Skip navigation
1 14 15 16 17 18 Previous Next

Product Blog

649 posts

In the last release of VNQM we brought the VoIP troubleshooting for your Call Managers. Those of you who maintain VoIP company infrastructure are probably familiar with the VNQM call signaling topology resource:


This resource contains devices "1005 & 1041" which are typically gateways. These devices connect your internal VoIP sub-system to the line of your data/voice provider(s). You may typically hear "PRI or PRI Gateway" when talking about inside out or outside in VoIP connectivity. What is PRI? The definition says that PRI (Primary Rate Interface) is a telecommunication standard used in the Integrated Service Digital Networks (ISDN), for carrying multiple DS0 voice and data transmission between two physical locations. More technically, a PRI is a type of VoIP line that provides up to 23 separate 64 Kbps B lines and one data channel like with 64 Kbps in a T1 configuration (typically USA) or 30 B lines and one data line in a E1 configuration (typically Europe).


PRI is quite popular today among businesses because of many benefits it has:

  • Scalable technologies that can grow or shrink with your business
  • Low cost
  • Use of existing PBX system technologies
  • Multiple sites can be connected into the same system eliminating maintenance and installation charges across locations
  • Doesn't impact end-users (can dial the number as they were used before)
  • Increased high-tech communications options
  • Can be managed remotely via web-based consoles

And this "PRI Gateway" is something that VNQM 4.1 can now monitor and brings you an another piece of information to solve your VoIP problems. To be very specific, in the case of VNQM 4.1 it's about Cisco devices (MGCP gateways) that have support for PRI.

You, Thwack users, had many dicussions or feature requests (here or here), about how to see utilization of your PRI trunks. You could also read about PRI in a Geek Speek blog post .

VNQM 4.1 RC is ready to be installed on your production and it is fully supported by SolarWinds support. If you are a IPSLA/VNQM active maintenance customer you are more than welcomed to sign-up here for a RC download


What Do We Need to Monitor?

A typical monitoring task for the T1/E1 is to monitor a number of active channels/trunks and their utilization. Some of you were also asking for monitoring of "VoIP vs. Data" ratio on the line. VNQM 4.1 can do both now. We don't use SNMP in this case, because Cisco has a bug in their SNMP implementation which results in incorrect trunk call utilization data being reported.


Now, how do you see this data in VNQM?

  1. Use a new gateway wizard to add your device to be monitored as the MGCP gateway at VNQM settings page


add gateway_cr.pnggateway wizard.png


  2.  When you have successfully added, you should see the list of your gateways on the VoIP summary page:

gateway summary.png

3.  Click on the Gateway from the resource above or in the signaling resource that's part of the call details page. This will take you to the brand new Gateway detail page:

Gateway detail page_cr.png


How to see data distribution and PRI trunk utilization - are you paying too much to your provider?

Gateway detail page_cr 1.png

Data distribution chart can show you a total usage on your PRI gateway, data & VoIP traffic

distribution and you can also drill down to see each trunk utilization specifically. "Trunk Utilization" resource will give you a good historical overview where you may see spikes or gaps over a time.

In our case, we can see that more than 37% of the capacity

is not used over last three months. So why to pay so much to your voip/data provider?

You can reduce amount of lines you need for the connectivity with the outside world.

The same chart could be also used for a troubleshooting of call connectivity.

In a case you reach maximum PRI utilization, your calls can't be connected

and it's time to figure out who is causing such load (CDRs), ask your provider for more bandwidth, or, at least, set up VoIP precedence policies. Gateway detail page_cr - 2.png





Want to see more "per trunk" utilization details? Not a problem:

Gateway detail page_cr_cr - 3.png





How to see problems on a gateway?

It's possible to do it via VNQM search page itself. But, you can save some time and see the most important metric - failed calls, and call quality issues directly on each Gateway detail page:

Gateway detail page_cr_cr - 5.pngGateway detail page_cr_cr - 4.png

In order to see call details, phone numbers, etc. simply hit "Search for all failed calls" link at the bottom of the page and VNQM will filter out Gateway relevant calls only."Easy peasy" don't you think?

PRI & trunk utilization monitoring is a major feature of this release. However, VNQM 4.1 also brings a new web-based reports with charts you may read about in this post.

VNQM 4.1 RC is ready to be installed on your production and it is fully supported by SolarWinds support. If you are a IPSLA/VNQM active maintenance customer you are more than welcomed to sign-up here for a RC download

For those of you that have installed the RC of NPM 10.6, you may have noticed some changes to the reports menu. And by changes, we mean the newfound ability to create awesome new reports from the web console. The report writer you have come to know and love is still available, and functions exactly as it always has. Reporting isn't something people generally get worked up about, but we think you'll love the new functionality so much, you'll never go back to the old writer. Without further ado, let's go into some highlights.



New Canned Reports


In addition to all the reports you have come to expect from the previous report writer, we've added a bunch of new reports for NPM (and NTA.) New reports have the ability to contain multiple resources (tables / charts) that can be configured to report on separate (or the same) data sources or time periods. For example:


To make your life easier, you can take these existing reports and customize them to your heart's content.

The new report writer gives you the ability to change the header / footer / logo / etc. Additionally, the resources themselves are drag-and-drop to make it easier to layout the report and get it to your boss' satisfaction.


Custom Reports


If you're more of a DIY sort of person, the new report writer gives you the ability to create a useful report from scratch- no SQL required. (Unless you really want to use SQL- it can do that too.)

Feel free to use most any of the existing web resources, or create new resources all your own.


Creating a custom chart or table is as easy as defining your datasource (which can be dynamic) and then the data you would like to report on.


Data can be filtered to represent the top X items, or the top X percent of items.



Sorting? Check. Grouping? Check. Summarization? Sure. Aggregation? You bet.

