Hi, I'm Leon Adato.
I'm Kong Yang.
I'm Lawrence Garvin.
And I'm Patrick Hubbard, and welcome to another episode of SolarWinds Lab. I'm really getting comfortable with this set.
You know, and I'm thinking that we should just hang out here all the time.
And speaking of that, I'm going to go hang out back there. [Whirring]
Yeah, he gets to go play in the party room.
Ain't that the life. [Laughter]
So, what are we going to talk about this episode?
We are talking about EOC and NTM.
EOC, that's the Enterprise Operations Console.
We've heard a lot about that in the chats.
Yeah, there's been a ton of that on chat. And the other thing we're talking about is NTM.
You mean Network Topology Mapper.
That's right. We're going to untangle the acronyms right out of the box when we get started with these shows. And both of these, we had lots and lots of questions in the chat.
Right, and you keep mentioning the chat, and the chat would be the big box that's over...
But the point is, you can't be on live chat unless you know when the show is. And to do that, you should swing by our home page, which is lab.solarwinds.com. You can sign up for upcoming show reminders and also check out previous episodes. And most importantly, tell us what you think about the shows, and gives us feedback for episodes like this.
Like this one.
All right, so NTA. When I am out at trade shows, I kind of get two questions about it. The first one is, NTA—never heard of it. I don't know what that is. Might've gotten lost up in the menu somewhere, with the rest of products, right? But then the other one I get is, "OMG, this is the most amazing thing I've ever seen--eleventy."
They really say eleventy?
Well they don't really say eleventy, but they do ask. And mainly where we see a lot of questions, also, is in THWACK, right? Where they're really talking about, how is it different than mapping in Orion products like NPM or SAM? And when would I use one versus the other one?
That was my question. When would one use one over the other?
Actually, that was my second question.
What was the first one?
Well, since I'm new here, what is that?
Okay, so let me take care of that one really fast.
Network Topology Mapper is a standalone tool that will quickly and efficiently scan your network, automatically identifying key information about devices: things like name, vendor, device type, interfaces. Then it lets you build maps where you display all or some of the devices it found on a map using industry standard network diagramming icons. Finally, it will export that map for use in other tools.
When it absolutely positively has to be explained on time, Leon Adato.
Yes, that is pretty amazing, actually. Yeah, so now that we have that out of the way. Yeah, let's go ahead and talk about how to use them together, and when you might use one alone over the other one. You know, but the other question that we get is sometimes, why does it bog down so much when I'm using NTM, and there's more than about five things on the map.
Yeah, but okay, which is a fair question. However, the good news there is that there's— this is the other reason for including NTM in this episode.
Yeah, we fixed it.
You know, and you can get a couple of other features that are included in this release, especially shortcuts and some of the other things that are maybe a little bit varied in the menu, but are really, really powerful. We want to show those to you, especially things like, oh, I don't know, ether channel. Yeah, exactly, so we'll walk you through and show you how to use all of those things. Yeah, which is a good point. We're always going to try to be open about showing you work-arounds when that's the most optimal way to do it, or if things aren't just working the way we want. However, in this case, we have the best answer possible.
We fixed it. We heard you, and we fixed what the problem was.
So is it out now?
Yes, yes it is.
So I can just go to the portal and download it?
Yeah, you can, and actually, that's the neat part about that.
I love the portal, by the way.
Yeah. I had like, a couple things about it. The one is actually Patrick's SWIN, so we can download things without getting dinged on it. And the other thing is that it's got all the licenses, all the patches, everything, so it's really convenient.
That's right, and because it's delegated administration through my SWIN, I can see who's downloaded what and who's licensed what.
That's right. Yeah, so if you guys are not using the individual portal, you really should. Basically, when you log in, if you're logging in with an email address, for example, and not your SWID number. That's how you can tell you're in the individual portal. If you're not, and you don't have all those delegated abilities, call customer service, and get them to make you the administrator on the account, and then you can do all the things that we've talked about, in a couple of other shows around portal, and we're kind of talking about now.
So going back to the first customer question: When would a customer use Network Topology Mapper versus the Network Atlas in the Orion platform?
Yeah, that's a great question. Okay, so one way to think of them is sort of the approach to how you build out your network, right? If you're using the iterative approach, if you're using a topology-based approach, you're probably going to start with a core router or a switch, and then kind of build out from there. I mean, if you're doing it by hand, and you're sort of ping-sweeping or whatever else, that's the way it's going to work. And then you go and get credentials and kind of extend it out from there, right? So for that, NTM is really, really handy, because you're doing it graphically the same way your brain thinks about the interconnectivity between devices, right? You could extend the perimeter and actually kind of see where things are connected. And it also lets you do things like ignore sections of the network that you don't care about. You see that one router or switch that takes you off into the lab network. You know, I'm just not going to include that on my map. I'm not going to waste time discovering, because who knows what's behind that. We'll just call that "The Lab," right?
