser libre court aux codes de toutes sortes : PHP, Perl, Java, C … Les Consultants Supervision ne sont pas en reste puisqu'ils ont également un espace dédié où ils peuvent préparer leurs prochaines missions. Une série de bureaux complémentaires accueillent également les Directions de Projets, Commerciale et Technique, le Marketing & la Communication ainsi que le Secrétariat. Une grande salle de formation peut accueillir maintenant jusqu'à dix stagiaires dans de très bonnes conditions.

Voici quelques photos des nouveaux bureaux :

L'accueil Les couloirs Le LAB Le bureau des consultants La salle de réunion

Nouveau capital social,

Les changements ne s'arrêtent pas là puisque lors de l’assemblée générale extraordinaire du 28 mai 2010, le capital social de l'entreprise a été augmentée de 300 000 € passant de 100 000 € à 400 000 €. Celui-ci devrait donner un nouvel élan à MERETHIS et lui permettre de continuer son développement en toute quiétude.

On peut s'attendre à ce que le reste de l'année 2010 se poursuivre dans la même direction puisque d'autres recrutements devraient avoir lieu d'ici la fin de l'année.

Côté Centreon on peut s'attendre à quelques nouveautés dans la suite logicielle mais celles-ci feront l'objet d'un nouveau billet très prochainement.

De nombreux projets devraient également donner naissance à de nouveaux produits à découvrir dès l'automne prochain.

Pour finir, MERETHIS présentera son nouveau site web : www.merethis.com.

Les équipes de Merethis vous souhaite de bonne vacances et vous donnent rendez-vous en septembre.

2010 Dev Jam – Day Four

Adventures in Open Source — Thu, 29 Jul 2010 16:05:10 +0100

This was an incredibly long and busy day.

In a normal week I think about OpenNMS a lot, but during Dev-Jam there is so much energy that I think about it more (if that is possible) and it makes it hard to sleep. I stayed up late the night before working on the new opennms.org website and I woke up around 5am and couldn’t get back to sleep for all of the new ideas swimming around my head.

So I got up, did a bunch of .com work (including payroll – it’s that time of the month once again) and wrote what may be my last post on open core (probably not, but we can always hope). I then went downstairs to join the rest of the team.

It was distracting. Mike Huot brought in his smoker and was cooking what would become our dinner and it smelled amazing. They had to start on it the night before and, to jump ahead, the results were delicious.

There was a lot of work going on, and on a whim Bill decided to discover the network we were using. Here is a screenshot of the unfiltered nodes:

I worked with Alex on RT for most of the day, and managed to take a short nap just before Ethan Galstad and Mary Starr showed up.

Ethan has been a visitor to Dev-Jam before (he lives nearby) and Mary is his business partner at Nagios Enterprises. Nagios Enterprises is Ethan’s commercial software company that builds on the open source Nagios platform to deliver an extended and supported commercial version. That differs greatly from the OpenNMS business model, so we had a lively debate about it.

First, even though Nagios is open source, Nagios XI is presented as commercial software. Just like my Hyperic example yesterday, go to nagios.com and search on “open source”. No matches. Ethan is 100% transparent about the commercial nature of his product. Nagios XI is not open core.

Second, I have often said that I see software taking two paths: either becoming a commodity or becoming open source. Ethan has structured his business around commoditizing the Nagios platform and it is priced accordingly.

Finally, people have been building proprietary software add-ons on top of Nagios for nearly a decade, and Ethan quite simply wants a part of it. As the main person responsible for the project, he has built a brand of considerable value. Just now a Google search on “Nagios” returns “About 9,470,000 results” (OpenNMS is only around 123K hits). That’s an impressive number.

It does illustrate a difference between the communities around Nagios and OpenNMS. From the moment I took over the administration of the project, I have relied heavily on the community to keep it going and make up for my considerable shortcomings. In contrast, Ethan has been the primary author of most of the Nagios core code.

He asked me point blank why we didn’t produce a commercial version of OpenNMS. I pointed out that our market was squarely aimed at “open source network management” and that we didn’t have any expertise in selling commercial software, but the truth of the matter is that I don’t feel the same ownership over OpenNMS that Ethan has toward Nagios. While The OpenNMS Group does hold 100% of the copyright, it would just seem wrong to me to build on that work and not give it back to the community, in any fashion.

If you have never met Ethan, please understand that he is one of the nicest guys I’ve met in this business, and his business partner Mary seems very competent and brings a strong business background to the company. Note that what I have written here our my thoughts on our conversation and Ethan may have a different take on some or all of them.

So we stuffed ourselves with barbecue and talked business for several hours, then Ethan and Mary left and many of the rest of the gang went off to an outdoor showing of Sherlock Holmes.

It had been a long day. I went to bed.

Web マガジン「LANch BOX 2010夏号」特集へ掲載普及期に入った仮想化技術に警鐘を鳴らす！仮想環境に求められるセキュリティの最適解を探る

splunk > blogs — Thu, 29 Jul 2010 10:30:27 +0100

国内でも本格活用期を迎えたクラウド・コンピューティング。単に仮想化技術によるシステムの統合にとどまらず、クラウドのメリットを最大限享受するための実践的な取り組みがはじまっている。一方、サーバやストレージ、そしてネットワークなど、仮想的なレイヤが新たに加わることでシステムの管理が煩雑になってしまい、これまで以上に運用に手間がかかってしまうケースも見られるようになってきた。今回は、「ITサーチ」という新しい手法を活用し、クラウド環境を効率的に運用・管理することに成功している一例として、クラウド型マーケティングプラットフォーム「スマートセミナー」を提供する株式会社シャノン　技術統括部　Platform Technologyチーム　インフラストラクチャエンジニア　藤倉和明氏に詳しく話を聞いた。

http://www.macnica.net/lanch/lanch10sm/ca01.html/

Wireshark 1.2.10, 1.0.15, and 1.4.0rc2 Released

Wireshark News — Thu, 29 Jul 2010 08:00:00 +0100

Wireshark 1.2.10 (stable), 1.0.15 (old stable), and 1.4.0rc2 (development) have been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code is now available. In 1.2.10 Several security-related bugs have been fixed. See the advisory for details. Several user interface bugs have been fixed. Bugs in the GTP, IAX2, OMAPI, PRES, SCSI, SMB, and UNISTIM dissectors have been fixed. An interoperability bug with zlib 1.2.5 has been fixed. Many other bugs have been fixed. For a complete list of changes, please refer to the 1.2.10 release notes. In 1.0.15 Two security-related bugs have been fixed. See the advisory for details. For a complete list of changes, please refer to the 1.0.15 release notes. In 1.4.0rc2 This is the second release candidate for Wireshark 1.4.0. It has many new features and supports many more protocols. Official releases are available right now from the download page.

Vote For Nagios As Favorite IT Operations Tool!

Nagios News — Wed, 28 Jul 2010 22:08:02 +0100

LinuxCon is hosting a poll on favorite Open Source tools and we're looking for the community's voice. Vote for Nagios as your favorite choice in the "Favorite IT Operations Tools" category of the LinuxCon 2010 Just For Fun poll.

Nagios Plugins 1.4.15 Released

Nagios News — Wed, 28 Jul 2010 21:50:48 +0100

The Nagios Plugin Team has just released version 1.4.15 of the Nagios Plugins. The newest release contains several enhancements, including rate calculation in check_snmp and a round of bug fixes. Download the latest plugin package at http://www.nagios.org/download/plugins and read up on what's new at http://nagiosplugins.org/nagiosplugins-1.4.15

Bay Area Training

Reductive Labs — Wed, 28 Jul 2010 20:00:46 +0100

Puppet Master Curriculum (3 Days)

This training is ideal for those who want a Puppet jumpstart. Newer members at an organization already using Puppet, or experienced sysadmins wanting to bring Puppet into their team will get everything they need to deploy solutions.