The new report writer allows you to get as simple, or detailed report as you like. Reporting can often be a challenge, particularly when you are creating a detailed custom report.

In NPM 10.6, we made it easy. If you're a current SolarWinds customer, NPM 10.6 RC is available now in your customer portal.

Please take it for a spin and let us know what you think.

The engineering effort on Kiwi Syslog Server (KSS) v9.4 Release Candidate has been completed. RC is the last step before general availability and is a chance for existing customers to get the newest functionality before it is available to everyone else.

You will find the latest version on your customer portal in the Release Candidate section.


Here is the content of this RC version:

  • Moving to a new web server
    This change brings a lot of new functionality "for free". Examples:
  • Active Directory authentication for web access
  • Alerting for Message Queue Monitor
    Be notified when the number of messages in the message queue crosses certain threshold. This indicates there might be performance problems and gives you chance to take an action before messages get dropped.
  • Bug Fixes / resolved cases:



AD support for Kiwi web access


3 questions regarding Kiwi Syslog Web Access


AD support for Kiwi web access


Kiwi Syslog accounts - AD tie in?


active directory authentication


AD/LDAP Support for Web Console


Kiwi Syslog Web User authentication via AD/LDAP


Broken Support link


Utra Dev Cassini Web Server Service


After web access installation, Cassini Web service stops


Feature Request - Support Newer UltiDev Cassini Server


WebAdmin: HTTPS for Web Front End


SSL for Web Access


https for Kiwi web interface


Alerting for Message Que Monitor


Availability of Buffer statistics for alerting and reporting


Milliseconds in Syslog in Descending Order!


Feature Request - Email Summarization


Database maintenance settings in Kiwi Syslog Webaccess doesn´t work


Reducing number of syslogs on web access




Radio button missing text on Archive Schedule Destination tab


Wrong version displayed when cancelling licensing


sounds not playing on alert


"play a sound once" does not work


Service crash after ORACLE ODBC configuration


Status on 9.3.4


Problem Creating Table for Oracle 11g Release


Ability to see full list of devices


RC builds are made available to existing customers prior to the formal release. These are used to get customer feedback in production environments and are fully supported.

New Engineer's Toolset 10.9.1 has just arrived. The upgrade is available for free for all Toolset customers under active maintenance and can be downloaded from the SolarWinds customer portal.


The 10.9.1 comes with following list of improvements:


•  TraceRoute tool Changes.

    • Added SNMP Support
      • Additional columns can be displayed for devices which support SNMP
      • User can enable/disable SNMP Discovery
      • SNMP credentials are provided by common Credential Managment
    • Context menus over columns were enhanced
      • Right-click over IP Address column allows user to run some tools.
      • Right-click over other columns allows user to choose displayed columns
    • addresses are not displayed in results

• WorkSpace Studio

    • Export is now possible from IP Network Browser (WSS)

• Neighbor Map

    • Export Neighbor Map to Visio

• Proxy Ping

    • Deprecated the old version and implemented a new one.
    • New version adds support for IPv6
    • Supports Cisco, Juniper, Mikrotik and Extreme Networks

• SCP Server changes

    • Existing files of the same name are renamed during an upload
    • Is now FIPS supported
    • Support for DSA Keys

• Licensing upgraded to GEN3


Notable Bug Fixes in 10.9.1


• Issues with Neighbor Map (250173, 186932)

• Port Mapper - In correct VLAN ID displayed (156029)

• Port Scanner - Maxes out on 65,000 port scan (218038)

• Port Scanner - Crashes (222332, 218038)

• Bandwidth Gauge –Historical Statistics issue fixed (175923)

• Config Viewer –  SNMP community first character cut off (184082)

• Compare config Tool error out when logged in as a standard user (240296)

• Subnet Calculator – Resulting in wrong subnets (243226, 228460, 222771)

• Switch Port Mapper -  Does not work with Cisco Nexus 5000 (197087)

• Switch Port Mapper -  Does not show MAC Addresses  (204097)

• Switch Port Mapper -  Incorrectly displays MAC Addresses  (233180)

• Switch Port Mapper -  Fails to export to CSV format (250453)

• Workspace Studio - Crashes (236890, 236888)

• TraceRoute - Crashes when hostname is not resolved (233322)

• Cannot add nodes to Bandwidth Gauges, with Non Admin user rights (234987)

• WorkSpace Studio -  Interface Chart % Utlization Rx+Tx faulty logic (245706)

• SNMP Real Time Graph - Displaying duplicate column names (250074)

• Watch It - Gives a Run-Time error after exiting the application when log in as a standard user (241675)

• Advanced CPU Load - Not showing Call Manager 7 data  (184082)

• Netflow Real Time - Fails to launch when toolset is installed into a user defined custom folder (251815)

• After upgrade toolset takes ages to load (193803)


So, what are you waiting for ? go ahead and download the General Availability 10.9.1 bits from your customer portal today !

I believe Bronx summed it up perfectly when referring to this release as SAM 6.OMG; because that's precisely the kind of reaction and enthusiasm we receive anytime we have an opportunity to show it off. Those lucky few who've had an opportunity to play with some of the early betas first hand have been champing at the bit in eager anticipation for the opportunity to upgrade their production installations of SAM to version 6.0. Well that time has finally arrived.So without further ado I would like to extend a personal invitation to all Server & Application Monitor customers under active maintenance to sign-up here to download the SAM 6.0 Release Candidate.


Please note that Release Candidates are provided as early availability access to the latest release. They are treated no differently than GA releases, in that Release Candidates are fully supported in your production environment, and the SolarWinds technical support team is available to aid and assist with any problems you might encounter.


If you haven't been following the SAM beta blog postings here in the Product Blog, I'll give you a brief rundown of some of the exciting new features included in the SAM 6.0 Release Candidate.


