1 14 15 16 17 18 Previous Next

Product Blog

615 posts

We know that IP Address Management is more and more important because networks became much more flexible, dynamic and people are used to bringing their own devices into corporate networks. If you've seen your What we are working on after 3.1, you won't be surprised that the new IPAM 4.0 beta contains support for BIND DNS, active detection of IP Address conflicts and better integration with User Device Tracker.


Active IP Address conflict detection

IP Address conflict is a typical nightmare of admins. IP Address conflict occurs if there are two or more devices in your network and have the same IP Address configured.



This is an issue that could arise on devices across any operating system that connects to a local area network (LAN) across any operating system, wired or wireless.


What problems may IP Address conflict cause?

Primarily network connectivity issues. Impacted machines are loosing internet access or general network connectivity until the conflict is resolved. It can impact laptop, VoIP phone or application server.


What causes IP Address conflicts?

There are three typical scenarios:


  • Bring Your Own Device phenomenon

    Typically happens when you bring your laptop or tablet from home to the work and you still have the "home" IP address assigned which can cause collisions within corporate network. It's also typical for business trips when you got assigned static IP in the hotel and then you come back to work. It may also occur in Virtualized environments like spin up VM clone in the same subnet when virtual machine has a statically assigned IP.

  • DHCP servers & their configuration

    Two DHCP servers are managing the same IP subnet/segment with overlapping IP addresses and DHCP server doesn't check the network IP status (IP used or not). IP address conflict happens when one machine already has a DHCP address assigned from the first DHCP server and another device is given the same IP address from secondary DHCP server. This could be a typical problem in "load balancing" DHCP configurations.


  • Human mistakes during IP address assignments

    When admins do not use any IP address management tools it is so easy to assign already used IP address to the new device on the network.


How to manually solve IP address problem?

First, you need to know who caused the conflict and find the MAC addresses that are in conflict. If you have such possibility, unplug device which should have correct IP address. Then use 3rd machine within the subnet to PING the IP address in conflict. Use "ping -a x.x.x.x in order to get two important values. First DNS name of machine which causing the conflict, second TTL value, which may help you to identify operating system. For example Windows has typical TTL 128, Linux may have TTL 64. You may find the whole list here.


It may happen that there is no device name provided or ICMP protocol is blocked by firewall. In this case, you may use "arp -a" command and list MAC address assignment for your IP address:


MAC address is useful information, because you may identify the vendor of that device. MAC address are unique and each vendor has the first three octets of MAC are reserved for identification. You may find the MAC vendor pre-fixes list here.


With MAC address information, you may do go to the switch and block related port, or block that MAC on your wireless router/AP and let origin device to use its IP address.

How to solve IP address conflict with IPAM 4.0 Beta?


As I stated above, IPAM 4.0 can now actively detect IP address conflict. We primarily focused on alerting and information about MAC addresses which is a key-point information for conflict troubleshooting. IPAM actively scans the network and if it detects duplicate static IP assignment or duplicate IP provisioning form DHCP server, it will trigger an alert with conflict information:


Once you see IP Address in conflict, simply click on the IP or MAC address info in the alert message and it will take you to the IP address detail page, where you may see MAC address assignment history. Another IPAM 4.0 improvement is better integration with UDT product. So you may directly see device & port where are machines connected.


You may use IPAM Message Center too and get all history of IP Address conflicts:



As you see, you no longer need to use multiple commands via CLI or use 3rd machine to ping who is IP address in collision. More than that, you can see connectivity details including port and user information on one screen. Now you can use for example NPM which can remotely shut-down interface and disconnect the device from the network, or simply connect to the switch and block that port via CLI. Also, because IPAM uses alerting engine you should get IP address information before impacted person creates IT ticket (which will take some time while disconnected from network)


BIND DNS Monitoring & Management


BIND DNS is one of the most used DNS solutions. IPAM 4.0 now adds support for monitoring and management of BIND DNS services on Linux. You can now manage your Microsoft DNS and BIND DNS via one web-console. IPAM supports all important DNS tasks like automatic monitoring and management of DNS zones, two-way synchronization of DNS records and DNS server availability.

If you want to add your BIND DNS server into IPAM use short wizard that will lead you through the process of addition. When added in IPAM, it will sync and import actual BIND DNS configuration and then you can monitor or manage zones & DNS records:

addBind.png Bind DNS.png

BIND Zones.png


IPAM 4.0 Beta is ready to be tested. All users under active IPAM maintenance may get Beta build and try it for free on non-production environment. If you would like to try it, simply fill this IPAM Beta Agreement.

As always, we also have Thwack IPAM Beta forum and it would be great to get your feedback there.



We have officially reached Release Candidate (RC) status for NTM 1.0.10. RC is the last step before general availability and is a chance for existing customers to get the newest functionality for NTM before it is available to everyone else.

NTM 1.0.1 includes some customer requests as well as several bug fixes. Here is a list of the features included in 1.0.10


  • NTM is unresponsive during discovery. (case 225201, 218320)
  • NTM returns an internal error when a Seed device is entered for scanning (case 215087)
  • SNMP Credentials test now checks for v1 and v2.
  • NTM now exports to Microsoft Visio 2013
  • Displays & searches all IP Addresses of nodes.
  • NTM now displays 10Gb Link Speed connections.
  • Improvements in reporting, order of tabular report columns adjustable & now showing enumerated values in the Switch port Report.
  • It is now possible to cancel a WMI credentials test.
  • Evaluation Map can be exported to Microsoft Visio with restrictions.


RC builds are made available to existing customers prior to the formal release. These are used to get customer feedback in production environments and are fully supported.

Below are some screenshots to see the new features of Network Topology Mapper. But if you really want to see more, download this latest version from your SolarWinds Customer Portal.


Connection Display Options – Showing 1-10 Gbps & >10 Gbps link Speed lines


A new 10Gbps connection line is now available on NTM maps.



Display & Searches alternative IP Addresses of nodes.


Nodes with multiple IP Addresses can now be displayed on the map, by hovering over the node and right click node details.

