With APM 4.2 officially out the door the APM development team is gearing up for the next major release. Below is the list of features the APM development team is working diligently to deliver in the next release of APM.
PLEASE NOTE: We are working on these items based on this priority order, but this is NOT a commitment that all of these enhancements will make the next release. We are working on a number of other smaller features in parallel. If you have comments or questions on any of these items (e.g. how would it work?) or would like to be included in a preview demo, please let us know!
SolarWinds NetFlow Traffic Analyzer (NTA) 3.8 was released last month. In case you missed it, below is a quick overview of some of the cool new features now available. You can find the release notes here.
NetFlow v5 and v9 include information in the flow about source and destination BGP Autonomous System (AS) fields. This is a feature for customers who need to track flows across multiple service providers. If you don’t have multiple service providers then you most likely don’t even need to worry about BGP. But if you do, then you are probably very interested in this feature. Here is a quick example of how to configure your router to include BGP information in the flow data(assuming you already have BGP and NetFlow configured on the router).
Router(config)# ip flow-export version 9 origin-as
The origin-as command is saying to use record the AS that the traffic originated from. The other option is to use peer-as which will record the AS of the peer. I prefer recording the origin AS, but you’ll need to decide what information is the most useful in your network.
Adding the BGP AS data in to your flow data can have an impact on your router. I recommend monitoring the CPU of your device to make sure you don’t see any negative impacts after you enable this feature. Also, this should be enabled after hours or in your change management window instead of during the day. Once we are receiving the data, NTA includes two resources that will help you use this information; the Top 5 Autonomous Systems and the Top 5 Autonomous Systems Conversations resources.
SolarWinds NTA now has full support for devices that use the Huawei NetStream flow standard (ex: Quidway NetEngine 80 and 40 series routers). SolarWinds had support for other Huawei flow capable devices, but the NetEngine routers required special work to support. From a user perspective you monitor them just like any other flow enabled device in NTA:
Flow Navigator is an awesome new feature that makes finding specific traffic much easier. On all of the NTA pages, you will see a Flow Navigator icon on the upper left side of the page. If you click the chevrons (>>) then the Flow Navigator will fly out on the page and you can create a customized view of data. For example, if you want to see all web traffic from your site through a specific service provider, simply select port 80 on the Applications option and specify the appropriate BGP AS numbers. Here is a screenshot of the Flow Navigator expanded on to a page.
One other really handy feature is the “Save filtered view to menu bar” button. This allows you to quickly save your work so that you can re-use the view or make it available for other people. Simply click the button and provide a friendly name and the menu bar will be updated with your custom view.
Endpoint Centric Resources
Endpoint centric resources are essentially resources that have been added to your existing managed nodes so you can quickly see traffic information about that particular node. This can be particularly useful if you are trying to troubleshoot application and server issues because you will see the traffic being sent to and from that server on the same page where other pertinent application and performance data is displayed.
Please join us for an exclusive training session on SolarWinds Network Performance Monitor (NPM).
Thursday October 6, 2011 @ 11:00 AM CDT
During this 60 minute training session we’ll cover:
- The basics of monitoring technologies
- Understanding monitoring for routers, switches, servers, and other infrastructure
- Alerts! Making the most of your performance and availability monitoring
- Optimizing NPM features
Registration Link https://www1.gotomeeting.com/register/508636512
A number of folks have started to deploy Virtual Desktop solutions in earnest. Whether this is a solution from VMware, Citrix, or someone else – we often get asked how to drill down or provide a perspective on just the pieces of the virtual infrastructure supporting the Virtual Desktops (i.e. so we can understand CPU, memory, disk IO and network contention just on the subset supporting VDI)
So how can we identify the Virtual Desktops in our environment? One way is to look at the guest OS installed inside the VMs to infer whether this VM is a desktop (i.e. a desktop vs server OS). If you visit VMware’s supported OS page here, and filter by OS type of “Desktop” for ESXi5 – you get 38 individual OS results. In general, the majority are some flavor of Windows desktop OS (Windows XP, Windows 7 etc….) We can narrow these 38 individual OSes down into 8 categories and get:
MS-DOS (yes – it’s true!); Windows 3.1; Windows 7; Windows 95; Windows 98; Windows Vista; Windows XP; SUSE Linux Enterprise Desktop
So how can we find these type of desktop OS VMs in Virtualization Manager? We can leverage the power of search to find these VMs. If we look in the query builder inside the product, we can quickly find the the property “vm.guestFullName” that we’re looking for:
It’s worth noting the description listed with this property – this attribute gives a pretty accurate description of the guest OS as reported by VM Tools (which should really be installed in your virtual desktops anyhow). We can use the Editor Mode of the query builder to chain together (using “OR”) a list of the 8 OS categories we’re looking for, so something like:
vm.guestFullName:"MS-DOS" OR vm.guestFullName:"Windows 3.1" OR vm.guestFullName:"Windows 7" OR vm.guestFullName:"Windows 95" OR vm.guestFullName:"Windows 98" OR vm.guestFullName:"Windows Vista" OR vm.guestFullName:"Windows XP" OR vm.guestFullName:"Desktop"
which should match on VMs with a desktop OS property matching that particular phrase/string. Let’s try it out:
A quick mouse over on “hits” from search results looks like it is bringing up the right VMs. We can also look at a “facet” view (by clicking more->explore to the right of the search bar) to get a pie chart of how the desktop OS types break down in our environment.
