We are happy to announce that version 7.4 of SolarWinds Network Configuration Manager ships the DISA STIG, NIST FISMA, and PCI DSS compliance reports out of the box. Wait -- that's not all! For DISA STIGs, we now support Brocade, Dell, Cisco, Juniper, and Palo Alto. The NIST FISMA and PCI reports have been developed for Cisco.

Simply select any of these new report(s) that you wish to run and “enable” them by following the steps outlined below.


Corresponding instructions for older versions of NCM can be found here: DISA STIG Resources for SolarWinds NCM (Now also for Juniper!). Also, don't miss a similar post for LEM: DISA STIG Compliance with Log & Event Manager.


How to enable the new compliance checks?


  1. Enter the compliance management interface: Configs tab / Compliance view / Manage Policy Reports.


  2. Select the reports you are interested in and enable them.


  3. Update the reports.


  4. Compliance status of your network is ready!


Further recommendations

  • Make sure the reports you are interested in are displayed in the Policy Violations summary resource. (Policy Violations resource / Edit)

    Edit-Violations-Resource.png  Violations-Resource.png

  • Customize the violation severity labels to match your needs. (Settings / NCM Settings / Manage Violation Levels)

    Manage-Violation-Levels.png  Violations-Resource-CAT.png

  • Look for Cisco firmware vulnerabilities.
    If network security is a concern in your organization, you should definitely use this new capability of NCM -- run a nightly vulnerability assessment based on recent CVE data provided by the National Vulnerability Database -- NVD (by NIST). NCM will download and process the CVE data in a SCAP-compatible way and will notify you of potential vulnerabilities, provide detailed information and let you take an appropriate action. This security scan works even if your NCM server is not connected to the Internet -- you just have to download the datafiles manually.

    Wait for the nightly update or force the scan manually in Settings / NCM Settings / Firmware Vulnerability Settings / Run Now
    (See the below referenced NCM 7.4 RC blog post for more screenshots and details.)


  • Check other new features of NCM 7.4
    All details are available here: Network Configuration Manager v7.4 Release Candidate is Available!
    Quick start:



  • Please note that the US Army has granted a Certificate of Networthiness (CoN) to NCM V 6.0. CERT-201109082. CoN has also been granted to NPM, SAM (APM), NTA and Engineer's Toolset.
  • The following SolarWinds products are Common Criteria EAL 2 certified by the NIAP: NPM, SAM (APM), IPAM, NTA, VNQM, NCM, EOC. Our Validation ID is 10453
  • You can also find Federal Information Security Management Act (FISMA) / NIST reports for NCM 6.1, on Thwack.com (same installation procedure applies)
  • Did you know that Gartner positions NCM in their research “MarketScope for Network Configuration and Change Management”, Deb Curtis, David Williams, 31 March 2010, ID Number: G00175140, as follows:
    • NCM is the most widely deployed of the products meeting Gartner’s criteria for evaluation (except CiscoWorks)
    • NCM is rated in the top tier (Positive / Strong positive) with the “Big-4”
  • A reference to SolarWinds (NPM) in the SIGNAL Online article “Marines Revolutionize Network In Southwest Afghanistan

I am happy to announce General Availability (GA) of SolarWinds Network Configuration Manager (NCM) v7.4. This version includes the following new features and improvements:


  • Cisco IOS and ASA Vulnerability Reporting
    NCM uses Cisco IOS and ASA firmware and configuration vulnerability data from the National Vulnerability Database to record which nodes in NCM are vulnerable. This information is available in a new Firmware Vulnerability resource and as a report.
  • NCM Entirely Web-based
    The NCM desktop application is no longer available and all functionality has migrated to the SolarWinds Orion Web Console.
  • New Compliance Reports
    • You can run over 60 Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) policy reports, preconfigured with the necessary rules and policies.
    • You can run National Institute of Standards and Technology Federal Information Security Management Act (NIST FISMA) and Payment Card Industry Data Security Standard (PCI DSS) reports.
  • Device Template Wizard
    • Create and edit device templates using the new, web-based Device Template Wizard in the SolarWinds Orion Web Console.
    • All templates from previous versions of NCM are migrated to the SolarWinds Orion database during an upgrade.
    • Access templates that other SolarWinds users share through thwack directly in Device Template Management.
  • Enhanced Change Approval Workflow
    The NCM approval system allows three different workflows:
    • Use a one-tier approval workflow to submit configuration changes to an NCM administrator.
    • Use a non-privileged, two-tier approval workflow to require non-privileged users (any user with the WebUploader role) to submit configuration changes to two different approval groups.
    • Use an inclusive, two-tier approval workflow to require all users to submit configuration changes to two different approval groups.
  • Web-based Reports
    • Create and edit reports using new, web-based reports.
    • NCM now uses Orion Platform reports (HOME > Reports) instead of the NCM reporting pages (CONFIGS > Reports).
    • Previous reports are not migrated to the web-based reports system and can no longer be edited after an upgrade.
    • Schedule reports with the Orion Report Schedulers instead of the NCM Run Report job.
  • Policy Violation Remediation
    You can automatically remediate violations in a device configuration on multiple nodes using a script.
  • Web-based Alerts
    • Create and manage alerts using the web-based alerting engine.
    • Alerts created using the desktop-based alerting engine are automatically migrated to the web-based alerting engine.