One can also search multiple IP Addresses using the Search bar. (make sure IP address is ticked, under Node Display options)




Improvements in Reporting.


The order of the columns in the reports can now be moved and adjusted accordingly. In the STP report, the Spanning Tree State shows enumerated STP state and 2 new columns are added to the report. Namely, Designated Root & Bridge.


...and avoid mistakes when updating your configurations.

When performing an address change on your servers (e.g. due to reorganization of your data centers, virtualization, consolidation...), you will have to reflect these changes in your firewall configurations. Depending on how large and numerous your firewall configurations are, locating the firewall(s) to change and finding the places in their configuration that need updating, can be tedious and error prone.


This blog reflects a fairly frequent real-life use case, and explains how FSM - Firewall Security Manager - can help making these changes quickly and safely, by double checking them before they are put in production.

The concrete example will be to detect where to make changes so that the IP of 2 servers can be changed for the new addresses:, while keeping the protection of your firewalls in place.


Finding the firewalls impacted by the change

The Query/Search Rules function searches in the configurations of your firewalls, even within subnet masks. Note that a simple text search in your configs will usually not be efficient because a) it would not find the address you are looking for, within a subnet definition and b) searching on the beginning of the address, e.g. 192.168.253 could return 100's of hits in a real life config.

FSM Rule Query.PNG

The blue window shows how to define the query.

Note that in order to avoid finding all the rules that have ANY in the searched parameters, check the box at the bottom of the window.

Then select all firewalls in your inventory (left portion of the pain window) and run the query.

We recommend saving it before the run (notice the Saved Queries tab at the bottom left corner)


FSM finds the impacted firewalls, and the objects to modify in their configurations

FSM Rule Query finds impacted firewalls and objects.PNG

The result will show up in a new tab on the right, and will contain one sub-tab per firewall vendor that contains the searched address. In this example, we will focus on the Cisco Firewalls tab, but in reality, you would have to check all vendor tabs.

In this example, the Cisco firewall HV-FW-01 contains a destination network object called Servers_in_Public_DMZ (used in a rule that appears in config line #570) that refers to 2 addresses that we are trying to change: .34 and .35.

The statement to change is, that "contains" .34 and .35


Preparing the change by using the Change Modeling session

A change modeling session is a very convenient feature that creates a safe environment (basically a copy of your production configurations) that you can use for all your tests and changes, without affecting your production configs.

Select the impacted firewall(s) that you identified with the above steps and click Analyze Change / New Change Modeling Session, and name your session (e.g. Server IP Change session)

FSM Change modeling session.PNG

Notice the new TAB on the right (this is your testing environment), that contains a copy of the config tile (config.txt), routing tables, and the tools available to test your changes (icons on the right)


Performing the changes

Double click on the config.txt to open a text editor that you will use to modify the configuration.

Search (CTRL F) for the impacted network object: "Servers_in_Public_DMZ" and modify this section:


object-group network Servers_in_Public_DMZ

network-object host




as follows:

object-group network Servers_in_Public_DMZ

network-object host





Then save your new config.

At this point you have impacted the copy of the config that sits in the Change Modeling Session, but not the main version of the config within FSM.


Verifying that the changes are valid

You have several tools available, that you can launch via the icons on the right, to test the impact that you have made with your change.

In essence, all these tools highlight the differences between the main and copied/modified versions of the versions.


We will focus here on the Compare Rule/Object tool.

The result is an Excel report that is generated within the Change modeling session:

FSM Change modeling session details.PNG

Open the report and look at the different tabs:

  • Rule Compare reminds you of the change that has been performed at the rule level (on line 570, an ACL statement is impacted because the destination Servers_in_Public_DMZ has changed)

FSM Change modeling session details - Rulle diff.PNG

  • Network Object Compare highlights the changes that happened to the modified Network Object: Servers_In_Public_DMZ in this example. Red denotes removed lines and green is used for added ones.

FSM Change modeling session details - Object diff.PNG

  • Traffic Flow Compare confirms that you have removed and added the expected traffic, so the traffic to the new server, after the IP address change, remains unchanged

FSM Change modeling session details - Flow diff.PNG

You can find more about this report here.

Putting these changes in production

Now that you are comfortable with these changes, click on the Generate Change Scripts tool on the right side of the Change Modeling Session window.

FSM Change modeling session details - Script.PNG

Here is what the generated script looks like, in this example:


!-- Object <Servers_in_Public_DMZ> Change summary

!-- Modified object

!-- Deleted member

!-- Added member

!-- Added member

!-- Added member

object-group network Servers_in_Public_DMZ




no network-object

!-- ACL Rule Change summary

!-- Modified rule

!-- Modified destination Servers_in_Public_DMZ

!-- No change command needed as this is an indirect change caused by modifications to object/object groups used in the ACE.

!-- access-list outbound extended permit tcp object-group DM_INLINE_NETWORK_14 object-group Servers_in_Public_DMZ object-group DM_INLINE_TCP_3


After you review the proposed changes, you are ready to put them into production by executing these commands in the firewall console

If this device was managed by NCM (not the case in this example), you can actually execute the script via NCM (right click menu Execute Script), so you don't even have to connect to the device console (NCM does it for you)

FSM Change modeling session details - Script exec.PNG


You can then use this button to update the configuration into FSM, from whatever source it was taken from - NCM or the device itself - and make sure that your changes were taken into account.

FSM Update configs.PNG


I hope that was helpful and would really welcome reading your FSM use cases - does not have to be that detailed :-) .

[thanks to Lan Li, FSM dev, for his contribution]

As anyone who's been regularly following the thwack blogosphere might tell you, SolarWinds Server & Application Monitor (SAM) has an impressive track record of packing a ton of really great features into each and every release; and SAM 6.0 is no exception. In fact, some might argue that we're upping the ante with this release to a whole new level. And to any naysayers amongst you I say, you ain't seen nothing yet.


