Network managementThe management of today’s networks poses somecomplex problems. The initial decision of scope is a determinantof management complexity. Networking technologycan be viewed using the OSI seven layer modelMost networks are managed up to the transport layer,however, much has been written about the “cost of ownership”and “desktop management, which implies management higher up the architecture. Once a decisionabout scope has been made, the approach becomes better defined. The ISO model separates network management into five specific areas: configuration, fault, performance,accounting and security. Each area has its own special requirements.

Functional network management

The ISO network management model partitionsthe functions of network management into five conceptualareas:

Configuration Management. Fault Management. Performance Management. Accounting Management. Security Management.

Configuration managementConfiguration management exists to collect and monitor configuration information so that the effects of changes in hardware and software can be managed. Once collected, thisinformation provides the raw data from which a topographical view of the network may be constructed.

1

This view would typically include information such as:devices in the network, their version, location and unique identifiers;cabling in the network, its capacity and location; interconnections or physical relationships between devices.This information is presented typically via a graphical user interface. In the event of part of the network failing, the configuration of the network must be altered to providealternative paths for the flow of information (re-routing) and thus, avoid interruption of service.

Fault managementThis function is required to detect abnormal network behaviour. Fault management follows a sequence of actions: error detection, error diagnosis and error recovery.Error detection monitors such events as: alarm signals from network devices (when thresholds are exceeded or in the event of hardware failure), deterioration of performance, or application failures. Error detection facilities also include an error log for future analysis. Error diagnosis involves the analysis of detected errors in an effort to determine the cause of an error and a course of action to rectify it. Recent approaches to error diagnosisinclude the use of artificial intelligence techniques such asdeductive reasoning Error recovery involves a range of measures proportionalto the error’s magnitude. Simple errors may require the fine tuning of a device on the network, where more serious errors may mandate the replacement of a faulty device. Persistent performance failures are usually an indicator of poor network health. Remedying such problems typically involves re-configuration of the problematic section of the network.

Performance managementPerformance management is central to the long-term management of the network. By gathering statistical data about the behaviour of managed objects and traffic flowsbetween them, trends in network performance can be predicted.Using analytical modelling [11] potential bottlenecks, may be discovered and scenarios (such as increased traffic at various points of the network) may be assessed. Thus,performance modelling provides valuable feedback on both the short and long-term health of the network. It facilitates the proactive upgrading and reconfiguration of the network to meet the changing needs of the users.

Accounting managementAccounting management is primarily concerned with determining the utilisation of network services by individuals or groups of users and regulating such usage accordingto policy. By regulating usage according to available resources, network services may be apportioned fairly amongst users while also reducing network congestion.The most immediate application of such facilities is commercial, i.e. charge the user based on their usage. A second dimension is to identify the urgency of servicerequired by users and charge them according to demand.Such quality of service options provide users with increasedflexibility for their communications requirements.

2

Security managementNetwork security requires that access to network resources be controlled by policies to prevent (intentional or accidental) sabotage. Further, access to sensitive informationshould be restricted to those with appropriate authorisation. Security management involves: definition of user-sets (varying levels of authorisation); identification of sensitive network resources; mapping sensitive network resources to user-sets; monitoring access points (firewalls are a security subsystem); logging unauthorised access attempts and intrusiondetection.

SNMP defined

The Simple Network Management Protocol (SNMP) is a network management standard widely used in TCP/IP networks.

SNMP provides a method of managing network hosts such as workstation or server computers, routers, bridges, and hubs from a centrally-located computer running network management software. SNMP performs management services by using a distributed architecture of management systems and agents.

Because network management is critical for both auditing and resource management, SNMP can be used to:

Configure remote devices. Configuration information can be sent to each networked host from the management system.

Monitor network performance. You can track the speed of processing and network throughput, and collect information about the success of data transmissions.

Detect network faults or inappropriate access. You can configure trigger alarms on network devices when certain events occur. When an alarm is triggered, the device forwards an event message to the management system. Common types of alarms include a device being shut down and restarted, a link failure being detected on a router, and inappropriate access.

Audit network usage. You can monitor both overall network usage to identify user or group access, and types of usage for network devices and services.

Figure 1. SNMP Architecture

3

The SNMP service

The simple network management protocol (SNMP) service supports computers running TCP/IP and IPX protocols. It is an optional service that can be installed after the TCP/IP protocol has been successfully configured.

The SNMP service provides an SNMP agent that allows remote, centralized management of computers running:

Microsoft® Windows® XP

Microsoft Windows 2000 Microsoft Windows Server 2003 family

The SNMP agent also allows management of the following services:

Windows XP or the Windows Server 2003 family and Microsoft Windows 2000-based WINS

4

Windows XP or the Windows Server 2003 family and Windows 2000-based DHCP

Windows XP or the Windows Server 2003 family and Windows 2000-based Internet Information Services

Microsoft LAN Manager

To access the information that the SNMP agent service provides, you need at least one SNMP management system software application. The SNMP service supports but does not currently include SNMP management software. SNMP management software must be running on the host which acts as the management system.

The SNMP architecture is composed of three major elements:

Managers (software) are responsible for communicating with (and managing) network devices that implement SNMP Agents (also software).

Agents reside in devices such as workstations, switches, routers, microwave radios, printers, and provide information to Managers.

MIBs (Management Information Base) describe data objects to be managed by an Agent within a device. MIBs are actually just text files, and values of MIB data objects are the topic of conversation between Managers and Agents.

“Standard MIB” Definitions

Depending on the origin (author) of a MIB, we can categorize MIBs into either:

Enterprise MIBs Or Standard MIBs

Enterprise MIBs are authored by non-standards-committee organizations, e.g., Cisco or HP. All such organizations must apply for a unique “Enterprise ID” issued by the Internet Assigned Number Authority (IANA).  Enterprise MIBs are then organized under these unique ID’s.

Standard MIBs are authored by persons associated with the IETF.  For example, a standard Printer MIB exists, and printer manufacturers commonly implement an Agent to support this MIB in addition to their own Enterprise MIBs.

Other Standard MIB examples include:

X.25 Modems DS1, DS3

5

Bridges ATM Token Ring Fiber Channel Fabric Element MIB Ping, Traceroute, Lookup MIBs Print Job Monitoring MIB ICMPv6 MIB Mail Monitoring MIB

SNMP is based on the manager/agent model of a network management architecture.

Strengths and Weaknesses

Strengths

Widespread popularity Many standard MIBs available Agents have low impact on monitored system resources Well suited to monitoring Many products available

Weaknesses

Not as comprehensive as some other protocols Not bandwidth efficient Complicated message encoding rules Security has been on on-going concern.  SNMPv3 was developed in response to

this issue. UDP, or other connectionless, protocol is used, which creates issues regarding

verification of operations:  Trap-Send verification (did it really reach the Manager?); Verification (success) of any “set” operation to an Agent.  However, cleverly designed MIBs and Manager logic can overcome these problems.

6

Applications

Here are some typical uses of SNMP:

Monitoring device performance Detecting device faults, or recovery from faults Collecting long term performance data Remote configuration of devices Remote device control

7