A Day in the Life of a Network Administrator X-RAY VISION WITH FLOW MONITOR About one month after we installed WhatsUp Gold, we added the Flow Monitor Plug-in Module to provide us with in-depth application monitoring, troubleshooting, and bandwidth utilization capabilities. WhatsUp Gold was working great - instead of spending half our day fire fighting network issues, WhatsUp Gold was proactively alerting us before any real fires occurred. With the addition of Flow Monitor to the mix, we were anxious to see how in-depth traffic level visibility would impact our day-to-day operations. The difference was amazing.
DAY-TO-DAY OPERATIONS WITH FLOW MONITOR
And just this month, we used the aggregated data to verify bandwidth capacity for our corporate office and links to our two branch offices. Of course, some of the end users jokingly refer to Flow Monitor as “Big
Brother” because it can detect if a particular user is slowing down the network with video downloads, talking on Skype, or using a file sharing application. We also know exactly who is streaming audio on their computers, which we normally allow for, except during our peak season.
QUICK DEEP-DIVE ON NETWORK ISSUES In the past 5 months, Flow Monitor has helped us out of quite a few traffic jams – enabling a quick deep dive into the underlying causes of our network slowdown. We recently we set up new company wide anti-spam software solution with the most up-to-date anti-spam signature libraries stored on our corporate servers. After the installation was complete, we noticed that the link to the branch office was experiencing high utilization nearly every hour. Flow Monitor quickly detected that client machines from the remote sites were communicating with the anti-spam server for updates - all at the same time. Problem solved. We staggered the update requests over the span of a few minutes and eliminated the utilization bottleneck. Another incident occurred when we relocated our finance and accounts staff from one floor on our office to another. The move required a different subnet and we decommissioned an old router that we were using earlier. Unfortunately, a few of the workstations
ABOUT ME My name is Mark Brown and I’m a Network Administrator. I have a degree in Information Technology and have been in my job for almost four years.
MY COMPANY I work for a medical device and technology reseller. We have a main office and two branch offices. All together there are about 120 people, which my boss (Director of IT) and I are responsible for supporting. We do nearly half of our business online and the rest via our telesales team. For a relatively small company, we have a pretty sophisticated infrastructure and some key business apps which need to be available 24x7.
TECHNOLOGY ENVIRONMENT Our web site and app servers are located in a datacenter upstate but our Email Servers, file servers, VOIP Servers and our demo machines are located right in our server room in office. Our sales folks use Webex type conferencing facilities regularly and we moved to a VoIP system completely two years ago. Altogether we have around 30 servers, 135 workstations and phones and around 55 network devices
BEFORE AND AFTER For the last six months, we’ve been using a network and systems management solution called WhatsUp Gold. It basically runs our network infrastructure, so I can focus on what I need to get done. I used to be forever behind schedule, always playing catch up, including coming in on weekends. Now, all that has changed and it’s a great feeling personally and professionally to be ahead of what’s going on rather than being behind it.
were still configured to be part of the old network. Right after the move we saw an increase in the amount of bounced traffic between these workstations and the default gateway. Problem solved. Knowing exactly which workstation was part of the routing loops made it easy to rectify the configuration and get the new network to settle down smoothly. Another time, I arrived at work one morning and noticed there were a large number of failed connections on our main router and this pattern had persisted for a couple of hours. Flow Monitor showed that all of the transmissions were from a few IP addresses outside our network. It was a classic case of an external attack looking for vulnerable open ports on our router and firewall. Sure enough the security logs in our firewall said the same story. Problem solved. We quickly blocked the offending IP addresses and called our security services vendor for additional support. There it was – no waiting, no finger pointing and no fire-fighting.
SETTING UP FLOW MONITOR
tracking RTP traffic from/to specific hosts. And we also set up notifications to track failed connections, which would alert us to intrusion attempts.
HINDSIGHT IS INDEED 20/20 The funny thing is that we waited several years to bring on a network management tool. But once we were on it and saw its power, the transition to getting more sophisticated in our network management approach took much less time. With visibility at the level of traffic source/destinations and conversation pairs, we would have known instantly which machines were communicating with external sites located out of the country. We would also have noticed the large number of failed VoIP connections and the call quality degradation.
Flow Monitor installed in minutes and it was pretty straightforward to configure our routers and switches
WHAT’S STILL MISSING?
to send the flow management data. In fine-tuning our
Over the past 6 months, we’ve achieved a lot in terms
implementation we spent a few hours configuring Flow
of improving our network management approach and our
Monitor to gain automated insight into various traffic
chosen solution has paid for itself many times over. Now that we know exactly what network management software can do – we plan on extending our application monitoring capabilities to include Microsoft Exchange and MySQL. We will let you know how it goes.
parameters. We set up thresholds for the volume of traffic and conversations from each workstation source and key interfaces (on our router and switches). The VoIP system is integral to our business, we set up custom thresholds