Right, and the other thing you can do with it, which is really neat, is that you can designate administrators, sub-admins. So you can give them NTM, and you can give them—just have them discover the piece of the network they know really well. Maybe it's a remote site admin, or the DMZ, or whatever. They can discover just that piece. That piece will roll back into what effectively is an entire map, but it's very detailed because the people who are experts in one area, or another area, know what's going on with it.
Yeah, so what's better? Delegated IP address management or delegated discovery?
It's a close—I'm not, I'm not picking. I'll let everyone out there pick once they've seen those.
Yeah, or throw that in the chat, and tell us which one you actually prefer to do in terms of letting folks on your team be a little bit more autonomous. But yeah, so, the other thing that's— the other case would be, when do I use the built-in mapping in the Orion core products like NPM and SAM? And the answer is that if you have everything already connected through Atlas, and you're going to just—or at least the discovery engine inside of NPM, for example—and you're just going to extend that. Well, you might want to just go ahead and use that if it's working well for you, right? Because it's going to be able to—anything that connects on the network that it can see, you can easily discover, and you can discover in bulk. Say, I want to go discover 10 thousand devices, or I'm going to go discover 20 thousand devices, that's actually a really handy way to do that. Then you can just exclude them from the list when you come back out. The other thing is, you're going to use Atlas Maps when you're doing your drill down and rollup maps where you actually need to be able to kind of contain them, snap them into the web interface easily, and we're going to actually show you how to import them, so there's kind of a cross between them, too. But the other thing is that it also combines everything. Not just networking, but application systems, services, you can include individual interfaces on there with status, and you can even do things like IPSLA all in one map.
So, do I need both?
Technically, no. If you are really happy with what you have in NPM, and you don't really need to do that much, you don't need it, but it's also not particularly expensive, so it's something that you might want to play with and see if you like it.
You know, I'm going to challenge that. I think that Patrick is right in the idea that if you have one map, or two maps and you wrote them once, and they're never changing, whatever that is—then okay, fine, you don't need it. But if you're like most IT pros, and you've got several maps, several networks, and they're changing—you've got new switches in and out, wireless devices, whatever, and they're constantly updating, rather than going out to your mapping tool—which is really a static picture—and then laying the devices from SolarWinds into it, and constantly having to do those updates instead. If that's your life, then NTM is on your must-have list.
Yeah, I mean, that's really funny, because when we started writing this episode, you actually had not seen the new version before, and you said, "No, no, no, I want it." "I want to take those things." So watching you get really excited about it has been really fun.
Yeah, and the speed is incredible now, it's—
Yeah, and it made us realize that we needed to answer all of the questions that you guys have been asking, because he lit up so much by it as well.
Awesome. Well, gents, you guys have teased the heck out of the speed update.
Let's see it already.
All right, let's take a look at it. Here we go.
All right. So Kong, let's switch places for a minute. Great. So, let's start this up, and—
Start from square one by opening the file.
Or opening NTM.
And I checked this a minute ago. There are 2,000 nodes in this.
So we're going to count it out. Now, the people who have been using the old NTM were thinking, okay, I'm coming back tomorrow, because—
That's right, and no special effects here.
No, we didn't do any cuts.
There is not just one, but you had seven maps, up on the screen that all opened in about six, seven seconds.
Right, and then it's way quicker to work, because that's actually the first time we've opened it up here, and it hasn't been opened on this machine before.
So, how did we fix that? Like what was, how did we make that happen?
Well, it's pretty easy. Every single map still has its own database, and then it—no.
No, not at all. So the way—one of the big things that we did was two major things. First of all, there's a back-end database that's holding onto all of the devices instead of having the objects embedded on the map.
And that's effectively what that map file now is.
Right, and the second thing is, the objects aren't on the map. See, the way that the old version used to work is that if you had a map with 500 objects on it, there were 500 things on the map that were just hidden, so when you showed something, you were actually un-hiding it. Now they're not there. If you have things on a map, there are only five things on the map, which is why we can open so quickly. You just have to open the database and off you go.
So that's the first thing. Oh, the trip navigator, the little view navigator. Oh, let's dock that. [Laughter]
There you go.
That's right. That's something else in this release that's nice.
It's not a major feature, but again, we tried to fix up and clean up as many things as we could at the same time. So we're looking at a map of some ether channel switches, and that's the other thing. First of all, it's not a circle any more. We made an ellipses; that's the way everyone does it.
Because ether channels should be an ellipse.
Right, exactly. The other thing that I want to point out is, we did not have to go into any back-end screen somewhere and check off which of the interfaces were ether channel and which weren't. When you load the devices up, it detects which ones are ether channel, and it automatically loops them in.
It gets pretty handy here. Like, here's our three connections between these ports, right? Between these two switches, and I can hover over here, and ah, look at that.
There you go, you can see.
And it's also going to give you the protocol, which is really nice, right? So here I'm using a LACP, but over here.
Right, so you can actually tell what it is. You're going to figure out what your total bandwidth is between those points and what the interconnects are. What was that one over here? This map we found earlier down... was it?
I think it was in a location near and dear to my heart.
Oh wait, it was—oh, it was in Cleveland, wasn't it?
Oh, that's right. See, all you had to do was tell me in Cleveland. This is the one I was looking around at this, and I said, "This is completely ridiculous. “Nobody would ever have that many connections that were actually part of an ether channel." But yeah, you might very well do that.
You might have four channels. And the other thing I want people to recognize: what they see on the screen is that these connections are green. The one over here is blue. The one over here is purple.
Why? Because we color-code the connections to speed connections. So we can determine how fast things are going.
There we go.
Right, so at a glance, your map is now telling you how fast things are going if you're not going to hover.
And that interconnect information is actually coming from the devices themselves, instead of us just saying, "Hey, well, there's two connections. They look to be trying to, they're probably ether channel."
Exactly. So the speed is faster. You know, you can put devices on there. The auto detect is extremely well integrated. What else do we have that makes people's lives easier?
Well one of them is, you're going to spend a lot of time in here drawing, right? Because one of the things you're going to be doing a lot with these is exporting to Vizio. There's this handy button right here that actually says, "Export to Vizio," or if you're going to pull this in and use it inside of NPM, you're probably going to want—
I'm going to go out on a limb and just tell people that if you have this, you don't— If what you've been doing all along is using Vizio to draw your maps, and then you've been bringing them in to Network Atlas, and then laying your objects onto the map, don't do that any more. Use this as your actual network-mapping tool, and then, if you need it in Vizio for whatever reason: somebody in another department needs it, fine, but otherwise, this is your network map. This is the source of everything.
There's another thing here. We worked on the layout tools a little bit, and it's based on the first one you click on, right? So if I go in here, and I say, hey, I'm going to click on that one, and then I'm going to click. Well, actually, I probably need to shift + click that, so I'm going to click on these two, and then I'm going to come over here to my map layouts, and then let's go ahead and line those up. Ah, look at that.
There you go.
Or I could've just selected them this way, and then we're going to line those guys up vertically. Perfect, right. And then you still got auto-layout. The other thing that you get is, these are all vector icons now, so they're completely scalable. Right, so you can make them whatever size you want. The other thing that's kind of cool is you could come over here, for example, and choose this icon. Wow, that's really big. Let me make it a little smaller. I probably ought to use my shortcut keys. It'd probably be the smart thing to do. You can also customize these, right? So you can actually just right click on it, say Custom Icon. I'm going to browse out here to my desktop, and.... I'll say that one.
[Patrick and Leon] Happy cloud, yeah.
Happy cloud indeed, right? So now, I've got my custom icon. I don't know why I would use the, you know, the mark for that, but the other thing, and the detail view actually has gotten even faster than it was before, especially when you drill into the details like the interface info, especially on a huge switch. I mean, how handy is that? Or to put your VLAN information. I mean that's really, really nice to have that all in one place right there. The other thing you can do—do we dare do this?
Let's talk about that.
All right. So for those people who do genealogy work— this is what it reminded me of first— is I'm on ancestry.com a lot, and one of the things is, if you put a relative in, and it searches through the database, the social security records whatever, and it finds a link, you get this little flappy little leaf in the wind that tells you that you have another leaf in your family tree, right? So that's what this is.
Yeah, so that button, basically, will be visible when you select an object if you have all of its links already visible, then it won't show up. But if it shows up, that tells you that there are hidden devices for that. So I'm going to click on that button, and what is it doing? It's taking a minute. I don't know why it's taking so long. Oh, no, I do know why it's taking so long. Because that thing is basically connected to everything, and look at that, it added, it added, I don't know, a few hundred devices.
That fast? Well, and the other thing that it did was it wired them up, right, so I'm going to go in here and say, let's lay this out a little bit more intelligently here. And then, of course now, I could have spired that out a little bit more, but it's really handy. Because then if I actually had selected all that, I would just drag it out. So you can see now that it's actually mapped all of those links, as well as the devices. And it did that really, really quickly, and that's a tiny subset of what it did over here. So again, this speed of using the common database, so that all it's doing is doing layout instead of going into a discovery every time.
So just because we're going fast, I just want to mention that again.
But look, I shouldn't have done that. Let's ctrl + z that. Let's ctrl + z that. You know what; I didn't want all those guys.
Right. Okay, so all your normal start stop features are good. I want to lay this out for people for a minute. If you've got a network, it's a complex network, because it's a network. It's a real network, not the pretend ones that vendors tend to talk about. It's a real network. So you don't have to throw everything onto the map and then start to drag things around and sort it out, which is the way that most people are used to doing it. What you can do is put your main—your core—device, or the device you want to start with, and then start to build up your edges from there, what's connected to this one. Yep, I want this one, this one. Now I'm going to delete these 17 things that I really don't care about because it's a lab or a whatever. Now I'm going to build up from that edge, and build up from that edge. So you can organically grow your map to a point that it makes sense, and stop where you don't want to go any more.
That's right, and the other thing that we did to make that a little bit easier, too, is we've updated all the icons. So we've gone to the open source standard icon shapes, right? So, you're going to recognize switches. You're going to recognize ATM. You're going to recognize routers. You're going to recognize all the devices that are discovered normally, firewalls, whatever they are. So that's a big one. You guys asked for that, have been asking for that for a while. We did make them orange, but you can actually select different sets, so you—
But you're not going to be in the meeting any more with somebody who says, "What is it?" "Oh, well, that's the icon I used for a voice gateway." No, we're going to use the actual voice gateway icon.
That's right, and a big part of this is being able to print it out and have it look nice on your wall, right?
I mean, you know what, there's a lot of times, especially if you're management…
…No. That's not the point. That's not the point. The point is to have it look nice in SolarWinds. It's to have it look, have it work, because although I'm teasing a little bit, this connects directly into Network Atlas, so these are your devices. They're actually devices on your network. You don't have to overlay dots to make this work. This is it.
That's true, but I still think it's nice from a career standpoint, especially if you have an old plotter somewhere that you can dig out to actually print out sections of your network and put it somewhere where your boss can see it. But to that point: if you're going to print this out, I don't want to have to go through there and delete all of the IP addresses. Maybe I want to keep my device names, but I want to hide IP addresses. So one of those things you can actually do is, well, we'll just uncheck IP addresses. Ha ha. Right? I print it out; I export it; I do whatever I'm going to do to it. I've improved my security by not exposing my IP addresses, assuming that they can't go write it down and resolve it somewhere. Oh, now for me, I'm just going to click IP and turn it right back on again. The other thing that's really cool here is that, see here where it says, this one down here, lab talk, eigrp-1? One of the things that it's doing is, it's actually running that through a regex expression tester.
There's a preconfigured set of things that it's looking for, like fast Ethernet 01, right? So it'll shorten that to fe01. Well, you can customize that. So how many times do you have a common naming convention, use it over and over again, but the thing is too long, and it came back for some feedback that you guys had. Which is well, we want to be able to customize where it truncates because it would— you'd have like the machine name colon and the port number, and what would always get snipped off?
[Leon and Patrick] The port number.
Is that 80 or 88? I can't tell. Right, so you can actually go in and come up with a shortcut for ones that you commonly see in your environment, and it'll automatically shorten it for you. One, you get a little bit better, it's not exactly obfuscated on the printouts, but it just makes it handy, because that's how you think of it, and then it looks really nice when you print it and lay it out.
Right, and it's really easy. It's a config file that's on the machine, so you can add your own little regular expression, and you're off to go. Two things I want to mention that we've touched on but haven't talked about. One is that, you change the icon here for this device. What if I had 27 of those devices, and I needed to change them all?
Or 27 maps.
Or on 27 maps, exactly. Change it that once.
It's one database. It's going to change all across the board. So if you have a particular icon style that your company prefers, you've automatically updated all of your maps, and if they say, "Oh no, go back to the old ones," you're not going to be changing maps forever. Which is really what the main point of this tool is, is that you can do your mapping extremely easily, extremely efficiently, and effectively.
So that's awesome, Leon, but what if I just want to see a subset of that and export it?
Oh that, it's really exciting. We've really beefed up some of the tools to move things around and cut and paste. So let's say that I have, you know, near and dear to my heart, we're going to go back to Cleveland.
Always back to Cleveland.
Always back to Cleveland, and this, if you look at the larger map, Cleveland happens to have a bunch of network devices that aren't particularly connected. You can see that in this large map. So I want to just take this segment out, and I want to put it on its own map, so I can just use the tool to grab like that, and then I can point to any of those objects.
Or you can ctrl + c.
And right click. Or I can ctrl + c, but I'm going to say copy, and go over to— I have this empty map over here, Map 7, and I can either right click or hit ctrl + v, and I can paste, and there you have the map, which—
That is somewhat quicker than it was in the last version.
Just a slightly, slightly faster amount, yes. So it's really exciting, and it allows you to break things apart and really manage your maps in a hierarchical way.
That's very cool, but Leon, you still haven't answered my question. How do I export it?
Okay, sorry, I get excited about this stuff. Right. To export—well, okay, so Patrick mentioned one, which is where you can just use the ‘Export to Vizio’ right there and you can give it a name or whatever you want to do. But also, in my opinion, a better way to go would be to get it to Network Atlas, so for that, you would go to File, Export, and you could go to Vizio. You can go to PNG, you can go to PDF, and you can go to Network Atlas, and you would just take it directly out to Network Atlas, and it'll be devices. It wouldn't even be like going to a PNG and having to overlay your objects. It would be a Network Atlas with the devices actually live.
Wow, that's very powerful. I mean, but how would the elements that I see in NTM, you know, how would I discover that and manage that with NPM?
That's a really great question. So let's say that you've done a discovery, and you have objects in NTM, but they're not in NPM yet. When you import it into Network Atlas, you're going to get a popup that's going to say wait a minute, there's devices here, would you like to add them to NPM now? This is why I feel that NTM really changes people's network discovery and mapping procedure entirely because now what you can do is you can do all your discovery through NTM. We're going to take a look at it in a minute, and then, NPM will simply update from there. You make NTM your source of record.
That's right, and it's going to go ahead and run a discovery for you using the regular Orion engine for all the devices that it adds just to double check and make sure that all of the connections are set up and the topology and that things like host name or IP address or something else hasn't changed. And that way, you're going to get fully populated views for like the interconnectivity between interfaces on the Orion, on the NPM views.
Right, it's going to have to do that because it has to pick up CPU and RAM and things like that that NTM isn't picking up, so we talked about discovery a little bit. I want to show that for a second. There's a few pieces about this. I will say, the NTM discovery is very similar to the sonar discovery, in the sense that, you can start with a seed router, and it will just discover from there. You can start with a subnet, and we'll discover the subnet. You can put in a list of IP addresses, and it will do that. It will do all of those things, but it has some other features that are really, really awesome. So I go to a new scan. I set my—
Hope that's private.
Wow, that's good. Right, right, right. Very secure, right? Okay so, and then, you know, you can discover SNMP, you can discover with a WMI, you can discover with VMWare credentials.
Which is really nice, because then it'll use the VMWare API to pull all that information.
Right, and you can put it in—so, we'll put in a subnet here, because we go to have something before we move on. So we'll add a new subnet, and we'll do 10.1.1.1 with a subnet mask.
Is there going to be anything? Oh, you're not going to find anything with that.
No, no, no, nothing at all. Zero, there we go.
I'm going to go to lunch while you run that.
Right. It's actually pretty snappy, but we are still not going to take time right now on camera to do that. But I want to point out a couple of things on this screen. First of all, again, subnet, IP ranges, Freeform IPs, do not scan list. Do not scan list—you can add things to this list that you don't want to add. Your lab network, your PC, your user PC network, those five devices that are ancient that you just don't want, and you can have that. And this is schedule-able, so every time you run this discovery, it will find all the new devices that it has on here, except for these. I call these the no-fly zone.
Yeah, and it's great because then you can actually have your hop setting a little bit more aggressive, but then make sure that you have whole areas of the network or external parts of the network you're just not going to go.
Precisely, so you've got that with your network discoveries, so you can actually do ongoing regular discoveries. So you go from here to next.
It all just got scheduled.
You can name it whatever you want to call it, scheduling. I don't want to do it once. I want to do this weekly, so you can schedule it. Not only that, but there's another feature that really, really makes me happy. Do not touch my existing maps. Keep your hands off of them, so the idea here is that I can do a discovery, I can find all the new devices, but it's not going to automatically start messing with the maps. I have to choose which devices I want on which map, and then I can organize them and bring them into.
Yeah, just copy and paste them wherever you want to go.
Precisely. So, one last piece. I mean, there's a lot in here that is really exciting, but there's one other piece that I want to do. And actually, Kong, I'm going to have you come over here and drive. I want you to just right click one of those devices for me. We have tried to integrate NTM with all of our other tools, because we don't like to build modules that don't talk to each other. So you can see here that integrates with engineering toolset, integrates with Windows tools, regular standard commands. There's also integration with custom tools, so if you click that one, you can add integration into any other tool. Like, I don't know, for example.
And it's really great. You go ahead and give it a name and executable command line arguments. But then you can also use these macro commands, so you can decide: am I going to open it by, I'm going to edit the IP address and host name, community strings, for example. So if you have another SMP based tool, you can do that, and then there are actually some additional commands there as well.
Right, so this allows you to use NTM not just for discovery, not just for mapping— you can actually stop using Vizio for your actual mapping. You start here and export it there. Not only that, but you can also use it as a little bit of management, or at least using some of your other exciting toolsets to work with your devices.