Prerequisites:

Attendees should have at least the equivalent experience of a junior Unix/Linux administrator.

Topics covered include:

Configuring Puppet and Puppetmaster
Resource Types and the Resource Abstration Layer
Virtual Resources, Exported Resources and Stored Configs
Meta-parameters, Dependencies and Events
Classes, Modules and Definitions
Tags and Environments
Puppet Language Patterns and Best Practices

The topics are covered over 3 days. Sessions will mix theory and practice, balancing lectures with hands-on exercises. (Each student should bring a WiFi enabled laptop with VMWare installed to participate in the labs.)

Pricing

$2,195.00 by September 7, 2010; $2,395.00 on or after September 8, 2010.

Event registration for Puppet Labs Training: Bay Area, CA powered by Eventbrite

Open Core is Dead

Adventures in Open Source — Wed, 28 Jul 2010 19:14:37 +0100

I was wanting to take a break from Dev-Jam to put down some thoughts I’ve been having during this recent renaissance of the “open core” debate when I realized something:

Open core is dead.

At least as a business model. While I don’t expect it to go away overnight, I do expect to see very few new companies using the model and those commercial software companies that tout themselves as open source reframing their marketing to de-emphasize it.

I base this on observations of my own market. Even though searching on “open source network management” in Google returns OpenNMS as the first hit, for years the industry press omitted us from articles on open source management to focus on three VC-backed firms: Groundwork Open Source, Hyperic and Zenoss. All of these companies are what I would classify as “open core” and it is interesting to see where they are now.

Groundwork Open Source (GWOS)

This was one of the first open core companies to try and commercialize open source projects. When it started in 2004, GWOS sold commercial software “wrappers” around a number of open source projects without releasing any open source code on their own. In 2006 they started to distribute the “Groundwork Monitor Community Edition“. After four rounds of funding, they have raised $29 million (A: $3MM, B: $8.5MM, C: $12.5MM, D: $5MM) but they still come across as a company looking for a business plan. Once known for selling software licenses in excess of six figures, they now sell a “quickstart” version for $59.

Since I am pretty much known for running my mouth, people tend to contact me with their experiences with companies in this space. I received one such e-mail a few weeks ago:

Hey, I was just told that GWOS is no longer putting out a community (free) edition. I was told this by one of their support guys, was told that was the reason why they are now releasing version 6.2 while the 6.0 CE version hasn’t been updated since December. He said they were just going to quietly “let it go to the community” … Also interesting is that the $59 “quickstart” is just that, not really meant to be production, no upgrades or updates come with that, and no guarantee that you can even purchase the upgrades later

I thought this was interesting, so I did some poking around. I found an entry on their forums (which doesn’t seem to be policed for spam anymore):

Interesting, seems like all traces of the free/community version are gone from their site. Still available on sourceforge, I’d grab the latest version while it’s still there.

Not one to just publish hearsay, I sent a note to Tara Spalding, their Chief Marketing Officer, asking if the rumors of GWOS dropping support for their community edition was true, and she replied:

Thanks for reaching out. That is untrue, and the rumor mill is pretty lame.

I replied to ask her when we could expect the next community edition, but I haven’t heard back. The latest enterprise edition is 6.2, but the last community edition is 6.0. That’s pretty high number for a VC-backed firm – most have an exit between versions 3 and 4. (grin)

I was reminded of this exchange this week when I saw a GWOS ad in the Wall Street Journal (click to embiggen):

It was about 1/6th of a page, which runs around US$40K, so it must have been important to them. Note that the term “open source” does not appear at all in the ad.

So it seems, at least on the surface, that GWOS is trying to distance itself from the term “open source”. It will be interesting to see how they deal with their name. Perhaps after all that money and all that time they will find success marketing themselves as a commercial company.

Hyperic

Another open core firm that used to be referenced a lot was Hyperic. I would often use them as an example of the problems with the “feature wall” inherent in open core solutions. The difference between Hyperic and the other VC-backed companies is in the quality of the VCs. Benchmark and Accel seem to know what they are doing. Hyperic was rolled into SpringSource just before the latter company was sold to VMWare. Thus the VCs got an exit and I assume the five founders of Hyperic did okay financially.

What’s funny is that, although Hyperic products are owned and sold by a very commercial software company now, the interest we receive on the OpenNMS and Hyperic integration has actually gone up. It seems that framing the Hyperic products in the context of commercial software has actually made the buying decision easier, and the term “open source” does not appear anywhere on their home page.

Think about that – being honest and representing Hyperic software as commercial software with an open source component (versus open source software with a commercial component) has actually increased interest.

Zenoss

Zenoss has a very popular “core” product that they publish under an open source license, coupled with a variety of “enterprise” software offerings that they price per device per year. Their enterprise “silver” package is listed at $100/managed resource. Note that this is the subscription price – that is $100/resource/year. So if we take an average OpenNMS install of 2000 devices, that would run $200,000 a year, or $1,000,000 over five years.

It is really hard to argue that a Zenoss enterprise solution is any less expensive than, say, a solution using HP OpenView. In addition, most software from HP and IBM is licensed in perpetuity: i.e. once you’ve bought it you get the right to use that version forever. It would be hard for an enterprise of any size to base its management solution on something that must be renewed year after year, with no guarantee that the price will remain the same.

Now, this is a post proclaiming that open core is dead, so I’m not here to pick on the way Zenoss prices their software. What I want to examine is the usefulness of their business model. As a VC-backed firm that has raised around $25 million, I assume the desired exit would be an acquisition. But how would one evaluate them? A number of past Zenoss commercial clients have talked to us as an option to Zenoss, simply because their revenue structure is not sustainable. In addition, as part of the OpenNMS project we are targeting those enterprise features users of Zenoss find most valuable, and we plan to offer them for free. Heck, $200,000 can go a long way toward funding a lot of custom development, so a Zenoss user could spend that money once and get what they need under a truly free and open source license. Thus the value of the Zenoss commercial software has a very short shelf life, and since they have no revenue model based on their open source software, so does the value of the company.

I think investors are wising up to this. In their latest funding round the target was $5.2MM but they only raised $4.83MM. Thus it would appear that at least one of the investors pulled out of the deal at the last minute. That was a smart move.

[Note: our goal at OpenNMS is to produce the de facto network management platform, so I'm not targeting Zenoss specifically but all commercial software vendors in this space. Our free software will continue to erode the value of their commercial software. This is also not meant to be taken as an attack on anyone who uses any of the products listed here - if it works for you, great. This is more an examination of the business of open source.]

With the backlash hitting SugarCRM and NASA spurning Eucalyptus in favor of OpenStack, it seems that the market is wising up to open core and demanding more from companies that call themselves open source. With examples like Hyperic above, it seems to be in a commercial software company’s best interest to avoid referring to their offerings as open source. It looks like Groundwork is moving down that path and Hyperic is already there.

Open core is dead.

New Features in PRTG 8 - Part 3: Introducing "The PRTG Cluster"

The Paessler CEO's Network Monitoring Blog — Wed, 28 Jul 2010 16:41:21 +0100

While the beta test of PRTG 8 is running we are posting a series of blog articles about new features! With version 8, we introduce a completely new and up-to-date feature: PRTG’s failover clustering. It is included in all licenses and enables you to set up a fail-safe monitoring system with seamless data—no more data gaps when a system crashes or when you have to restart your server (not even a software upgrade of PRTG will stop monitoring). I want to give you a little insight into what our clustering does and how to configure it easily.