Real-Time Event Log Viewer


The Real-Time Event Log Viewer, as the name suggests, is a web based version of Windows own Event Viewer. This tool allows you to troubleshoot and diagnose application and server related issues occurring on the remotely monitored host in real-time, without the need to remotely connect to the server, log-in, and launch the Windows Event Viewer. Once you've isolated and identified the cause of the issue, you can then easily create a Windows Event Log Monitor from within the Real-Time Event Log Viewer so you can be alerted if this issue occurs again in the future. Simply select the event(s) you'd like SAM to continuously monitor, click Start Monitoring, and the wizard begins. It's just that easy.


Asset Inventory


In this 6.0 release we extend SAMs hardware health monitoring, introduced in v5.0, to include a much broader array of additional server asset inventory information. This allows SAM to collect all relevant information necessary for asset depreciation, insurance, and support. However, this feature also provides a wealth of additional information you'll likely find useful in your everyday tasks. Some such examples include reporting on software installed for license tracking, or what operating system updates have been applied to the server; by whom, and when they were applied.


Information from SAMs Asset Inventory collection can even be programmatically synchronized with other CMDBs using the Orion SDK. If you don't already have a dedicated CMDB, the inverse is equally true. SAM 6.0 allows you to either manually or programmatically populate and report upon non-pollable information in the Orion database, such as the original purchase price, purchase date, rack location, etc. Need to track and report upon other asset information? No problem. Add additional fields to track whatever information you need, such as "in service date",  who the server was originally purchased from, or anything else for that matter.

Server Warranty Expiration.png


Custom Asset Information.png

In my previous blog post regarding server asset inventory collection, cwestwater suggested that it would be helpful if SAM was able to automatically track and maintain the servers warranty status and warranty expiration dates. And we agreed. So in addition to gathering all kinds of useful asset inventory information about the physical and virtual machines SAM 6.0 is monitoring, SAM will also monitor the warranty status of your physical servers. Provided your Orion server has access to the internet, this is all done automagically by periodically checking the status of each servers warranty against Dell, HP, and IBM's online warranty validation servers. This allows SAM to alert you when your servers warranty is due to expire. You'll also find a new Server Warranty Summary resource (pictured above) that provides at-a-glance warranty status information for servers where the warranty has expired, is due to expire soon, and those next closest to expire.

AppInsight forSQL

Much of the buzz surrounding the SAM 6.0 release is associated with a radical new concept we've dubbed "AppInsight". Beginning with Microsoft SQL Server, AppInsight's focus is to provide unparalleled monitoring depth and visibility around a given application, while simplifying discovery and reducing overhead associated with continuous monitoring.


It is our belief that SAM can provide a truly multi-vendor "best of breed" application and server monitoring experience, previously only possible by deploying numerous dedicated point products. Unlike these "point products" however, AppInsight is a tightly integrated solution built into SAM to provide a single pane of glass view into the health and status of all your servers, and the applications that run on them.


For example, AppInsight for SQL provides visibility into who's connected to the SQL Server, how long they've been connected, and from where (host name or IP address) they're connected. Need to know who's actively using the SQL server, not just who's connected, before taking it out of service for maintenance? No problem. Within that very same resource you will discover exactly how long each of user has been idle.


AppInsight for SQL gives a unique view into your database's storage usage, allowing users to easily understand the size of each database file, the percentage of white space in the file, as well as calculating in the free space remaining on the volume if auto-grow is enabled. This allows AppInsight to alert you before your database runs out of space, regardless if it's a fixed database size running out of white space, a database file that's configured to auto-grow to a configured limit, or even if the database is configured to auto-grow until it runs out of space on the drive. No matter how your database's are configured, AppInsight for SQL has you covered.


Whether you're new to SQL, or a seasoned veteran DBA, the SQL error log is one of the first places you're likely to turn your attention to identify common issues with Microsoft SQL. The SQL Error log contains important troubleshooting information such as, client connectivity issues, backup failures, end of recovery after a restart, DBCC Events, reconfiguration of server or database options, non-yielding schedulers, stack dumps, autogrowth failures, delayed IO events, etc. With AppInsight for SQL this information is right at your fingertips, located conveniently on the Application Details view of each monitored SQL instance.

Top 10 Databases By Active User Connections.png
File By Size.pngSQL Errors.png

Speaking of backups, and other regularly scheduled reoccurring tasks like database shrinks, AppInsight for SQL also includes SQL Agent Job Monitoring. Never again be caught blindsided because a scheduled SQL Agent Job failed to run properly. Better still, understand when, and for how long, SQL Agent Jobs are running to minimize their impact during business hours. These are just a few of the features included with AppInsight for SQL in SAM 6.0.


So how is AppInsight for SQL licensed anyway? What does it cost? Is it another module? An add-on?


AppInsight for SQL is built-in to SAM 6.0 and does not require the purchase of any additional modules or add-ons. Despite monitoring well over 100 unique SQL Server instance metrics, and more than two dozen key performance indicators for each database, AppInsight for SQL consumes a mere 50 component monitor licenses per-SQL Server instance. Now that's news everyone can be excited about!

SQL Agent Job Status.png

Processes and Services.png

Threshold Baseline Calculator

Believe it or not, there's still plenty of additional new features included in the SAM 6.0 RC I still haven't covered yet. One of these features is the all new Threshold Baseline Calculator. For a several years now we've pre-populated warning and critical thresholds within the application templates included in SAM. These thresholds have been based upon the individual vendors best practices for the given application. There are however many circumstances where this "one size fits all" approach to thresholding simply isn't appropriate, or accurate. The most typical reason why "one size fits all" thresholds doesn't always "fit all" is due to size and scale of an organization and their application deployment.