No different than in previous releases, SAM's elite army of robot zombie developers have been diligently and tirelessly working on a lengthy list of new features and improvements for this SAM 6.0 release, some of which are now ready for beta testing. If you would like to participate in the SAM 6.0 beta and begin playing with some of the new features, the process is very simple; sign-up here. The only requirement is that you must be an existing Server & Application Monitor product owner under active maintenance.


Real-Time Windows Event Log Viewer


Regardless of whether you're new to systems management, or you're a war torn veteran with the battle scars to prove it, most likely the first place you turn whenever trouble starts brewing in your Windows environment is the Windows Event Log. Whether it's application exceptions, user lockouts, failed backups, services stopping, or anything else that happens to go bump in the night, your first clue as to what went wrong, and when, can almost always be found in your tried and true Windows Event Log.


However, until now, your only recourse for pouring through the mountain of events in the Windows Event Log has been to either Remote Desktop (RDP) into your server to open the Windows Event Log Viewer locally, or launch the Windows Event Log Viewer on your workstation and connect to the servers Event Log remotely. Both of these options introduce needless additional steps and precious time wasted when trying to quickly troubleshoot the root cause of the issue. Neither of these options allow you to proactively monitor for these kinds of events in the future, should they occur.


In SAM 6.0 we wanted to bring the same power to your fingertips that we provide with the Real-Time Process Explorer and Windows Service Control Manager, to the Windows Event Log. To that end, the Real-Time Windows Event Log Viewer was born. Found in the Management resource on the Node Details view, the Real-Time Windows Event Log Viewer allows you to browse through all the events in your Event Log, as well as filter for specific events in a particular log. You can filter based on event severity, such as Error, Warning, Information, etc.  You can also filter on Event Source to quickly isolate the specific event(s) you're looking for.

Real-Time Windows Event Log Forwarder.png

Once zeroed in on the event(s) you're interested in, you can click on the event itself to see the full details of the event, including the full message details. Want to be alerted if this event occurs again in the future? No problem. Simply click Start Monitoring and you will be walked through a wizard for creating a Windows Event Log Monitor and assigning it to a new or existing Application Template. It's just that easy.


Asset Inventory

Ok, I know what you're going to say. Inventory collection and reporting is neither cool nor exciting. I get it. However, regardless of your environment size, keeping an up-to-date inventory is a necessary evil normally required by the accounting department or upper management for asset depreciation tracking, insurance purposes, and/or lifecycle management and renewal. It's normally an arduous annual or quarterly task that involves a tremendous amount of manual labor to compile, and has questionable value beyond satisfying those higher up the ladder.


In SAM 6.0 we strived to make inventory data not only valuable to upper management, but also those responsible for managing and maintaining the infrastructure. Expanding beyond the typical fixed asset information required by the business, SAM 6.0 allows you to answer key IT questions that help drive your business decisions. Whether you're constantly running low on memory in your server and need to know if you have any free slots for additional RAM, or need to report on software installed for license compliance or security purposes, SAM has you covered. Has your vendor notified you of a major issue identified in a specific driver or version of firmware? With SAM 6.0 you can easily see which machines are affected.

Inventory List Resource.png


You can enable Asset Inventory collection for a node by clicking List Resources from the Management resource of the Node Details view. It will also appear listed when adding the node through the Add Node Wizard. To enable collection, simply check the box next to Asset Inventory as depicted in the image on the left. Click submit to save your changes and inventory data for that node will collected.

Asset Inventory collection can be enabled for both physical and virtual assets alike, and functions independently of Hardware Health monitoring, or any other status monitoring for that matter. That means you don't need to monitor your volumes or interfaces for them to be included as part of an inventory report.


Asset Inventory collection can be enabled for any Windows host managed in SAM, including Windows servers and workstations. Stay tuned for more information on inventory collection for Linux/Unix and VMware hosts.

Once Asset Inventory has been enabled for the node, you will find a new Asset Inventory sub-view that appears on the Node Details view for that node. Clicking on the Asset Inventory sub-view tab takes you to a dedicated asset inventory view which includes all relevant inventory data collected for that node.

When you access the Asset Inventory sub-view you may at first be overwhelmed by the sheer volume of information being collected. Fortunately all this information is logically categorized and grouped together into independent resources that can be moved or copied to the Node Details view, or any other node based sub-view if you desire.


Anyone who's Polling Engine capacity is teetering dangerously on the edge might be worried what kind of load all this newly collected inventory information is going to place on their poller. Fortunately inventory data doesn't need to be collected with the same degree of regularity as status information. As such, Asset inventory collection by default occurs only once a day, but can be configured to occur weekly, bi-weekly, or even monthly depending on your needs.


Concerned about licensing? Don't be. Asset Inventory Collection is not licensed separately, and does not count against your SAM component monitor licenses. It's included as part of the Node License. 

Graphics and Audio.png

Asset Inventory Subview.png


Below are just a few examples of some of the new Asset inventory resources contained in this view. If you'd like to check them out for yourself in your own environment I encourage you to sign-up here to download the SAM 6.0 beta. We'd love your feedback!

New Asset Inventory Resources



Memory Modules.png
Software Inventory
Software Inventory.png
Logical Volumes
Logical Volumes.png
Network Interfaces
Network interfaces.png
Removable Media
Removeable Media.png

Recently, we’ve heard from Solarwinds Network Topology Mapper (NTM) users with large networks, that performance during the discovery process is a bit sluggish. How can we improve it?  To answer that question, one must understand how the NTM discovery engine works and what goes on behind the scenes before displaying the network diagram.


NTM includes a sophisticated multi-level discovery engine, which uses a combination of protocols and goes through 3 distinct phases in order to discover every node on a network and to produce a highly accurate map.


1. The Node Detection Phase: Uses a combination of ICMP, SNMP and WMI Protocols to detect devices.

2. The Polling Phase: Uses a Poller to collect connection data using CDP, LLDP, Bridge table and also STP to detect the role of each node.