Simple Failover Cluster

The most common setup is two PRTG servers running “side-by-side” in a single failover cluster. The first node is the Master Node and is responsible for the configuration, management, alerting, and reporting. If this PRTG instance should fail, e.g. due to a server crash or connectivity issues, the second node (i.e. the Failover Node) takes over the master role and continues the monitoring until the original Master Node is back online. While the second node is in Failover mode, it does not idle around waiting for something to happen. On the contrary: The Failover node monitors the same network in parallel to the Master Node, providing the same data from another perspective. So, for example, the administrator can monitor the Ping time of a device from different “corners” of the local or remote network and compare the values. To access the current status of your monitoring you can connect to the web server of both the Master and the Failover node. Both will show you up-to-date status information and will allow you to access the monitoring results of all other nodes.

Multi Failover Cluster

Using the same clustering technique, the administrator can set up a web of up to 5 nodes, all working together in one fail-safe monitoring environment. If a node fails or the server running the PRTG installation must be restarted, the other nodes continue monitoring, so you can obtain seamless data reports.

Cluster Features

PRTG’s cluster status page always shows the current cluster status clearly. In a cluster, all nodes are connected to each other, exchanging configuration data. An update of the PRTG software can be installed on any of the nodes —it will be deployed to the other cluster nodes automatically. While every node collects monitoring data in its own database, reports on these data can be generated centrally. The distributed database has another advantage: Should a server running a PRTG node core server crash, losing all data, there is still the monitoring data from all other available nodes, even if—for whatever reason—no backup can be restored for the crashed server.

In Short

PRTG 8's cluster features in short:

Fail-safe monitoring
Monitoring data from every node’s perspective
Distributed data base
Central reporting
Central notifications/alerting
Secure connections between nodes

Beta Test it Today

Why not go and see for yourself? Download the latest Beta version today and have a look! All information can be found on the PRTG 8 Beta web page.

News from the PRTG Community

The Paessler CEO's Network Monitoring Blog — Wed, 28 Jul 2010 16:40:59 +0100

Enabling its users to write their own custom sensors, PRTG offers a powerful option to extend existing network monitoring to make it even more convenient. Although PRTG offers out-of-the-box monitoring for a huge variety of devices and systems, sometimes system administrators have special requirements in very specific setups. These can be met using own script or EXE files that can be easily integrated in the central monitoring solution.

Sensors at Google Code Project

At a Google Code Project Hosting website for PRTG7 Add-ons, users share their home-made scripts and EXE files that can be used as PRTG sensors. For example, one of our most active users, Gerard Feijth, released several custom sensors during the last months, all implementing features which users had asked for in the Paessler Knowledge Base:

LastWinUpdate: This program gets the last date when Windows update was run on a specific computer in the network. It gives back the number of days, which can be used to alert the administrator when a computer was not updated for a certain time.
WinOSVersion: This sensor shows the Windows version of a computer in the network. This can e.g. be used for inventory purposes.
SSLCertExpiration: Monitors the SSL certificate of a website and returns the number of days before it expires. In combination with a threshold notification trigger, this value can also be used to alert the administrator a few days before a certificate will finally expire.
IPonDNSBL: Queries DNS black lists and checks if a certain IP address is listed there. The administrator can thus continuously check and be immediately alerted if the company’s IP address should be black listed. This is a nice feature, as usually the major part of a company’s outgoing emails will not reach the recipients as long as the sender IP is on a black list.

All these sensors and others can all be found on the CustomSensors Wiki page at Google Code.

Thank You!

A big “Thank you!” to all users that are actively involved in the development of PRTG—contributing to the Knowledge Base or sharing their program code. For us, it’s a great pleasure to be close to our customers.

Where IT budget dollars will be spent in 2010

Network Performance Daily — Wed, 28 Jul 2010 16:38:02 +0100

Computer Economics study shows Windows 7, desktop virtualization and unified communications technologies will drive IT buyers to invest budget dollars.

By Denise Dubie

IT buyers will invest budget dollars in certain technologies in 2010 and 2011, according to new research from Computer Economics, despite various IT spending reports.

According to Forrester Research’s most recent forecast, U.S. IT goods and services spending will jump 9.9% in 2010 to $564 billion. Separately, Gartner this month forecast worldwide IT spending to increase nearly 4% to $3.350 trillion in 2010, a decline from earlier projections of a 5.3% increase due to European sovereign debt crisis.

The Computer Economics Technology Trends 2010/2011 study reveals that some technologies are flying to the top of IT buyers’ priority lists. The IT research and advisory firm surveyed more than 200 IT organizations to understand how IT budgets will be invested as companies try to recover from the economic recession.

2010 Dev-Jam – Day Three

Adventures in Open Source — Wed, 28 Jul 2010 04:25:32 +0100

I am happy to announce that I was finally able to get the new www.opennms.org website to a point where it could go live. We started this process nearly a year ago and managed to get the www.opennms.com site finished early in the year, but for a variety of reasons we just couldn’t finish the other one.

Outside of cosmetic changes, not much has changed. At the heart of the site is still a wiki, but we wrapped a few information pages in front of it to help introduce people to the project.

There is also a tighter coupling between the .org and the .com sites, but we will strive to keep the commercial content on .com and the project content on .org. I do hope that this will end the occasional question we get on the mailing lists about whether or not one can get commercial support for OpenNMS, however.

I’ve been pretty heads down on the site, so I’m not sure what everyone else has been working on, but there is a scratchpad page that is tracking some of it.

Dinner was catered by Brasa and most agree that it was in the top five Dev-Jam meals of all time.

2010 Summer of Community ZenPacks Contest

Zenoss Blog — Wed, 28 Jul 2010 04:03:10 +0100

To help kick off the new Zenoss 3.0 release, we've decided to help jumpstart the creation and upgrading of ZenPacks with another Community ZenPack Contest! While we've had over 40 new ZenPacks so far in 2010, we're always eager for even more so to help jumpstart the process so we're announcing the 2010 Summer of ZenPacks Contest. Last year we had over 50 entries in the contest and we'd love to triple that number this year, so we're tripling the number of prizes with 3 Grand Prizes and 12 Runner-Ups!

What is the Submit a ZenPack Contest?

Community contributed ZenPacks have typically consisted of new monitoring solutions, but did you know that ZenPacks can do even more than that? We’re looking for as many useful submissions as possible, monitoring something not yet covered, improvements to existing ZenPacks or extending Zenoss to provide new functionality. It doesn’t have to be overly complex, but don’t let that stop you from going wild! And to mark the new Zenoss 3.0 release, we're giving credit to entries that simply take the existing ZenPacks and test and verify that they work with the new release. There are a lot of ZenPacks that are being tested or have yet to been submitted to Zenoss for hosting, so this contest is your chance to show off your chops and possibly win a great prize or two!

The Prizes

There are three Grand Prizes of the Dell Streak, a 5" mobile web tablet running the Open Source Android operating system. They are unlocked for use with different phone networks and can be used as media tablets, GPS units or as mobile wireless devices. We will be giving away three of them to the authors with the most interesting and/or useful ZenPacks, chosen by our judges.

The winners of the Runner-Ups prizes will have their choice between 2 great prizes, either the GuruPlug Server PLUS or the Netgear N600 Wireless Dual Band Gigabit Router. The GuruPlug Server can be used as an embedded server for a wide variety of purposes, running Linux in a tiny form factor. The NetGear wireless router can be flashed to use the Open Source DD-WRT firmware to maximize the feature set. Since you can win more than one prize, we figured it was best to have multiple options for your prizes.

