SolarWinds Server & Application Monitor (SAM) offers even more power and flexibility thanks to the new features of version 5.0. This in-depth customer training looks at these new features and shares some best practice advice on using SAM, including a live product feature demonstration.
Or everything you always wanted to know about Orion reports but were afraid to ask.
This post is meant for everyone who would like to create his/her own Orion report but is not sure how to start. We have collected a few useful resources that can help you start creating basic reports and also provide technical reference for future enhancements.
A predefined set of reports is available in the Orion Web Console (HOME -> Reports).
Although the predefined reports are useful and easily accessible, you may sometimes find yourself in need of customization. In that case, there is the Orion Report Writer application that can be found on your Orion server under Start -> All Programs -> SolarWinds Orion -> Alerting, Reporting, and Mapping -> Report Writer.
Using the Report Writer, you can easily create your own Orion reports either from scratch or by editing an existing report. If you want, you can even directly enter the SQL commands implementing the desired report functionality.
And there is more. You can use the Orion Report Scheduler (Start -> All Programs -> SolarWinds Orion -> Alerting, Reporting, and Mapping -> Orion Report Scheduler) to schedule report-related actions. For example, you could create a job that would automatically e-mail you a report every Monday morning that included any significant network events that occurred over the weekend.
As a quick start guide, you can use Video Tutorial: Using Report Writer within Orion NPM.
Advanced topics on reports from SolarWinds’ NPM network monitor are included in Video Tutorial: Orion Network Performance Monitor (NPM) v10 Customer Training - Level II.
An exhaustive source of information is Customer Training: NPM Level 2 - Reporting - A Webcast from SolarWinds.
Then please refer to SolarWinds Technical Reference: Understanding Orion Report Writer.
Reports on Orion NPM thwack Content Exchange – what you need may already exist here
Every few months or so I like to take the opportunity to highlight many of the new application templates that have been recently released by the SAM development team. I’ve done so twice before, and will continue to do so on a fairly regular basis.
New application templates, (be it officially created by SolarWinds, or community created), are being posted to the SAM Content Exchange all the time. If you’d like more immediate updates when new application templates are released, I recommend subscribing to the SAM Content Exchange RSS feed using your favorite RSS news aggregator, such as Google Reader.
A listing of all SolarWinds officially created application templates available in the Content Exchange can be found here. You can even use your RSS reader to subscribe exclusively to SolarWinds officially published content.
NOTE: Recent changes to Thwack.com have changed the RSS feed URLs for the Content Exchange. If you’ve been following the SAM Content Exchange via RSS you may need to update your RSS reader using the above link.
As always, you can continue to browse and import new application templates shared on Thwack from within the product itself using the Shared Templates on Thwack located under Settings > SAM Settings.
Official application templates created by SolarWinds and posted to the Thwack Content Exchange eventually make it into a shipping release of the product. We recently released Server & Application Monitor 5.0 which included support for 30 new and updated applications out of the box. A soon to be released service release for SAM 5.0 also includes support for an additional 19 new and updated applications.
We are constantly striving to create a broad array of application templates to cover many different aspects of the IT infrastructure, and this latest batch is no exception. We welcome and encourage feedback on any of these templates, which can be posted in the comments section below, or in the posted application template itself. We also welcome requests for new application templates which can be posted in the SAM Feature Requests forum.
This blog complements the information available here, related to what SolarWinds has to offer to the Managed Service Providers (read also the FAQs) and focuses on the multi-tenancy capabilities of SolarWinds NPM network monitor (even if some of this document is actually applicable to other products relying on the SolarWinds Platform, aka Orion Core.
Wikipedia defines it as a software architecture where a single instance of the software runs on a server, serving multiple client organizations (tenants). Multi-tenancy is contrasted with a multi-instance architecture where separate software instances (or hardware systems) are set up for different client organizations.
With a multi-tenant architecture, a software application is designed to virtually partition its data and configuration, and each client organization works with a customized virtual application instance.
The drivers behind multi-tenancy are mainly (but not only) cost savings (only one platform – HW and SW – is needed to support multiple customers) and easier release management (tasks like upgrade, high availability, database backup are performed only once and benefit all supported customers in a single operation).
Yes, and here is how.
