1 2 3 4 Previous Next

Geek Speak

48 Posts authored by: jkuvlesk

In 2012, we saw some of the worst online security snafus and attacks. With the increase in cyber espionage for personal and enterprise data in the form of DDoS attacks, cloud outages, and hacker attacks, and according to the latest predictions by IT security companies, PC users will still remain the biggest target for malicious attacks. Mobile devices, including tablets, will also be targeted. On the enterprise front, be it cloud, virtual or physical, securing enterprise network is going to harder than before. Network advancements and environment changes will make it complex and hard to monitor everything that’s hooked to the network.


The following summarize predictions made by security organizations about cybercrime in 2013:

BYOD will add complexity.   According to McAfee, more users will bring their own devices for work and mobile devices will become common in the work place. All these new devices will make the IT environment complex and difficult to monitor.

The Dropbox hack which caused data breaches will continue to persist both in the cloud and the physical data center.

Malware will evolve in sophistication of usage and deployment. McAfee indicates it will become difficult to monitor malware and spams - for example, the “It’s you on photo” spam that affected Twitter users leading them to visit a “.ru” spam site.

The cost of securing the network will increase steeply. IT organizations will spend budget to upgrade network software and equipment for sophisticated tooling which will be required to combat these new threats.  Organizations will need to deploy additional administrators to effectively perform monitoring across different attributes across network, system and virtual environments.  Software for SIEM solutions, VM/Cloud monitoring, end user activity monitoring will be required as a pro-active threat mitigation measure.

• Personal and enterprise data will become a target for hackers to avenge a communal, political or personal vendetta.

• With the increase in usage of mobile and cloud technology, new IT standards will be mandated like the new PCI DSS compliance standard for mobile payment processing.  It is also likely existing compliance rules will be made stricter to enforce compliance.

• According to Trend Micro’s 2013 forecast, the Windows 8 product line-up will be targeted by most hackers.


The secret mantra behind any secure IT enterprise is “being pro-active rather being re active.”  So if, the worst is about to strike, let us be prepared for it:

• Use simple but effective methods and use SIEM software to monitor all IT resources including servers, user devices and network devices.

• Proper assignment of resources, both virtual or physical, will enhance performance and will reduce the pain of monitoring unsolicited devices

• Software vulnerabilities should be patched regularly with an automated patch management tool.  

• Providing guidelines and educate end-users about network safety, malware, data theft, and spam using internal campaigns and programs.


Threats will always continue to exist. Though we cannot predict every threat, we can increase awareness among users and adopt more prudent security measures to protect users and data.

Monitoring servers, applications, networks and services is crucial. However, in today's datacenter, it's more complex than ever, with physical servers, virtual servers, cloud-based servers and legacy servers all running alongside one another.


The argument over agent-based versus agentless monitoring has been going on for quite a long time. Initially, the power, reliability, functionality, and all-around robustness of agent-based monitoring overwhelm the perceived advantages of lower cost, easier to implement/maintain features of agentless monitoring.

However, all this is changing with the need for organizations to be agile and the evident downside of agent based monitoring systems due to the complexity involved with agents.


Agent-Based Server Monitoring Hassles

  • Red Tape: The agent software runs on the remote machine and therefore affects its operation. In many environments, especially governments and larger corporations, you simply can't go installing software on critical machines without going through an evaluation and approval process.
  • Time to Maintain Agents:  Agents are very hard to maintain. As the monitoring solution is updated, the agents will need to be updated from time to time.
  • Scalability/Footprint:  Deploying, managing or administering, and monitoring connectivity with large numbers of clients and servers can become untenable. The problem is even more complicated when considering network infrastructure devices for which the number of possible connection paths is vast.


With all the hassles of agent-based monitoring, there are a few benefits which include deployment flexibility (eliminating NAT/Firewall/Proxy issues) as well as obtaining data such as event logs that are not obtained with agentless solutions.


Agentless Server Monitoring
Agentless monitoring is deployed in one of two ways:

Using a remote API exposed by the platform or service being monitored or directly analyzing network packets flowing between service components.


SNMP is typically used to monitor servers and network devices in an agentless manner. In the case of Windows servers, WMI (Windows Management Instrumentation) is typically used which provides a better set of metrics than can be obtained through SNMP monitoring alone.  Also for many Windows based servers and applications, agentless monitoring via the WMI gateway provides strong monitoring capabilities.


Agentless monitoring has certain distinctive advantages over monitoring with agents. Some are highlighted below:

• No Clients to deploy or maintain
• Lightweight, no application to install or run on the client. Typically consumes no additional resources
• WMI & VMware Agentless Monitoring is stronger than SNMP alone
• Typically lower initial cost for software


With all the various available options, it’s quite important to understand the business impacts in your particular environment for picking one server monitoring technology over another.


Related blog post: Customer spotlight: Agentless Enterprise Monitoring at Cardinal Health


Last week I met blogger Bob Plankers (@plankers), author of the lonesysadmin.net, and we had a great conversation on how the sysadmin role has changed over the last 5 years and what sysadmins and help desk professionals can learn from one another.


JK:  How did you get into blogging?