The Rules

ZenPacks entered into the contest must be Zenoss 3.0 compatible .EGG files with full source (2.5 and earlier compatibility is appreciated if possible). So that we would be able to potentially include the ZenPack in a future release of Zenoss, please consider filling out our Contribution Form. If you’ve previously filled it out, you do not need to do so again. Send an email to community@zenoss.com with the title “Submit a ZenPack Contest” with your name, the attached ZenPack and any documentation you would like to include. Submissions for the Zenoss Submit a ZenPack Contest are open until September 30th at which time our judges will select the three grand-prize winners and 8 runner-ups and and draw randomly from all entries for the other 4 prizes. Multiple entries are allowed and encouraged. You will get one entry for each ZenPack submitted. Updating existing and previously submitted ZenPacks also counts as an entry, we encourage you to test and upgrade existing Community ZenPacks. If you have any questions or need any clarifications, please send them to community@zenoss.com.

ZenPack Developer Resources

ZenPacks: List of Community, Core and Enterprise ZenPacks
ZenPack Development: ZenPack developer documentation
zenoss-zenpacks: ZenPacks forum/mailing list
ZenPacks.Zenoss.Org: Community ZenPack Repository
Tip of the Month: Upgrading ZenPacks for Zenoss 3.0
Zenoss Developer's Guide

OpenNMS Training Available 20-24 September

The OpenNMS Blog — Wed, 28 Jul 2010 01:14:47 +0100

The OpenNMS Group is happy to announce that the popular Basic and Advanced Training courses will be available the week of 20 September 2010.

Please check out the website for full details, and hope to see you there.

OpenNMS Sponsors Ohio LinuxFest 10-12 September

The OpenNMS Blog — Wed, 28 Jul 2010 01:12:30 +0100

OpenNMS is a Gold Sponsor this year of the popular Ohio LinuxFest conference to be held in Columbus, Ohio the weekend of 10-12 September.

Come on out and visit the OpenNMS booth to meet some of the people who make the project possible.

Dev-Jam 2010 – July 26-30 at the University of Minnesota

The OpenNMS Blog — Tue, 27 Jul 2010 23:13:12 +0100

The fifth annual Dev-Jam OpenNMS developers conference will be held at the University of Minnesota, Twin Cities campus the week of July 26th. Over 20 developers from six countries are expected to spend a week focused on the goal of making OpenNMS the de facto network management application platform of choice.

DMTF President: “People clamoring for cloud standards”

Network Performance Daily — Tue, 27 Jul 2010 21:22:04 +0100

The Distributed Management Task Force's efforts to develop a standard interface for cloud computing attract key players, promise results sooner.

By Denise Dubie

In April 2009, the Distributed Management Task Force (DMTF) launched its Open Cloud Standards Incubator to begin work on developing interoperability standards for cloud providers. The efforts thus far delivered several white papers detailing uses cases, architecture and service models for cloud computing and recently resulted in the formation of the Cloud Management Workgroup (CMWG). DMTF President Winston Bumpus says the momentum of the standards work is strong, thanks in part to key players coming to the table and agreeing to collaborate on interoperability – even with competitors.

Can you tell me a bit about the progress the DMTF has made with cloud computing standards in the past year?

We have been working on this incubator for a little more than 12 months. The intent was always to get the industry together and look at how we can solve interoperability issues around cloud computing. Our efforts are particularly focused around Infrastructure as a Service (IaaS) because that is where the DMTF has been focused in the past. It enables us to take what we have already done in the realm of servers, storage and virtualization management and just move it up to the next level. We are really all about distributed infrastructure management so extending standards to the cloud is a natural next step for us.

Critical Data leak may be your next PR nightmare!

NetIQ Qmunity — Tue, 27 Jul 2010 19:33:00 +0100

Users with unnecessary access to critical data are increasingly becoming organizations’ worst nightmare. Too many privileged users are bad for security – that’s why so many regulations focus on controlling access to critical data. With the recent leak of sensitive and classified military documents (which were accessed by someone who may not have required elevated access, or who gained that unauthorized elevated access), we find the concept of privileged users and critical data front and center again.

When it comes to controlling access to critical data, you should start with users and their privileges. As organizations increasingly rely on their investment in Active Directory to act as the authoritative source for identity and access management, it stands to reason that examining Active Directory is a logical place to start.

Natively, Active Directory lacks the controls necessary to granularly control elevated permissions and audit privileged user activity. So, as you think about securing access to critical data via Active Directory, it’s important to consider:

Reducing administrative access for unnecessary users – your risk of a critical data breach or security incident increases greatly as the number of domain administrators increases. Look for a solution that can help you granularly delegate administrative privileges for only the access that users require to perform their job function.
Deviation from process – your ability to reduce risk exposure after a security breach is dependent on knowing that an incident occurred. The longer an incident goes undetected, the greater chance you have of hearing about it on the news. By that time, your PR nightmare has begun! Look for a solution that will monitor for unauthorized change and alert you when something happens that is outside of your standard process.
Tracking privileged user activity – how quickly you can perform forensics after a security incident is directly related to your ability to find information about what the privileged user in question did with their access. Look for a solution that can easily produce audit reports that show who did what, when they did it, and where a privileged user accessed information.

Critical and sensitive data needs to be secured at all times. Criminal motivations for accessing and distributing sensitive information are constantly evolving. Whether for political or monetary gain or to simply make a statement, there are folks out there who want your organization’s critical data. It is up to the organization to protect their critical data. The most effective way to stay out of the news begins with examining who has access and then putting controls and notifications in place to detect when deviation from process occurs.

2010 Dev-Jam – Day Two

Adventures in Open Source — Tue, 27 Jul 2010 18:37:16 +0100

I’m not sure how much blogging I’ll be able to do this week, since it is way more fun to hang out with the gang, but I thought I needed to post at least one picture.

Thanks to Chris Rodman and Papa Johns sponsoring dinner, we were inundated with pizza and wings yesterday and it was nice to be able to eat without interrupting work.

We Got Yer App Contest Right Here

splunk > blogs — Tue, 27 Jul 2010 18:16:22 +0100

Brothers and sisters of the Splunk persuasion, I present to you the Splunk App-of-the-month contest!

*Applause*

This is not your hipster’s app contest – this is a contest about Getting. Stuff. Done.

*Applause*

This is a contest about taking all the cool stuff you already do with Splunk, and showing it off for the world to see! On Splunkbase!

*Applause*

This is a contest about rewarding those who create the coolest, most useful apps on Splunk – and everyone’s a winner!

*Applause*

So come one, come all, package your field extractions, views, dashboards, scripted inputs, and other Splunk mods into apps or add-ons for Splunkbaaaaaaaase! Contest begins on August 1 – enter as often as you wish!

Graphing multiple data points on a single graph with the UnDP

Solarwinds Orion Team Blog — Tue, 27 Jul 2010 16:44:56 +0100

Technorati Tags: SolarWinds,SolarWinds Orion NPM,SolarWinds Orion,Universal Device Poller

Some of you may already be familiar with this feature, but for those of you that are not, this is a handy little gem. We often hear requests for the ability to put multiple data points on to a single chart/graph and while we have this on our list of items to make easier and more robust in the product going forward, you can accomplish this today on a single node leveraging the Universal Device Poller (UnDP). For those of you not familiar with the UnDP, check out this tutorial here for more info.