3. The Calculation Phase: Uses complex algorithm to calculate connectivity between nodes.


The completion of these 3 phases of the discovery process can be slowed down by a number of factors. Primarily these:


  • The size of the network being scanned
  • The choice of node detection protocols used for the scan
  • The number of hops specified for the scan
  • Where the scan is being performed from


With all of that in mind, we have compiled the following recommendations to help you improve the performance of NTM as it discovers devices on your network.

1. Think small – The tendency of most users of NTM is to try discovering their entire network on the 1st scan. The drawback here is, if you have a network with 1200+ nodes you are in for a long wait and at the end of it, the map might look very cluttered. The smaller the range you define to scan, the faster you’ll receive the results and the easier it will be to interpret them. We recommend discovering Class C networks in at least 2 separate scans.


2. Credentials priority - The credentials most commonly used should be at the top of the list, be it SNMP, WMI or VMWare. Performing this simple activity will help enhance the discovery. Also, note that the more credentials there are the longer discovery will take so don’t use any unnecessary credentials.

add this 1 2 AM.png

3. Zero Hop Discovery - As you work your way through the discovery wizard, you will notice that you are prompted to provide the number of hops you wish to use during the scan.  We recommend using 0 hops unless you are not finding all of your expected devices. The more hops the scan goes through, the longer it takes and 0 usually gets them all.

add this 1 AM.png

4. Scanning Location – Scanning with NTM from within the same Management VLAN of your network can improve the speed of the discovery process significantly. This will reduce polling timeouts compared to scanning over VPN, dial-up or routing through another network.


5. Evening/Weekend Scanning - If you manage a very large network or you see your network growing in the coming months, it would be best to run the discovery process during evening hours or on weekends and have your map ready for Monday morning.  The key to this is making sure you have entered the proper credentials into the discovery wizard.  Make sure to test your credentials before beginning the discovery process and leaving the building.


And that's pretty much sums it up. Hope that it makes the discovery & mapping of your network a little bit easier.

We have officially reached Release Candidate (RC) status for User Device Tracker 3.0. RC is the last step before general availability and is a chance for existing customers to get the newest functionality for user device tracking and capacity planning before it is available to everyone else.


Here is the content of this RC version:

  • Whitelisting – Set up a white list of devices based on MAC address, IP address, or hostname.
  • Trap notifications - Get connectivity information in "real time"; receive an alert when a device not on whitelist connects to the network.
  • Watch List - Add users to the Watch List.
  • Domain Controller Wizard - Facilitate collection of user login information by configuring appropriate logging level on Windows® servers.
  • Virtual Route and Forwarding (VRF) - Polls devices for VRF data.
  • Alerts - Get an alert when an endpoint port changes.
  • Reports - See a report on Wireless Endpoints.
  • Groups - Add UDT ports to groups.
  • Port Shutdown - Remotely shutdown a compromised device port.

More details and screenshots can be found in the UDT 3.0 beta blog post.


RC builds are made available to existing customers prior to the formal release. These are used to get customer feedback in production environments and are fully supported. If you have any questions, I encourage you to leverage the UDT RC forum on thwack.


You will find the latest version on your customer portal in the Release Candidate section. Please note that you will need to activate this RC build using a temporary RC key that you can also find on your customer portal (Licensing and Maintenance – License Management). This temporary key will be replaced with a regular license key after official release of UDT v3.0.

Message was edited by: Jiri Cvachovec

We have just released UDT v3.0 RC2. You can find it on your customer portal. (Note: The downloaded package may say RC1 but the content is actually RC2.)


  • A confirmation dialog pops up when user tries to shut down a port.
  • Only users with nodes management rights can shut down ports.
  • A few bugs fixed.

Over the coming weeks I will be posting a series of blog posts on common misconception, questions, issues etc. that I have run into over the years that we have been offering the Failover Engine.  The most common question I do get asked is "what exactly is the difference between high availability vs. disaster recovery".


I will provide a more in depth explanation below, but the best and quickest way to remember this is:

  • High Availability = LAN
  • Disaster Recovery = WAN

Some groundwork before I jump into the more in depth explanation, the Failover Engine works in a Active-Passive setup, meaning only one server has the SolarWinds services started and running.  The Failover Engine is not an Active-Active solution, meaning both servers have the SolarWinds services started and running.  With that in mind, for this post I will refer to each server as the following

  • Primary or Active server = SolarWinds services are active and running
  • Secondary or Passive server = SolarWinds services are not active and running


High Availability

As also illustrated below in the first image, the High Availability (HA) role is normally deployed in a LAN where communications are configured with the Public IP Address being shared by both the active/primary and passive/secondary servers. The active/primary server makes the Public IP visible and available to the network while the passive/secondary server leverages a packet filter installed by the Failover Engine on to hide the server and prevent network access since two machines with the same IP cannot be on the network at the same time.

In the event of a failure on the active/primary server the packet filter is removed from the passive/secondary server making it now assume the role as the active/primary server while simultaneously adding the packet filter to the server that was originally the active/primary server making it the passive/secondary server. Since both servers are sharing the Public IP address, DNS updating is not required.



Disaster Recovery:

When deployed in a Disaster Recovery role, the active/primary server and the passive/secondary server operates over a Wide Area Network (WAN) in different subnets. As a result, the active/primary and passive/secondary servers are configured with different Public IP addresses. In the event of a failover, the Failover Engine automatically updates DNS with the IP address of passive/secondary, so to the end users they just continue to access the SolarWinds server with the same DNS name they always use.


Any questions or comments, please ask in the comment section.

SolarWinds recently acquired a set of products that provide a self-hosted solution for securely transferring files both within and outside the the corporate firewall.  These products provide a secure alternative to cloud-based solutions like Dropbox.  "But Dropbox is so convenient and easy to use," you say.  Read on.