BP:  I got into blogging in 2005.  At that time there were not a lot of bloggers in sysadmin space.  I found that in searching the Internet for answers to questions, once in a while I knew something of interest that was not available on the Internet. My blog was the way to put it on the Internet. I’ve been in the field for around 15 years at all kinds of companies, from a consultant to the private sector to working in the help desk to working as a sysadmin at a large university in the Midwest.


JK: Since you have worked on both sides of problem determination – the help desk and as a sysadmin – what advice do you have for these teams to work better together?

BP:  A lot of sysadmins would benefit from a rotation in the help desk.  Seeing what help desk folks have to deal with, the problems they face from users and to actually talk to users who have to use the things that you are building.    A lot of times IT departments don’t follow up with the users or the help desk to find out what the pain points are.  Then you end up with people that are angry, because the application may be doing things as unintended but you never hear about them because the normal interaction between the service desk and the sysadmin is in a break-fix mode.  No one thinks to send things to a sysadmin like, hey, this app logs me out every 10 minutes and it’s a big hassle.  This is an annoying problem that a sysadmin might thing is just a security feature, but it is really impacting the user experience of the application and could be fixed.


I am pretty sensitive to that – I understand being caught as a help desk person in not quite knowing what to tell an end user who is complaining, and not getting any love from the sysadmin team because they don’t think it’s a problem since it’s not a technical issue.


Sysadmins can address technical as well as non-technical issues by listening to some of those complaints.  Addressing an issue might be as easy as explaining to the help desk why something is the way it is.  This helps a lot because they can explain it to the user, and at least the user would understand why the application is the way it is.


Beyond that, you can give the help desk access to the server monitoring tools.  It’s like sysadmins are the high priests of the IT organization and they want to hold all the information.  If you’re all on the same team, everyone should have the same information.  Give the help desk access to the information, and train the help desk team to not make any major decisions unless sysadmins are consulted first.  If the help desk staff can see what you (sysadmin) are seeing, it makes a big difference.  If they have the information of an outage that is occurring, when the end user calls the help desk, the help desk admin can speak intelligently that there is a problem and it is being worked on.


For example, I report that cable is not working in my area, and the support guy tells me that “nothing is reported in your area.”  So I go on Twitter and complain, and a guy deep inside the cable company sees it and fixes it. That’s neat, but probably not the way it should work. If the help desk appears smarter to the end user the end user will actually call the help desk when something is wrong, rather than throw up their hands when a service is slow or not responding.


This is especially important as virtual infrastructures are more pervasive – being able to work through technical and non-technical issues.


JK:  What’s an example of a non technical VM issue?

BP: VM seems slow – that is what I normally get.  I follow up with – how can you tell it is slow?  Well, I logged in and it seems kinda pokey.  Well, can you run applications or services?  Yes, but it just seems slow.  How should your application be performing, are you meeting your SLAs?  Well, yes, but the VM seems pokey.


With virtualization, it’s a different game now, your VM may be slower than physical box you used to own, but your application still works fine.  This is not a technical issue but an issue related to educating users why a VM may be slower than what they were used to, and why the business thinks it’s fine that way.


JK:  How has the System admin job changed over last 5 yrs?

BP:  Over last 5 years, the idea of working in silos has gone away, and with it some of the problems.  Historically the network guy would find out about things last – to many sysadmins he’s like a plumber – the network should work like your pipes, and we don’t need to talk to him on a regular basis, just when the plumbing plugs up. That was a bad idea then, and a real bad idea now.


The classic idea that everyone is separate is dying.  Now instead of a storage guy, or a network guy or server guy, now I have to be a generalist and have the right tools in place to see across these environments.  Virtualization also muddies the waters across these classic domains.  The rules aren’t so cut and dry. Best practices say stuff like you shouldn’t have more than 20 VM’s on a data store, but what they really mean is that you can’t have the wrong 20 VM’s on a data store.  Figuring this out is not so easy, and you need the right tools to do this that will save you time.  There are a whole bunch of tools out there, but by the time you are done implementing them you have spent more time than you will ever save in using the tool.  Having a good tool that will show you if the VM is slow, the storage issues and the network information is very valuable.


One thing I learned working in the help desk is linear troubleshooting – changing one variable or chasing one metric at a time.  A lot of sysadmins don’t know anything about storage or networking.  They never had to worry about how a network worked before virtualization.  With virtualization, now they have to configure a network, never thought about a VLAN, what is a LUN, a datastore?  How does fiber channel SAN or iSCSI work?  Take complicated storage and stack that on top of a complex network and your head really hurts.  It’s like working one of those math exams where the answers for part B and C depend on part A. You get part A wrong and you’ve screwed everything up. You’ve got to have your network solid for your storage to work, and so on.  Overall, I’d say that if you’re a sysadmin today, you’re better off being a mile wide and an inch deep in all areas.


JK:  What technology trends are you planning to blog about in 2013?

BP:  Right now I am working on a column for TechTarget around the topic that IT does not practice what it preaches when it comes to consolidation.  What I mean is that with server consolidation, cloud, virtual desktops – IT is pushing stuff back into the datacenter.  However, within the datacenter we are now seeing distributed building blocks like direct attached storage which is clustered, rather than these big storage arrays.  Within the datacenter we are becoming decentralized.  IT is doing it to save gobs and gobs of money.  It’s an interesting trend.