More details can be found in the Release Notes and in the RC blog post: Network Configuration Manager v7.4 Release Candidate is Available!.

I'm excited to formally announce that Database Performance Analyzer 9.2 is now Generally Available! 

This release of Database Performance Analyzer (DPA) has a very special feature only available when integrated with Server & Application Monitor (SAM) 6.2.1+.  We developed this feature based on the collective experience of DBAs and SysAdmins who've been caught up in nasty blame games.  Let me tell you a story...

blame-o-saurus-lg.jpgImagine a web site used by your customers that depends upon a database.  Not hard, right? Now imagine the customers have been calling in daily, about an intermittent performance issue that threatens your business.  It's been really irritating because the I.T. Pros just can't pinpoint the cause and it's stressing out executives who are demanding a swift resolution! 

  • The SysAdmins say that the web server looks fine.  No CPU spikes.  Plenty of memory.  No red flag in metrics. 
  • The DBA says the database server looks fine.  No CPU spikes.  Plenty of memory.  Very little storage IO and all queries received results within SLA.  There was a small spike of activity after the time the customers complained, but it was just a momentary spike in concurrent activity and again, all queries received responses within SLA.
  • The Web Developers want to blame the database because it's their primary dependency and it has caused them problems in the past.

So you've got 3 silos denying responsibility for the problem customers reported.  Executive attention focuses on the Developers who begin forming hypotheses they can't prove, like network performance is the issue or that web server and database server clocks may not have been synchronized and that little database spike actually did cause the web site performance problem.  And these are just the reasonable hypothesis.  Soon, you feel like you're on an episode of CSI, looking for a genius mastermind hacker that's broken into your system to steal customer data! 

This is a case where disparate monitoring solutions can leave you hanging... siloed... at each other's throats!  So what do you do?  Calm down!  First you need to clarify to everyone that they don't have a shred of evidence to prove any of these things.  But an integrated monitoring solution can give you a complete picture.  Let me show you how DPA 9.2 integrated with SAM 6.2.1 can help! 

chickenoregg.pngWith SAM 6.2.1, you can monitor an IIS web server with AppInsight for IIS which exposes some ASP.NET metrics that I love! :

  • Request Execution Time - Tells you how long it took IIS to complete the most recent web request.
  • Request Wait Time - Tells you how long IIS held a web request in a queue before it began processing it.
  • Requests Queued - Tells you how many web requests are in the queue because the web server has reached it's limit of worker threads.  Ideally, you keep this at zero!
  • Requests Rejected - Tells you how many web requests IIS has simply rejected because the queue is full.  GAME OVER!  YOU LOSE!

Now, when DPA 9.2 is integrated with SAM 6.2.1+, it adds a Query Response Time resource to your AppInsight for IIS view, which reveals how much *database wait time queries from the web server have incurred.  This enables you to perform a diagnosis of exclusion.  That is to say, if A and not B then C.  If (A) the web server requests are slow, you will see it in those ASP.NET metrics.  If the Query Response Time resource doesn't show (B) a matching spike in database wait time, then the web site performance issue must be caused by (C) something else.

So back to our story for a minute...  You see how the request execution time was high for a bit there, then suddenly dropped?  Do you see how the Query Response Time shows an inverse pattern?  The spike the DBAs mentioned that occurred after the web site problem...

Here's what REALLY happened...  True story from my past, actually.  It is true that historically, the database has caused many web site performance problems, but the Web Developers didn't evaluate every dependency.  As it turns out, the web server also relies upon 3rd party web services.  They've never been a problem before, so they haven't been monitored and were thus were overlooked.  Our web code needs these web services to complete before the web server will query the database and that is why we see the inverse relationship between Request Execution Time and Query Response Time.  When the 3rd party web services cleared their performance problem, the web server sent all the associated database queries to the database server, which responded to that load spectacularly, the DBA adds!

So as you can see, monitoring this web site with AppInsight for IIS and the dependent database with an integrated Database Performance Analyzer enables both teams to see the big picture in a single pane of glass.  Pretty cool, huh?

For more information about Database Performance Analyzer 9.2 features and value, check out the beta blog posts, my recent post on Geek Speak and a video explaining the difference between health and performance monitoring.


*database wait time - The amount of time a database client waited while the database server worked on the client's query.  Time is broken down into discreet steps performed by the database server, how long it spent on those steps.  Fpr more info see http://logicalread.solarwinds.com/response-time-analysis.

VMAN 6.3 is now generally available to all customers to download and in the Customer Portal for for current customers.

What is the Goal of this Release

The SolarWinds team has been working diligently to release Virtualization Manger 6.3, which continues the evolution of VMAN to an operational management and monitoring platform for the virtual infrastructure. As you have seen VMAN evolve over the last couple of releases we focused on providing monitoring utility, troubleshooting utility and reporting utility.  Culminating with VMAN 6.2 management utility was added by providing power management actions, snapshot management actions and AppStack support (to name a few features). With the release of Virtualization Manager 6.3 we further extend the operational role of VMAN with the end goal of providing remediation utility to the mix of features we provide. Not only does an administrator have the tools to identify and troubleshoot an issue in the virtualization infrastructure but they can also remediate the problem within VMAN.

What's New in Virtualization Manager 6.3

This is the 1st of several blog posts reviewing the new features of Virtualization manager 6.3. Provided below is a high level overview of what is new in VMAN 6.3:


New Management Actions

In Virtualization Manager (VMAN) 6.3, we further enhanced the existing management functionality by including migration actions, VM removal actions, and change CPU and memory actions.

  • Migration Management Actions
    • Move VM to a different host - Provides the ability to migrate a VMware® or Hyper-V® virtual machine to a different host within VMAN.
    • Move VM to different storage - Provides the ability to migrate VMware or Hyper-V virtual machine storage to a different datastore or Cluster Shared Volume (CSV) from within VMAN.
  • VM Removal Actions
    • Delete VM – Provides complete removal of the VM from the virtual infrastructure once the VM is turned off.
    • Unregister VM – Removes the VM machine files form the hypervisor but leaves behind the VMDK files on disk once a VM is shutdown.
  • Change CPU/Memory Resources Management Actions
    • Add/Remove CPU - Grow or shrink the amount of virtual machine CPU from within VMAN.
    • Add/Remove RAM - Grow or shrink the amount of virtual machine RAM from within VMAN


The Virtual Manager Tools can be found on the virtual machine details page and are conveniently accessible to remediate a virtualization manager alert with out leaving Solarwinds.  For instance an administrator may get a virtualization alert that indicates a VM with high disk latency, they could now initiate a storage vMotion or live migrate the VM to a different datastore or CSV from within Virtualization Manager to resolve the alert.


Execute management actions directly from the Sprawl page

Not only do we alert the administrator to Sprawl issues in the virtual infrastructure we also provide the the appropriate management action to remediate the problem on the Sprawl page.

    • Top 10 VMs by Overallocated vCPUs - Change CPU/Memory Resources
    • Top 10 VMs by Underallocated Memory - Change CPU/Memory Resources
    • Top 10 VMs by Overallocated Memory - Change CPU/Memory Resources
    • Top 10 VMs by Snapshot Disk Usage - Delete Snapshots
    • VMs Powered Off for More than 30 Days - Delete VM
    • VMs Idle for the Last Week - Power off VMs
    • VMs that might benefit from decreasing vCPUs - Change CPU/Memory Resources (Decrease vCPU)
    • Orphaned VMDKs (New Sprawl Resource) - Delete Orphaned VMDKsTop 10 VMs by Underallocated vCPUs - Change CPU/Memory Resources



An administrator monitoring their virtualization environment can use the Sprawl page to inform them of areas in which they can right size to reclaim resources or improve performance.  For an IT team that has has multiple administrators provisioning virtual machines it becomes a task in itself to determine which resources were temporary and no longer needed.  By leveraging the VMs Powered Off for More Than 30 Days alert to identify virtual machines that are no longer needed , the administrator can identify what needs to be deleted and then remove the unnecessary VM from the Sprawl page.

New Sprawl Resource - Orphaned VMDK

This new resource to the Sprawl page alerts to any orphaned VMDKs in the monitored environment.  Orphaned VMDKs are virtual hard-disks that are not connected to a VM. Most likely the result of removing the VM from inventory but never deleting the vmdk file and thereby using valuable datastore capacity.

Orphaned VMDK.jpg
A virtual administrator is alerted that they have multiple orphaned VMDKs files from VMs that were unregistered from the cluster but never deleted from disk.  They can now track and take action using the Orphaned VMDK resource and open up valuable Disk storage by deleting the unneeded VMDK files.

Alert Remediation

Provides the ability to configure an alert to trigger a management action based on a threshold.  By providing management actions as a trigger for an alert the administrator can now choose to automatically remediate any alert that crosses a critical threshold without needing to manual perform the management action.

Alert triggers.jpg

The ability to create an alert with a management actions as a trigger is valuable by ensuring up-time for a VM or maintaining performance of an application hosted on that VM. The administrator in charge of the server infrastructure is always concerned about the next time a threshold is reached, how fast can they react to that issue, and how that may affect the application that resides on the VM.  Creating an alert and setting a management action as a trigger helps to reduce the Time To Resolution for the affected VM without the administrator manually needing to execute the action.  For example, if there is a reporting server that does all its heavy lifting from 12 am - 5 am and application performance is suffering from datastore latency, an alert action can trigger a migration of VM storage to a destination predetermined by the administration if the latency threshold is crossed. This would ensure that the VM has the storage performance that is necessary to complete its workload (reports) before the administrator arrives in the morning.



All Alerts Dashboard Migrated to Orion

All Alerts.jpg

Migration of the all alerts alerting widget from the Virtualization Manager (VMAN) appliance to the Orion® Virtualization Summary, provides customers with a VMAN specific data of the environment from the Summary page. The very useful All Alerts widget is now available in as two resources, All Active Virtualization Alerts and Potential Virtualization issues.  The resource provide virtualization alerting in Orion Out-of the-Box with all VMAN alerts enabled by default when Orion is integrated with VMAN. Each triggered alert provides an alert details page with recommendations to take to resolve the issue, general alert details, and a link to the VM details view.


  • All Active Virtual Alerts -  Provides a view of all triggered virtualization specific alerts with a severity of warning or higher.  All alerts in this resource indicate a problem that is affecting performance or functionality in the virtual infrastructure and should be prioritized accordingly.  These alerts are sorted by active time and provide the following details:
    • Alert name
    • Alert message
    • Triggering Object (i.e VM, datastore, host, etc)






  • Potential Virtualization Issues - All triggered alerts with low severity and grouped by alert name.  These alerts notify the administrator of items that require attention but do not necessarily equate to a critical issue.  The VMs with Bad Tools alert is an example of this scenario, which notifies the administrator that the virtual infrastructure contains VMs that require a VM tools update but this does not necessarily ensure that the VM is having a critical performance issue.


  • Categories without issues - This resource provides Virtualization Manager specific alerts that have not been triggered but do provide a glimpse into what alerts are enable out-of-the box. Unlike the Potential Virtualization Issues resource and the All Active Virtual Alerts resource these alerts are not select-able and do not provide an alerts detail page.

Polling Improvements

We have improved polling performance in Virtualization Manager 6.3 allowing for on demand data polling and improved scaleability. Common use cases that improved polling addresses are situations where the virtual topology changes due to management actions, maintenance, or provisioning but VMAN fails to reflect the new VM to host or datastore association in a timely manner. In VMAN 6.3 once a migration management action is executed, the topology change is reflected within minutes. An administrator who receives a virtualization alert and resolves the alert with a management action will see the results of the action immediately within Virtualization Manager.


SolarWinds Virtualization Manager v6.3 Release Notes

Filter Blog

By date: By tag:

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.