Dropbox has had its fair share of issues over the past couple of years, shining a big, ugly spotlight on security vulnerabilities with respect to sensitive customer data.  First of all, the exposure to potential security risks and service disruption from Dropbox is enormous.   According to a recent survey of 1300 business users, one in five are using Dropbox to transfer corporate files, effectively circumventing any safeguards their IT departments have put in place with respect to file transfers.  In August of last year, usernames and passwords of Dropbox accounts were compromised that resulted in a spamming campaign to a number of Dropbox users.  Unfortunately for Dropbox, this isn't the first time something like this has happened.  Another breach occurred in June of 2011 that was the result of a breakdown in the service's authentication software, exposing accounts without requiring proper authentication for a period of time.  If the security issues aren't scary enough, the service was completely unavailable for a period of time in January of this year.


These breaches beg a fundamental question to be answered when assessing a cloud-based versus a self-hosted solution for securely transferring files: is the cloud secure enough for the needs of my business?  The cloud certainly provides a valuable level of convenience and simplicity that's just fine for most individual consumer users, but it's evident that this convenience has a cost in terms of security.  Businesses, both large and small, often have stricter security requirements around file transfers and the users participating in those transfers that a cloud-based solution won't be able to provide.  When it comes to sensitive and confidential files, convenience is nice, but security is a must-have.



There is a Better Way


FTP Voyager is a free FTP client that supports a number of different protocols for secure file transfer.  Serv-U MFT Server is a managed file transfer server that provides a secure alternative to the cloud-based solutions for transferring files inside and outside the enterprise.  Let's take a look at some of the security based features and protocols that these products provide.


In addition to FTP, FTP Voyager supports both the FTPS and SFTP protocols.  This includes strong authentication with both X.509 client certifications and public key authentication.  FTP Voyager uses cryptography that has been FIPS 140-2 validated by NIST, and Voyager has been granted the Certificate of Networthiness by the US Army.



Like FTP Voyager, Serv-U MFT Server supports the FTPS and SFTP protocols.  It also supports secure file transfers through a web browser or from a mobile device (iPad, iPhone, Android, Kindle Fire) via HTTPS.  Serv-U MFT Server also provides a number of different user management options, including the ability to authenticate against Active Directory.



Serv-U also provides a number of encryption options for transferring files.  Individual ciphers and MACs can be enabled or disabled based on your specific security requirements.  Serv-U also provides the ability to run in FIPS-140-2 mode.

Serv-U Encryption Settings.png


A separate module called the Serv-U Gateway provides reverse proxy capabilities, preventing data from ever being at rest in your DMZ or opening connections directly from the DMZ to your internal network.  Using Serv-U MFT Server in conjunction with the Serv-U Gateway provides an architecture that is PCI DSS 2.0 compliant as well as satisfying other high security requirements.  See reference architecture below for an example.



You don't have to be a conspiracy theorist or even a security expert to have legitimate concerns about your data in the cloud.  Sometimes the nature of the data being transferred warrants consideration of a level of security that cloud-based solutions simply can't provide.  While Dropbox has made managed file transfer more accessible, it can introduce unnecessary risks to your organization.  FTP Voyager and Serv-U MFT Server provide secure alternatives to cloud-based solutions, giving you the best of both worlds.  For more information on Serv-U you can check out some of our videos here.  You can also find a number of security-focused knowledge base articles here.

This is the first post in a series on how to get the most out of Web Performance Monitor. WPM is a powerful tool with some very useful features that might not be so obvious.


When you are making a recording in WPM, you may notice that everything was recorded without issue, but when played back the transaction always fails. Why is that? Most often the culprit is a JavaScript action which did not fire when played back. Everything works just fine in your browser, but for some reason the transaction always fails in the WPM player.

Imagine the simple case of a menu dropdown which is effectively a hidden element on a website. There are web pages which load such menus dynamically, so it’s impossible to locate that element on the page before you trigger the appropriate JavaScript handler. Another example is a dynamically generated ID for an HTML element like menu items. It’s always different, making it impossible to reference.

How can we go about recording edge cases like these in Web Performance Monitor? Let’s take a look.

One way to address this problem is to use your keyboard for navigation instead of the mouse. Try using the tab or arrow keys to move around the page and use the space bar to select and de-select checkboxes. This way, instead of WPM referencing static element IDs, you can navigate to the correct element with a series of key strokes.

In the case where you are testing the general availability of the website or application versus specific features or links on a page, consider using alternative navigation paths to reach the page you want. It is often the case that certain pages are navigable from multiple points on the website. Use the simplest way to reach a page or do an action, especially if it’s not necessary to test a navigation option that requires JavaScript.

On the following screenshot you can see examples of three different links to the Solution Finder on www.solarwinds.com. There are two static links directly on the web page (marked in yellow) and one through a dynamic JavaScript menu (marked in blue).


Another option is to leverage native keyboard commands supported by some applications. For example, Gmail supports keyboards shortcuts like “c” to compose a new message, “r” to reply to a message or “e” to archive it. WPM normally records only keyboard actions related to forms and navigation around forms, so you might need to enable XY mode to record all of your keyboard actions and thus these keyboards commands. We will talk more about XY mode later.

Another option which might make your life easier is a neat trick with using “ctrl-shift” during your recording. If you hold these keys during your recording, WPM will record extra steps like mouse-over or mouse-down, helping you to record the display and subsequent click of menu items. WPM doesn’t normally record all possible events on the webpage. This is to prevent unnecessarily long recordings in most cases; however, sometimes you’ll actually want all steps recorded and using this keyboard combination allows for that.

On the screenshot below you can see actions that are recorded using ctrl-shift while randomly wandering around the main Google page with the cursor.


If all else fails, use XY mode. XY mode simulates mouse actions at the operating system level (as mentioned another characteristic of XY mode is, that it also records all keyboard actions). Because of this, there is no feedback to WPM that the mouse action actually worked. Therefore, always combine XY mode with some other validation (textual or image validation) on the page. XY mode will send mouse click actions to the defined absolute coordinates and thus helps you if for whatever reason JavaScript actions are not firing. Because XY mode uses absolute coordinates and webpages are constantly changing, elements on the page can often move so it's safer to avoid XY mode until you’ve exhausted other options. Your transactions will be more stable and easier to maintain.