Let's take the example of Message Queue Length in Microsoft's Exchange for an organization with 10,000 or more employees. It might not be unusual for an organization of this size to see the number of messages queued for submission rise above 100 or more on occasion. However, if a small business of  25 or fewer employees saw the same Message Queue Length, at or around 100 messages queued for submission, it would be likely be an indication of a serious issue with the transport service failing to deliver messages properly. That's because for an organization of 10,000 or more employees, having 100 messages simultaneously sent or received within a given time frame isn't too terribly difficult to fathom. On the other hand, for an organization of only 25 employees, that same feat would be extremely unusual. This is just one example of how thresholds for performance metrics don't always "fit all".

For this reason (and countless more examples just like it) the Threshold Baseline Calculator in SAM 6.0 was born. Located from within the Application Editor, directly next to any threshold field you will find two new options. The first, "Use Latest Baseline Thresholds" calculates and applies recommended warning and critical thresholds for the selected metric based upon the last seven days of statistics collection (the baseline). Some might consider this a "blind faith" approach to thresholding that more closely resembles a random number generator, but fret not. There's a science behind where those numbers came from; and for all that detail and more you need only click the "Latest Baseline Details" link that lies just beneath the "User Latest baseline Thresholds" button.


Upon clicking the "Latest Baseline Details" link (pictured above) you will see a chart which displays the occurrences of statistic values returned by the selected component. This is a visual representation that allows you to easily digest all of the values collected during the baseline period to gain an understanding of what is considered "normal" for this metric in your environment. You have the option of selecting/deselecting typical business hours (8am-6pm Monday-Friday) as well as nights and weekends, or view the cumulative total for entire time period. Overlaid on the chart are the color coded red and yellow banding that represent how the recommended warning and critical thresholds relate to the baseline data. This provides a quick and easy way of determining the number of times you would have been alerted during the baseline period depending how your thresholds were defined.


Latest Baseline Details.pngIf embracing your inner statistician isn't your thing, you can also choose the more familiar "Metric over time" from the top most tabs, which displays the typical historical chart view with visual warning and critical thresholds included.


Thresholds are calculated using standard deviation, as represented by the sigma "σ" symbol in the table header above. By default 2 standard deviations are used for warning, and 3 standard deviations are used for critical thresholds above or below the mean/average depending upon which operator is selected (greater than/less than). Clicking on any number in the table provides you the option of setting the selected value as either the warning or critical threshold. This also dynamically updates the visual yellow and red banding representing warning and critical thresholds in the chart above the table. At any time you may click the "Reset to Recommended Thresholds" link to return values selected in the table, and represented in the chart above to those recommended by the Threshold Baseline Calculator. You may also click the "Cancel" button to revert any changes made and return to the Application Editor.

Armed with a better understanding provided by the Threshold Baseline Calculator of what is typical/average for a given metric you can make educated, informed decisions as to how warning and critical thresholds should best be defined for your environment.


We think you'll agree that this has shaped up to be an outstanding release of Server & Application Monitor. If you've been one of the many patiently waiting for this moment to come, we'd like to welcome you to sign-up here to download the SAM 6.0 Release Candidate now.


Please note that the SAM Release Candidates is available exclusively to those running previous versions of SAM or APM under active maintenance.

I'm very happy to share with you that we have officially reached Release Candidate (RC) status for Serv-U FTP Server and MFT Server v15.  The contents of this release contain exciting new features and improvements, namely,


  • File sharing in Serv-U MFT Server
  • New web client user interface
  • Rebranding of the user interface
  • FTP Voyager no longer requires an activation key


You can download the RC in the Release Candidate section of your Customer Portal. If you have any questions I encourage you to leverage the Serv-U Release Candidate RC group on thwack. RC is the last step before general availability and is a chance for existing customers to get the newest functionality before it is available to everyone else.

File Sharing


All of us need to occasionally share a file with a partner, colleague or a customer (we call them Guests in File Sharing, or someone who does not have an account in Serv-U). File Sharing is a great new feature of Serv-U MFT Server which helps you to share small or large files without email limitations, temporary accounts or any administrative hassles. It allows you to have your own on premise file sharing service. File Sharing is meant as a temporary storage for simple web-based file sharing. Guests will simply receive an email with the link allowing them to download or upload files. If you wish you can also send links via IM, social networks or by other means.


First you need to enable File Sharing in the Serv-U Management Console. You can configure settings on the global level in the Server Limits and Settings section or per domain in Domain Limits and Settings.


On the screenshot below you can see the simple configuration settings for File Sharing. You can define a URL for the File Sharing, you set a folder where all shares will be stored and you can also define how long expired shares should last before Serv-U deletes them permanently. If you wish you can also define a template for emails received by Guest users, enable or disable usage of SSL and most importantly enable/disable the entire File Sharing feature.




After you enable File Sharing you can find the link to the File Sharing UI in the bottom of the management console next to the FTP Voyager JV and Web Client links.




As a regular user you can choose the File Sharing UI during login or click on the upper menu in the new Web Client UI.




In the home page of File Sharing you can see the last 5 shares for requested files and sent files with some basic information about each share like date share was created, name of the share, email address(es) of Guest(s), status of share, expiration date and so on.




If you wish to start with sharing files simply click on "Request Files" or "Send files" in the menu to create a share. Let's first send some files to a Guest. After clicking on Send Files, you are presented with a form with basic settings for the share. You need to define one or more email addresses. You can change the default Subject line of the email which will be sent by Serv-U.


Then you can briefly describe what data you are sending and change your email address if it's different from the default. Since a share is only a temporary storage, you have to define the expiration time which is up to 90 days. This is to prevent filling up your storage with shares.