Another trend I find interesting is now that costs have been driven down for the infrastructure through virtualization and cloud, folks can spend more time on intangibles.  How much time do I spend performing a particular task?  Should I spend the time automating that task or is my time best spent elsewhere?




Other IT blogger profiles:

Ryan Adzima, The Techvangelist

Bill Brenner, Salted Hash

Tom Hollingsworth, The Networking Nerd

Scott Lowe, blog.scottlowe.org

Ivan Pepelnjak, ipSpace

Matt Simmons, Standalone SysAdmin

David Marshall VMBlog


I recently interviewed Alex Hoang of Presidio.  He is a SolarWinds partner who resells SolarWinds monitoring products.  Presidio generally serves large Cisco shops who are implementing datacenter infrastructure projects.


JK: Why do your clients want to purchase SolarWinds products?
AH:  While we are in the envisioning phase, we ask the client how they plan to monitor the infrastructure once it’s in production.  Many customers don’t have any tools to monitor their infrastructure and the only way they know the infrastructure is down is the when customer calls.


JK:  How often do your clients purchase SolarWinds with other infrastructure solutions you sell?
AH:  We recently started working with SolarWinds in the last year and a half or so.  Right now we engage our customers with SolarWinds about 30% of the time, but there are only a few folks in the organization selling SolarWinds.  I expect that to grow over time.


JK:  SolarWinds is pretty economical.  From a partner standpoint, you are not going to make a lot margin on SolarWinds unless you drive a lot of volume.  Why did you choose SolarWinds over another partner for infrastructure monitoring?

AH:  For one, it’s brand recognition.  SolarWinds is known by everyone.  The team you have, in particular Chris Lee (channel partner technical SE & trainer) and Andrea Wagner (Channel Account Manager, sales) – the support they provide is phenomenal.  If we have someone who is not as technically savvy, they can get on the phone and work through the issue.  From a support standpoint, SolarWinds is one of the better partners I have worked with.


Right now the SolarWinds sale is a value-add for our customer, and since we don’t make a lot of margin off selling the software, having the level of support we get from SolarWinds is imperative. 
In our last project we were working with a large school district to monitor their entire infrastructure.  Obviously, with a school, price is a consideration.  We ran a successful POC and they ended up purchasing Network Performance Monitor.




I recently came across Cameron Fuller’s latest post which provides a counter view to our post on why Sysadmins should find SolarWinds® Server & Application Monitor a refreshing alternative to Microsoft® SCOM.  Cameron is an Operations Manager MVP well versed with how Operations Manager works and I do agree with some of his comments.  System Center Operations Manager has its strengths and weaknesses, just as Server & Application Monitor has strengths and weaknesses.


1. One of SCOM’s strengths is that that it is a framework that can be extended through the use of Management Packs.  Microsoft does provide its Management Packs with SCOM free of charge, but as Scott Hill points out in his blog, not all Microsoft’s Management Packs provide in depth product knowledge on how to troubleshoot a problem. I also disagree with Cameron’s assessment that “While SolarWinds provides monitoring for “virtually any application” it does it with little knowledge of what the product actually does”.  SolarWinds Server & Application Monitor (SAM) does provide expert knowledge on what to monitor, why, and the optimal thresholds for many applications, and this is especially important for admins who have no idea what metrics should be monitored for a particular application.  Take for example the metric Idle Workers for Apache – the component settings describe why this metric might be off and what to do about it.

cameron fuller post pic.jpg

Component Settings - Idle Workers for Apache


2. As an enterprise framework, SCOM also makes available the ability extend monitoring to applications which are not covered by Management Packs that come with Operations Manager like Lotus, Oracle or XenApp.  SolarWinds Server & Application Monitor’s strength is that it does fully support well over 100 applications and can be deployed quickly, which is great for departments needing quick application support which is not offered natively by Microsoft.  These departments can also feed alerts to SCOM via Management Pack.  In this case, these products are used for different reasons.  Take Scott for example, he uses both SCOM and SolarWinds.  SCOM is used for high level alerts which he checks every day, and SolarWinds is used primarily because he wants the ability to easily modify alerts on specific metrics and send alerts to specific groups or people via SMS or email.  In this instance, SAM is a great complement to organizations that already have SCOM.


3. To Cameron’s point on agentless monitoring, I do agree that agents can be very scalable.  Cameron indicates agentless monitoring is not recommended for SCOM deployments because it does not scale well.  Agentless technology has come a long way, and SolarWinds Server & Application Monitor, a pure agentless product, is architected to scale to 10,000 servers.  In deploying agentless versus agent based technology, you really need to look at understanding the pros and cons from a business perspective.


Ultimately we do agree that one size does not fit all and that for some users, they will want to look at both products.



Server Monitoring
Effective Server Monitoring is key to any successful business; it’s an essential task, as even a small glitch in the server performance could lead to complications which would result in hindering business operations, employee productivity and customer service.

To tackle all these problems, it’s necessary to monitor all aspects of server health and performance.  Some of the benefits of server monitoring are:
• Improved system performance
• Proactive identification and correction of server problems
• Simplified Server Management
• Reduced IT Infrastructure Maintenance Costs
• Reduced time to troubleshoot server issues
• Higher Web Application Uptime


Monitoring Key Services & Performance
The most common cause of unscheduled downtime is a critical service stopping, or stalling. Considering a Windows environment, the three most common critical Windows applications that should be monitored include: SQL Server, IIS, and Exchange - all used for mission-critical services. Exchange is susceptible to one of its services stopping or stalling. If this happens, the results can be catastrophic, and happens far too often.