WPM records all of the actions you make in the browser, intentional or not. In addition, user navigation on the webpage isn’t mechanically precise. Users can wander around the page with a cursor, or unintentionally point to various objects, all of which can trigger actions that you may not want to be recorded by WPM. All of that noise is later played back every time WPM interacts with the application.

This can of course cause prolonged response times. These types of recordings are also more prone to failures. In addition, webpages change over time, making it harder to maintain your recordings.

On the next screenshot you can see that I only moved the cursor over a menu dropdown on www.solarwinds.com and it generated several other mouse over events.



For these reason it is best to keep your transactions minimalistic and clean. Use only actions which are necessary to verify the application is up and that the monitored functionality works. To keep your recording clean, either re-record it a few times until you find an ideal set of user actions, or manually remove and modify any recorded steps that need it.

In the next post we will look at how to master using WPM remote players and share some more tips and tricks on how to create more stable recordings.



I have had number of customer interviews lately and the most common question which arises quite often is, I have Orion Network Atlas why do I need another network mapping software?

To answer this question, we got to understand what use-cases these two applications solves.

Orion Network Atlas

Is a powerful tool built for creating custom network maps and diagram. It is a semi-manual network diagramming software which allows users to design and draw physical & logical topology diagrams by manually placing discovered nodes on to the map canvas. Using the Connect Now button the application automatically draw connections between the nodes.

SolarWinds Network Topology Mapper

Is an automated Network Mapping software. The software is built to create dynamic topology diagrams/maps by using its powerful auto-discovery engine. It can automatically discover, map, provide inventory and document your specific network environment. Network Topology Mapper is a replacement to its earlier network mapping application called LANSurveyor


With Network Performance Monitor (NPM) one monitors key devices, interfaces, etc. and not every single object in your environment. But, maybe you want a complete topology map of your network environment (example: Workstations, Printers, Hubs etc) for documentation purposes or to know what’s on your network and represent those devices on you Orion Web console, without actively monitoring them. With the combination of SolarWinds Network Topology Mapper (NTM) and Orion Network Performance Monitor (NPM), now you can have your cake and eat it too!


Network Topology Mapper has the capability of exporting the network diagram it has discovered and rendered to Network Atlas and Vice Versa. Once imported, the user has the choice to add the nodes identified in NTM into the Orion database or simply display the identified nodes. The application, provides two ways to export your maps/diagrams into Network Atlas

  • One-Time Export: You can easily export your discovered map to Network Atlas using the following flow File – Export – Network Atlas. Choose from
    • Open directly in Network Atlas – This function will trigger the launch of Network Atlas in the background
    • Export as a Map – Choose this option if you want to save the map and bring it up into Network Atlas at a later stage.

        Note: For both these choices there is a need to save the map first and an option to secure your map by a password.


  • Schedule Export: Users can also schedule the export of NTM Maps into Network Atlas, there by staying ahead of network changes in your environment. In order to enable the scheduling function, setup the scheduling frequency in the Network Discovery Scan Wizard.


Choose on how you want to save the discovered results to bring up the map in Network Atlas. The available choices are


  • Automatically merge results with a map – This option will always merge the new discovered data with the old.
  • Manually select results to merge with a map - Users will need to choose the required map(s) to be displayed into Network Atlas from the available completed scans.
  • Save results as a new map – There will always be a new map created and saved with time-stamps.


Next, make sure Keep Network Atlas updated with these discovery results is ticked ON. Enter your Orion Server log-in details (where your active Network Atlas resides), make sure to test the credentials and hit the Set button. Hit on the  discover or update button to complete the wizard.



Open or Connect to Orion Network Atlas. An automatic map import window opens, choose the desired map file(s) from the list to be imported . Once completed, Network Atlas will pop up with a notification message informing you of how many objects are new to the Orion database (if any) and if you want to discover them.



If clicked Yes, Orion discovery will run. Upon completion the gathered data will be stored into the Orion database and these new identified objects will be actively monitored. If No, is chosen the nodes will be represented as unknown nodes into the Orion database.


I have a written a blog post on the subject How NTM integrates with Engineers Toolset, you can find more here. One can also call 3rd Party tools into the application. This integration, brings with it the advantage of troubleshooting and diagnosing problem on your network using network diagrams.



With just one-click, users can export their currently displayed network diagram to Microsoft Visio. From there on, the Visio file can be exported as a publication on to the Web.

The following Microsoft Visio versions are supported 2003, 2007, 2010 and 2013.

To receive updates on the Virtualization Manager  roadmap, JOIN thwack and BOOKMARK this page.

We are currently working on Virtualization Manager 6.1 and beyond.  Some of the items we hope to deliver:


Disclaimer:  Comments given in this forum should not be interpreted as a commitment that SolarWinds will deliver any specific feature in any particular time frame. All discussions of future plans or product roadmaps are base on the product teams intentions, but those plans can change at any time.


If you don't see what you are looking for here, you can always add your idea(s) and vote on features in our Virtualization Manager Feature Requests forum.

Wow, 2013 is flying by. It's already March, which means that SxSW is in full swing here in Austin, TX. The SxSW Interactive conference has grown into quite the major tech event and you can't swing a dead cat around here without hitting a budding entrepreneur trying to get you to download their super-cool new consumer mobile app in order to get into their party with free beer, food, and prizes (tough life, I know). Well, who says that the consumer market gets to have all the fun?!? SolarWinds has one of the best enterprise mobile apps around in Mobile Admin and I'm here to give you the low-down on some nifty features that you might not know about otherwise. (Sorry, no free beer in this article.)


Free Mobile Monitor for NPM or SAM


While I did just say no free beer, that doesn't mean that I would leave you without something fantastic to brag about to your friends. Just over a month ago, we launched Free Mobile Monitor for NPM or SAM which is a slimmed down version of Mobile Admin just for our SolarWinds NPM and SAM customers. The NPM integration and SAM integration with Mobile Admin have been covered in previous Product Blogs, so I won't go into detail here. However, from Mobile Admin, for both NPM and SAM, you can see Top 10 lists, receive and acknowledge alerts, manage and unmanage nodes, and more. This free product has been downloaded thousands of times already and is available in the Customer Portal, so get in on the action! Did I mention it's Free?!?