You can also ask Serv-U to send you notification when the file is downloaded by a Guest so you know immediately and can follow-up. Additionally you can also protect shares with passwords. When you are done click "Next".




In the next step you simply choose files to upload, click Upload button and you are done. The share is created, notification email is sent to the Guest user(s) and you can close the confirmation screen by clicking on the Done button.


You can request files for upload in the same way by clicking on Request Files in the menu. After that a similar form is displayed as for sending files. You configure your share (when requesting files you can also limit individual size of files uploaded) and this time click on Send Request and your are done.




After you create a share, an email is sent and the Guest user can click on the link in the received email. If the share is password protected, then the Guest is asked for a password and after entering it, it's as simple as clicking on the Download All button or choosing files to upload.




New Web Client UI


With the new File Sharing feature, which as you noticed is using a new, cleaner UI, we also redesigned the Web Client UI. It is now cleaner, faster and behaves more like Windows Explorer.




FTP Voyager is now FREE!


FTP Voyager is a powerful FTP client with many great features like scheduler. We decided to make it a free product! We removed all references to purchase or any licensing constraints. Go, download FTP Voyager now from the customer portal and enjoy its rich functionality!


Download Serv-U v15 RC, which is availble in the Release Candidate section of your Customer Portal.


If you have any questions I encourage you to leverage the Serv-U Release Candidate RC group on thwack.

We are pleased to announce the general availability of SolarWinds Web Help Desk 12.0.1. This is a service release, which contains number of improvements and fixes. Namely,


  • Installation issues with non-standard installations
  • Friendlier and more informative messages during installation and upgrade
  • Certificate issues on Exchange when running SSL.
  • Upgrade and migration issues.
  • PostgreSQL service does not start on Win2003.
  • E-Mail account type label includes Exchange 2013.
  • Exception when deleting an attachment.
  • Upgrade fails when IP Address is bound in WHD.conf.
  • Unable to create ticket notes using API.
  • Escalate privileges to admin when running WHD scripts in Windows.
  • WHD discovery Engine (WMI) ignores XP machines.
  • Escalate privileges to admin when running WHD installer.
  • Performance issues with SAVE operation on notes.
  • Installer blocks on maintenance expired.
  • Discovery engine not collecting HDD info.
  • Additional logging during migration.
  • Call uninstallation of whd from installer.
  • Update installation script to be HDD independent.
  • Verify previous installation of WHD.
  • Windows installation on different HDD.


You can view the full set of release notes here.


Download Web Help Desk now and have fun!

We have a new "What We're Working On" post. Click here for the new post.

We shipped v10 mid year, added mobile access for your iOS devices and last month we added support for Android OS based devices.  We're now working on the next release. 

Here is a list of what we're working on:


  • Remote control 'over-the-internet' to support remote control scenarios outside the LAN.
  • Centralized Server for both DRS.  This will provide the following benefits:
    • Central console to setup and manage centralized functionality
    • Centralized and easily accessible host lists
    • Drastic simplification of SolarWinds offline license activation and license management
    • Ability to search host lists
  • Native OSX agent
  • Native Web Help Desk integration
  • Ability to reboot a system into safe-mode and connect with MRC
  • More granular connection and client agent security
  • Session recording either ad-hoc or forced to a central location
  • Reverse screen sharing
  • Advanced Centralized Functionality
    • Ability to restrict / grant access to various DRS functions via user profile / policy
    • Ability to push MRC agents and agent updates
    • Ability to push DRS consoles
    • Leverage Active Directory/LDAP for authentication as well as access control based on groups
    • Centralized MRC agent configuration management
    • Centralized access logs for auditing

PLEASE NOTE:  We are working on these items based on this priority order, but this is NOT a commitment that all of these enhancements will make the next release.  We are working on a number of other smaller features in parallel.   If you have comments or questions on any of these items (e.g. how would it work?) or would like to be included in a preview demo, please let us know!

We have been keeping an eye on the discussions here asking for improvement in terms of network traffic analysis, beyond what MIB 2 (Interface traffic) and Flow technology (NetFlow, sFlow, jFlow...) have to offer.

And we recently saw that NBAR support was voted #1 enhancement request for NTA - the Network Traffic Analyzer (see more about SolarWinds Network Traffic Analyzer here)
As we were thinking about this, we wondered whether the requirement was basically for NBAR - period - or if this was the sign of a larger requirement for better tools to ananalyze your traffic.
For example, we did a Traffic Analysis survey, asking if you used DPI-type solutions and we discovered that a large proportion was using Wireshark (not really a surprise, but was a good confirmation) or any other form of DPI product
DPI solutions used by SolarWinds customers.PNG
Also, I recently talked to some of you and confirmed that a significant proportion (actually higher than what the above chart suggests) either had a Deep Packet Inspection (DPI) solution in place (Riverbed Cascade/Opnet, LanCope, ...) or had this in their budget for this year.
So all this fueled a lot of thoughts and raised some questions on our side, on which we'd really appreciate your comments and answers:
  • Does Wireshark meet most of your needs?
  • Do you need Advanced Traffic Analysis for environments other than Cisco, where solutions like NBAR may not be available? In other words, do you need a vendor-agnostic solution?
  • All of you who own a DPI-type solution, mentioned their (prohibitive) cost as an issue. We are convinced that you don't need to be an Enterprise, able to spend $200K or more on these solutions, to really need them. Small and medium-size businesses also encounter challenges with their traffic which require deep analysis.
    Is it time for SolarWinds to commoditize that market and offer 80% of those features for 20% of the cost?

Before I'll let you go and express your thoughts and describe your experience, here is a bit more on how we think about this problem.

What are the needs for Advanced Traffic Analysis?