One more quick concept – I am able to search “across” object relationships, so for example to find clusters that have VMs running Windows XP, I can do a cluster search for “cluster.vm.guestFullName:"Windows XP", similarly, to find datastores being used by Windows XP VMs, I can do a datastore search for “datastore.vm.guestFullName:"Windows XP”.
So let’s get back to our original premise – how can we use this search to give us a VDI perspective?
Since almost all of the content (widgets) on a Virtualization Manager dashboard are backed by a search, we can leverage the desktop OS search above, and across object relationships, to create widgets that focus only on the subset of the VMs supporting VDI.
Let’s take one example – the Cluster Memory Utilization widget on the default “Administrator” dashboard.
The standard search here is “* AND -cluster.memload.latest:0” (the second part filters out non zero results). If we leverage our new desktop OS search, we get:
* AND -cluster.memload.latest:0 AND (cluster.vm.guestFullName:"MS-DOS" OR cluster.vm.guestFullName:"Windows 3.1" OR cluster.vm.guestFullName:"Windows 7" OR cluster.vm.guestFullName:"Windows 95" OR cluster.vm.guestFullName:"Windows 98" OR cluster.vm.guestFullName:"Windows Vista" OR cluster.vm.guestFullName:"Windows XP" OR cluster.vm.guestFullName:"Desktop")
We put this search query into the widget configuration above, and we’ve got ourselves a Cluster memory utilization widget, just for our VDI clusters (or strictly speaking, the clusters containing VMs with a desktop OS).
If we go ahead and do this for a number of widgets, we could get a (slightly updated) version of the administrator dashboard for example, focused only on our VDI/desktop OS infrastructure.
We could also do the inverse, to find the VMs NOT running one of the above 8 types of desktop OS (i.e. a search for our server OS VMs essentially), we can use a search like:
vm.name:* NOT(vm.guestFullName:"MS-DOS" OR vm.guestFullName:"Windows 3.1" OR vm.guestFullName:"Windows 7" OR vm.guestFullName:"Windows 95" OR vm.guestFullName:"Windows 98" OR vm.guestFullName:"Windows Vista" OR vm.guestFullName:"Windows XP" OR vm.guestFullName:"Desktop")
You can download these dashboards from the community content exchange
For the past several months the APM team has been hard at work developing APM 4.2 and delivering some outstanding new features and functionality to the product based on feedback from the community. Chief among these new features is APM’s ability to monitor Java applications natively using our new JMX component monitors. These JMX component monitors can be used to monitor any statistical information exposed as Java Managed Beans (Mbeans) that are part of the Java application server. APM fully supports the monitoring of all standard Java application servers such as:
The new JMX Explorer makes browsing, selecting, and monitoring your MBeans a simple and straightforward point and click affair.
Another huge feature of APM 4.2 is native support for Nagios scripts. You no longer need to convert the Nagios scripts you’re dependent on to have them run under APM. Simply copy and paste your existing Nagios scripts into APM’s new Nagios script component monitors and these scripts will run the same as they would under Nagios.
Because many existing Nagios scripts available online return multiple statistic values as part of a single script, we have included support for multiple value scripts as part of APM 4.2. All Nagios, PowerShell, Unix/Linux, and Windows script component monitors have been updated to allow for up to ten statistics and message pairs that can be returned as part of a single script, consuming only one component monitor license. You can further define individual warning and critical thresholds for each statistic that is collected as part of a multiple value script, as well as alerting and reporting on these values independently. Roll-up status for multiple value script component monitors can also be configured to show the best or worst status for the entirety of the component, (similar to how APM rolls-up multiple node status in the nested tree hierarchy, or how sub-maps are displayed in Network Atlas).
Over the years, many customers have asked for the ability to perform custom mathematical functions on the statistic data collected via APM, similar to transforms in the Universal Device Poller of NPM. APM 4.2 delivered! With these new transforms, you can truncate, round, or convert the collected statistic data to a standard format for alerting and reporting purposes. A couple of examples would be converting bits to bytes or Celsius to Fahrenheit.
All these new monitoring capabilities included in APM 4.2 are great, but they demand a new and improved way of visualizing all of this information. Enter the Multiple Object and Multiple Statistic chart resources.
While the Multiple Statistic Chart resource provides historical charting for all of your multiple value scripts, you can now combine multiple component monitors and component monitor types into a single chart resource using the Multi-Object chart resource providing unsurpassed visibility into the historical performance trends of your applications.
If you’ve just upgraded to 4.2, or are evaluating APM for the first time let us know what you think of these new features in the comments section below.
The new set of NCM features, described What we are working on now: NCM a while back, will soon be available for beta.
If you are an NCM customer with active maintenance, I encourage you to sign-up here for the upcoming Release Candidate.