Now I see what you were both talking about. Even for someone like myself, who has my head in the clouds as much as I do, I could totally see using this tool a lot.
Head in the clouds, I love that, that's a great joke, so what's your favorite cloud?
My favorite cloud? Hybrid, of course. [Laughter]
No name brands. Legal's going to love that.
No, it's going to be great, just if the answer was, you know, I like everything; it's all going to be there. So the part that got me was the two-way communication between NPM and NTM. I could totally see changing my entire strategy for discovery—that I would do discovery all through NTM, and let that drive what was being monitored within NPM.
Yeah, well I mean that might be a little bit of an extreme case. You're probably going to be blended, or no?
Yeah, I really think that you could. If it's not on a map, why do I want to monitor it? I could see some people, not everyone, but I could see some people saying that NTM really is— that is the system of record, and when I put that on the map, and I move that into NPM. NPM says, "Oh, I must be monitoring that," and off you go.
Well it certainly does make it smooth if you get in the habit of doing the Vizio export every time you create one, because then you just pull that right in as your background in Atlas, and then it looks exactly like you would expect it to, especially if it was, you know, pinned up on the wall in your office.
I would use this as the Vizio export.
Okay, well then, that really does underscore the main thing there, is the power of what's under the hood of this new release, and especially going to a common database. I mean the performance is just much, much, much better.
Okay, so the other product that we got a lot of questions on chat about—and remember, you can check out chat if you're here live at lab.solarwinds.com —is actually Enterprise Operations Console, or EOC.
I was going to say, you could've just said EOC. It's not like they don't know what you're talking about. They're the ones who asked for it.
Okay, thanks Lawrence.
I'm Leon. [Laughter]
Not when you make comments like that, you aren't.
You're pretty quick for a new guy, aren't you?
Now many of our customers actually have one or two core products and a few pollers, although some have lots and lots of pollers, or a number have got fairly large environments now with tens of thousands, or maybe over a hundred thousand, elements, and so for them, and especially if they're geo-distributed or something else, EOC might be something that they'd want to look at. The other thing is, they might be managing multiple customers from one spot.
Right, and that's exactly what EOC was designed to handle. So, let's take a minute, and we're going to break this down now.
So let's go to a chart.
Oh, I love it when we have charts, only let's take this to the next level.
You do charts, and I'm going to do a little sidecar here with a few screenshots and a little, just a couple of quick how-tos, but we'll mostly be on the charts.
Fantastic. All right. So, EOC was designed to be more like a traditional MOM.
You mean middleware-oriented messaging service, or you mean manager of managers?
Manager of managers, thank you very much. So that's the thing at the top of a stack of other tools that collects up all that other information and aggregates into a single view.
Pardon me for being the new guy on the block, but doesn't SolarWinds modules automatically collect all this info?
Well, okay, so they do, but what if you've got a situation where you have three completely separate Orion platform instances? You know, NPM over here, NPM SAM here, and whatever, and you still need to see it all together.
But realistically, when would you need that? I mean, you were telling me during lunch that you built out an instance for a customer for 12,000 nodes, and we, here at SolarWinds, we have customers with more than that.
Right, well it does scale up, but there still are situations where you might need to go beyond that. You know, Orion does have some limits. You know, for example, a single Orion platform instance can get up to just north of 110,000 elements. At that point, the database simply can't handle the data flow that's coming into it. If you have an environment that's larger than that, you would want to split things off just because, you know, for performance reasons. The other reason is that, what if you had one sight that needed its own autonomy, the data couldn't flow out or whatever. Then you would have an instance inside that autonomous area and then your regular installation.
We have customers with secure networks, for example, that do that, where they'll actually have an instance of Orion on the secure side, and then one that's actually on the open side.
Right, another reason is, you know if you have environments in different time zones or different language zones.
Yeah, I mean, think about that. I mean I don't know how many of you guys are actually using some of the localized versions of Orion products. I'd be interested, if you are, throw them in the chat and tell us what they are, but we've seen customers that'll have English for the Americas. They'll set up an Orion instance in Germany in German and then maybe it'll have Japanese in Asia, and then they'll actually have EOC at the top connecting all of them, so that you get that sort of global NOC view, but then the drill downs and the instances that the local teams work with with all the detailed information are localized for that team.
Right, exactly. So, there's another use case that's not quite as common, but it does affect some of our customers, and it can connect a lot of standalone Orion platform instances in one view, and that's the MSP. So, take a look at this. If a consultant is implementing or managing multiple Orion instances for multiple customers, they'd like a way to see what's going on for each of their customers without having to remote into each of the individual platforms, so that's another case.