We see mainly 4:

Breakdown my traffic by application and user, like Netflow does ... but better

As convenient as Netflow technology is, it actually does a pretty average job at identifying your applications (unless you deploy Flexible Netflow):
    • Limited to static ports. Any app using dynamic ports will be invisible to (Net)flow technology
    • Ignores that many application use port 80 to go through firewalls and are actually NOT HTTP / Web applications
    • Is unable to identify reliably true Web applications: either because (Net)flow does not inspect the HTTP header and does not do URL extraction. Also, content networks such as (owned by Google) are identified by the Content Distribution Network they use as opposed to the Web site they really have (e.g. for
      See this typical question we have, pointing to this great post explaining why (Net)flow is really not the ultimate weapon and why Flexible Netflow is not the panacea either.


I need an aggregated view of the Quality of Experience rendered by my applications to my users

In a perfect world, users experiencing slowness in their application will open a ticket or send an email, and IT will know about it. But the world is not perfect and how many IT engineers discovered the hard way, as they were thrown under the bus by an email from a user to the CIO, that the QoE offered by IT is actually not that great, despite what they thought?

Of course there are solutions to simulate users connecting across the network (E.g. SolarWinds VNQM, based on Cisco's Ip SLA technology) as well as simulate the details of their transactions on their mission critical applications (e.g. SolarWinds WPM), but those are based on simulations and do not reflect the true experience of users.

Wouldn't it be great to have a dashboard looking at the traffic of all your users connecting to their applications and calculate the latency they REALLY experience and reporting this in near real-time, or on a daily, weekly, monthly, quarterly basis?


I need help troubleshooting slow access to applications

Your users are complaining about slowness when accessing some application? (or a QoE dashboard, as presented above, is keeping you informed about that)

The first things people do is use the basic tools they have, to try to troubleshoot:

    • Look at saturated interfaces that can explain slowness. Then go to  (Net)flow information to understand the nature of this traffic and see what non mission-critical traffic could be removed to avoid the saturation moving forward. The problem with this, is that a) it's not always easy to identify all interfaces on the path from the impacted user(s) to the application and b) excess of traffic is not always the cause of the slowness
    • Look at the devices along the path - from the switch the user(s) is(are) connected to, up to the server this application resides one, via all WAN routers - and see if any experience poor health explaining the slowness (CPU, memory, IO...)

Decent start, but what if this does not answer the question?

What if it's a mis-configuration? What if it's one particular transaction of this application, out of dozen, that is slow, how do you figure which one? What if the slow application is actually spread across multiple-tiers (application server, database, storage...) and what you thought was a "simple" analysis of the path between the user and the application server, happens to be more complicated and involve several back-end servers?

All these more complex but unfortunately real-life examples, are almost impossible to troubleshoot with the basic tools.


Security is key for us and I need to know exactly what peole do on my network

Who is accessing internal file shares? From the outside of my network, really?

How about browser-based file shares (e.g. dropbox)? Is last amount of internal material being copied over to those?

Are your users downloading copyrighted content from P2P media and storing it on company-owned asset, e.g. their workstation?

Do you have unusual traffic from unexpected countries? What is this traffic about?

You already have an Advanced Traffic Analysis (e.g. DPI-based solution)? Tell us what you think about it...

  • What use case(s) does it meet for you (from list above or other)?
  • Do you consider it cost effective?
  • How important is it to have these products integrated to platform such as an NMS / IT infrastructure management platform such as Orion?
  • Would you consider a solution integrated to Orion that would address your most important need at a fraction of the cost? Or do you need the full power of those expensive solutions? Tell us what the minimum bar is!


How does encrypted traffic impact the effectiveness of your Advanced Traffic Analysis (e.g. DPI-based solution)?


If you currently run some form of Advanced Traffic Analysis product (e.g. DPI-based solution), how does encrypted traffic impacts it.

Did encrypted traffic dictated where you deployed your packet capture probes? Are there areas of your network that carry encrypted traffic that you are blind on due to that?


Sniffing traffic, ok, but which one?

Let us know about your most important traffic types, on which to perform Advanced Traffic Analysis:

  • A) LAN traffic on corporate / Data Center (internal)
  • B) LAN traffic on remote site
  • C) WAN traffic (general)
  • D) WAN optimized traffic (e.g. Cisco WAAS, Riverbed, Bluecoat)
  • E) VM to VM traffic
  • F) Load balanced traffic (e,g, Cisco ACE, F5)
  • G) Virtualized traffic (e.g. analyse traffic in/out of an application hosted by a Cloud SP)
  • H) DMZ traffic


Sniffing traffic, ok, but how?


Agents, span or Tap or RITE?

  • The agent-based technique is about running agents on the OS - virtual or not - that hosts your mission critical applications. If your focus is the traffic that goes to your applications (as opposed to look at all traffic including the fully meshed opne that goes across all your sites sites), then agents are a good solution because they make the 3 techiques below unnecessary, but they require an invasive action on your OS by adding a component to it: what CPU/memory do they consume on the OS? Are they really only looking at the traffic? How do we upgrade 100's of them that are deployed on yuour server farm...
  • The Port Spanning / Mirroring technique is basically about high-jacking one port from your switch and dedicate it for mirroring all or part of the entire traffic of the switch. Then the management product listens to packets from this port and performs analysis, storage...

Pretty simple, because most switches support this now, just a commend top issue and a cable to connect and you can start drinking from the fire hose; but may have an impact on the switch and can't guarantee 100% packet captured on very heavily loaded switches.
Note that spanning a port is possible on a HW switch but also on a vSwitch within a virtual environment

  • Network Taps are basically pieces of hardware that you buy to replace the switch for this function (capturing packets). They are placed inline and have no influence on the switch and pretty much capture 100% of the traffic.
  • RITE - Router IP Traffic Export, is a Cisco technology like spanning a port on a switch, except that it's done on a router. Again, easy to deploy since it leverages an existing device, but it impacts it and won't work great at high speed. See this nice and short blog post


Tell us about your experience, your preferences, what's allowed and not allowed on your networks, as far as capturing packets for Advanced Traffic Analysis.