Signing-up is a short and easy process that will take you through a few questions about your environment.
As illustrated by the screenshots below, NCM 7.0 has exciting new capabilities such as the Change Request Approval feature but also new web-based node and account management screens and a tighter integration with Orion Core.
We hope to see many of you sign-up for this beta and are looking forward to reading your feedback, which is essential to preserve and improve NCM’s quality and usability.
I have created a list of future Change Request Approval improvements that you can vote for Vote for the future improvements of NCM's Change Request Approval feature
Orion provides numerous preconfigured alert actions, but in today’s on-the-move world, we want to get text alerts on our mobile phones.
Phone alerts and Pager alerts can be very efficient for getting the real-time updates and alerts, sent as SMS/text messages while you are on the go. Orion can easily trigger alerts using 3rd party phone alert applications such as the popular NotePager Pro and PageGate products.
You can download an evaluation version of NotePager Pro from this link. When you install NotePager Pro on the Orion server, it automatically gets added to the Dial Paging or SMS service option listed under Alert Actions in the Orion Advanced Alerts Tool.
Now, it is time to configure the settings in NotePager Pro. This video tutorial link is a great source for answering questions on setup and shows step-by-step directions on configuring NotePager with different protocols. NotePage also has a dedicated page for “SolarWinds Orion Network Performance Monitor Integration”.
The following diagram shows how an alert is triggered from Orion to mobile phones or pagers via applications like NotePager Pro.
In the diagram above, when an Alert is triggered from Orion, it tries to establish a connection with NotePager application and forward the alert information to it. Next, NotePager goes on to establish a connection with the carrier via one of the following protocols listed below using a Modem or the Internet.
The carrier looks up for the SMTP address or SNPP address or WCTP address and validates if it is in the supported list, then directs the actual message to the carrier’s core network before delivering it to phones or pagers as alerts.
Out-of-band SMS alerting is also supported by NotePager Pro, allowing the administrator to employ out-of-band alerting via a modem. Even when the ISP connection or mail server goes down, out-of-band alerts still work. SNPP, SMTP, and WCTP protocols work using two-way communication, sending alerts from Orion to a mobile device and vice versa. However, to get this working, you need to get a PollerID/SenderID(usually the email address) from the carrier, either directly or from their website. Only after entering the PollerID/SenderID will the end user be able to retrieve the alert on their mobile phone and also use the two-way feature.
Here is a list of example PollerID/SenderIDs which can be used while configuring the recipient.
NotePager Pro runs as a desktop Win32 application requiring the administrator to be logged into the console at all times to receive alerts. Another application from NotePage called PageGate can run as a Windows service and offers a more powerful tool for communication.
Click this link to download the evaluation version of PageGate. After installing it on the Orion Server, along with the PageGate Admin and PageGate client, you should see the PageGate action in the list of Alert Actions in the Orion Advanced Alerts tool.
After successful installation, go to Start->PageGate->PageGate Admin and select Help. The help provides details on configuring every aspect of the PageGate tool. This application provides much more than will be utilized by Orion Alerts. Once the recipients and the carrier is setup on PageGate Admin tool, this alert will automatically add an action to the list on the Orion Advanced Alerts Tool. It should look something like the screenshot below.
Some say they can secure the unsecureable,
All we know is, they are called… the STIGs.
Updated June 29, 2015
The Department of Defense’s Defense Information Systems Agency (DISA) has a set of security regulations that help set a baseline standard for DoD networks, systems, and applications. If you’re responsible for a DoD network, these STIGs (Security Technical Implementation Guides) will help guide your network management, configuration, and monitoring strategies across access control, operating systems, applications, network devices, and even physical security.
SolarWinds Log & Event Manager can help with DISA STIG compliance via our real-time monitoring of related events across systems, network devices, applications, and security tools. Use LEM to address DISA STIG requirements for both log analysis and broader network security.
For configuration auditing, be sure to check out The specified item was not found. about NCM’s DISA STIG resources as well.
At a high level related to STIGs, you can use SolarWinds Log & Event Manger to monitor and audit:
LEM includes out of the box reports and rules that directly address DISA STIGs. You can also customize your LEM Console to monitor different types of data in real-time, and use the Console to search for historical events.
Many of LEM’s out of the box rules can be used to address STIGs, especially anything related to monitoring for change activity and security events. You’ll need to create and customize copies specific to your environment; check out this video in the resource center about creating and using out of the box rules for more detail on how. It’s important to remember that LEM’s correlation engine is flexible, so just because you don’t see something you’re interested in doesn’t mean it can’t be done, as long as what you’re looking for is reported in the log data.
Specific rules and groups of rules of interest:
With LEM Reports, you can run reports interactively, schedule reports to run unattended, and open, filter, and save filtered reports (including saving a filtered report as a new custom report). For auditing, you’ll generally want to schedule reports, and use Rules and the Console to do most of your day to day time-sensitive monitoring.
We've created a Category of reports that will show only the STIG reports. To see reports most related to STIGs:
Within the STIG industry category, you'll see these general categories and types of reports:
If anything changes regarding DISA STIGs, this post will be updated.