For more clarity, let’s break down this discussion into 2 separate topics:
How do I configure SolarWinds products so a particular customer can safely login into the SolarWinds product portal and get a view restricted/limited to THEIR IT resources, even though they are being supported by a multi-tenant platform that also supports other customers like them?
· Deployment and Data Collection
What should be my deployment strategy, so I can collect management information from my customer’s IT environment and feed it back in to a single shared (i.e multi-tenant) SolarWinds instance? How do I deal with duplicate IP addresses that my customers have?
This discussion could be extended to other levels, such as storage, and this might be explored in further editions of this blog, but for now, let’s stick to this two main topics: visualization and data collection.
How to create for my customers, the perception that they are on their own private IT management platform, while they are actually being hosted on a single instance, shared with other customers?
The SolarWinds platform provides two types of “Limitations” that will allow you to isolate the view and the data that each customer has access to:
This type of limitation allows the MSP to restrict the Nodes that a given View will be able to display. This will be noted View=>Nodes. Of course, if all your accounts have access to the same Views (e.g. a TOP 10 view), this is not very helpful in the context of isolation, because then all your accounts will have access to all the nodes that this view has visibility on. This is useless for multi-tenancy, unless you can control visibility of Accounts on Views (Accounts => Views); then by combining this with Account Limitations above, you can configure this type of visualization model: Accounts => Views => Nodes.
What is a View?: A view is an HTML page displaying multiple resources (single graph, table, display widget), that have a common theme. A product usually comes with multiple out of the box views. Customers can create new or customize views. Views are selected by clicking on their names right below the product tabs.
Now that we understand the theory behind these 2 features, let’s look at concrete examples and how to configure them.
Account limitations: As said above, MSPs typically use this to control the Nodes visible by their Accounts (i.e. login) across all generic views (or regardless of the view).
To configure Account => Nodes, go to Settings>Manage Accounts>Select an Account>Edit>Account Limitations>Add Limitation:
As you can see, there are many different ways to express the list of nodes that will be visible by the account/login that you have selected. Let’s explore a few:
You would expect it to give visibility to all Nodes that have previously been put in a group, which would be very easy for MSP’s: put your nodes assigned to each customer in a group representing the customer and you are done, then just assign each Customer groups to the Account/Login allocated to this customer.
Unfortunately it does not work this way. Doing this restricts access to the Group itself but the visibility limitation does not extend to the content of the group. So this does not help you.
Here is how to make it work: make sure you have a Custom property for each Node in NPM network monitoring software, populated with the Customer name (you would probably do this to create the group anyway), but instead of creating your Account Limitation based on the group (which does not work), you create it based on a Custom Account Limitation based on a property. Creating a Custom Account Limitation based on a property is easy: Start Menu>App Programs>SolarWinds Orion>Grouping and Access Control>Custom Property Editor>Orion>Account Limitation Builder> Add>name your custom limitation, select your Custom property (e.g. CustomerTag in example below):
Once done, go back to your Account Limitation screen and notice your Custom Account Limitation method:
This is functionally equivalent to what you think it would do if you created your Account Limitation to a Group that was based on the Custom property “CustomerTag”. Just don’t use the group.
View Limitations: As seen above, MSPs typically use View limitation in this context: Accounts => Views => Nodes, and the most common use case is when Views are actually Home>Summary Views that need to be different per customer, because they have maps that are specific to customers. In other words, for the map to be specific to a customer, you need to create a view that has the correct map and assign it to the Account / Login attached to this customer.
Here is how to assign a Summary View to a account: go to Settings>Manage Accounts>[select an account]>Edit>Account Limitations>Default Menu Bar and Views:
Then, once you have assigned a view to your account, you can now restrict what Nodes will be visible from this view by using a View Limitation: Settings>Manage Views>[your custom view]>Edit>View Limitation> Edit:
From there, the same discussion as above applies.
Let’s take a concrete example and make sure you understand how the system behaves. Let’s say you have used this model Accounts => Views => Nodes to deploy your 2 customers ACME and EuroCust, respectively based in US and Europe, as follows:
This will provide the expected view, but you will want to know about the following behavior of the system: If the Account ACME user can modify the URL of his US_View page and figure-out what URL corresponds to the Europe_View page, he will not only be able to see the map of Europe (not big deal) but more importantly, see the Frankfurt_Router, London_Router, because these are attached to the Europe_View, as per the View Limitation.
If you are afraid of this behavior (some MSP consider this a back door), then you should NOT use the View Limitation and rather model your system like this:
The conclusion of this part is that you will want to think about how you will model your environment and customers, do some preliminary testing of SolarWinds products, based on the ones that you have deployed. Remember that different products may honor the Account and View limitations differently.
Ultimately, you will want to make your own opinion about the pros and cons that the various options offer. Hopefully the section above will help you understand the most important points, so you can figure out the details related to your particular environment.
The main issue at this level is dealing with duplicated IP addresses, which the MSP customers will usually have. Today, there are two recommended ways to deal with this: NAT and EOC-based deployments
NAT-based deployment: Network Address Translators translate the customer domain addresses, so that they are all unique from a SolarWinds product perspective. Basically, NAT eliminates the overlapping IP addresses.
Note that this makes the identification of managed devices more complex because the translated IP’s don’t necessarily make sense to report readers. This can be addressed by populating custom properties with IP’s or Names that will not be affected by any translation.
EOC-based deployment: a full instance of SolarWinds product is deployed per Customer (usually large ones) and they are consolidated at the MSP level, by EOC (Enterprise Operations Console)
Other deployment considerations
SolarWinds does not recommend the deployment of a central (NOC) instance of our network management product with one Polling Engine deployed on each customer’s network, because the WAN that would then connect the remote Polling Engines and the central database, would likely be the cause of lower reliability and higher latency which is not a certified environment.
Other solutions such as managing an entire customer environment via a unique IP address and differentiate their different managed devices (e.g. servers) using different SNMP ports (port forwarding) does not work.
You can find more on Orion architecture (non MSP-specific) here.
In case you missed it in our Log & Event Manager Release Roundup: Latest News post, the next release of LEM is now in Release Candidate status. You can join up by filling out the survey over on SurveyMonkey, I'll provision it to your Customer Portal and you can get crackin' on the new features.
The "theme" of this release is flexibility - extending the flexibility of your LEM deployment within your organization. We've added several features that make LEM more flexible to deploy, implement, and integrate into your environment.
We've added the ability to deploy our virtual appliance on Hyper-V (instead of just VMware). It's got the same disk/CPU/RAM requirements (250GB disk, at least one 2GHz core preferably 2+, 8GB RAM dedicated) and the same ease of installation.
On all appliances, we've added the ability to export/import/migrate your appliance settings. This is useful in several different ways:
For customers interested in either Hyper-V deployments or the appliance migration functionality, we've got new documentation we can provide that includes extra details if you need them.
We've had a lot of requests to not run the LEM Console in AIR, and instead run it in the browser. Good news - we did just that! For the most part, this Console is identical to the AIR console, and you can import/export your settings from your existing AIR install into the web and vice-versa. The browser-based Console does require Flash 11.
To access the LEM console after upgrading, just head to https://<your manager's IP or name>/ and it'll redirect you to the right port and URL. The full URL is actually https://<your manager's IP or name>:8443/lem/ but we put in a couple handy redirects to make it Just Work(tm).
Your settings will now be stored on the manager you're accessing in the URL, so wherever you log in, you'll see the same filters, widgets, saved searches, and customized configuration settings.
Tips & Notes:
As a bonus management feature, we've added the ability for you to authenticate to LEM via Active Directory (not just a LEM built-in user). You can add AD Groups or individual AD Users and assign them to a LEM Role, then the authentication works like magic.
First, configure the "Directory Service Query" inside of LEM to authenticate to the directory:
Next, add users in LEM that you want to authenticate with the directory:
A few important notes:
In LEM 5.4, we've added new connectors to receive data from NPM/SAM and Virtualization Manager. Set up your alerts in the Alert Manager (or via Virtualization Manager's Console) to send to LEM, and use LEM to correlate those events with other events across your enterprise, perform root-cause analysis of problems across systems, and use LEM's active responses to triage or respond to issues.