Mobile Admin Deployment and You


Mobile Admin has a Mobile Client, which you install on your smartphone or tablet, and a Mobile Admin Server, setup behind your firewall or in your network's DMZ so it has access your back-end IT infrastructure. To illustrate the point, here is a basic diagram of how a standard Mobile Admin deployment looks (Note: your deployment may differ, for example, a BlackBerry Enterprise Server is not required):




With this deployment architecture, Mobile Admin allows you to carry your IT infrastructure with you in your pocket, allowing you to resolve problems on-the-go, wherever you may be. Whether you have to reset an Active Directory password for a locked out VP at 3AM or SSH into your Cisco router to troubleshoot from the road (as a passenger!) or much more, Mobile Admin can help. But getting it setup for you and your team is the first step.


Users, Hosts, and Global Folders - Oh My!


Say your the lucky devil who gets to setup and deploy Mobile Admin for the rest of your on-call rotation team. We've given you some tools to help make this easy to setup and deploy as possible. First, you have to know about the three main concepts in Mobile Admin.


  1. Users - The folks on your team. The guys doing the dirty work. The heros of the day, resetting passwords from the mobile phones without batting an eye (or leaving the dinner table).
  2. Hosts - Your servers, routers, switches. Things with an IP address and a power cable.
  3. Global Folders - You guessed it - Folders. But important for helping you to manage items #1 and #2.


Global Folders are very useful as you add users and servers to Mobile Admin. In your IT environment, you have tens, hundreds, or thousands of servers and other nodes in your environment you'd like to manage. Without some way to sort those, a flat list could get unwieldy pretty quickly. Folders not only let you sort your servers and nodes (e.g. Exchange Servers, Oracle DB Servers), but it also lets you assign users to these folders so that other users of Mobile Admin only have access to what they need or are authorized for.


Global Folders can be accessed from the Mobile Admin Configuration page. Once on the Configuration page, just select Global Folders, which will then display a list of all Global Folders you have currently defined on the Mobile Admin Server. As you can see in the screenshot below, I only have one folder, MyGlobalFolder, defined. I can add another folder by clicking on Add Folder, inputting a new folder name and voila!

3-13-2013 10-58-38 PM.png3-13-2013 10-59-35 PM.png3-13-2013 11-00-33 PM.png3-13-2013 11-00-53 PM.png

Now that my new Global Folder is created, it's simple to add hosts to the folder. Just click "Add Servers," multi-select which servers you'd like to add and your done.


3-13-2013 11-01-25 PM.png3-13-2013 11-05-24 PM.png


Now that I have my servers added to my Global Folder, I can select which users I want to have access to that Folder by clicking "Users" (which shows me there are currently no users assigned to this folder) and then "Add User." Select your users, like you did servers above and your done!

3-13-2013 11-07-36 PM.png3-13-2013 11-08-38 PM.png3-13-2013 11-09-36 PM.png



Mobile Admin Database Administration....with cheat codes


"Well, Balki, that's all well and good, but my environment has hundreds of nodes and tens of users, and there is no way I'm walking through that process hundreds of times" I can hear you say. Yep. Totally agree. If you've read this far, congratulations, you're about to get the prize. The Mobile Admin Dev team is all over it and Mobile Admin currently ships with a data import tool for exactly this process. What, you haven't seen it? Well, that's because it's buried in one of your install folders. <Program Files>\SolarWinds\Mobile Admin\bin\MAdbLoad to be exact. With this script you can automate all of the above steps en masse. How does it work, you say? Glad you asked:


Usage: MAdbLoad.exe [-clear] [-servers file] [-si n] [-sharedFolder name] [-users file] [-ui n] [-ubi n] [-uei n] [-udomain domain]

where file is the name of a comma separated file. Each line of the file represents a row of data for one server or user. Each row of data contains one or more comma separated fields, with the server or user name appearing in the same field on each row. If a value contains commas then it must be quoted. The command line specifies which field to get the server or user name from.


Explanation of options:

-clear Clears the current list of servers in mobile admin.  With no -clear specified, then servers are appended.

-servers Specifies a file of server names that will be loaded. If the servers file is a - character then standard input is read. The same CSV rules apply to standard input supplied data. Server names are stripped of all preceding and trailing white space.

-si Specifies the field number of the server name in the csv file with the first field being field 1. Defaults to 1.

-sharedFolder Specifies a name of a shared folder that the servers will assigned to.

    1. If the shared folder does not exist then it is created. Use double quotes if the shared folder name contains a space.

-users Specifies a file of users account names that will be either assigned to the shared folder if a share folder is specified or assigned to the servers in the server file. If a user is not a Mobile Admin user then it is added. If no users file is specified then the default is all users. The user Windows account name must be prepended with domain name that contains the Windows account name or the -udomain option must be used to specify the Windows account name domain.

-udomain Specifies a domain to prepend to all user Windows account names in the users file.

-ui Specifies the field number of the users name in the CSV file with the first field being field 1. Defaults to 1.

-ubi Specifies the number of lines to ignore at the beginning of the users file. Defaults to 0.

-uei Specifies the number of lines to ignore at the of the users file. Defaults to 0.

-v Prints the version. An attempt to log into the database is also performed, useful for checking database credentials.


Here are several examples of using the script to demonstrate:


madbload.exe -clear - Wipes out the current server list.

madbload.exe -servers fileName -clear - Load a list of servers with all users assigned to manage. Useful for a bulk load of servers for all users.

madbload.exe -servers fileName -users fileName - Append a list of servers and assign a list of users to manage those servers. Useful for when a new server is to be added for a list of users.

madbload.exe -servers fileName -sharedFolder someName -clear - Load a list of servers into a shared folder with all users assigned to manage. Useful to wipe out current server list, load new list in a Global Folder and assign all users to the Global Folder.

madbload.exe -servers fileName -sharedFolder someName -users fileName - Append a list of servers into a Global Folder and assign a list of users to manage the Global Folder. Useful if a new user is to be added to Mobile Admin to manage a new Global Folder.