We have officially reached Release Candidate (RC) status for Network Configuration Manager 7.2. RC is the last step before general availability and is a chance for existing customers to get the newest functionality before it is available to everyone else.


Here is the content of this RC version:

  • Continue moving functionality from Win32 client to Web UI
    • Job management (Windows Task Scheduler not used anymore)
    • Config management (edit, delete, set baseline)
    • Possibility to test device login credentials
    • Import config from file
  • Provide End-of-Life information for managed devices.
  • Multiple global connection profiles
    • Define multiple connection profiles (device credentials, protocol, port etc.)
    • NCM will try which of the predefined connection profiles works for a device (configurable per device)
  • The execution of Config Change Templates can be scheduled.
  • Change Approval System enhancements
    • Approved requests to be executed at specified date/time
    • Approved requests to be returned to requestor for execution
    • Requesters can see a history of what they requested and was approved
    • Approvers can see a history of what they approved
  • SNMPv3 -- Support of AES-256 encryption
  • Inventory for Brocade devices
  • More devices supported natively (Palo Alto)
  • Config Change Template Extensions: 'delay' command, string <-> number conversion
  • Make downloaded configurations searchable for IP addresses with FTS enabled.

More details and screenshots can be found in the NCM 7.2 Beta blog post and in Manage End-of-Life Information for Your Devices with NCM!


RC builds are made available to existing customers prior to the formal release. These are used to get customer feedback in production environments and are fully supported. If you have any questions, I encourage you to leverage the NCM RC forum.

You will find the latest version on your customer portal in the Release Candidate section.

SolarWinds has prepared a new on-line sessions for all of you who are interested what's coming in our product series. This sessions will be presented by Product Managers and we believe that it will give you an interesting look into product's future.

If you would like to attend, simply make your registration at GoTo meeting web site: New Series: PM-Hosted Monthly Product Roadmap Updates


The upcoming Wednesday 17th July's session will be focused at Network Performance Monitor 10.5 and beyond. In this episode, we will review the new features in SolarWinds Network Performance Monitor v10.5 and additionally, we will discuss what we are working on for the future. Feel free to bring your comments and questions.


See you there.

We have completed the bulk of the development effort and are now focused on testing the latest release of Kiwi Syslog Server (KSS). KSS v9.4 has reached Beta status. This is your chance to install the latest version and provide feedback on the new features and fixes. Providing feedback during the beta is the best way to ensure that your feedback will be incorporated in to the release. To participate, simply fill out this survey and you will be sent the download links for the Beta. Remember, Betas cannot be installed in production and you cannot upgrade the Beta to any other future versions.


The following enhancement have been added to KSS:

  • Moving to a new web server
    This change brings a lot of new functionality "for free". Examples:
  • Active Directory authentication for web access
  • Alerting for Message Queue Monitor
    Be notified when the number of messages in the message queue crosses certain threshold. This indicates there might be performance problems and gives you chance to take an action before messages get dropped.


Today we made it official - our library of handy DNS and email troubleshooting tools on are now free! You can use the tools a few times before being prompted to create an account, with an account you can create your own favorites and arrange the tools as you see fit. The DNSstuff Toolbox ("Professional Toolset") has dozens of tools for testing/retrieving DNS records and troubleshooting configuration issues that might affect network connectivity, routing, DNS and email; the Mail Server Test Center consolidates a few critical tests that might affect email into one place.


Questions DNSstuff Tools can Help you Answer


Is it down for everyone or just me? Can people reach my site? Is my site slower from different parts of the internet?

DNSstuff is a great third party external resource that lets you troubleshoot remote connectivity issues without calling all your friends to ask them to try accessing your site and tell you how slow it is. In addition to the usual traceroute, our vector trace tool lets you drop in an IP and we'll connect to it from 2 different locations to see whether there's any issues with your site that might differ based on someone's location. While you're there, dig into the details about any hop to find out more about who owns it and where it is.





Are my DNS records good? Has my DNS change propagated through the internet yet? I am setting up a new site or working with a new customer and how can I tell their DNS is configured correctly? Is there a problem with one of my listed DNS servers not responding?


Nothing's more fun than making changes or making a new site live and having someone ask you every 5 minutes why the traffic isn't coming yet, or why people are still seeing the old site. Okay, maybe more fun than that is when you have random reports of lookup failures or communication errors to your site and have no idea why - but all of the network connectivity itself seems good. You can use DNSstuff to do tests against your DNS records and their listed DNS servers to make sure all of the listings are correct AND help you identify common problems or pitfalls with DNS that might lead to these types of failures.


Our DNSreport tool will run a number of tests against your domain and subsequent listed DNS servers to tell you if there's a problem anywhere down the line. You can also use the ISP cached DNS lookup tool to see if ISPs have cached your records or are showing the new ones.




Where is this IP address physically located? How does traffic route through different geographic areas to get to one of my sites? Could a wonky route that sends traffic overseas be making my site particularly slow?

DNSstuff has a few IP location and visual traceroute tools that help you identify where a certain IP is located and what routes traffic might be taking to get to an IP address. The vector trace (sample above) is handy to see how different locations might be reaching you. Our standard traceroute performs the exact same lookup but from a single host. IP information will look up all of the info related to an IP (including location across several location tools) and there's always standard IPWhois to do a simple reverse ownership lookup.


Am I listed on any spam blacklists?

There's a bunch of spam blacklists out there and getting listed means email from you might not reach someone using a blacklist to prevent unwanted email. DNSstuff has a blacklist lookup tool that checks your IP address against those lists.  You can also check a domain against a URI blacklist tool in case your domain has appeared in spam and that's causing you to be blocked, too. If you are blocked, we've lined up the contact info so you can react accordingly.