A couple examples of what you may want to do with this are graphing utilization of multi-core CPU’s or looking at multiple interface utilization. I have put example screenshots of both of these below.

Ex. Multi-Core CPU Utilization

Ex. Multiple interface utilization

Now, we’ll get to the details on how to accomplish this with Orion. You can do in 9.5 and 10.0.

Remote Desktop to your Orion server and launch the Universal Device Poller application and create a new Universal Device Poller
Specify the MIB or OID you wish to poll. Note this only works with polling a table
Assign to the nodes you want to poll this information from
Select where you want this data to appear, most likely this is going to be as a chart on the node details page
Log into the Orion web console and navigate to one of the nodes you assigned the Universal Device Poller to and click Edit in the upper right hand corner of the resource
Within the edit dialog you can modify multiple parameters to you preference including:

A more user friendly resource title name
Which items from the table you want to be graphed on this chart
Select the chart format of how you wish it to be displayed within the graph
Time period and sample period for the chart graph

Enjoy!

Here is another example of the same above interface utilization chart, but as a line chart instead of a bar chart.

Also, here are some of the OID’s we use to gather some of the more common statistic in Orion which you may find useful here.

Windows CPU & Memory:

hrProcessorLoad 1.3.6.1.2.1.25.3.3.1.2.
hrMemorySize 1.3.6.1.2.1.25.2.2.0
hrSWRunPerfMem 1.3.6.1.2.1.25.5.1.1.2.

Interface Errors and Discards:

ifInDiscards 1.3.6.1.2.1.2.2.1.13.
ifInErrors 1.3.6.1.2.1.2.2.1.14.
ifOutDiscards 1.3.6.1.2.1.2.2.1.19.
ifOutErrors 1.3.6.1.2.1.2.2.1.20.

Interface Bandwidth:

32bit Counter based

ifInOctets 1.3.6.1.2.1.2.2.1.10.
ifInUcastPkts 1.3.6.1.2.1.2.2.1.11.
ifInNUcastPkts 1.3.6.1.2.1.2.2.1.12.
ifOutOctets 1.3.6.1.2.1.2.2.1.16.
ifOutUcastPkts 1.3.6.1.2.1.2.2.1.17.
ifOutNUcastPkts 1.3.6.1.2.1.2.2.1.18.

64bit Counter based

ifHCInOctets 1.3.6.1.2.1.31.1.1.1.6.
ifHCInUcastPkts 1.3.6.1.2.1.31.1.1.1.7.
ifHCInMulticastPkts 1.3.6.1.2.1.31.1.1.1.8.
ifHCOutOctets 1.3.6.1.2.1.31.1.1.1.10.
ifHCOutUcastPkts 1.3.6.1.2.1.31.1.1.1.11.
ifHCOutMulticastPkts 1.3.6.1.2.1.31.1.1.1.12.

New Features in PRTG 8 - Part 2: New Native Linux and Mac OS Sensors

The Paessler CEO's Network Monitoring Blog — Tue, 27 Jul 2010 15:57:54 +0100

While the beta test of PRTG 8 is running we are posting a series of blog articles about new features! Monitoring Linux systems was already possible in earlier versions of PRTG (an “SNMP daemon”, like net-snmp had to be installed on the machines). In version 8, PRTG now monitors Linux systems using dedicated sensors supporting Linux/Unix and also Mac OS X without the need to install or change anything on the target machines.

SSH, WBEM, or SNMP

Using the technologies SSH or WBEM, PRTG requests information about CPU load, memory status or hard disks directly from the systems. When SSH is used, the data is sent via a secure connection, ensuring you do not compromise the security of your systems while transferring monitoring data via the network.

New Sensor Types

With version 8, we’re proud to introduce 9 new Linux/Unix sensors:

Linux Disk Free Sensor via SSH, WBEM or SNMP
Linux Load Average Sensor via SSH, WBEM or SNMP
Linux Meminfo Sensor via SSH, WBEM or SNMP

We are testing these new sensors to support as many popular Unix operating systems as possible. Although we call them “Linux sensors” in short, the SSH sensors also support Mac OS X, so you can now easily integrate Macintosh monitoring into PRTG. Note: Other Unix/Linux-like operating systems may be added soon, too.

Beta Test it Today

Why not go and see for yourself? Download the latest Beta version today and have a look! All information can be found on the PRTG 8 Beta web page.

New Features in PRTG 8 - Part 2: New Native Linux and Mac OS Sensors

The Paessler CEO's Network Monitoring Blog — Tue, 27 Jul 2010 15:01:33 +0100

SSH, WBEM, or SNMP

New Sensor Types

With version 8, we’re proud to introduce 9 new Linux/Unix sensors:

Linux Disk Free Sensor via SSH, WBEM or SNMP
Linux Load Average Sensor via SSH, WBEM or SNMP
Linux Meminfo Sensor via SSH, WBEM or SNMP

Beta Test it Today

Why not go and see for yourself? Download the latest Beta version today and have a look! All information can be found on the PRTG 8 Beta web page.

Tip of the Month: Upgrading ZenPacks for Zenoss 3.0

Zenoss Blog — Tue, 27 Jul 2010 04:31:46 +0100

To help with this transition, we've published the ZenPack Conversion Tasks for Zenoss 3.0 document in HTML, EPUB and PDF formats. This document covers the updated requirements and techniques for upgrading your ZenPacks.

The Python 2.6 upgrade specifically changes a number of APIs that some ZenPacks used (ie. replacing SimpleJSON with JSON) and 2.5 and earlier ZenPacks will need to be recompiled from Python 2.4 at a minimum. Some ZenPacks may work by renaming them and removing the "py-2.4" from their names (ie. "ZenPacks.community.Blah-1.0-py2.4.egg" to "ZenPacks.community.Blah-1.0.egg"). This technique is not recommended except for testing basic compatibility, but works with some simple ZenPacks.

If you are still using .ZIP-style ZenPacks, these were deprecated in the Zenoss 2.5 series and are no longer supported with Zenoss 3.0. To upgrade these, please refer to the Migrating ZIP ZenPacks to EGGs document for instruction.

Community ZenPacks that are currently known to have Zenoss 3.0 compatibility issues are documented here: 3.0-Incompatible Community ZenPacks

Please check the zenoss-zenpacks forum for ZenPack upgrade discussions and the ZenPack Development development area for futher documentation. Please send any updated ZenPacks to community@zenoss.com and we'll help get them published.

Practical TCP Series – The TCP Window (by Chris Greer)

Love My Tool — Tue, 27 Jul 2010 00:19:23 +0100

Author Profile - Chris Greer is a Network Analyst for Packet Pioneer. Chris has many years of experience in analyzing and troubleshooting networks. He regularly assists companies in tracking down the source of network and application performance problems using a variety of protocol analysis and monitoring tools including Wireshark. When he isn’t hunting down problems at the packet level, he can be found teaching various analysis workshops at Interop and other industry trade shows. Chris also delivers training and develops technical content for several analysis vendors. Chris can be contacted at chris (at) packetpioneer (dot) com. Download the sample trace... Chris Greer

Practical TCP Series – The TCP Window (by Chris Greer)

Love My Tool — Tue, 27 Jul 2010 00:18:43 +0100

Author Profile - Chris Greer is a Network Analyst for Packet Pioneer. Chris has many years of experience in analyzing and troubleshooting networks. He regularly assists companies in tracking down the source of network and application performance problems using a variety of protocol analysis and monitoring tools including Wireshark. When he isn’t hunting down problems at the packet level, he can be found teaching various analysis workshops at Interop and other industry trade shows. Chris also delivers training and develops technical content for several analysis vendors.

Chris can be contacted at chris (at) packetpioneer (dot) com.

Download the sample trace file for this article here.

The TCP Window may be one of the most critical parts of the data transfer process to understand, especially in data centers where backups are a daily process. In data centers today, the availability of massive bandwidth and high speed links makes it easier than ever to provide several Gigs of throughput between application servers and backup servers. With WAN connections getting larger, faster, and more efficient, end users have access to more throughput than ever before.

With all this cutting edge technology available, it is a wonder why some applications sill seem to lag. Even backups over 10Gig links can still take hours and hours. One of the causes of delay in some data transfer applications is the TCP Window. Some applications are still using a legacy TCP stack that was written for networks back in the 80’s, when a 2,400bps dialup seemed like a speedy connection. Some applications today have ignored the impact that the TCP Window has on data transfer, and network engineers may skip the transport layer when troubleshooting slow backups and application delays. In this article we will clearly define the TCP Window, look at how it can impact performance, and show how this can be monitored using Wireshark.

What is a TCP Window?

When discussing TCP Windows, we are most often referring to the TCP Receive Window. Simply put, a TCP Receive Window is a buffer on each side of the TCP connection that temporarily holds incoming data. The data in this buffer is sent to the application, clearing more room for incoming data. If this buffer fills up, the receiver of the data will alert the sender that no more data can be received until the buffer is cleared. There are several more details involved, that that is the basic function. A device advertises the current size of its TCP Window in the TCP Header information.

In the screenshot above, the sender of this packet is telling the other side of the connection that it has a TCP receive buffer of 65,535 bytes. This is the maximum standard TCP Window Size. There are options within TCP to make it bigger, but for now let’s work with this as a maximum.

Each side of the TCP connection has its own TCP Receive Window. So at any point, these two windows may be different. For example, a web server often sends data to users, instead of receiving data from users. For this reason, a web server doesn’t need as large a TCP Window as a user may need. So the web server may advertise a receive window of 8192 bytes, while the client has a window of 65,535.

How can a TCP Window impact performance?

During a file transfer, data is flowing from one machine to another. The receiver of the data needs to keep it’s TCP Window from dropping down to zero, indicating that the windows has filled. If a TCP Window ever goes to zero, or gets close to zero, this alerts the sender of the data that no more room is left in the receiver for more data. File transfer will be halted until an update is sent showing the buffer has been cleared.

In the sample trace file for this article, there is an example of a dropping TCP Window that eventually halts the file transfer. (Note: This trace file was sliced, so Wireshark will tell you that the Packet size was limited on the large packets) In the trace, look at the window size of packet number 72. Data is flowing between the two machines, then in this packet we see the TCP window start to drop from the maximum of 65,535. The traffic doesn’t stop though. As we look at all packets from this machine (the receiver of the data) we see that the TCP Window continues to drop. Finally in packet number 138, it advertises a receive window of 2299. We see one more full size data packet, then the sender halts for 19 msec. It can’t send any more data because the TCP Receive Window on the receiver is full.

We see a 19mSec delay, after which the client sends an ACK with an updated TCP Window of 65,535. It cleared the TCP Receive buffer and it is ready for more data. The data source then fires away with more data. It may not seem like 19mSec is much time, but if we suffer this delay thousands, if not hundreds of thousands of times during a backup, this can cause hours of delay.

What can we do about it? If an application is using a full size window, and this is still not enough, there is little we can do from an analysis standpoint other than put the blame in the right place. That is, unless you are intimately familiar with the code of the application and feel comfortable rewriting it.

A TCP Window is connection based. If other TCP connections are in progress between the two machines, a halted window in one connection will not halt other connections. So in multi-threaded applications, data can still be moving on other connections while another is recovering.

Using Wireshark, how can I monitor the TCP Window?

During large file transfers, keep an eye on the TCP Window being advertised in the TCP ACK packets of the receiver. There are a few ways to do this with Wireshark. By default, the TCP window of the packet sender is displayed in the info summary view for each ACK packet.

Another way to show this is by using the I/O Graphs looking for the TCP Window Size to drop. To do this, use the tcp.analysis.window_update filter. Try it with the sample trace file using these settings.

This graph shows the full size TCP Window dropping to nothing several times. While the window is down near zero, data is halted while the sender waits for the receive buffer to clear. Watch for these dips during large data transfers. The I/O graph makes them easier to see than combing through packet by packet!

If there are any questions about the sample trace file, or more about the function of the TCP Window, feel free to email or comment.

The next article in the TCP Series will feature sequence and acknowledgement numbers.

Thanks for all the feedback on this series!

Continue reading other LoveMyTool posts by Chris Greer »

Cloud management standards efforts progress

Network Performance Daily — Mon, 26 Jul 2010 22:58:58 +0100

Distributed Management Task Force announces incubator documents, establishes workgroup.

By Denise Dubie

The Distributed Management Task Force (DMTF) Monday announced progress in the group’s efforts to create standards for interoperability and manageability in cloud computing environments, advancing an initiative started in 2009 as cloud hype began to escalate.

IT management standards and cloud computing

The DMTF made available two new documents produced by the group’s Open Cloud Standards Incubator. The documents, “Use Cases and Interactions for Managing Clouds” and “Architecture for Managing Clouds,” are meant to describe standardized interfaces and data formats to manage cloud environments.

Cloud management standards efforts progress

Network Performance Daily — Mon, 26 Jul 2010 22:58:58 +0100

Distributed Management Task Force announces incubator documents, establishes workgroup.

By Denise Dubie

IT management standards and cloud computing

The DMTF made available two new documents produced by the group’s Open Cloud Standards Incubator. The documents, "Use Cases and Interactions for Managing Cloud" and “Architecture for Managing Clouds,” are meant to describe standardized interfaces and data formats to manage cloud environments.

Max What?

splunk > blogs — Mon, 26 Jul 2010 22:11:19 +0100

Is it possible to configure anything beyond the basic time-based or size-based policies for the content in the Splunk datastore? Yes, it is. In fact, there are so many knobs and dials, it may not be easy to distinguish which parameters do what. The parameters live in indexes.conf and have sadistically similar names–maxDataSize, maxTotalDataSizeMB, maxMemMB.

First, when setting up retention/archival policy, it’s helpful to understand the basics of how Splunk manages data. Then below is a visual to help match the exact configuration parameter you need to adjust for controlling the flow of data from one stage to the next.

For most environments, the parameters you will likely need to adjust are few:

maxTotalDataSizeMB – to apply a size-based retention policy
frozenTimePeriodInSecs – to apply a time-based retention policy
maxWarmDBCount – to split the hot/warm and cold directories among separate partitions

Currently, it is possible to set maxTotalDataSizeMB (size-based policy) and maxDataSize (bucket size) via SplunkWeb under Manager > Indexes > MyIndex. All other parameters are set using indexes.conf. Here is a simple example:

[myLovelyIndex]
# set directory location of hot/warm, cold and thawed
homePath = $SPLUNK_DB/lovelydb/db
coldPath = /path/to/another/partition/lovelydb/colddb
thawedPath = /my/computer/lovelydb/thaweddb
# set time-based policy of 1 year
frozenTimePeriodInSecs = 31556926
# set size-based policy of 1 TB
maxTotalDataSizeMB = 1048576
# do not delete cold dbs, instead move them to slower storage
coldToFrozenScript = moveToSlow.sh

For more advanced configurations and backup purposes, the full set of parameters will empower you to take advantage of Splunk’s flexible data management.

Chef Java Configuration on Google App Engine

Opscode Blog — Mon, 26 Jul 2010 21:23:18 +0100

Using tools like Chef, you can connect metal or cloud provisioning to your configuration and systems integration process. For example, you can use the tool knife to provision cloud nodes and also register them in chef. When chef takes over, these cloud nodes become managed and visible in the same console as the rest of your infrastructure. Configuration and Systems integration is not limited to solely the infrastructure layer. For example, your applications also have configuration and integration relationships that make them a useful part of your business.

This webcast will show you how to connect your applications running in Google App Engine to the Opscode Platform so that you can manage your configuration in a consistent way, across metal, IaaS, and PaaS resources, with Open Source tools.

Note: Session time has changed.

Session Date: Friday, August 6, 2010

Session Time: 8:00 am, Pacific Daylight Time (San Francisco, GMT-07:00), 15:00 GMT

Register Here!

Plugin Highlight - Web Application Tests : Load Estimation (ID 33817)

Tenable Network Security — Mon, 26 Jul 2010 20:45:43 +0100

Web application testing with automated scanners can be tricky business. While testing various target web servers, I found that some targets seemed to finish in a relatively short period, while others took days - or never seemed to complete at... Paul Davis

Getting Started with Zenoss Core Webinar July 27

Zenoss Blog — Mon, 26 Jul 2010 18:46:51 +0100

Have you recently downloaded Zenoss Core, or do you have questions about implementing the solution in your environment? If so, please register to attend our bi-weekly Getting Started With Zenoss Core Webinars. The next session is July 27th and is still open for sign-up. If you can’t make this session the next ones will be added to the schedule soon. You can register here:

Tuesday July 27, 11am EDT

Here’s what you’ll get out of the session:

An introduction to the Zenoss Community
Installing the software properly
Preparing your environment
Logging in to get started
Adding, classifying and auto-discovering your devices
Getting and staying organized
Seeing the “big picture” (dashboard, network map, event console, Google Maps, etc.)
Avoiding common mistakes

We also have a Zenoss engineer available to answer questions live – and there are usually lots of questions submitted! If you’re interested in seeing past Q&A logs, take a look at some of the previous Getting Started with Zenoss Q&A sessions where we recorded some of the questions submitted along with answers.

VMware Performance Monitoring - the Must Haves

ManageEngine Blogs — Mon, 26 Jul 2010 16:46:33 +0100

Monitoring and optimizing virtualized server infrastructure requires a different, more detailed approach from that with physical servers. While the 70+ deep VMware monitors in OpManager’s VMware monitoring add-on may seem overwhelming for some administrators, these could at the same time be insufficient for some!

If you are starting out with virtualization using VMware or are overwhelmed with the intricacies involved in diagnosing poor VM/host performance, we have just the right twenty minutes to make things easier for you. Do join us for a webinar on “VMware Performance Monitoring – the Must haves” on Wednesday and Thursday in the timings shown below and we’ll give you a quick rundown on some of the most critical parameters that need to be monitored over VMware infrastructure.

Topic: VMware performance monitoring - the Must Haves.

Schedule: Register for any one of the following sessions:

Wednesday July 28, 2010 10:00 AM - 10:30 AM CDT: Click here to register .
Thursday June 29, 2010 10:00 AM - 10:30 AM BST: Click here to register .

2010 Dev-Jam – Day One

Adventures in Open Source — Mon, 26 Jul 2010 05:33:48 +0100

Well, while not really the official start of Dev-Jam, that’s tomorrow, today was when most people showed up. Despite some travel delays due to weather, as I write this most people have arrived. Craig’s plane should be in soon and Johan should be arriving by motorcycle from Denver any minute now.

Plus, today, people actually got to see a little surprise I planned. While in Portland I got a hair cut:

Like it? It actually took about three hours, since they had to bleach my hair first for the green “swoosh” of the logo. If you want your very own OpenNMS logo, head to Bishops Barbershop on Columbia and be sure to ask for Jake. He’s the only one who would even attempt it, and I think he did a great job.

Today Mike took me to an unusual place for lunch called Brasa. It was really good, and I plan to have them cater at least one meal while we are here. Then we went to Sam’s Club and stocked up on “supplies” for the week.

Then there was a bit of downtime while we waited for others to arrive. After moving into the Yudof Hall Club Room (where we will spend most of our time) we all went out to dinner at Sally’s.

Now, time for bed.

ITWire: Review – Colasoft Capsa network analyser

Colasoft Blog — Mon, 26 Jul 2010 04:19:17 +0100

If you run any type of network infrastructure there will come a time you need a low-level packet sniffer to work out just what is going on. Colasoft's Capsa product challenges the myth these tools must be hard to use. Have you ever had users ask why is the network so slow? Chances are high any IT professional will have looked into network related faults but found it difficult to get a handle on just what is going on because Ethernet is so, well, ethereal. 0

2010 OSCON to Dev-Jam

Adventures in Open Source — Sun, 25 Jul 2010 16:07:53 +0100

Okay, I really wasn’t going to blog about this part of the trip, but it did turn into something of an adventure, so why not?

I got a notice Friday night that, due to weather in Chicago, there would be a crew delay for flights out of PDX the next morning. Since that put me on a pretty tight connection time through DFW, I called and got myself on an earlier flight. That one, too, was delayed, but it was then scheduled to leave about the time of my original flight (if it had left on time) so everything was cool.

I took the MAX to the airport, checked my bag, got put on the waiting list for an upgrade and I went to the gate.

I’m sitting there reading when I look up and there is Jesse Vincent staring at the upgrade list. I said “hi” and he looked at me, then back at the list and then said that it was rare that he wasn’t number one for upgrades. It turns out that his name was second, behind mine. Then Kevin Falcone shows up (also from Best Practical) and his is the third name on the list.

Never seen something like that before.

Anyway, so I didn’t know that another thing Jesse and I had in common was an interest in collecting frequent flyer miles and air travel in general. He’s way more of a geek at it than me – in fact he has an active Sabre account so that he has access to the same information as travel agents.

While we are sitting there, Amber Graner shows up (it was like a little OSCON). She was on her way to DFW and then Charlotte, but then had to stay one more night in a hotel since her husband’s flight from Europe was delayed until Sunday (they were to meet up and drive home together).

First Class checked in full so none up us got upgraded. I went to my seat at 21F, Jesse went to his seat at 21D and Kevin to his seat at 21C.

I had pity on the person who was to sit in 21E, since I figured Jesse and I would be talking across them the whole way, but we behaved (I got caught up on Burn Notice and watched two episodes of Dollhouse).

When we made it to Dallas, Kevin and Jesse’s original flight to Boston was backing out of the gate, so they had some time until the next one. We hit the Admiral’s Club and had some lunch, and then they took off. My own flight to Minneapolis was still an hour or so away, so I made some calls and caught up on e-mail.

As I was leaving, I noticed a couple sitting nearby traveling with two small dogs. I like dogs so I couldn’t stop myself from talking to them (yeah, yeah – I know). It turns out that they were originally from West Virginia (I spent some time in WV back in 1986) but now lived in Los Angeles, and that they traveled about as much as I do. There names were Scott and Kristan, and they had met while in WV, gotten married and now were both working in television. Since Kristan had “model” good looks I asked her if she was someone famous that I should know.

They both laughed and said, well, maybe. Kristan had worked with Rachel Ray for several years and she is a host of the HGTV show “Design on a Dime“. Since I only have “over the air” television (no cable or satellite) I could plead ignorance at least, but I must say that they were both incredibly easy to talk to, so much so that I had to run to catch my plane.