CPU and resource overload can have a serious impact on application efficiency, and especially on mission-critical applications. Taking an example with the SQL Server, if SQL queries are taking increasingly longer to complete, the result is an irritated user. If there are 500 end users, and the typical query takes 50% longer, that’s a lot of calls to the help desk.

How can you keep end users from calling the help desk?
• Actively monitor services and performance and enable alerts when thresholds are breached
• Look at historical performance data to determine if a performance issue is a spike or a trend.
• Monitor logs & correlate logs with performance data to more quickly find the root cause of the problem.


Monitoring Server Busyness
Monitoring the busyness of a server is also a key element of effective monitoring, as a busy server might not respond quickly to a request. The simplest method of measuring this parameter is by keeping a tab on the processors process time, measuring the total utilization when all of its processes are running simultaneously.  If your machine is running several applications it is handling several server roles on your network. An alternative method to measure server busyness is by measuring processor contention, which indicates how different threads are fighting for the attention of the processors on your machine. In the case of multiple threads contending for use of the same server, the system queue length helps ascertain how many more threads are waiting for server responses for execution.
Other performance counters that must be checked are CPU utilization, processes; SNMP etc. which are some of the key aspects that measure how frequently the processor has to switch from user-to kernel-mode in order to handle a request from a thread running in user mode. The heavier the workload running on your machine, the higher this counter will generally be, however, over a long period of time the value of this counter should remain fairly constant.

Temperature Monitoring
Environmental monitoring also quite essential for your server rooms & data centers. Environmental conditions have a huge impact on how reliable and long lived your servers will be. Bad environmental conditions can reduce the life of components, decrease reliability, and may cause problems resulting in increased expense.
Leading research groups have estimated that threats from IT environmental issues will cost business and industrial organizations somewhere between $50-$100 billion in downtime and related costs.  The primary environmental threats in the data center are temperature, power, humidity, flooding, smoke airflow and room entry.
If you are looking for a solution to monitor hundreds of applications and hardware types, a tool which delivers smart alerting and reporting, try Server & Application Monitor to ensure you are comprehensively monitoring servers.



Last week I had the pleasure to interview Rod Trent (@rodtrent) of myITforum.com.


JK: How did myITforum get started?

RT: It’s an interesting story of course.  I’ve lived long enough to understand that the best things in life are those that are unintended.  Back in the 90s, Microsoft SMS (Systems Management Center) 1.x was released.  At that time it was like shareware (remember that?), the product was not that great.  Back at that time I worked at one of the big 5 accounting firms.  In the 90s the economy was similar as it is today, and the company I worked for was laying off people, especially IT support.  At that time, IT admins were considered glorified secretaries instead of a the professional position it is today and we were down to two people supporting nearly 500 folks.  So, we invested time to figure out how we were going to do more with less.  We figured out we could use this product (SMS) to solve a lot of problems-all with just two people.  At that point, I got systems mgmt.  A light bulb went off.  SMS was a crappy product back then and when I found a work around to do something, I would post my tips and tricks on the web.  That proved to be valuable, and I found that other people were in the same situation I was.  Remember, this was at a time when AOL was the internet so there were not a lot of resources out there.  The site became popular and grew.  At some point we decided to make it official and branded it myITforum in 2001.


Initially we just supported SMS, then Microsoft acquired a monitoring product from NetIQ and now there are a slew of other systems management products that are now offered as a suite in Systems Center.  Over the years, the product  has improved but it needs a lot of support because it is so feature rich.


Over the last 3 to 4 years Microsoft has seen significant growth in its Systems Center customer base.  As System Center has grown, myITforum has grown, as a supporting community.  In addition to supporting Systems Center, we see myITforum growing into a community that is focused on all things systems management (mobile devices, servers, workstations, etc.) – regardless of whether a company is using scripts, Microsoft tools or other tools like Altiris, now owned by Symantec.


JK:  At what point did you start managing myITforum full time? How do you stay in tune/keep your tech credibility?

RT: About 2001.  I am now focused on community organization and community management.  I don’t have as much hands- on with the product today.  However, I have a more unique vantage point. We see issues come in, and we have some deep ties with Microsoft so we really know what is going on in the market.  We can track issues from minor to major, even bugs – and this is fed to Microsoft to improve their product.


I have a “command & control center” with 4 monitors, and at any time I am writing, researching, monitoring myITforum and other communities.  It’s important to folks that visit the community that they have up to date news and can be notified of serious systems management situations.


We also provide information on trends, like the cloud.  Most sysadmins cringe when they hear that word.  However, there is now value associated with it, something they can use.  So, myITforum’s job is to identify the value pieces of the cloud, translating concepts to actual things to pay attention to.


JK: With regard to the cloud - what should sysadmins be paying attention to?

RT:  The IT community needs to be wary – with reports in December about Netflix and Amazon.com being down - any technology that can be destroyed due to weather conditions or user error – you need to be realistic about it.  A lot of folks are promoting the cloud, this is the future - and it’s really here, but it can go down at the worst time possible.  The cloud has not yet evolved to having the reliability of what we are used to with on-premise networks.  You really need to have things in both places.  Don’t just go with a public cloud – have something that provides redundancy.  Be realistic and investigate what makes sense for the business. The cloud can be used backups or email, or supporting people who are working remotely.  Microsoft created the concept of the hybrid cloud which is a combination of on premise stuff and apps or infrastructure hosted by the cloud provider.  This is a good concept because it allows choice for security, availability and redundancy.  It allows IT folks to offload work that makes sense for their business.

JK: What are some of the trends or issues that you have seen with System Center 2012?

RT:  With any product, especially one as large as SCCM, you need to be prepared and plan.  System Center is a suite now with some integration but not 100%.  Orchestrator is used to tie these products together.  These products are extremely useful and powerful.  Any product that touches endpoints and critical services can be dangerous if you don’t use the product properly – not just System Center, but any product.  One example: there was an Australian bank last year that created a task sequence incorrectly and it reformatted all the hard drives in the organization


There is a lot of learning that goes with any new product or any new version of a product.  SCCM 2012 is a completely new model of endpoint management.  So those familiar with SCCM 2007 need training, but also even those already familiar with SCCM 2012 have to learn about SP1 because there are so many additions in the service pack.  One way to get up to speed quickly is of course the Microsoft Management Summit which is  coming the first part of April.  This is one of the best run conferences because it is so community driven.  This conference was actually started by myITforum back in the day before Microsoft took it over.  Service Pack 1 is coming out soon, and one of the best ways to learn about it is to attend MMS 2013.  Training is a main focus of the conference this year.  You can spend thousands of dollars and weeks of classroom training for your organization or you can go to MMS for a single week for just $2-3,000.


Stop by myITforum’s booth at MMS, and get in on the twitter army and meet and geek fun.




Other recent blogger profiles:

Ryan Adzima, The Techvangelist

Bill Brenner, Salted Hash

Tom Hollingsworth , The Networking Nerd

Scott Lowe, blog.scottlowe.org

Ivan Pepelnjak, ipSpace

Matt Simmons, Standalone SysAdmin

I had the pleasure of interviewing Sean Ackerman on why he decided to go with Server & Application Monitor.  Sean is an Infrastructure Engineer who works in the insurance industry.


JK: Tell me a little about your IT environment.

SA: Our infrastructure is 70% virtualized.  We have about 3,000 VMs, excluding our VDI environment.  WE have a wide variety of hardware vendors to include HP, Cisco, pSeries, Storage Wise, NetApp and EMC DataDomain.  From an application standpoint, we are a big Microsoft shop with the normal Microsoft applications like Exchange, Sharepoint, Active Directory, and Lync – but we also have some IBM applications like Cognos and WebSphere.


JK: What prompted you to search for a new server monitoring tool?

SA: Our company used HP Openview for monitoring our application infrastructure, but there was a lot of complexity in using HP because it often breaks and from a maintenance stand point it is not simple.   We even used System Center Operations Manager (SCOM) in the past, and though it provided agentless monitoring, SCOM required agents to monitor most applications with unique metrics.


With HP, we spent a lot of time managing agents and had little clarity on what was being monitored.  When alerts would fire, the question would come up – Why did we get the alert?  What is the problem?  When it came time to monitor a new application, it was difficult to figure out what should be monitored and what the thresholds should be since the HP product did not provide out-of-the-box best practices for monitoring applications.


JK: Why did you choose Server & Application Monitor?

SA: I was familiar with the SolarWinds brand as our network team had used Network Performance Monitor and the product was easy to use and get going.  SAM provided relatively good value for what we got, it works out-of-the-box and pretty straight forward.  It didn’t require 3 full time engineers just to support the product (SAM), it can be setup relatively easy and the support from the thwack forum was great.


The fact that Server & Application Monitor did not require a whole lot of admin overhead was a huge selling point for us. With the simplicity involved in using SAM, the workload of five roles has been reduced to one.


In evaluating a server monitoring solution we also looked at System Center Operations Manager but felt it was complex.  My team preferred SAM as the product was broad in its application coverage with new applications being supported with frequent releases.  We also chose SAM because it could be customized and used to monitor anything that needed to be monitored.


JK: What kind of value are you seeing from Server & Application Monitor now?

We use SAM to run an application scan every 4 days to automatically discover and monitor new applications. The unlimited license of SAM is worth the money since it allows us to add monitoring for any application when a new scan is run.  With SAM, I feel it’s now easy to get any application monitored.   With the out-of-the-box templates with pre-defined thresholds, it’s like 90% of the legwork and it is very easy to pinpoint issues very quickly.


With SAM in place, my team now only spends 20% of our time setting up application and server performance monitoring company-wide and we now have time to work on projects to improve IT services.  We use the dynamic grouping feature of SAM to look at performance issues by application and location.  The Real-Time Process Monitor feature of SAM is also effectively used to identify causes of spiking performance.



Passing tickets between the network team and the server team is very time consuming for both parties and wastes precious minutes and hours of getting the service back and running.  Server teams and network teams often work in silos with different (sometimes that means manual tools) tools for managing each environment – each with a different UI and database.


In server monitoring, when a service goes down, it can be any number of things causing the outage – from a network issue to a server hardware failure, to virtual machine performance or a rogue process which complicates the server performance monitoring aspect. When it comes to monitoring applications, you get a complaint that an application is slow, it’s very difficult to ascertain the root cause if all you can see is that network performance is hunky-dory.  By adding a server and application monitoring tool, you can actually see that you have a disk failure or that you have a process that is out of control, or maybe one of the services for your application stopped working.


Check out this video to see how you can solve problems faster by adding server monitoring to your network monitoring environment.

JK:  How did you get started blogging (blog.scottlowe.org)?

SL:  I started writing on my blog in 2005.  At the time, I was learning a lot, and I wanted a way to capture the knowledge I was gaining.  I guess you could say that my blog started as more of a knowledge base than anything else.  It wasn’t until 2007 when I liveblogged VMworld 2007 when the site really took off.

JK: Do you take your topics from things you are working on at your job or do you take comments and questions from readers as topics?

SL:  Most of my topics come from whatever I am working on; however, from time to time, someone will email me with a question or a comment, and that might turn into a post.  Sometimes the question is about a problem with which the reader is struggling, and sometimes the question is about one of the books that I’ve written or a presentation that I’ve given.  Pulling topics from whatever I’m working on professionally is pretty common among the other bloggers that I know.

JK: Virtualization technology is fairly mature now.  Are there any virtualization concepts that are still not widely understood?

SL:  I’d say the one thing I see a lot is that customers try to do things the same way in the virtual world as in the physical environment, and that is often not the best approach.  Because VMware and other leading virtualization players out there make it so easy and so seamless to run workloads in virtualized environments, administrators don’t take the time to optimize for a virtualized environment.  This is especially true for virtual desktop environments and business critical workloads.  The virtual desktop environment is one area this is especially true, where people just re-create what they are doing for physical desktops, and they don’t truly optimize for the virtual environment.

I think because vSphere and other virtualization solutions do such a great job of making everything seem the same as it was, people don’t even realize they could be doing more.  People port the application over, it runs, and they don’t understand that they could optimize it and make it run even better than it was running in the physical environment.

JK: Are there still challenges with or objections to moving mission critical applications to virtualized environments?

SL:  If I had to define only a single issue, it’s that organizations don’t realize that their virtualization platforms are capable of supporting mission critical applications because they are just looking at recreating what existed in the physical world.  I think it was Albert Einstein who said, “You cannot fix problems using the same thinking that you used to create them.”  The same applies to virtual environments – you can’t use the same thinking in running a mission critical workload in the physical environment as the virtual environment.  Customers will attempt to run mission critical workloads, but because they did not optimize it or the performance is different, they assume there is too much overhead, etc.  All of the virtualization platforms are very robust and capable of handling mission critical workloads.  Customers just have to go about designing the environment a little bit differently than perhaps they realize.

JK: In terms of looking at performance of the applications, would you say it is a must have to look at the application performance and virtualized elements at the same time?

SL:  You need a comprehensive view of all the different layers in your datacenter.  Now we have another layer – where before we had workloads sitting on bare metal, now we have an abstraction layer.  The abstraction is beneficial in that it gives us hardware independence, workload mobility, and easier disaster recovery.  On the other hand, that abstraction also introduces an inability to see what is happening on the other side of that layer.


Consider this: a VM sees only what the hypervisor wants it to see, but you need to see what the application is doing, what the OS is doing, and also what the host (or hypervisor) is doing. 
Building on the same theme we have been discussing, the problem is that customers look at things using the same monitoring solution they used in the physical environment – one that is not virtualization aware. Because the tool is not virtualization aware, it might not gather information from all the appropriate layers, and this results in incorrect information. This incorrect information prevents people from properly assessing the performance of the application, and whether SLAs are being satisfied.  It’s only through looking at all the different layers that you can get comprehensive information, in my opinion.


As we now move into environments where a single application could compromise multiple VMs and multiple hosts, it becomes necessary to correlate performance across hosts, operating systems and applications to get a holistic view of performance for customers. And I use the term “customers” to mean the consumers of the services IT provides, whether those consumers are internal, as in a business unit, or external (the end users).


JK: I noticed you’ve been writing quite a bit about libvirt recently.  How has libvirt matured over the last year?

SL:  My experience with libvirt has only been in the past few months with my new role.  There is a tremendous amount of promise in libvirt, as with many of the open source projects. Unfortunately, many open source projects still lack some of the enterprise support mechanisms necessary for enterprises to adopt.

Without commercial support mechanisms, where you see the adoption of open source projects is in organizations where they have the ability to look at the code and fix the code themselves, like MSPs and telcos.  These types of companies are already writing solutions for their customers, and they need to keep their costs down, so they leverage their expertise to support these open source projects while also satisfying the needs of their customers.


When I talk about commercial support mechanisms, think about companies like Red Hat. Red Hat has made it possible for enterprises to use an open source project like Linux, in that they can get assistance from Red Hat if there is an issue with the code.


As I said, I think Libvirt is a very promising project in my opinion. By the way, Libivrt is a Red Hat sponsored project, but it is not commercially backed as a product today.  Open vSwitch is in a similar position, although the inclusion of Open vSwitch in several commercial products might change that situation.  We also hear the same thing about OpenStack, which is promising technology but will require commercial backing for broad adoption.


JK: I noticed you participate in user groups around infrastructure coding, can you tell me a little more about this trend?


SL:  Organizations are pressing employees to work at greater scale with fewer resources and at greater speed.  The only way to do that is through automation and orchestration.  Because companies need to do things as inexpensively as possible, we don’t see organizations going out there and paying for these very expensive, highly complex automation/orchestration solutions, which then require professional services to get implemented.  Instead, organizations start write shell scripts, or start looking at open source projects to help automate some of their tasks.  As organizations continue along this path, I see administrators needing to embrace automation and orchestration as a core part of their job or they won’t be able to scale effectively.


For that reason, I have been advising users in these user groups to take a look at Puppet and Chef & others, and to look at ideas from and the culture of the   DevOps space.  Anywhere an organization can apply orchestration and automation, they will reap the benefits of responding more quickly, and having more consistent configurations, which helps with troubleshooting and performance.  I personally am going down that route and am looking extensively at Puppet.


I don’t think necessarily that administrators need to be programmers or programmers need to administrators, but administrators need to have some sort of idea about creating configuration files that might require some quasi-programming, like with the Puppet Domain Specific Language (DSL), which is similar to Ruby.


JK: What other IT trends should administrators pay attention to as they plan for next year?

SL:  I just gave a presentation at a user group meeting in Canada on this topic, and I listed three technologies to which users should pay attention. Here are the three technologies I gave the attendees:

1) Network virtualization or software defined networking (SDN).  This technology is about creating logical networks on top of physical networks, similar to what has been done on the server side.  VMware recently acquired Nicira for this technology, although there are other players in the market as well.
2) Open vSwitch is something I think administrators should really watch.  It is the basis of a number of network virtualization products.  Administrators should understand its role in network virtualization.
3) Automation & Orchestration – It’s important, in my opinion, for administrators to continue to try to bring greater levels of automation and configuration management into the environment.  This is important to deploy workloads more quickly, and have assurance these workloads will operate over time – eliminating configuration drift and similar operational challenges.

A pretty close semblence of myself

Matt Simmons


JK: What inspired you to start the Standalone Sysadmin blog?
MS: I had a LiveJournal where I used to write technical things that I had learned, mostly to document knowledge for myself.  A couple of my nontechnical friends would read it and wonder what I was writing about.  This was about 5 years ago, when I was probably around a Level 2 – Junior system administrator.  In looking at the LISA job description – where I wanted to go as a senior sysadmin – I knew I would need to advance from passively learning to actively producing knowledge.  At that time, I had never written any technical papers or blogs and so I set up Standalone Sysadmin as a way for me to start getting my thoughts out.

Initially, it was difficult to write because I had to question my own assumptions about things, but over time, the process of researching my own topics allowed me to grow my knowledge, and I think that people really responded to being able to grow along with me.


JK: Do you get a lot of questions or feedback on your blogs from your readers?
MS: Yes, surprisingly, I do.  I get about a half to a dozen of questions per week.  Sometimes people write that they identify with an issue I wrote about on my blog, sometimes I get questions from sysadmins who are stuck and I try to help out as many as I can.  Twitter (@standaloneSA) is an easy way to get my attention, although you can’t write much of a response with the character limit.  If I can’t answer a question, I can normally connect people with someone who can help them.


JK: How do you keep up with new technologies or techniques for solving problems?
I join a lot of communities and am one of the moderators for Reddit.com/r/sysadmin.  When looking around at other forums/blogs, if I see posts that I know nothing about, that I would not be interested in, I read them, because those are the posts where I learn something new.

JK: Based off what you hear from the community, what are the most frustrating issues sysadmins face today?
MS: Bureaucracy is one.  The other is when people are placed in areas of responsibility where they have managers that don’t have the right technical knowledge.  It can go one of two ways, either they trust the technical people who work for them, or they don’t and their ego gets in the way.  There is not a easy solution for the latter.  I have been fortunate to have never had to deal with that situation.


JK: For people contemplating a career in IT today, what advice do you have for them in terms of skills to learn or classes to take?
MS: I have some experience in this topic in that I have thought a lot about training for system administrators, and am currently in academia at Northeastern University.  As a senior system administrator, I wish I would have taken more statistics.  Also today, the nature of being a sysadmin is much different than it was just a few years ago with cloud computing, virtualization, and the like.  Today, instead of thinking about setting up and managing physical servers and software, you need to think about these elements as abstract objects.  Now, we write software to build and provision servers and software together.  The biggest piece of advice I have for students entering IT and also working sysadmins is to learn how to code – become a programmer.


JK: It’s hard doing a day job and learning something so new.  How should a sysadmin in the field today get started learning code?
For someone not in the field, who just wants to learn, I would recommend Javascript. Everyone has a web browser and that browser can interpret Javascript.  This language is not terrible to learn and you can actually do quite a bit with it.  System administrators should start learning to program by writing scripts to automate the mundane tasks they perform again and again. For folks who deal with UNIX every day, I would suggest learning Python or Ruby.


JK: I bet sysadmins more familiar with Linux might have an easier time with learning code, do you agree?
MS: In the past, absolutely. Not anymore.  Microsoft has put a lot of work into Powershell.  You can write and remotely execute Powershell scripts to do almost anything. It comes built-in to every Windows desktop and server.  And on the system administration side, a lot of Windows tools are coming with a “show me the Powershell” button that displays the Powershell equivalent of what the GUI interface is doing - making it easier to  automate what used to be a manual process.