So in either of these cases, the EOC would give them a way to view all of their elements in all their environments, correct?
That's right, in a really efficient way, so you're really thinking of it the right way. Think of it as an Orion of Orions, or Orion platform of Orions, right? And the coolest thing about it is, it's all using SWIS.
I knew you were going to get that into this conversation.
Of course I am.
All right, well, you wanted me to actually show you how that's set up right quick?
And then, just for reference, and then let's finish talking about scaling out the instance that you already have and whether you actually need this or not.
Okay, so we're looking at EOC here. Again, it's web based, just like anything else, and you can actually see it's pulling some information here. And the first thing to remember is that it's only getting summary information because we are not going to make you replicate every single data element from every single history table from every single Orion platform server in all one place, right? So it's only getting the last summary information, that's all that it needs, and it's using SWIS on port 17777, so you only need to open one hole, one ACL will be able to go get that data. They're really easy to set up. Basically, you click on, Manage SolarWinds Servers. Here's one right here I just set up, and you'll notice that I'm running an Amazon here, so this one is entirely cloud-based. Which is also nice, because you're not doing a lot of polling on, you know, regular monitoring port protocols, so in this case, it doesn't care where it runs. It runs great with hybrids, so I went ahead and set it up here. This is just called an AWS East. I gave it the IP address that it's connecting to, the endpoint. I did tell it the website URL, because it's going to drill down for detail data, so you can get so far, and then when you get details, it's going to jump out to that local server instance, and then I just gave it SWIS credentials. Username and password, and of course, it's going to respect the view limitations and everything else on that, and that's really all I did to set that up. Really, really, really cool. The other thing that's kind of nice is, and I'm going to have to blur out just a little bit here. This is actually the security room ‘grule’— security group rule, that I'm using inside of Amazon, and you can see, I didn't have to open up that much. Now I recommend, don't do this second one here, RDP from anywhere in the universe, that is probably not a good thing. Right, but I've got my HTTP setup, so you can do the web carryover from the drill down to that server, and then right here, my Custom TCP Rule.
Port 17777, SWIS my favorite.
Also available to that server, and that's all it needs, and that's polling and that's drill down, and you're ready to go, so that's it.
So is EOC a must have as one's Orion implementation grows?
Well, okay, yes and no. Putting on my voice of the customer hat for just a minute, I have to point out there are a lot of things you can do to allow your Orion implementation to grow before you get to a situation where you would want to implement EOC. That doesn't mean no EOC. It just means you have lots of levers to pull. For example, there's the ability to adjust polling cycles. Now the interesting thing is, you can adjust the SMP polling, the topology discovery, the CM polling, and so on. You can do that on a node-by-node basis. Now most admins just use that as a set it and forget it. They set you know regular statistics at five minutes. The interface statistics at six and seven. The disk statistics at 50 and so on and so forth, and they just go on, but you can do this on an element-by-element basis, so just by using one custom property to have high priority, low priority devices, and then setting your polling cycles higher for your low priority— meaning I'm going to wait longer to collect data on the things that aren't as important—you've freed up an enormous amount of cycles on your polling engine to be able to grab data. That's just one way to do it. Another—oh, and I should point out, you can do this, not just for nodes. You can do that for disks and interfaces and SAM components and,
Applications. And applications, so you can do that on an extremely granular basis if you want to put the effort to setting it up. That's one. The second thing that you can do is add an additional web server. Now it doesn't seem like that's going to make a big deal, but it offloads the responsibility for display, and it offloads responsibility for reporting and a lot of other interactions off of the primary poller.
And we've seen some customers that'll do that where let's say you go and enable dynamic compression, right? That speeds up a lot of things, and I will tell you that we're using that on our online demo service, which is one reason the pages get to you so quickly over the internet. The thing is, you're trading CPU utilization on the server for doing that dynamic compression versus just going and getting the data, caching the object, and displaying it. So if you have a use where you have a lot of WAN stuff, you can actually set up a separate server instance, do dynamic compression all day long, and you're actually going to optimize that for WAN, but you're not going to get the— you won't be using the same number of CPU resources to do your compression.
Right, but you've got this additional web server, so you've offloaded it, so that's another reason why that that help. And finally, if we're talking about additional stuff, an additional poller is a really good choice if, first of all, you've got a lot of devices and once again, you want to offload the responsibility off the primary poller. Which, I should point out, does more than just polling. The primary poller's responsible for job scheduling, for database maintenance, for a few other things, so you want that poller in a larger environment to have less responsibility than your additional poller. An additional poller's also the right choice if you have a remote site across a slow link, or a DMZ, or any other situation where you have devices that have some sort of peculiarity about them, where the polling has to be very close to them. Now, you know, so those are three ways that you can really enhance what you're able to monitor just with the single installation.
Yeah, but I have a feeling, you're going to tell us about another one.
Well of course I am, of course I am. So there's a few other things you can do. So, can we flip over? I want to take a look at the alert screen.
This old thing?
That old thing. Okay, so just for a little longer with that old thing.
One of the most important boxes on any one of these dialogs.
And everyone always goes right past it because oh, it's just the title, who cares? Look down in that lower left corner. You see how often it's checking. Now that's a query. It's running your alert trigger, which is a query, and it's also running your alert reset, which is a query, every minute. Now I know this gets a little bit nappy, but if you think about it, I've got an alert that checks a disk. Now my monitor is checking the disk every fifteen minutes, and I want an alert every two polling cycles, which is thirty minutes. All right, I don't need to check a query every minute to tell if the disk is over. I can back that off happily to five minutes.
Fourteen of those polls, it's not going to have any change.
There is absolutely nothing going on. So you have to know what your polling cycle is, and what your alert trigger value is, how many cycles you're doing. Nut you can back things off, and if you do that— once again, if you have a lot of alerts, by backing off a few of them to less than, or sorry, more than a minute, you can open up some cycles for your poller.
So map the potential cardinality of your polling intervals to the data itself.
Very good, and I said I was going to get ‘mathy.’ Nicely done.
No, I got wordy. You're ‘mathy.’
Okay, so finally, there's a sneaky design issue that clobbers a lot of Orion installations. It has nothing to do with Orion. I've got to put that out there, but it really does mess up a lot of people out of the gate, and that's syslog and trap. Now syslog and trap are extremely chatty, and I'm not going to get into the nitty gritty of it, but the upshot is if you have a decent-sized network, a lot of you syslog and trap messages are going to really hammer the system. I have one environment, I know, that has about 4,000 network devices, and they generate upwards of 16 million, sometimes 20 million, messages an hour.
Now you know what I'm going to suggest. This.
Right, exactly, LEM.
I'm going to suggest LEM.
And I'm going to say Kiwi Syslog. It doesn't matter. What we're talking about is a filtration layer.
Actually, Kiwi Syslog is an interesting option. We have customers who use that because they'll do a geo-distributed syslog collectors with Kiwi. They'll pre-filter and then type all of the leftover messages that make it through that filter into their one common Orion platform server.
Right, we have other customers that take a bunch of Kiwi servers because they're relatively inexpensive and put them behind a load balancer.
So the idea is that you're going to have something that takes all that incoming trap and syslog messages. It's going to use criteria to filter out the 80% of the messages, and only pass the things that matters into the Orion environment. But the upshot, once again, is that by taking those noise messages out, you are freeing up your Orion installation to do more of what it's supposed to be doing. Okay? And, again, LEM, Kiwi— the software of choice.
Wow, you were right. There's a lot of things that customers can do to increase the capacity of their installation. It almost makes you think that you don't need EOC.
Well, okay, I wouldn't go that far. For example, if I had three sites where, for purposes of compliance or audit or security, I had to keep the data on site, but I wanted to manage it centrally, then I'd definitely go for EOC.
The same thing, if I had three preexisting installations and I was coming in, needing to manage all three of them, that would be my go-to tool.
Right, and the point there is just to right size what you have. If your NPM or your SAM can be extended a little bit or maybe get better use of the pollers that you already have, then that's great. You may not need EOC, but hopefully this has helped you see what some of those edge cases are, where maybe you have 100,000 or more elements, or you're geo-distributed, or you want to take advantage of some of the localization that you can have with multiple standalone Orion instances, so that'd be a great chance to actually use EOC.
Wow, it's amazing how much ground Head Geeks cover. I'm definitely going to have to step up my game.
Yeah, well, you know it's kind of interesting. We try to stay up to speed as much as we can, but with five Head Geeks, we're having to go to a little bit more of a zone defense strategy.
Some of us are definitely getting too comfortable on this set.
You don't want to know what goes on in that room back there. [Laughter]
Well, I hope everyone out there gets comfortable, especially since this is our second episode this month.
Yeah, that's right. With twice as many episodes, we're really looking for your suggestions more than ever on what to cover. We hopefully will be getting to them now within an episode or two. The other thing is, that if you're watching this live, of course, go ahead and put your suggestions right in the chat window over here to the left.
Right, and if you aren't watching live, then head on over to lab.solarwinds.com, sign up for notifications for when there are new episodes, make suggestions, to watch past labs, and just stay up to speed. So, I think that's about it for us, right?
Yeah, I think we're good.
Excellent. Patrick, please do us the honors.
I'm Patrick Hubbard.
And I'm Lawrence Garvin.
I'm Kong Yang.
And I'm Leon Adato. Thank you for watching SolarWinds Lab. [upbeat music]