Some examples of awesome ways you can use the systems together:
To send data from NPM/SAM/Virtualization Manager to LEM, first on the LEM side:
On the NPM/SAM side, use Alert Manager to enable SNMP alerts for different settings. For more information on setting up alerts with SAM, check out the "Creating Alerts" section in the SAM User Guide. For more information on setting up alerts with NPM, check out the "Creating & Managing Alerts" section in the NPM User Guide. For more information on setting up alerts with Virtualization Manager, check out the "Alerts" section in the Virtualization Manager User Guide.
We've also added the ability to send SNMP traps to other systems, including NPM/SAM, so that you can correlate data in LEM and notify other departments, systems, and people, via the infrastructure you've already got set up.
Some examples of how this is useful:
To use the SNMP notifications in LEM, first you'll need to enable the SNMP response tool/connector, then you'll need to add the SNMP notification to any rules you want to pass on to another system.
At this point, when your rule fires, the SNMP Trap will be sent on to the server you specified. In SAM/NPM, you can view this in the SNMP Traps area of the console.
If you join the RC, be sure to check out the Log & Event Manager RC group here on thwack. We'll put up any known issues there and are happy to answer questions about the RC or features in the RC.
We're also interested in any RC customers willing to do a quick screen sharing session/phone call with us to talk about the new features and your experience with them. Let me know via comment, e-mail, or Thwack post and I'll get it set up.
Lastly, for those of you already on the RC, we'll be updating to RC2 early next week, with a couple of quick fixes.
For those of you who haven’t heard, Solarwinds now has a powerful set of remote control and Windows administration tools called Dameware. The Dameware Mini Remote Control (MRC) lets you remotely connect to Windows machines for remote support and administration. Dameware NT Utilities provides you with a rich set of Windows administration tools (like AD and Exchange), as well as easy access to native Windows systems tools. NT Utilities also includes MRC. Let’s say you are responsible for supporting desktops or servers and you frequently require the need to remote into those machines to perform certain support-related or administrative tasks. RDP has worked in the past, but has some serious limitations in terms of interactivity, and doesn’t provide any functionality around screen sharing, chat, screenshots, or file transfer. NT Utilities and MRC are your answer. NT Utilities gives you a wealth of real-time system information on the machine you’re connecting to, as well as direct access to native Windows and AD administration tools all from the same console. MRC gives you the ability to quickly and easily connect to a desktop or server to initiate an interactive screen sharing session, almost as if you were standing over the shoulder of the user on that machine.
If you’d like to learn more, we are hosting a webinar on Tuesday (details below). Please join us to learn more about the Dameware products and how they can make your life easier.
When Native Windows Admin Tools are Not Enough - A Look at the Options
Windows comes with its own management utilities. But what if you need more? Are there options available that will save you time, hassle, and effort? In this webinar, we take a look at some of the most common tasks sys admins face on a daily basis, and look how you can save time with some tips, tricks, and tools.
We will overview:
Register to attend this live event:
WHEN: Tuesday, April 10, 2012
TIME: 11:00am (US Central Time)
I have a great news for all existing customers (under active maintenance) who are awaiting new features announced in What we are working on: "IPAM 3.0 RC is behind the door"!
It is also good news for those who participated in our IPAM Beta program and would like to install new IPAM 3.0 on their production servers.
We would appreciate if you took a few minutes to fill this survey. It contains a few questions related to your current IPAM experience and it also gives you possibility to ask for future features.
Just to remind all folks about the main features of IPAM 3.0, here is a quick summary:
Improved user delegations rules:
This is obviously just a small piece of what we have prepared for you. We would be glad for any kind of feedback you can provide regarding IPAM RC builds when they become available - as you know, we always listen to you so your feedback is very important.
We are currently working on STM version 5.7 and beyond (in parallel). Some of the items we hope to deliver:
Disclaimer: Comments given in this forum should not be interpreted as a commitment that SolarWinds will deliver any specific feature in any particular time frame. All discussions of future plans or product roadmaps are based on the product teams intentions, but those plans can change at any time.
SolarWinds Server & Application Monitor 5.0 is just a few weeks old but we're already busily working on some great new features and enhancements to the product, such as...
PLEASE NOTE: We are working on these items based on this priority order, but this is NOT a commitment that all of these enhancements will make the next release. We are working on a number of other smaller features in parallel. If you have comments or questions on any of these items (e.g. how would it work?) or would like to be included in a preview demo, please let us know!