There is still a lot of learning to do with automation, even after you have learned one or two programming languages.  Check out Matt’s Appeal for advice: tying together Windows and Linux
on his blog Standalone Sysamin.


JK: What is your favorite SolarWinds product?

I've played with several of them for very short periods of time - I've never really had a Windows infrastructure. The one that I've used and like the most is actually the free IP Address Tracker. It was really handy when I first came onboard here to scope out what was where. I'd recommend it to someone else who needed to do something similar.

End-to-end performance monitoring sounds great!  You have a handle on all of your applications and supporting resources so you can quickly figure out which resource/component is causing the application performance issue.  Now, let’s implement that vision.  This could be tricky if you are not a subject matter expert in all areas.  Sure, you have a handle on monitoring server performance – CPU, Memory, I/O and the like, but what does it take to monitor Exchange or DB2 or Java?  Lucky for you, SolarWinds has a new resource in the Server & Application Monitor on-line demo which defines for each application what you should monitor, why and what the metric value should be for effective server monitoring.  For example, is fragmentation above 10% good or bad and what causes fragmentation to begin with?  Check out this link for more details of this server monitor tool and how to use this new server performance monitoring resource!



We’ve received an email from Manage Engine proposing that they would like an “independent” expert to work on a comparison of SolarWinds Server and Application Monitor and Manage Engine’s Applications Monitor. Their idea is to ask an “independent expert” [READ: ANALYST] who covers the application performance management market and compares lists of features without regard to the usability or true value of those features.  They don’t measure the complete ROI from the customer’s eyes.  Our idea of an "independent expert" is the user…  the sysadmins and IT guys that actually do the work and use the product everyday to solve problems. 


We know thousands of those experts.., we call them our customers.


What is important to our customers is something that we understand.  And we know the answer through hundreds of daily interactions with customers and our product management team on thwack and through customer surveys. 

What is important to our customers boils down to this:
• How proactive is the product at solving server monitoring problems – does it have the right features?
• How long does it take to set up?
• How intuitive is the server performance monitoring tool for the user?
• How much time does it save?
• How much value does the server monitor tool provide relative to its true cost?


In the end, why should our customers believe some “independent” expert when the products are freely downloadable from the web.  We want real users to compare for themselves.  Anyone can download Server & Application Monitor for a free-30 day trial here. Do your own comparison with Manage Engine Applications Monitor, and document your findings on thwack.com, in the Spread the Word section.   

Manage Engine recently wrote a response to our comparison post on Manage Engine’s Applications Monitor versus SolarWinds Server & Application Monitor (SAM).  They are spot on in their response that SolarWinds provides only conventional server and application monitoring capabilities.  The reason why we do this is because that is where the market is today.  Most businesses are not at the high standard of APM that Gartner holds dear; most are just trying to simply get basic monitoring up and running.  Many of the more advanced APM capabilities, like advanced analytics and transaction tracing, are great capabilities, but they are a bear to deploy, and expensive to boot.


Regarding Manage Engine’s statement that SolarWinds is a financially driven company, well that is true as well.  We believe that the path to success is through customer success and retention.  If our customers are happy, then we see the business benefits as well.  We provide customer satisfaction through our unique combination of usability, scalability, price and having all the important features that matters to our users, and we continue to deliver new value to existing customers through new product releases (for each product) twice a year.  The industry standard is a new release about every 18 months; you will also see the industry standard for software renewals is much lower than the SolarWinds standard.


So yes, we are proud of our server monitoring tool, SolarWinds Server & Application Monitor, the ideal server performance monitoring tool (and we guess the thousands of SAM users are as well).  Check out our on-line demo (go to Applications tab, and click manage applications) to see the 100’s of applications supported.  Or better yet, download SAM, “the real thing”, and make the comparison for yourself.  Download a free 30 day trial of SAM, server monitor here.


http://<iframe width="420" height="315" src="http//www.youtube.com/embed/xffOCZYX6F8" frameborder="0" allowfullscreen></iframe>

The two most frequently asked questions we have been asked lately on patch management are:


• When will SolarWinds Patch Manager support System Center Configuration Manager 2012?
• How long does it take for the Patch Manager team to turn around a package after the ISV has announced patch availability?


Patch Manager will support SCCM 2012 in September.  SolarWinds Patch Manager, the ideal patch management software, extends the power of ConfigMgr to help you keep your desktops, laptops, and servers patched and secure with the latest patches for both Microsoft and other 3rd party applications. With Patch Manager, you’ll save hours upon hours of time on your WSUS patch management and eliminate patch management headaches by deploying patches for 3rd party applications right along with your Microsoft patches – Microsoft System Center Updates Publisher (SCUP) is not required.  Check out this new video to get a sneak peek on our upcoming release or you can check out the Sneak Peek Webcast replay for the gory details on our patch management solution.


We have also recently published a handy table in PatchZone that documents how long it takes for the Patch Manager team to make available 3rd party packages.  As you can see, our packaging team is AWESOME – and in most cases it only takes about a day or two for the package to be uploaded to the Patch Manager catalog.


If you have not done so already,  check out the SolarWinds Patch Manager and get a free 30 day trial of Patch Manager.

Filter Blog

By date: By tag:

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.