Who owns this site and which whois service should I use to find out if I need to contact them? I changed my whois record info, but how do I know it's done?

There are several online whois tools, but usually in order to use them, you have to at least figure out which whois service to go to. We've hooked them all up to one lookup tool so you can drop in an IP or domain name and see who it belongs to (and all the other useful whois info). We also have snapshots so you can see when whois information last changed and what changed.



People are getting bounce messages from our email, but not all of the time, and I can't figure out what's going on - help?

If you've got multiple servers configured as your MX, mail can find its way to all of them - but only sometimes, which makes problems pretty hard to track down unless you check every server. Mail Server Test Center runs a bunch of tests that check basic connectivity, records, SPF, and other info against ALL of your MX records.




And More!!

There's a ton of other tools on DNSstuff - everything from a Speed Test to DKIM Key/SPF record checking to a CIDR calculator and even social media search. DNSstuff is also here on Thwack, over in the DNSstuff space where our product management and sometimes even dev team checks in to see how we can help.


NOTE: All paying DNSstuff customers continue to have access to the same tools and information that they did before, and access to create an online case with our support team up to the expiration date of your account. As your account expires, your access to any tools won't change and you'll experience no interruption in service.

The SolarWinds Engineer’s Toolset – 10.9.1 Release Candidate is now available for download in your customer portal.

This Release Candidate fixes the following issues.


• Issues with Neighbor Map (250173, 186932)

• Port Mapper - In correct VLAN ID displayed (156029)

• Bandwidth Gauge –Historical Statistics issue fixed (175923)

• Subnet Calculator – Resulting in wrong subnets (243226, 228460, 222771)

• Port Scanner crashes (222332, 218038)

• Switch Port Mapper does not work with Cisco Nexus 5000 (197087)

• Switch Port Mapper does not show MAC Address (204097)

• Switch Port Mapper fails to export to CSV format (250453)

• Workspace Studio Crash (236890, 236888)

TraceRoute crashes when hostname is not resolved (233322)

• Cannot add nodes to Bandwidth Gauges, with Non Admin user rights (234987)

WorkSpace Studio: Interface Chart % Utlization Rx+Tx faulty logic (245706)

• SNMP Real Time Graph displaying duplicate column names (250074)

• Watch It gives a Run-Time error after exiting the application when log in as a standard user (241675)

• Compare config Tool error out when logged in as a standard user (240296)


We have also included some enhancements into the tools.


• Enhancements into the TraceRoute tool.

WorkSpace Studio - Export function available in IP Network Browser.

• Neighbor Map can now export to Visio

• Proxy Ping supports IPV6 and SNMPv3

• SFTP functions using DSA Algorithms

• Fixed the renaming of file name in SCP Server and TFTP Server Tools.


The full set of release notes will be available when we have the formal release.


P.S: The Release Candidate (RCs) is a fully supported early release available to existing customers. If you have active maintenance and you are interested in the RC, please download the RC from your Customer Portal..

For those of you not familiar with Google Fusion, it's the latest (beta) data visualization tool to come out of the Mountain View Chocolate Factory. Among other things, it can make some pretty awesome charts and maps.

Since we here at SolarWinds subscribe to all sorts of geekery, we thought it only fitting to pump our topology and dependency data into it and see what came out. As you can see from the video below, the results are pretty awesome.


So how does one go about creating such a cool map and putting it in NPM?


First, you'll need the SolarWinds SDK installed (


Then open SWQL Studio and attach to SWISv3 with your Orion Credentials.

For topology data, use the below query:



SELECT d.Caption AS DestCaption, s.Caption AS SrcCaption FROM Orion.TopologyData t

JOIN Orion.Nodes s ON s.NodeID = t.SrcNodeID

JOIN Orion.Nodes d ON d.NodeID = t.DestNodeID




For Dependencies, you would use the below query:



SELECT dp.ParentDisplayName, dc.ChildDisplayName



SELECT d.DependencyID, d.ParentUri, p.DisplayName AS ParentDisplayName

FROM Orion.Dependencies d

JOIN System.ManagedEntity p ON p.Uri = d.ParentUri

) dp



SELECT d.DependencyID, d.ChildUri, c.DisplayName AS ChildDisplayName

FROM Orion.Dependencies d

JOIN System.ManagedEntity c ON c.Uri = d.ChildUri

) dc ON dp.DependencyID = dc.DependencyID





Right click on the results and save as a CSV file to your local hard drive.


Now let's go over to Google and search for "Fusion Table"


Select "Create" (you may need to login with your Google account credentials)

Select "Choose File" and select the file you have saved from SWQL Studio and click Next.

























Take a moment to admire your data, and click Next then Finish.

See your data in the Fusion Table?










































Network_Graph.pngOn the "Help" Menu  Select "Switch to Classic View".  You should now see the "Labs" menu option

From the "Labs" menu, select "Network graph", and you should now see your beautiful map.



















Click on the "Get embeddable code" button and select the "Change Visibility" link


































Select "Anyone with the link". Click "Save"

Change the Height and Width to your desired size.  This size will need to be smaller than your column width in your Orion Page you will be putting the resource on minus about 50 pixels.  So if my Orion page column in 850, then I set 800 Width here.

Copy the "Paste HTML to embed in website" text.  Keep in your clip board for future use

Go to NPM, navigate to the page you want to place your Fusion Graph Map on.

From here it's a simple process of creating a Custom HTML resource. This has been covered previously here:

Once complete, get ready to impress your friends, family, and co-workers. Well, perhaps not, but you likely won't be able to stop playing with the new map.

Filter Blog

By date:
By tag: