I hope you're looking forward to some time off next week, maybe even enough time to start growing that beard you've always wanted.  With that in mind, here are some quick thoughts about beard length in the IT world.    


IT Tools to Grow Your Beard


OK, we can't help you grow your own beard, but we can help you look even smarter at work.  Some of our favorite tools here include:


Like It? Please Share...


If this made your day, feel free to share with a colleague.  I'd also love to read your thoughts or links to similar cartoons in the comments section below.

What comes to mind when you think of good help desk software? Ticketing? Automation? It’s probably not just one or two features that make you love or hate a particular help desk product. It’s the entire feature set—the sum of all the parts—that makes or breaks the deal.


According to a recent help desk survey conducted by SolarWinds (April 2013), IT pros look for these features when evaluating service desk software:

  1. Knowledge base management – ~52% of the respondents
  2. Automated task management - ~45% of the respondents
  3. Service level tracking & management - ~41% of the respondents
  4. Performance reporting & metrics - ~41% of the respondents

1. Comprehensive Knowledge Base

Advantages: Enables self-service among end-users, which reduces ticket resolution time, technician workload, and the overall volume of support tickets


Good help desk software should have these fundamental KB management features:

  • Proactive FAQ article creation based on the request type selected by the end-user
  • KB content categorization (external/restricted)
  • Content approval workflow & management
  • KB article import/merge capabilities


2. Automated Task Management

Advantages: Automates ticketing workflow to simplify repetitive tasks and save. Manual and scheduled triggering of tickets based on priorities. Easy workflows to assign tickets to the right tech group.


Key automated task management features you should consider: Task elements for single repetitive tasks involving multiple request types (like, for example, employee induction). Execution of these task elements in series or parallel, depending on the business requirement. Creation and prioritization of action rules that help reduce the complexity in conditional ordering of task elements and approval workflows.

3. Service Level Tracking & Management

Advantages:  Ensure optimum customer satisfaction levels by not missing SLA deadlines. Leaving no ticket unassigned, unattended adds-up to a healthy help desk environment.


Key service level tracking & management features you shouldn’t miss considering: Configurable email alerts on tickets/ticket updates to keep the end-users/techs informed. Customizable SMS text message alerts for technicians and management for tighter control over unattended help desk tickets.

4. Performance Reporting & Metrics

Advantages: Birds-eye view of important parameters like ticket volume, troubleshooting/resolution time, number of tickets per day/week. Reports to track performance and help the management take informed decisions in-tune with their dynamic IT environment.


Key performance reporting & metrics features that you would love to have: Intuitive & customizable dashboard, real-time performance reporting, reports on customer surveys and automated report delivery.


SolarWinds Web Help Desk offers a simple, streamlined and powerful help desk solution, built around the aforementioned functions. Web Help Desk is 100% web-based and offers a lot more to scale-up with your growing IT environment. Check out the video below to see it in action.



Take a test drive today!

We’ve looked at how Web components like CSS, HTML, and JavaScript can affect a website’s performance. Today we’ll talk about how third-party issues can also have a negative effect on performance. Read on for tips on predicting, monitoring, and ultimately avoiding these issues.


How Third Party Content Affects Website Performance

Website plugins: If there are embedded Flash movies, audio, or video in your Web application, they sometimes won’t run correctly without JavaScript.

Content view: Some webpages use Java applets for interactive content like online games. If the Java plug-in isn’t installed, then the browser won’t be able to run the applet and interactive content can’t load.

Ads: Live ads in a web page that pull data from a third party site will cause performance issues in websites.

Live content: Live third-party content like, game scores or a stock ticker, will constantly refresh the page with the latest updates. This can affect other page elements and slow their load times.


How to Monitor for Issues with Third Party Content

  • Record your Web transaction: This will establish how well your applications are performing. You can then compare this to your baseline and identify which page element is causing the issue.

3rd 2.png

  • Track page load time: Establish a baseline for how long it should ideally take Java or Flash applications to load. Then monitor the load time for each step in the page. If a page loads slowly, or fails to load, you’ll receive an alert about the problem in the page.

3rd 1.png

  • Use image matching: You can measure how long it takes for third-party content to load using image matching. This will tell you if they’ve loaded within the specified time. Then you know if the transaction passed or failed.
  • Monitor JavaScript: You can monitor JavaScript in order for applications like Flash or other embedded videos to run without any issues.


Stay Ahead of the Game with Web Performance Monitor

SolarWinds Web Performance Monitor (WPM) empowers you to monitor third-party issues that affect your website performance.

Try a fully functional, free 30-day trial of Web Performance Monitor today!

It's been a great show! We're so glad we got to see everyone (and hope to see you soon if we missed you this year). Here's our final espisode from Lab at Live.


Lawrence and Patrick discuss show highlights and do a booth recap. Visit lab.solarwinds.com for the content we delivered in our Customer Event and booth demos even if you didn’t make it to the show. And don’t forget to join us every month for SolarWinds Lab (learn more here). We’ve had a great time and enjoyed seeing everyone at Cisco Live!  

What does Windows® Logs tell you?

A Windows domain controller generates almost 100,000 event logs per hour, which means that the collective output from a rack full of Windows servers on an average day would more or less fill up the phone book of Austin. These event logs contain vital information such as logon failures, failed attempts to access secure files, and more. If your environment includes Windows servers and workstations, you need to make sure that you monitor Windows event logs across its multiple versions.


Why monitor Windows Event Logs?

It is important to determine the reliability issues in your network, to keep a tab on the various events that lead to security problems and downtime. Monitoring Windows event logs gives you critical information, for example:

1. Application logs contain events logged by applications.

2. Security logs contain records of valid and invalid logon attempts and events related to resources use, such as creating, opening, or deleting files or other objects.

3. System logs comprise system component events like driver failures and hardware issues.

4. DNS servers also store DNS events in their logs.


Windows event logs, typically gathers log data published by installed applications, services and system processes and places them into event log channels.


Why is Windows Event Viewer Not Enough?

Windows operating systems allow you to view the event logs on a local or a remote machine with the help of Windows Event Viewer, a built-in tool available within the OS. The issue with the Event Viewer is that it doesn't help you analyze the event in depth to the level of understanding the root cause. Also that the Event Viewer differs with the version of the Windows OS that you are using as it logs events with according to the version of OS.


It is very critical to analyze the event and understand the root cause. You need a log management solution that can efficiently monitor your Windows Event logs and alert you in real-time as your workstations encounter security threats and policy violations. Secondly, monitoring workstation logs in addition to server logs makes event analysis and user activity awareness even more comprehensive and actionable. To make log analysis more efficient, you need to collect and consolidate log data across the IT environment, and correlate events from multiple devices in real-time.


SolarWinds Log & Event Manager (LEM) completely monitors Windows Event logs across various versions of Windows servers and workstations. It acts as a central collection point for Windows system log data, automatically aggregating and then normalizing this data into a consistent format. LEM also performs multiple event correlation, including the distinct ability to set independent activity thresholds per event or per group to understand relationships between dramatically different activities. It lets you effectively identify and respond to threats in real time, rather than being reactive.

Day 3 at Cisco Live Orlando! The show is in full swing. Patrick and Lawrence discuss the neat things they have seen so far, what’s going on in the booth, cool features you  already have in your products that you might not even know about (drop by to get a demo of those), and our cool booth giveaways!  Booth #629!

Have you been catching the most popular new show from SolarWinds? We certainly hope so! SolarWInds Lab covers technical topics you care about -- with demos, diagrams, discussion and live chat. SolarWinds Lab is hosted each month by our Head Geeks and special guests. As always, we want to know what topics you would like to see and what you think about the show. If you are at Cisco Live - drop by booth #629 and talk to the geeks in person. To get updates on SolarWinds Lab - visit our page at lab.solarwinds.com.


Lab at Cisco Live - Day 2


Lab at Cisco Live Day 1


What is VM Sprawl?

Virtual machine (VM) sprawl is the uncontrolled growth and proliferation of VMs in a virtual environment. When this happens, the network reaches the point where you can't manage the VMs effectively and they start demanding excessive host resources. Typically, VM sprawl occurs as the result of the creation of virtual machines that stay unused or forgotten but still consuming host resources. You don’t realize it immediately after virtualizing your servers. VM sprawl happens over time and if it remains unchecked, say, at the end of one year, you’ll be surprised to see the number of VMs associated with the same number of hosts you created initially.



This is not good because VM sprawl can waste resources and contribute to resource contention on actively used VMs. It doesn’t end here. You’ll need to feed your new VMs more resources and you will likely end up looking for more procurement budget – which is definitely NOT what you want!




How to Identify VM Sprawl?

VM sprawl has no clearly defined symptoms, but there are some typical characteristics that can help you identify it.



#1 Look for Idle/Stale VMs

Idle or stale VMs are those VMs that are existing in your virtual environment consuming host CPU, memory, disk, and network resources but not actively used.

Stale VMs can also show other indicators such as:

  • No recent user logins
  • Files not modified for a long time
  • Not recently powered on
  • Orphaned and unused files

Also, look for the VM creation date to ascertain how long the VM has been existing and how little it has been actively used.




#2 Identify VMs with Old and Large Snapshots

A VM snapshot is a copy of the virtual machine disk file that preserves the disk file system and memory of the VM, and enables you to revert to the snapshot as a rollback or disaster recovery mechanism. While snapshots can be real lifesavers when upgrading or patching applications and servers, they also consume a lot of disk storage and even end up choking the performance of the VM. This is a typical problem caused by VM sprawl.


Look for VMs with old snapshots, large snapshots and also a large number of snapshots. Identify which are the snapshots are really required for business continuity and delete the rest to reclaim storage space for your VMs.



#3 Discover Orphaned VMs

An orphaned virtual machine is one that was created initially but, over time, has lost its association with its host. A VMs also shows as orphaned if it exists on a different host than the one expected by the hypervisor. This is a cause of VM sprawl as these VMs have been allocated resources in the past, but you do not have the visibility into which host is linked to them. Orphaned VMs are not really idle. The consume memory and CPU cycles, disk capacity, and add complexity to data protection.



#4 Monitor Oversized and Undersized VMs

An oversized VM is one that consistently uses less capacity than its configured capacity. Oversizing a VM you can result in decreased performance of other VMs inside the cluster. Conversely, an undersized VM is one that runs more load than what its configured resources can support. This can hurt VM performance and cause VM resource hogging that causes contention with other VMs in the cluster. You need to constantly look for the statistics of oversized and undersized VMs in your virtual environment and right-size the VMs by reclaiming and providing resources where they are needed most.


These are only some indicators to identify VM sprawl. To keep VM sprawl at bay you need to get visibility into the resource allocation and utilization of the hosts and VMs constantly and monitor VM performance metrics over time to understand the growth trend of VMs being added.




Some Tips to Keep VM Sprawl Under Control

  • Implement a formal process for requesting new virtual machines that requires justification for requests for any new VMs.
  • Monitor VM lifecycles so VMs can be deleted when no longer needed.
  • Actively monitor VM resource usage and get metrics on host resource usage so you can help the business understand the cost of virtual machines
  • Use a VM monitoring solution that provides visibility into VM usage, and allows you to right-size and reclaim over-provisioned resources, and delay new hardware purchases by optimizing the existing virtualized infrastructure for better performance.


For Additional Reading on VM Sprawl:

  • Watch this webcast to understand more about VM sprawl and how you can keep it under control

Patch management has become so critical in the IT landscape that it’s now a must-have security solution in enterprises. When you utilize effective patch management, you’ll be able to eliminate application vulnerabilities and the security threats that arise from them. Today, IT admins are looking for ways to make software patching more efficient and error free. This can be achieved by implementing centralized and automated solutions. Let’s take a look at some of the key benefits of automating patch management.

#1 Enhance Endpoint Security


Automating patch management allows you to be more efficient because it allows you to instantly and uniformly patch all the systems in your IT infrastructure. With this approach, you’ll be able to schedule timely patch deployments to multiple systems at the same time and keep them protected against critical vulnerabilities. You can schedule automated patch deployment to all your vulnerable systems as soon as a security update, bug fix, or a newer application version is released. In addition, patch management automation allows you to:


  • Propagate software updates to target systems uniformly
  • Update vulnerable systems with security updates


Timely updates of security patches will reduce the risk of exposing systems to attacks like security breaches, and data loss.




#2 Eliminate Manual Errors


When you combine the diverse nature of the IT infrastructure and the application portfolio, complexity of system configurations, and all the various enterprise policies and procedures, it's clear to see that there's a good chance a manual software patching approach will result in errors.

Manual software patch errors can occur because of:


  • Skipping patching a system
  • Missing a failed update notification from a patched system
  • Pushing a wrong version of the software update


When you implement an automated approach to patch management, you can rest assured that all these manual errors can be avoided. You’ll also be able to schedule updates based on whichever systems you want to update, whichever patches you want updates to, and at whichever time of the day, week, or month you want the patch to occur.




#3 Improve IT Productivity

Patch management is a tedious process. You have to manually analyze, prepare, test and deploy software updates to the required endpoint nodes. It’s exhausting to even think about. This obviously consumes a lot a time and effort for IT admins.

Automated patch management simplifies a ton of steps in the enterprise patch management processfrom research, to scheduling, deployment, and reportingsaving you hours of time and effort. In addition to productivity, automated patching also frees up technical resources for other mission-critical IT tasks.





#4 Simplify Compliance Reporting


Automating patch management also means automating and scheduling patch reporting to notify patch status before and after each patch deployment. Patch reports are key resources to support compliance and IT audits. Automating compliance reporting will help you get:

  • Automatic reports of failed updates
  • Granular visibility into patched and unpatched software



How SolarWinds Patch Manager Can Help

SolarWinds Patch Manager’s centralized and automated approach to patch management helps you keep your IT assets updated with the latest security and vulnerability patches. The features built in to Patch Manager allow you to:

  • Schedule updates to occur when convenient, including monthly, specific days, or calendar events
  • Force real-time download and install of updates from the Windows® Update Server to help with time sensitive patches
  • Dynamically choose computers to be updated based on Active Directory® Domain, Organizational Unit membership, WSUS computer group membership, computer role, computer last contact time, and more
  • Quickly choose which patches to implement based on date released or other criteria
  • Schedule automated reports on patch status and compliance


From a single, central intuitive console, Patch Manager allows you to update all your workstations, servers, and VMs with the latest application patches and keep them secure from endpoint vulnerabilities.

server monitor.png

Are your Microsoft Servers running slow?  Read this post for best practices on the top metrics to monitor.


• When experiencing an application or server performance issue in your environment, perhaps the most obvious metric you’re likely to look to first is the affected servers CPU utilization. This metric provides insight into how much load is being placed on the servers’ processor at any given time. A high and sustained CPU utilization may be indicative of underperforming hardware that may need replacement or upgrade. If the server is virtual it may suggest that the virtual machine suffers from insufficient resource allocation. If the machine provides multiple services and functions, you may also want to consider distributing those roles amongst other servers in your environment to distribute the load more evenly.


• Another likely culprit of poorly performing applications and sluggish servers is the machines physical memory consumption. RAM is where the operating system stores information it’s actively using to service actively running applications running on the host. When a server has an inadequate amount of memory to run both the operating system and the applications that run on it, the OS will begin moving lesser used blocks of memory temporarily to virtual memory located on disk. This commonly referred to as paging. As demand for memory resources increase the more paging occurs. Because the disks are significantly slower than RAM this introduces a bottleneck on the server that can significantly impact overall server performance. Should this condition occur for a prolonged period of time you should consider adding additional RAM to the physical or virtual server.


• As virtual memory consumption increases hundreds of megabytes of information are constantly moving from RAM to disk and back to RAM again. This puts tremendous strain on the physical disks where the swap file is located. It’s always best to ensure your operating systems swap file is located on a different drive than the operating system to prevent swap file fragmentation and to ensure paging doesn’t impact other disk I/O intensive operations such as databases.


Disk performance is the actually the leading cause of server and application performance issues today. Big data and virtualization have only compounded this problem by placing ever increasing additional strain on servers’ disk I/O subsystems. As such, it’s important to keep close tabs on your server’s queued I/O and disk latency to understand how your storage performance is impacting your applications. When either disk latency exceeds 100ms for any period of time this is likely indicative of a storage performance issue. The same can be said of sustained high disk Queue length. If your server is suffering from poor storage I/O performance consider changing your RAID type, adding more physical disks to your array, upgrading your storage controller to one with larger cache, or replacing older, slower disks with solid state or 15k SAS drives. Alternatively you may be able to more evenly distribute your applications disk I/O load by moving databases, applications, temp files, etc. across multiple disks.


• Finally, server monitoring should include keeping an eye on the hardware of your Windows servers. If there is an underlying problem with the hardware, the application may not function correctly, and an unforeseen hardware failure (hard drive, fan, etc.) can take your application down without any warning.


Learn how to monitor and manage other aspects of your Microsoft environment – www.solarwinds.com/gotmicrosoft

by Jennifer Kuvlesky

Upgrading from LEM 5.5 to 5.6 performs a database migration of your data. Performing this upgrade converts your existing information, from newest to oldest, into the database format. In our latest release of LEM, we are migrating from a third party database software to an in-house database.


We have included a banner that displays the status of the migration and the estimated time until it is complete.


  • How long does it take?

Depending on the amount of data to be migrated and the system load, the migration could take from hours up to a few weeks. Data is migrated from newest to oldest.

  • Will I lose data?

No, the data is transferred over completely. New data continues to be migrated as it comes in and old data is moved over when new data is not being transferred.


Posted by Bronx Jun 24, 2013

Are you champing at the bit while waiting for SAM 6.0 to be released? I don't blame you. I am too and for a different reason. Suffice to say, this release will be a beast! It is the musical equivalent of Liszt's Hungarian Rhapsody No. 2. What does this mean for you? Well, I can't give away all the secrets, but I liken the new features and views they provide to the cockpit of the space shuttle. Ridiculous!

So, what can I tell you? Not much; however, you can get a sneak peak of some of the new features here.

Real Time Event Viewer

In SAM 5.0, we introduced the the Real Time Process Explorer. In 5.5 we took it a step further with the Service Control Manager. Now, in SAM 6.OMG, we are offering the Real Time Event Viewer - and it's just where you'd expect to find it!


Here's a better view, just to tease you a little more:


This, my friends, is cool. But it pales in comparison to the other really, really, really cool features I can't mention! Why do you think I'm calling it SAM 6.OMG? Because it's bigger, better, and cooler than anything else we've ever done - and we're all working ourselves to the breaking point, but we love it!

Previously, we discussed website performance issues related to CSS and HTML. Now, let’s look at JavaScript and identify different problems that occur on websites and how you can monitor them before end-users are affected.


If you’re lucky, you can identify the problem and troubleshoot right away. If you don’t yet know what you’re dealing with, you could start here:

Server performance: Momentary server hiccups may result in incomplete code being sent to the browser.

Issues with third-party sites: If you query a third-party site without having it load asynchronously, you will likely have JavaScript issues on your site.

Corrupt cache file: This can cause unstable application performance and random error messages that pop up in the browser. Sometimes it can even make the application crash.

Outdated files: The browser might be using an outdated version of one or more JavaScript files from its cache.

Browser compatibility: Many times, JavaScript features work differently in different browsers.

JavaScript code: There could be a genuine error in the JavaScript code itself. For example, a missing semicolon or brackets, comments within comments, or code with missing statements such as return, throw, break, etc.

Others possible issues: The scripting engine, video card drivers, or Direct X controls could be corrupt or outdated.


5 Tips to Monitor JavaScript

1. Test Web pages in the development stage. When you’re building the website, you can monitor the logic of the code by recording transactions that involve JavaScript code and verifying their functionality.

2. Match images. If you have JavaScript menus and complex features on the page, you can use text and image matching to simply validate that the page is displayed as you intended.

3. Monitor load times. Establish an ideal baseline for how long it should take for your application to load. Then monitor the load times of each step in the page. If a step loads slowly, you’ll then receive an alert about the problem in the page or step.

4. Look at browser compatibility. Make sure you do QA testing on multiple browsers to ensure JavaScript has the desired effect on all browsers your application supports.


5. Monitor JavaScript performance. All of your page elements turned out perfectly, but you can tell some of the elements are slow to load. Monitor those sluggish elements so you know whether JavaScript was the real culprit. It could be other elements such as CSS, HTML, DNS Lookup, etc. at the root cause.




                              Monitor individual page elements to identify what is causing the issue


Monitor JavaScript Issues Using Web Performance Monitor

When in doubt, rely on Web performance monitoring software to keep an eye on JavaScript along with other front-end applications such as HTML, CSS, Images, and third-party applications. SolarWinds Web Performance Monitor proactively monitors your webpages and alerts you to any change in the way your sites or elements within them look or renders. Web Performance Monitor also offers:

• Intuitive charts to monitor page elements, their load speeds & timings

• A graphical dashboard that monitors every component of your site

• Drill-down capabilities & isolation of performance issues to quickly determine what’s causing the delay

• JavaScript performance monitoring for multiple locations, to ensure consistent user experience

• Customized alerts based on the severity level




All of us are aware of the Java® 7 update 21 that plugs 42 security holes, aren’t we? Oracle® issues update for Java to fix security issues, root certificate changes, algorithm changes, and code level bug problems every four months, and provides a collection of critical patch updates and non-security fixes.


With Java Update 21, Oracle shares that 39 of the 42 vulnerabilities for which the patches are rolled out, are remotely exploitable without authentication. Also, in addition to the security fixes, the new update will also make changes to the way Java applets are handled and presented in Web browsers that have the Java plug-in enabled.


Here’s the thing that is alarming: Despite the growing awareness of the vulnerabilities, only 7% percent of the users are running the latest version. Some scary factoids based on a report by WebSense:



The more you fail to keep up with security updates from your software vendors, the more you are prone to vulnerability. Alright, so how do you keep up with the patches? Given the complexity and dynamism of exploit kits and their updates, you need a patching strategy!


Patching Java can be tricky at times. For example, when you apply a patch, Java may uninstall the older version. Hence, you need to ensure that your patch management strategy allows you to create advanced before and after patch deployment scenarios.


Now patch Java updates with ease!!


With SolarWinds Patch Manager, you can easily discover systems that are not running the latest Java updates and patch them pronto. Patch Manager allows you to deploy pre-tested Java updates to any number of workstations, servers and VMs you need to update. Once you deploy the update, you can run reports to check how successful your patching was. You can also customize patch reports, schedule, and email them.


Patch Manager reduces weeks of your patching efforts and helps you protect software and applications against vulnerabilities. Java patch management made simpler, easier and effective!

Are you feeling the pain of an increasingly dynamic and growing network? Are you frustrated with tracing cables to track down a problem device? Are you having trouble justifying the purchase of another switch?


Why not use a tool that can do all the hard work for you? 

Blog Image.png


1. Switch Port Utilization and Capacity Planning


Mapping switches and monitoring the status of ports provides crucial visibility to optimize switch port utilization and also to accommodate IP subnet capacity planning. At hand information helps network admins foresee the number of switches required to support a full subnet and more efficiently scale the network. Additionally, admins can obtain the necessary data to determine the number of subnets required to attain maximum switch port utilization.


Real-time switch port mapping and monitoring provides vital information, including:


  • Switch details by ports used, CPU load, memory used, etc.
  • Port usage and capacity for every switch
  • Switch level to port level for detailed port data
  • Port configuration details and historical data of previous IP address usage


2. Tracking and Troubleshooting


Knowing the exact location to allow/stop a user/device from the network is a simple, but very valuable piece of information. Unfortunately, it can be very difficult and time-consuming to manually trace a cable to a device.


Network admins can improve issue troubleshooting and network access protection by gaining visibility into both current and historical endpoint connection details, including IP address, MAC address, VLAN, switch name, and port information. Equipped with this information, admins are better equipped to quickly locate offending devices and suspicious activity associated with an IP address to resolve network issues fast.


How can SolarWinds help?


SolarWinds IP Address Manager (IPAM) integrates with User Device Tracker (UDT) to provide automated IP address management, powerful switch port monitoring, and integrated endpoint tracking. This built-in integration provides end-to-end mapping of an IP address to connected user/device, enabling network admins to view IP address information right alongside device port and connection details in the same window.


With IPAM + UDT, you can:

  • Find out which user or device is accessing a particular IP address
  • Drill down to get network connection history for an IP address
  • See port and user information related to an IP address host or DNS assignment
  • View port usage and capacity on every switch
  • Detect endpoint devices having IP conflicts
  • Directly shutdown a port through the web interface


Make life easier! Download the IP Control Bundle to track and trace Your IP Address Footprints up to the port and user level. The physical location of the switch does not matter - everything is administered from a single web console!


If, for any significant length of time, you have been using SolarWinds NPM for network management or SolarWinds SAM for application and server management, you have probably heard of an additional polling engine. Maybe you're even currently using or considering using an additional polling engine to spread your management load or expand your monitoring capacity. Excellent. That's exactly what additional polling engines were designed to do for you.

In this blog post, however, I'd like to introduce a couple of lesser-known things those amazing Additional Polling Engines can do for SolarWinds NPM, specifically: remote polling and poller stacking.


Remote Polling

SolarWinds NPM version 10.4 introduced remote polling for Additional Polling Engines. Poller remotability allows you to continue polling and storing data, even when your remote additional polling engine is no longer connected to the SolarWinds database. In previous versions, if your additional polling engine lost its connection to the SolarWinds database, even for a short period of time, you would see data gaps for the devices monitored by the disconnected polling engine. Now, additional polling engines can use Microsoft Message Queuing (MSMQ) to temporarily store polled data locally, on the server hosting the additional polling engine, and then later store it when the database connection is restored.


Stackable Polling Engines

If your hardware can handle it, with the latest version of SolarWinds NPM, you can now install up to three unique polling engines on a single server, sharing a single IP address. Stackable polling engines enable you to effectively triple the polling capacity of a single server.


Guidelines for Using Remote and Stackable Polling Engines

The attached document provides guidelines for these extended additional polling engine features. Currently, stackable and remote polling engines are only available to a limited number of SolarWinds products, but availability should expand in the future.

One of the scenarios sometimes encountered in patch management environments is the disconnected network. Microsoft recognized this need and created functionality in WSUS to handle disconnected networks, and I wrote about this in the PatchZone article: Considerations with the WSUS Disconnected Network Environment.


Just to review, a disconnected network scenario with WSUS and Patch Manager looks like this:


One of each server (WSUS, Patch Manager) in each network.


Patch Manager Enhancements for Disconnected Operations

Patch Manager also provides a similar capability as WSUS, but with a couple of nice enhancements. First, where WSUS requires you to export all of the updates in the catalog, Patch Manager allows you to export one, some, or all of the updates. Second, WSUS requires you to export the metadata separately from the installation files; Patch Manager allows you to bundle them in the same CAB file for transport on removable media. Detailed procedures can be found in the Patch Manager Administrator Guide, in the section “Importing and Exporting Catalog” on page 52.


The Challenge for Patch Manager in a Disconnected Environment

However, the biggest challenge for Patch Manager in this scenario is not a technological problem, but rather a licensing problem. There’s no argument that a 250-node license for a two client installation of Patch Manager on the connected network is a pretty steep price to pay. If you were willing to forego telephone support for that connected server, you could use a 50-node installation of DameWare Patch Manager, but even that’s a pricey cost for a two-node network.


The good news, however, is that you do not have to purchase a separate license for your single-node connected network. With a bit of creative use of Patch Manager server roles, you can license that connected server as a node of the license applied to the disconnected server. Let’s look at how this is done.


Install Both Servers from Disconnected Network

On the disconnected network, we’re going to install the Patch Manager Primary Application Server (PAS). This is the server that will be used to manage the WSUS server in the disconnected network, as well as the clients of the disconnected network.


Also, on the disconnected network, we’re going to install a Patch Manager Secondary Application Server (SAS) with the Management Server role. This server will be registered with the PAS, and as such, will be automatically licensed for use by the license applied to the PAS. Note that this can be either a physical system or a virtual machine. When we’re ready to put this SAS in service, it’s just a matter of transporting the physical system (or virtual machine files) across the network gap and plugging it into the connected network.


Create Scope Objects on PAS for SAS

There is one technological consideration to be aware of in this scenario. The PAS replicates all defined scope objects (Domains, Workgroups, WSUS Servers, and Computers) to the SAS. In order to get the connected WSUS server registered on the SAS, the WSUS server scope object must be created at the PAS and replicated before moving the SAS to the connected network.


From the Patch Manager System Configuration node, in the Details Pane, double-click on Scope Management. Click on Add Rule, and select Update Services Server. Use the “Enter the object to add” button to manually  create an entry for the connected WSUS server, and click on Save. In a couple of minutes, that scope declaration will replicate to the SAS. You can access the Scope Management tool on the SAS to confirm. You may also wish to add the Domain or Workgroup for the connected network.


Deploy SAS to Connected Network

One the replication is completed and the SAS moved to the connected network, the connected WSUS server can be registered on the SAS and added to the management group defined on the SAS.


Credentials, Credential Rings, Security Role memberships, and User Preferences are all entities defined at each individual application server, so you can create those directly on the SAS at any time, before or after actual deployment to the connected network.


If you’re not currently using Patch Manager and you have a disconnected network environment, check it out. Download your 30-day trial today. Even if you don’t have a disconnected network, try it anyway!

Workstation monitoring is a crucial aspect of comprehensive network security that is sometimes overlooked. Threats to your workstations come in a variety of forms and can open the possibility of a breach or intrusion into your corporate network. Some common
threats to workstation security include your setup being exploited, credentials being stolen, unauthorized access being gained, and confidential data being stolen via USBs and other mass storage devices. These are just a few of the many impending threats faced by security teams that can upset important IT security policies and regulations.


With its many built-in Active Responses, SolarWinds Log & Event Manager (LEM) can help combat critical workstation security threats lurking in your network. LEM's Active Responses are automated and programmed to react in real time and counter anomalies, threats, and policy violations—all without requiring human intervention to confirm or activate any action.


Let’s discuss some useful Active Responses that LEM offers out of the box for workstation security and management.


#1 Kill Suspicious and Unapproved Processes


There are instances when unknown applications and processes are running on the background on your enterprise workstations. While some of these may be harmless, there are other rogue processes that are potentially dangerous and can infect your terminals. You need to be alerted in real time when such suspicious and unauthorized processes are running on the endpoints, and be able to automatically kill them.


LEM Active Response: The Kill Process Active Response enables LEM to automatically kill a suspicious or unapproved process by name or ID. According to the value in the ProcessID field of the corresponding LEM alert, LEM kills the process:

  • By ID when the ProcessID value is a number
  • By Name when the ProcessID value is a name



#2 Disable Networking on Infected Workstation


Once a workstation is infected, it’s highly possible that the infection will spread and affect other systems on the network. The wise security action would be to disable networking on the infected workstation from the network at the NIC card level. This helps quarantine the offending workstation and isolate it from the network.


LEM Active Response: Use the Disable Networking Active Response to disable networking on a workstation at the Windows® Device Manager level. This action is useful for isolating network infections and attacks, and can be automated in an LEM rule, or executed manually from the Respond menu in the LEM Console.



#3 Remove Unapproved Users from Administrative Group


As the IT administrator, you need to ensure only approved users are part of the Local Admins administrative group. If any ill-intentioned employees or unapproved users gain access, you should be able to remove them from the administrative group or AD. Based on where the unapproved user is identified, whether at the domain level or at the local level, you should be able to remove the user automatically.


LEM Active Response: LEM uses a Windows Active Response tool based on where you want to remove the user(s) from—the domain level or local level. This tool configures an actor that enables Windows Active Response capabilities on LEM Agents deployed Windows operating systems.



#4 Detach Unauthorized USB Device


Intentional or unintentional loss of sensitive information from enterprise workstation endpoints is a grave threat that security practitioners must address. USB devices can be used to steal corporate data and introduce malware or spyware into the workstation. Whenever unauthorized USB access is detected on the network, the USB device should be automatically disabled from the workstation. Some common use cases of dangerous USB activity on the network are:


  • When a computer endpoint gains unauthorized USB access
  • When an authorized USB port logs suspicious user activity
  • When unwarranted data transfer happens between an enterprise computer and USB drive
  • When USB access on a USB port becomes non-compliant with organizational policies
  • When a USB end point is affected and needs to be quarantined


LEM Active Response: The Detach USB Device Active Response allows you to automatically detach a USB or mass storage device from a workstation. This action is useful for allowing only specific devices to be attached to your Windows computers or detaching any device exhibiting suspicious behavior.



SolarWinds Log & Event Manager can additionally detect unexpected or inappropriate network activity, identify isolated spikes in network traffic, proxy, or file activity, and send a popup to the workstation notifying the user that’s been spotted. In addition, there are multiple other built-in computer-based and user-based Active Responses available in LEM that will help you protect your workstations from user misbehavior or policy violation.


Leverage the new LEM Workstation Edition for more scalable workstation log management.

Welcome to SolarWinds blog series “Diving Deeper with NetFlow – Tips and Tricks”. This is the fifth part of the six part series where you can learn new tips by understanding more about NetFlow and some use cases for effective network monitoring.


In the previous blog, we had discussed monitoring BYOD, its implications on your network, and how NetFlow helps breakdown BYOD bandwidth usage by monitoring what kind of applications are being used. In this blog, we will dive into Quality of Service (QoS) to understand how you can implement QoS polices across your network by analyzing the data from NetFlow.

In today’s advanced network environment, controlling and validating network traffic has become more challenging due to unwanted applications installed on BYOD devices. Rogue applications can block network bandwidth resulting in an interruption of important business applications. It is vital to define Quality of Service (QoS) and set priorities for various applications.   As an example, 50% of your bandwidth can be set to VoIP applications which are business sensitive while other non-critical applications are allocated lower bandwidth. Thus, by defining QoS classes and assigning policies, network administrators can set predefined actions to be triggered under specific cases.




Applications will compete with each other for bandwidth when traversing the WAN and since bandwidth is neither infinite nor free, it only makes sense that you will want to see how your bandwidth is being used.  Since NetFlow data reports on Type of Service (ToS) and DSCP fields from traffic conversations you can monitor your bandwidth usage by application and measure the effectiveness of your QoS policies.

Using NetFlow Traffic Analyzer, you can view network traffic segmented by Class of Service methods, such as Type of Service or DSCP ensuring that critical traffic such as voice or video is prioritized and isn’t dropped.


To learn more about NetFlow, check out our NetFlow V9 Datagram Knowledge Series.

Watch the entire ‘Diving Deeper with NetFlow – Tips and Tricks’ webcast here and become an expert in understanding and implementing NetFlow in your enterprise networks.


Download a free fully functional 30-day trial of SolarWinds Bandwidth Analyzer Pack.

Have questions about your products? Want to know what we're working on or when your favorite feature is going to be implemented? Join us for the Customer Event at Cisco Live for short presentations, lots of Q&A, and a catered lunch. Presentations will be brief to allow plenty of time to chat with SolarWinds staff about your own environment and products.


The Scoop


Sign up to join us for one or more sessions. Sessions will be held Wednesday and Thursday, June 26 & 27, over lunch. The Customer Event will be held at the Rosen Centre, directly across the street from the hotel. Each session is limited to 30 people, and a catered lunch will be provided.




Wednesday June 26, 11:30-12:30

Don’t Forget the Superglue


This session covers three critical areas that can be overlooked until you’re in a pinch: config backup and policy scanning, network discovery and diagramming, and maintaining a clutter-free helpdesk queue. We'll be sharing some real-life stories from the front lines, and discussing how other people have solved problems when the going got tough... and stayed out of the weeds on a day to day basis.


Wednesday June 26, 12:30-1:30

NPM – What’s New, What’s Coming, and Popular Extensions


Join us for a product update, one-on-one discussion, and live demo with SolarWinds Product Managers and Head Geeks to learn and ask questions about the brand spanking new PM 10.5 release. The Product Management team will discuss what we’re working n for future releases and we'd appreciate your feedback. We’ll also introduce few popular NPM extension modules that address common network, server, and pplication management use cases. Bring all your NPM and associated module questions: we’ll have plenty of time for Q&A and one-on-one time with our SolarWinds experts and users like yourself.



Thursday June 27, 11:30-12:30

Protect Your Network From Hackers


Join us for a power unch to swap stories from the front lines and learn what SolarWinds is bringing to the table in the security space. A SolarWinds customer will also join the presentation to share how they are using SolarWinds in their environment. We will provide a short overview of SolarWinds Security products and cover topics such as:



• Understanding the importance patch management. It saves time... and your network!

• How and why to deploy security information and event management (SIEM)

• The importance of discovering and managing what devices users are using on your network

• How to manage your firewalls & network device configs more effectively


Thursday June 27, 12:30-1:30

NPM – What’s New, What’s Coming, and Popular Extensions


Join us for a product update, live demo, and one-on-one discussion with SolarWinds Product Managers and Head Geeks to learn and ask questions about the brand spanking new NPM 10.5 release. This session will also feature a long-term SolarWinds NPM customer as a special guest panelist. The Product Management team will discuss what we’re working on for future releases and we'd appreciate your feedback. We’ll introduce a few popular NPM extension modules that address common network, server, and application management use cases. Bring all your NPM and associated module questions: we’ll have plenty of time for Q&A and one-on-one time with our SolarWinds experts and users like yourself.


Sign up here!

Why do we need reporting in the first place? Efficient help desk ticketing management starts with measurement. Reporting is one key feature of help desk software that enables management to see technician performance, pinpoint the most troublesome dilemmas, find the customer’s location, and make informed decisions.


From a recent help desk survey, we learned that:

  • More than 48% of help desk professionals spend more than 1 hour managing & tracking tickets
  • More than 75% spend more than 1 hour on troubleshooting & ticket resolution
  • More than 30% work on more than 10 tickets each day
  • 78% said their organization (<500 employees) processes up to 50 help desk tickets a day
  • 65% said their organization (>500 employees) processes more than 50 help desk tickets a day


You’ll notice, the dominant pain points appear to be ticket volume, ticket troubleshooting/resolution time, and the number of tickets handled by help desk professionals every day. Built-in reporting and metrics for these parameters will not only give management tools to track performance and make sound decisions but truly empower help desk professionals to better manage their entire IT environment.


Around 42% of the respondents said performance reporting and metrics are key functions they want in help desk software.


SolarWinds® Web Help Desk™ software offers built-in, customizable and intuitive reporting, with five key features to address these common problems. Moreover, Web Help Desk is 100% Web-based and eliminates the need for multiple, separate installations on each computer.




Key Features to Look For

  1. Real-time performance reporting – Incident frequency, real-time billing data, technician performance, and customer support requirements are graphically represented in real time in the Web Help Desk console for easy access anywhere, anytime.
  2. Intuitive dashboard – Technicians and supervisors can customize what they want to see in the dashboard, by ticket activity, ticket priority, alert level, and so on. The widgetized set-up allows for uncomplicated arrangement and customization of the dashboards.
  3. Customer survey reports – Data collected from customer surveys let help desk management see critical information, like specific areas of customer dissatisfaction, patterns of recurring issues, and causes of bottlenecks during ticket resolution.
  4. Scheduled report delivery – Managers and supervisors can get various reports delivered to their inboxes, at predefined intervals and with levels of granularity they choose.
  5. Data exports – A wide range of helpful reports, segregated by group names, can be executed and exported to PDF or TSV formats at the click of a button.


Detailed reporting and performance measurement of your IT service desk doesn’t have to be cumbersome or time-consuming. SolarWinds Web Help Desk combines robust, yet easy, reporting with simplified help desk management tools that you’ll want to use day-after-day, week-after-week.

Take a test drive today!

Join us for a webcast on Friday, June 14, 2013 1:00p.m. - 2:00p.m. CDT

“The Value of Real Integration:

Combining Data to See More, Troubleshoot Faster, and Save Time”

When it comes down to it, there are three ‘must haves’ for dynamic network monitoring:


  • Alert- Monitor nodes and generate intelligent alerts based on specified criteria
  • Acquire- Retrieve vital, in-depth data for any network device
  • Act- Use Control elements to immediately remediate a problem





In this webcast, you’ll learn how NPM and the Orion integrated platform deliver these three ‘must haves’ to equip yourself to tackle the day-to-day demands of network management and troubleshooting.

Topics we’ll be covering include:

  • Network Performance Monitor 10.5
  • Orion Platform
  • Integration between SolarWinds products


Find out what’s new in NPM 10.5 and see how SolarWinds unified platform can be tailored to your wide-ranging network management needs with real-world examples.

Register Now and learn how to benefit from NPM cross-product integration and profit from the saved time and effort!

What are “Rules” in Log & Event Manager?


Rules, in SolarWinds Log & Event Manager (LEM), are customizable event correlation algorithms that correlate events sent by LEM Agents and remote logging devices. Whether you are monitoring the LEM console or not, LEM rules track events in real time allowing you to

  • Correlate multiple events from different sources
  • Automatically trigger alerts or email notifications
  • Respond to security events in real time


When a single event or a series of events meet a rule's correlation conditions, the rule automatically prompts the LEM Manager to take action, such as notifying the appropriate users, or performing an active response (blocking the IP address or stopping a particular process). LEM rules offer the ability to use simple and advanced thresholds such as time/frequency and same/distinct to add complexity and significantly reduce false positives.



Correlation Rule Builder


SolarWinds LEM has a built-in Rule Builder that employs an intuitive graphical interface with easy-to-use techniques such as drag and drop options, an icon-based tool panel, and a graphical object selection panel to:

  • Build new rules easily
  • Clone existing rules
  • Customize and edit existing rules


The rule builder interface incorporates familiar easy-to-use techniques such as drag and drop, an icon-based tool panel, and a graphical object selection panel. To further help rule creation, there are additional events and fields on the left-side of the rule builder window that you can to add to the correlation rule. The rule builder uses a logical ‘AND’ or ‘OR’ Boolean logic for rule creation.


In addition to the ease with which new rules can be created, SolarWinds LEM offers more than 700 pre-built correlation rules that cover critical network infrastructure, change management and network security functions.



LEM2.png LEM3.png


Rule Categories & Tags (New in version 5.6)


LEM rules are organized into pre-built categories to better pinpoint use cases like security, IT operations, compliance and change management. There are also sub-categories under each of the categories these to display rules for specific uses.


SolarWinds LEM also allows you to add tags to categorize a rule to make rule search easier. Tagging the rule will associate it with existing rule categories or you can also create a custom categories for new rule that will be displayed the Rule Categories menu. The rules “tagging” feature makes it much easier to pinpoint rules that meet specific needs like compliance, security etc.



Download SolarWinds Log & Event Manager today and easily build correlation rules to alert on and respond to security events happening in your network and enhance IT security.


Watch this short video to learn how to easily create and customize correlation rules using SolarWinds LEM.



Read this blog to understand how LEM performs even log correlation.

Getting past practical hurdles and taking control of your entire IP infrastructure calls for a few specific essentials. What are they, and how do you use them to ensure network availability and performance.


  • Effectively utilize your IP space
  • Track IP address activity
  • Take proactive measures with real-time alerting and reporting


Let’s review the key elements in IP infrastructure management, associated best practices and solutions.

IPAM Blog Image.png

IP Space Management


A network admin on a daily basis deals with management tasks like - Address planning, Address allocation, Centralized inventory, Real-time IP status and IPv6 planning.




If you are still using spreadsheets, note that they require a lot of manual entry and verification, are prone to human errors, and are difficult to control especially with multiple people accessing it.


To be able to successfully meet user and network requirements,


  • Maintain all IP details in a single place and update all changes and allocations as and when they are made.
  • Actively monitor IP space utilization for IP capacity planning.
  • Use access controls to know who is making what change.
  • Provision and plan for IPv6.


DHCP and DNS Server Management


Individually managing both DHCP and DNS servers is an effort, especially in networks operating with multiple vendors. Therefore, to minimize human errors and manual processes, choose a solution that interacts with both your DHCP and DNS servers. Increase efficiency with,


  • Centralized management of DHCP & DNS servers
  • Manage and propagate all updates from a common GUI
  • Active monitoring of DHCP/DNS services


Simplify Management with an IP Address Manager (IPAM)


Deploy an IPAM tool that’s easy to install, supports multi-vendor DHCP & DNS management, and simplifies troubleshooting with real-time alerting and reporting. Some of the things you’d want on your checklist for a good IPAM are:


  • Unified IP space management with consolidated DHCP and DNS management
  • Simplified troubleshooting via unified dashboard, real-time views & historical tracking
  • Preventive actions in automatic scans, IP conflict detection

Go ahead and automate your IP address management tasks to save time, reduce errors & increase efficiency. SolarWinds IP Address Manager (IPAM) offers what you need to take control of your IP Infrastructure Management. Download a trial version today!

The National Security Administration (NSA) has been in the headlines recently; something I’m sure every top-secret intelligence agency longs for. In the myriad articles, interviews, and stories about how much data the NSA “gathers” about e-mail contents, phone calls, mobile phone tracking, text messages, and what you feed your cat, you might recall mention of a new NSA facility under construction in Utah. In case you missed this tidbit, just Google “NSA Utah” for a return of a little over 57 million hits.

The big story, for me at least, is not that our government is building a new super-snooper facility in the middle of nowhere, (Apologies to Mormons and other residents of the state.) but the quantity of data the installation is projected to handle.


When I heard the term “zettabyte” in reference to the new agency outlet, just like you, I scrambled for my browser to find out just how many a zetta is. According to Wikipedia, a zettabyte is “The zettabyte is a multiple of the unit byte for digital information. The prefix zetta indicates the seventh power of 1000 and means 1021 in the International System of Units (SI), and therefore one zettabyte is one sextillion (one long scale trilliard) bytes.” (See http://en.wikipedia.org/wiki/Zettabyte. The Wikipedia entry is worth a read.) The new NSA post is estimated to support 5 zettabytes of storage capacity. For the less mathematically astute of us, myself included, in Texas that’s what we call a !@#$load.


Let’s dial that zettabyte into perspective: If the earth is ~197 million square miles in surface area (it is), and each square mile is the equivalent of 1 zettabyte, I am in possession of empirical knowledge that my calculator does not produce enough zeroes to show me how many times a zetta of square miles would cover the earth. With excessive confidence, I can now say that a zettabyte should be enough for anyone.

We had an awesome week in the SolarWinds booth at TechEd North America. It's great being able to meet and chat with our customers, and we were particularly surprised at the number of SolarWinds customers attending TechEd NA this year. We talked about all the products, but especially a lot about SAM and Patch Manager, and Virtualization Manager was a finalist for the Best of TechEd Awards. We even closed a couple of support tickets in the booth!


Perhaps the most notable announcement to come out of TechEd was the forthcoming release of Windows Server 2012 R2 (aka Windows 8.1) and System Center 2012 R2. Preview bits are expected to be available by the end of June, and you can register for notification from Microsoft when the bits are available.


But, no doubt, the high point of the week (well, at least for me, being the party animal that I am ... well, Used To Be!), was the closing party. Two things to catch your attention from this event, first a memorable performance of Proud Mary by Tina Turner and the [TechEd] Tinettes... here's a (not very good) photo I captured to commemorate the occasion. At the end, to a one, each of those dozen IT pros got/gave hugs from/to Tina. I'm not sure who was more excited... the guys being in the presence of music royalty, or Tina having a dozen men half her age (or more) huggin' on her. One thing's for sure ... the lady can still dance, sing, and rock a house.



... and two hours of the hottest party music from a local New Orleans band, MoJeaux. Check them out, for sure. Here's a 40 second video clip from MoJeaux's Facebook.  IT Pros Rock!


I'm already getting warmed up for TechEd North America 2014... which will be held in my favorite city ... Houston! May 12-15, 2014.

In an earlier blog, we discussed how important it is to monitor logs from workstations. To address this much demanded security use case, SolarWinds introduced Log & Event Manager Workstation Edition with the release of LEM 5.6.


What is Log & Event Manager Workstation Edition?


LEM Workstation Edition is a special licensing model of Log & Event Manager that accommodates log management for thousands of workstation nodes at a much competitive and affordable pricing. LEM Workstation Edition provides all the functionality of LEM (including Active Responses, USB defender, Compliance Reports, etc.) to help you collect, correlate, analyze and store logs from more number of workstation nodes. This licensing model will greatly benefit LEM users for you can now pay less for monitoring more workstation nodes when compared to non-workstation nodes.


Workstation Edition nodes are priced at a much affordable pricing than the normal LEM nodes (which are now called ‘Universal’ nodes). The screenshot below shows how the Workstation and Universal nodes are differentiated on the LEM console (Manage Nodes section).

LEM 1.png

With this release, LEM 5.6,

  • Workstation nodes support workstation client operating systems (Windows® XP, Vista, 7)
  • Universal (or non-workstation) nodes support all other data sources supported by LEM


What’s New in Log & Event Manager 5.6?


There’s a bunch of new enhancements added to improve the product functionality and make the user experience better.


  • Rule Categories and Tags
  • New Rule Templates for Appliance Monitoring and File Tracking
  • Improved Data Storage and Search
    • New Differential Archiving means no more full database backups
    • Progressive Search Results displays results as they are found. No need to wait anymore.
  • New connectors for Juniper®, Cisco®, Microsoft® and many other devices/vendors



Rule Categories and Tags


As discussed in the product blog, you can use the new Rule Categories and Tags to:


  • Tag rules you're using for compliance so that they don't get inadvertently disabled
  • Categorize rules used for production, lab, and other environments so that you know how rules are used
  • Tag "in progress" or "testing" rules so that you can find rules that you're working on developing
  • Categorize rules for different departments or teams (sort of like how we have Security and IT Operations) so that each team can find their relevant rules quickly


Steal a glance at the new Rule Categories and Tags.


LEM 2.png


Integration with More IT Management Products


SolarWinds LEM now integrates with SolarWinds Server & Application Monitor and SolarWinds Alert Central (FREE Alert Management, Escalation & On-Call Scheduling software).


  • You can send correlated LEM events to SolarWinds Server & Application Monitor for added visibility into server and application performance.
  • You can correlate events in LEM and forward to SolarWinds Alert Central via email for incident handling, and distribute alerts using configurable escalation policies and on-call calendaring in Alert Central.


SolarWinds Log & Event Manager 5.6 makes log management an affordable must-have solution for security practitioners and IT admins who want to collect and monitor logs from across your IT landscape – servers, workstations, VMs, network devices, security appliances, databases and more.


For more details on the features and enhancements in LEM v5.6, read the Release Notes.

Welcome to SolarWinds blog series “Diving Deeper with NetFlow – Tips and Tricks”. This is the fourth part of the 6 part series where you can learn new tips by understanding more about NetFlow and some use cases for effective network monitoring.

In the previous blog, we had discussed the impact of cloud applications on enterprise network and how you can track your cloud performance while effectively monitoring your network. In this blog we will look into monitoring the BYOD impact on your network and its implications.

In order to increase productivity, many organizations today encourage the usage of BYOD and telecommuting. With that network administrators have added another burden to the list of problems that they already face. With an increase in personal devices, businesses of all sizes are trying to solve the bandwidth problems caused by BYOD.

Managing BYOD without concrete policies can create significant issues for network administrators. Some of these are:

  • Increased usage of BYOD for personal reasons
  • Compromise in security and network integrity
  • Bandwidth bottlenecks
  • Increase in access by unauthorized applications
  • Problem with existing QoS policies


How NetFlow helps to monitor BYOD?

BYOD is going to add more traffic to your network and understanding the impact on the network’s bandwidth is imperative. Blocking unauthorized applications from hogging your network bandwidth is essential to having more optimal network usage as these unknown applications compete with business applications.


NetFlow helps breakdown the BYOD bandwidth usage by monitoring what kind of applications are being used, and what the sources and destinations of the increased traffic are. In depth tracking using NetFlow provides real-time information on network traffic and BYOD monitoring begins at the access layer, closer to the traffic source. By analyzing the data from NetFlow, you can implement QoS policies across the network.


Using NetFlow Traffic Analyzer, you can monitor the bandwidth consumed by personal devices and easily define policies to streamline the network traffic. Network administrators can find bottlenecks in network bandwidth by analyzing the source and destination of the traffic, and deploy policy restrictions on those devices.

To learn more about NetFlow, check out our NetFlow V9 Datagram Knowledge Series.

Watch the entire ‘Diving Deeper with NetFlow – Tips and Tricks’ webcast here and become an expert in understanding and implementing NetFlow in your enterprise networks.

Download a free fully functional 30-day trial of SolarWinds Bandwidth Analyzer Pack.


What is PRI

Posted by LokiR Jun 10, 2013

A Primary Rate Interface (PRI) is not an esoteric banking term designed to take as much money as possible away from your account. It's a less obscure telecom term that connects your internal PBX to "the outside."


How is this important?


The PRI is the part of the ISDN that is responsible for carrying voice and data from point A to point B. This is essentially the trunk you rent from your telecom provider to connect your internal VoIP lines to the external PSTN. (I wrote a blog about trunks a while back, if you're interested.)


A PRI uses different carrier lines depending on which part of the world you live in. For example, if you live in North America, the PRI uses a T1 line. If you live in Europe, it uses an E1 line. These carriers establish how many external phone lines you can access and how much data you can transmit.


Using the T1 line as an example, there are 24 available channels. These channels are further divided into B channels and D channels. The B channels carry your voice and data, . The D channels carry control and signaling information. A single T1 PRI line has 23 B channels and 1 D channel. If you use more than one PRI line, you can often reduce the total number of D channels. If you lease two PRI lines, you could have 27 B channels and a single D channel, giving you 27 outside telephone lines instead of 26 outside lines.

A quick Bing search of German websites reveals a number of heavyweight secure file transfer options that require consulting services for deployment.  Our take?  Perhaps Germany's system administrators need something faster and easier.



The Elephants in The Room


Two of the first entries you will see on a German search for "secure file transfer" are heavyweight offerings from SEEBURGER and Envision Software.


SEEBURGER is a business integration and EDI company offering software for managed file transfer.  However, you can't just download and try the software for yourself without first talking to someone; their model requires you (or preferably, your boss) to hear about the many pieces of your business that need to be interconnected, even though you just want to put up a secure file transfer server and go home.


Envision Software doesn't actually make software.  Instead, they are a consulting operation that deploys IBM solutions (perhaps from IBM's Sterling Commerce acquisition) and Proginet EDI-based solutions.  Suffice it to say, none of that software can be downloaded immediately either.


And even if you could download something from these two companies, purchasing it with your credit card may not be possible.  These are enterprise software solutions...with enterprise software price tags.


Try & Buy Secure File Transfer Software Today


The recent trend in Germany, the UK and elsewhere in the EU has been for "enterprise" managed file transfer solutions to be replaced with less expensive secure file transfer solutions, such as SolarWinds Serv-U MFT Server, that are easier to deploy, easier to maintain, and easier for partners and employees to use.


Secure file transfer software is easier to deploy because it can be downloaded and installed from publicly available websites at any time.  Software trials are automatically activated and the products can normally be configured and started in less than ten minutes.  Even add-on components such as a secure DMZ Gateway can be deployed without a consultant or calls to the company’s support desk.


Secure file transfer options are easier to maintain because they can be plugged into existing Active Directory domains to provide authentication services and account information; this avoids hours of user maintenance.  Secure file transfer software may also take advantage of existing home folders, Windows shares and other enterprise storage, where other managed file transfer systems based on EDI technology practically require a hermetically sealed environment just to function.


Finally, secure file transfer products are easier for employees and partners to use.  They usually feature built-in web interfaces that allow people to securely upload and download files without requiring them to get an FTP client.  They may also allow for remote Web administration, provide tailored mobile interfaces, and send email so that even a novice user can by notified when files are uploaded, downloaded, or deleted.


Expect Native Support for Secure File Transfer in German


Yet another reason for the expansion of secure file transfer software is their growing support for the native language of their end-users.  SolarWinds Serv-U servers have native German interfaces, and support for languages is granular enough to provide different languages for different users.  To see how this works, download the FTP server today and select "German" when the installation prompts you for the desired language.


Get Affordable Secure File Transfer - Quickly


If you need secure file transfer software that avoids the hassle of "enterprise" sale cycles, deploys quickly and understands your language, consider Serv-U.  See how easy and affordable secure file transfer can be by downloading your free 30-day FTP server evaluation today.

In my last post, we discussed uncovering issues with CSS. Let’s look at another aspect of website performance, HTML, to understand the causes of HTML performance issues, as well as how to identify them.


There are a few signs you should watch out for when your HTML page loads:

• How quickly your page responds to requests

• Whether the page elements are loading slowly

• Whether pages simply are not loading at all


Whatever the cause, website performance problems are worth looking into before your users are affected and you start getting trouble tickets.


What are Some Common HTML Issues?

• HTML Requests: Many times, HTML requests can take longer than usual to process, causing websites to load slowly. This can happen if there are poorly written queries, or if the server does not have enough physical or virtual memory.

• Non-compliant HTML Tags: If there are HTML typos or in cases of non-compliant HTML tags, the webpage would be displayed with errors.

• Missing Links to Files & Images: In many cases, files and images are uploaded but not linked in HTML. As a result, they do not get displayed in the website.

How to Detect an HTML Issue Before End-Users Call the Help Desk

Monitor page element load speeds and receive alerts when they exceed normal rates.

Monitor HTML page elements and their load times to ensure they come up consistently each time. For example, monitor how long it takes for hi-res images or JavaScript within Web pages to load.

html 1.png

                                 Identify which element is causing the issueusing the waterfall chart


Monitor images and file load times

To proactively monitor for issues involving non-compliant HTML tags and missing files/images, you can use image matching. Image match monitoring defines the number of seconds it takes for an image to load. Monitoring this will tell you if the image is loaded within the specified time. Then you know if the transaction passed or failed. You can also use this capability to validate if the image is displayed as intended.

html 2.png

             Image match highlighted in yellow will allow you to edit load times for images in your HTML page.


Manage queries and HTML requests

Monitoring response times for SQL queries will show if the query is taking a longer time to process. You should also monitor if your servers have enough memory to handle the site load. Most server monitoring software can be used to monitor issues related to server memory.


Website Monitoring Simplified

SolarWinds Web Performance Monitor will ensure your HTML pages (and other front-end applications) will not affect your website performance, by letting you:

• Proactively monitor internal (behind the firewall), external (customer-facing) & cloud-based web applications

• Monitor HTML applications & its elements – images, scripts, etc. & their load speeds

• Record, replay & edit each step of a Web transaction

• Monitor HTML performances for multiple locations to ensure there is no drop in performance

• Enjoy a user-friendly graphical interface that monitors all components of your website

html 3.png



I encourage you to try a fully-functional 30-day free trial of SolarWinds Web Performance Monitor to experience it for yourself in your own environment.

BIND is the most widely used DNS software on the Internet. From a performance perspective, it’s quite powerful; from a management perspective, it can be quite cumbersome, especially if you’re not proficient with the command line interface.


As many network admins who manage BIND servers on a daily basis would agree, executing manual DNS updates through the CLI can be both tedious and error-prone.  Fortunately, these admins now have another option—SolarWinds IP Address Manager (IPAM).



IPAM provides the flexibility of a user-friendly GUI to easily perform add/edit/delete functions for BIND DNS zones and records, thereby, eliminating the struggles of having to use the CLI.


With IPAM, you can manage and monitor not only your BIND DNS servers, but also Microsoft DHCP and DNS, as well as Cisco DHCP and ASA devices—all from a single, consolidated web interface!



  • Reduce human error when editing DNS data through CLI
  • Reduce the effort required to edit DNS zones and records
  • Easily propagate DNS changes to different DNS servers
  • Stop maintaining multiple management consoles

Check out this video to learn more about IPAM’s new BIND DNS support.


To learn more, read our Tech Tips on - How to BIND with IPAM.

SolarWinds is happy to announce the release of DameWare Remote Support (DRS) version 10!  Just like earlier versions, DRS v10 includes a comprehensive suite of systems administration tools, but this latest offering includes an innovative new mobile remote desktop application for iPhone and iPad that lets IT pros support end-users from anywhere using DameWare’s proprietary remote control protocol.


What is DameWare Mobile?


DameWare Mobile is an ideal tool for on-call rotations and after hours support.  With it, sys admins can create mobile desktop remote control sessions from anywhere a 3G or 4G signal is available.  It consists of two components:  the DameWare Mobile Gateway Service and the DameWare Mobile Client.


The Mobile Gateway Service

The Mobile Gateway Service manages connections from the outside world to computers behind a firewall.  It is packaged with the DRS installer and must be configured before users can connect to computers on a network from an iOS device.  Generally speaking, there are two ways to configure the Gateway Service:  on a Windows server residing in a DMZ or on a Windows server accessible through VPN connections.  The setup is quick and painless as the installer for the Gateway Service is packaged with the DRS v10 installer.


The Mobile Client for iOS

The mobile client is available in the iTunes App store for iPads and iPhones running iOS 6 or higher. From the mobile client, users can connect to Windows computers with the DameWare agent on their networks.  The mobile client includes a host of intuitive controls that make remotely controlling computers much easier than with free iOS RDP and VNC apps.  A Windows-ready keyboard complete with start button, ctrl, del, and esc keys is included as well as a virtual mouse with right and left clicks and drag & drop abilities.




Remote Control and Remote Administration

As always, DRS is packaged with Mini Remote Control the award winning remote access tool that has made the lives of countless IT pros easier for over 10 years.  DRS also includes a set of remote administration tools like Active Directory management, Windows administration, and support for Intel vPro with AMT.


So there you have it….DameWare just made things even easier for you sys admins.  If you’ve got an older version of DameWare Remote Support or some licenses of Mini Remote Control, now is your chance to make the leap to the latest version.  Visit www.dameware.com to learn more about v10 of DameWare Remote Support.

As system and security admins, we tend to monitor server logs in order to understand various system activities so we can isolate faults, security breaches and policy violations. However, it’s also necessary to explore workstation logs for advanced system and user activity monitoring.


Workstations are arguably one of the most vulnerable entities on your network. They process content from the Internet and email, they come in contact with infected files, external mass storage devices, and can connect to insecure networks over Wi-Fi.


Workstations generate a wealth of log data that provides detailed event information from the endpoint perspective. While server logs remain paramount to monitoring system and user activity, monitoring workstation logs in addition to server logs makes event analysis and user activity awareness even more comprehensive and actionable.


So, What Makes Workstation Logs Vital for Network Security?


There are various security events that can only be understood with the help of log data generated by workstations. These security events include:


  • System User Logoff – This is information that only a workstation would store. To monitor user logons, we can study the logs from the domain controller (DC) that processes the initial authentication when a user logs on to a workstation. But after the logon event, the DC doesn’t have visibility over user activity. The only component on the network that logs the user logoff data is the workstation.


  • Local Account Logon/Logoff – These are crucial events that the DC doesn’t capture. There can be local accounts within a workstation that are prime targets for hackers. As local accounts are often poorly secured, and the DC doesn’t provide data on user logon and logoff, they are prone to account breach. Because the authentication is being handled locally by the workstation, the event is only logged locally. For example, Windows® systems store this under event ID 4776.