The rest of the trip was uneventful. I watched two more episodes of Dollhouse (three more to go) and while the plane was a little late as they had to route around some thunderstorms, both myself and Alex landed pretty much at the same time. Mike Huot met us at the airport and we headed toward UMN and Dev-Jam.

The Hidden Value of End User Monitoring (by Mike Canney)

Love My Tool — Sat, 24 Jul 2010 08:45:41 +0100

Mike Canney has been in the Networking industry for 22 years. In 1994 he got his hands on a Network General Sniffer and has been hooked on packet analysis ever since. Mike’s main focus for the last 14 years has been on application performance analysis and he has been solving problems and proving "It's not the Network" for hundreds of companies worldwide. When not chasing his four kids around, Mike can usually be found late nights in his office trying to come up with new approaches to solving old problems.

The Hidden Value of End User Monitoring

End user performance monitoring is currently a very hot topic amongst IT management these days. Take a quick walk around the vendor pavilion at Interop and you will count at least 5 companies touting that this is what they do and that they do it better than anyone else.

The concept totally makes sense. As a Network Engineer for that past 22 years, the ability to see what the end users are doing as well as being alerted to “slowdowns” before the phone rings is very cool. This value alone is worth investing IT budget dollars into but the real value of a solution like this is a “hidden” value.

Most of us engineers have taken calls when things were reported, as “The Network" is slow. The typical first step is to get your analyzer in place, grab trace files and begin troubleshooting. The really frustrating thing is when everything looks fine, and the problem just “magically” went away. I am sure most of you have spent countless hours troubleshooting these types of issues. I have an old buddy of mine that used to jokingly say, “Well, the Sniffer must have fixed it”. Why is this the case? Why do these problems seem to all of the sudden go away once you get your analyzer in place?

I am going to go out on a limb here and say that most of the time…

THE END USER IS NOT BEING HONEST!!! Duh!

Ok, well that may be a bit strong but I have seen in countless cases where we are proactively monitoring end user experience that help desk calls go dramatically down when the user knows that you can see what they are doing.

I had a customer tell me the other day that a user of his was constantly complaining that SAP was slow.

The user would constantly raise a stink with his management that the “network” was slow and that he couldn't get his work done because of this.

The end user knew that SAP was a hot button with management and he could get all kinds of management attention if he just mentioned the word “SAP”.

Little did the end user know that their IT staff was now watching every end user transaction on the network! This time, when he complained that SAP was slow, the network staff pulled up the end user’s transaction report at the time of the supposed “slowdown of SAP” and it showed that the user’s SAP transactions were in the 1-2 second range.

On the other hand, his FaceBook and YouTube response times were definitely slow.

How many hours do you think you have wasted over the years trying to troubleshoot a problem that never existed in the first place? To the end user, SAP was the same as FaceBook and YouTube. They were all in the “network”.

Now the fun begins: What do you think happened when their manager saw that SAP was fine but in actuality, what the user was really complaining about was his (non work related) facebook page being slow?

Exactly, no more phone calls complaining that the network was slow from this end user. Ever!

Good Luck! Have fun Monitoring! Mike.

Ask the Service Assurance expert: Technology for the people

Network Performance Daily — Fri, 23 Jul 2010 21:13:27 +0100

CA Technologies’ Russell Wilson explains why usability testing keeps management software and its features relevant to IT buyers and end users.

By Denise Dubie

IT buyers can’t tolerate technology for technology sake in 2010. That’s why experts like Russell Wilson, vice president of product design and user experience at CA Technologies, are put to work making certain products not only meet end-user expectations, but also provide ease of use.

“We cover a huge portfolio of products and we are working on the company’s user interface design strategy for CA Technologies going forward,” Wilson says. “We have been performing usability testing at shows, big and small. Our mission is that the product has to be easy to use and do the important things better than anyone else.”

For instance, Wilson and his team set up shop at the recent Cisco Live conference in Las Vegas and at mini-CA World events in Munich and London to perform usability testing with attendees at the shows. Wilson breaks down what’s involved and why usability testing is critical for a software company.

Planet Network Management

Zenoss Newsletter - July 2010

Vote for Zenoss in the Linux Journal Readers Choice Awards

Tip of the Month: Upgrading ZenPacks for Zenoss 3.0

Summer of ZenPacks Contest

Try... and Fly!

2010 Dev-Jam – Day Six

Buzzer Beaters (by Paul W. Smith)

Buzzer Beaters (by Paul W. Smith)

New and Updated ZenPacks for July

Happy System Administrator Day from Zenoss

Ten Technologies Every Network Administrator Should Know - #7 SNMP

Friday film review: "Inception" explores “The Matrix” of the mind

Case Studies: Clickability & MorphLabs

Great News! WhatsUp Event Archiver was awarded the U.S. Army’s Certificate of Networthiness (CoN)

Fox

2010 Dev-Jam – Day Five

10 Upcoming NetIQ Events

American Airlines iPhone App

ntop on Ubuntu

Finding out who is downloading in the Network

ManageEngine NetFlow Analyzer - Advanced Security Analytics Module

Cloudy Operations and Devops Presentation at OSCON 2010

GPGMail 1.3.0 – Open Source In Action

Swinging Big

Free Online Orion NPM Customer Training

Service Assurance Daily’s weekly reading list

Ça déménage chez MERETHIS !

2010 Dev Jam – Day Four

Web マガジン「LANch BOX 2010夏号」特集へ掲載 普及期に入った仮想化技術に警鐘を鳴らす！仮想環境に求められるセキュリティの最適解を探る

Wireshark 1.2.10, 1.0.15, and 1.4.0rc2 Released

Vote For Nagios As Favorite IT Operations Tool!

Nagios Plugins 1.4.15 Released

Bay Area Training

Puppet Master Curriculum (3 Days)

Prerequisites:

Topics covered include:

Pricing

Open Core is Dead

Groundwork Open Source (GWOS)

Hyperic

Zenoss

New Features in PRTG 8 - Part 3: Introducing "The PRTG Cluster"

Simple Failover Cluster

Multi Failover Cluster

Cluster Features

In Short

Beta Test it Today

News from the PRTG Community

Sensors at Google Code Project

Thank You!

Where IT budget dollars will be spent in 2010

2010 Dev-Jam – Day Three

2010 Summer of Community ZenPacks Contest

What is the Submit a ZenPack Contest?

The Prizes

The Rules

ZenPack Developer Resources

OpenNMS Training Available 20-24 September

OpenNMS Sponsors Ohio LinuxFest 10-12 September

Dev-Jam 2010 – July 26-30 at the University of Minnesota

DMTF President: “People clamoring for cloud standards”

Critical Data leak may be your next PR nightmare!

2010 Dev-Jam – Day Two

We Got Yer App Contest Right Here

Graphing multiple data points on a single graph with the UnDP

New Features in PRTG 8 - Part 2: New Native Linux and Mac OS Sensors

SSH, WBEM, or SNMP

New Sensor Types

Beta Test it Today

New Features in PRTG 8 - Part 2: New Native Linux and Mac OS Sensors

SSH, WBEM, or SNMP

New Sensor Types

Beta Test it Today

Tip of the Month: Upgrading ZenPacks for Zenoss 3.0

Practical TCP Series – The TCP Window (by Chris Greer)

Practical TCP Series – The TCP Window (by Chris Greer)

Cloud management standards efforts progress

Cloud management standards efforts progress

Max What?

Web マガジン「LANch BOX 2010夏号」特集へ掲載普及期に入った仮想化技術に警鐘を鳴らす！仮想環境に求められるセキュリティの最適解を探る