Some Vital Error Codes Found in Windows Workstation Logs for Event ID 4776:

Windows Event Log Table.PNG

  • USB Connections to Workstations – These connections cannot be monitored by the server’s DC. Windows does not audit when devices or removable storage like flash drives are connected or disconnected. Only the workstation logs will provide information on when a USB or mass storage device was connected, by whom, whether the connection was authorized, etc. Based on this information, you can use a security information and event management (SIEM) system to respond to an illegal USB connection, and shut down the device, disable the port, or shut down the system.


  • End-user Desktop Programs – It’s crucial to monitor these programs running on your workstations. When a malicious executable is run by the user on the workstation, it can lead to potential advanced persistent threats (APT). The domain controller doesn’t log the programs running on end-user systems. It’s only the workstation logs that provide visibility into what programs a user ran and for how long.


Workstation logs are the easiest means of event awareness that can be used to monitor end-user activity on enterprise workstations, and provide a rich array of security event information. This information will help you create an enterprise audit trail, perform forensics and root cause analysis, and detect threats.


SolarWinds Log & Event Manager for Workstation Log Management


SolarWinds Log & Event Manager (LEM) is a full-function SIEM solution that extends comprehensive log collection, correlation, analysis, and incident response to both servers and workstations.


SolarWinds LEM also has out-of-the-box system-based and user-based active responses to counter threats, troubleshoot issues, and react to policy violations on your workstations.


Some useful Active Responses include:

  • Delete User Account and User Group
  • Disable Domain and Local User Account
  • Log Off User
  • Disable Windows Machine Account
  • Restart/Shutdown Machine
  • Block IP Address
  • Disable USB devices

\Welcome to SolarWinds blog series “Diving Deeper with NetFlow – Tips and Tricks”. This is the third part of the 6 part series where you can learn new tips by understanding more about NetFlow and some use cases for effective network monitoring.


In the previous blog, we had discussed about Network Anomaly Detection and how NetFlow helps network administrators analyze and monitor network traffic efficiently. In this blog we will dive into the impact of cloud applications on networks and how you can track your cloud performance while effectively monitoring your network.


The growing demand of cloud based applications and its increased rate of adoption despite has resulted in massive pressure on network administrators. It is imperative that enterprises maintain continuous network uptime for necessary operational processes. Any issues with the network or the speed of service may have adverse business effect.


One of the biggest impacts of cloud applications, is on a network’s bandwidth and the Software as a Service (SaaS) based approach means you need to ensure enough bandwidth is available for business critical applications to run uninterrupted processes 24x7. Network downtime may cause operational losses and may affect the organization’s bottom line. Some of the problems that network administrators face when using hosted cloud applications are:


  • Impact on bandwidth by cloud applications
  • Revenue loss if a business critical application is inaccessible
  • Operational loss if a mission critical cloud application is down
  • Bottlenecks in the network
  • Bandwidth hogging by non-business applications
  • Unauthorized protocol and application usage


Ensuring continuous Cloud application usage


Analyzing NetFlow data helps to monitor network performance as continuous uptime is an absolute necessity for the businesses who use or host cloud applications. It is important for network administrators to lookout for bottlenecks, bandwidth hogs, and unauthorized protocol and application priority. NetFlow data carries information on:


  • Cause of traffic bottlenecks
  • Who are the bandwidth hogs
  • Different end points using enterprise bandwidth
  • Applications being used in the network
  • Conversation priority within the network


NetFlow gives network administrators insight and helps them to prioritize hosted applications and deploy Quality of Service (QoS) policies. It provides the means to track the cumulative usage of a given application in an aggregated manner, down to specific regions, if necessary. As a result, the NetFlow information can be used to verify whether the cloud usage behavior matches with your service level agreement by mapping your actual activity between the cloud and your network. Measuring latency is challenging while operating on cloud, by using flow exporters like nProbe you can identify bottlenecks by analyzing the data through NetFlow collectors and demand the cloud provider the promised service.


Using NetFlow Traffic Analyzer, you can monitor real-time network utilization and traffic patterns, and understand who or which applications are consuming the most bandwidth thus ensuring it is used accordingly. To learn more about NetFlow, check out our NetFlow V9 Datagram Knowledge Series.


Watch the entire ‘Diving Deeper with NetFlow – Tips and Tricks’ webcast here and become an expert in understanding and implementing NetFlow in your enterprise networks.


Download a free fully functional 30-day trial of SolarWinds Bandwidth Analyzer Pack.

Storage Manager allows users to access the Storage Manager Database via the Storage Manager Website. This feature can be useful when you need to run queries against the database.


Note: It is recommended that you perform a full backup of your database before running any manual queries.


Accessing the database simply involves changing the Storage Manager URL. We have two options for accessing the database


- RunScriptServlet - Allow us to run queries to the database


- DatabaseAdmin - Allow us to run queries to the database and also give other useful information about the Storage Manager database


In the screen shot below, the URL for the Storage Manager website is ""



To open a window to the Storage Manager Database we would change the URL to the following:


See screen shots below.





The following example will terminate all instances of notepad.exe on an alert status of Down using PowerShell:

  1. In the Trigger Action of the Advanced Alert, add a new action type of Execute an external program.
  2. In the program to execute, type in "PowerShell" and the rest of the command line arguments, or the path to your PowerShell script.

Following is an example that terminates all running instances of notepad.exe.
Note: You will need to enable impersonation through your PowerShell script or run the Advanced Alert Manager under a user account with elevated privileges.



To Cryo or Not to Cryo?

Posted by LokiR Jun 3, 2013

That is a question.


This is probably not relevant for a great number of IT folks, but it is interesting for the implications on server room/server cooling.


This year some enterprising researchers developed a micro cryocooler that can cool a device down to 30 Kelvin (-243 °C, -406 °F) in around an hour and is about the length of your pinkie finger. This new cryocooler device is a multi-stage, mini version of the tried and true Joule-Thompson cryocooler (circa 1852). The Joule-Thompson cryocooler cools by causing a high-pressure gas that is below its inversion temperature to expand as it flows to a low-pressure region.


The first stage of the new device uses nitrogen so it can cool from room temperature to 100 K (-173 °C, -180 °F) . The second stage uses hydrogen, and cools the rest of the way  to 30 K.


As it stands, this is a great innovation for medical technology and space technology (such as interplanetary telecommunication).


Now, if we can cool down to 30 K, we should be able to regulate temperatures to a happy medium between temperatures needed for superconducting devices and temperatures too hot for business-level computing. I, personally, would be very grateful for an inexpensive, consumer-level CPU cooler for my laptop.


In the meantime, you can use SolarWinds Server and Application Monitor to keep an eye on your server temperatures and wish you had a micro cooler for your CPUs, cryo or otherwise.

If you didn’t know earlier, SolarWinds Patch Manager is available on the easy-to-use intuitive Orion® Web console. The Web console is available as part of the Patch Manager deployment, and displays data collected from the Patch Manager server.

The Web console is built on the Orion platform so you can view it alongside your existing Orion interface. This provides many key dashboards for system admins and security information engineers to know the status of patch deployment and identify missing patches and vulnerable computers on your IT infrastructure.

#1 Explore System Nodes To Identify What Patches Have Been Updated and What Are Missing

Patch Manager Web console allows you to view patch summary for a specific nodes using various graphical charts and Top 10 snapshots based on patch status.
Picture 1.png
You can further drill down to the break-up of Installed or Needed updates to see the list of all patches that are already installed on the node, or those that are missing.

#2 View Patches By Severity and Identify What Nodes Are Updated Or Missing Critical Patches

At a high-level Patch Manager categorizes all your system patches into different severity levels allowing you to see at a glance all the patches that are marked as critical or important based on the vulnerability.
Picture 2.png
You can drill down to a specific patch update and explore what nodes have this patch updated and those that are not running this patch.

#3 View Top 10 Missing Patches and Top 10 Vulnerable Machines

Patch Manager Web Console provides a quick snapshot summary of the Top 10 Missing Patches and Top 10 vulnerable Machines. This is actionable data for system admins to deploy and secure unpatched systems.

The Top 10 Missing Patches are listed based on the number of nodes missing the updates.
Picture 3.png
The Top 10 Vulnerable Machines are listed based on the number of patches the managed system node is missing.
Picture 4.png
#4 Get Health Overview of Servers and Desktops based on Patch Update Status

On the Patch Manager Web interface, you can view the high-level patch update status of your managed server and desktop nodes on graphical charts. At a single glace you can identify who many nodes are up to date, need updates, and are updated with errors.

You can further drill down to see the list of nodes under each category. Patch Manager also displays the break-up of nodes based on operating system used.
Picture 5.png
#5 View Software Health Status of Orion-Managed Server Nodes alongside Hardware Health Metrics

SolarWinds Patch Manager provides visibility into the health of the software applications installed on your servers and workstations. You can use the Web console to drill down to each server node to see if the application running is up to date and patched. Since Patch Manager Web console can be accessed from the Orion interface, you can import patch status of server nodes into SolarWinds Server & Application Monitor (SAM).

Benefits of this integration:
  • SAM provides hardware health data for server nodes to help identify server performance issues caused due to anomalous hardware metrics.
  • Patch Manager provides the software health data from the patch update perspective for the SAM-monitored server nodes.

This will help you get far-reaching visibility into both the hardware and software health status of your servers.

Try the free online demo of SolarWinds Patch Manager to access the Orion-based Web interface.

Filter Blog

By date: By tag:

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.