And that's pretty much all folks. Hope that makes your life a bit easier...and a little more mobile.

SolarWinds is excited to introduce to you the latest and greatest in network discovery and mapping tools: SolarWinds Network Topology Mapper. Network Topology Mapper (or NTM for short) scans your network and provides a detailed and accurate map of your environment- and it looks good to boot. Since NTM is a visualization tool, the below video will likely do more justice to the end result than I can with mere words:



All too often with automated topology mapping products, you run a discovery, and it creates a map that looks something like a big Ferris-wheel. Cool looking? Maybe. Useful? Not so much. NTM was designed first and foremost to generate a map that gets you as close possible to the final diagram you would want to show to someone, and let you do the detail work from there.

3-7-2013 1-37-33 PM.jpg



We’ve also tried to make the manual manipulation of nodes as easy as possible, by letting you select by node role (router / switch / server / etc) and hide devices that are just generating clutter.

3-7-2013 1-48-19 PM.jpg

And of course you can export to Visio for those final touches, or to Network Atlas to use in NPM.

3-7-2013 3-14-461 PM.jpg

Once in Network Atlas, you can further manipulate the map, overlay NPM node data, and create nested maps.


But wait, there’s more…



NTM also has some unique features that let you get an even
better picture of your (or your client’s) environment:


  • Support for link aggregation                                                                          3-7-2013 1-47-17 PM.png
  • Mapping VMWare guest OS’s to the host
  • Spanning tree reporting
  • Reoccurring scheduled scans
  • “Unidentified Nodes”


Let me spend a moment on “Unidentified Nodes.” We’ve all encountered the circumstance where some rogue devices get plugged into the network, usually taking the form of a 5-port “Linksysco” sitting undersomeone’s desk. These unmanaged devices may have a dozen other systems daisy-chained behind them.


3-7-2013 1-58-25 PM.jpg

We had some pretty bright people spend quite a bit of time trying to figure out how we can determine if these devices are present, and also how to figure out what is plugged into them. What we call “unidentified nodes” in the product represent these unmanaged devices. We know they’re there, we know what’s plugged in, we just can’t talk directly to them to determine all the details. Depending on the amount and type of data we can gather from other devices that are attached to this “unidentified node”, we may be even able to tell you what port on the mystery device is connected to a device we know about. Is it perfect? No, it depends on the amount of data we can gather from other devices, but it’s pretty darn good.








What about LANSurveyor?



Those of you acquainted with the SolarWinds product line may recall we have had a product that performed topology mapping previously- the venerable LANSurveyor. Unfortunately the platform LANSurveyor was built on was getting a bit long in the tooth, and it is with much sadness that we have put LANSurveyor out to pasture. Current LANSurveyor customer should have received an email with the details, but if there are any questions just ping your sales rep.

We have completed the bulk of the development effort and are now focused on testing the latest release of Network Configuration Manager (NCM); NCM v7.2 has reached Beta status. This is your chance to install the latest version and provide feedback on the new features and fixes. Providing feedback during the beta is the best way to ensure that your feedback will be incorporated in to the release. To participate, simply fill out this survey and you will be sent the download links for the Beta. Remember, Betas cannot be installed in production and you cannot upgrade the Beta to any other future versions.


The following enhancement have been added to NCM:

  • Continue moving functionality from Win32 client to Web UI
    • Job management (Windows Task Scheduler not used anymore)
    • Config management (edit, delete, set baseline)
    • Possibility to test device login credentials
    • Import config from file
  • Provide End-of-Life information for managed devices.
  • Multiple global connection profiles
  • The execution of Config Change Templates can be scheduled.
  • Change Approval System enhancements
    • Approved requests to be executed at specified date/time
    • Approved requests to be returned to requestor for execution
    • Requesters can see a history of what they requested and was approved
    • Approvers can see a history of what they approved
  • SNMPv3 -- Support of AES-256 encryption
  • Make downloaded configurations searchable for IP addresses with FTS enabled.


Continue Moving Functionality from Win32 Client to Web UI


Job Management

The Job management UI has been migrated from the Win32 application to the Web UI. Jobs are executed within Orion Platform infrastructure; there is no dependence on the Windows Task Scheduler anymore.

The summary page allows you to perform basic tasks like create, delete, enable/disable, or edit a job. You can also inspect the log for each job.




There is wizard that helps you with editing jobs. Schedule can be entered either using user-friendly, intuitive controls (basic setup):



Or there is advanced mode that gives you more flexibility. If you are familiar with CRON, then it will not be difficult for you.



After you go through all the steps, you can review job details again to ensure correctness of the properties.



Config Management

You can edit config, delete it or set baseline in the Web UI.




Import Config from File

NCM node details page gives you the same options plus you can import config from a file.




Possibility to Test Device Login Credentials

You can now test the assigned device login credentials when you edit node properties. The session is captured to help you troubleshoot problems.






Provide End-of-Life Information for Managed Devices

This lookup tool will search through nodes and return suggested results for End of Sales and End of Support dates. All results will need to be confirmed and assigned manually by selecting one or more nodes and clicking on the "assign" button. If no information is available, there is an option to manually enter data and assign it to a node, or quickly bulk assign to a selection of many nodes.

You can filter the data according to different parameters and export the results as an Excel sheet or a CSV file.




You can either assigned the EoL item just to a single node,




or select multiple nodes in the Bulk Assing menu.




Multiple Global Connection Profiles

You can define multiple connection profiles in NCM settings. Some of them can be marked as "auto-detect" (see below).

NCM-Connection-Profiles-Summary.PNG NCM-Connection-Profiles-Edit-Profile.PNG


The connection profile can be selected on the node properties page.




If you select "Auto Detect", NCM will try all profiles marked as "Auto Detect" in the setting when connecting to the device.




The Execution of Config Change Templates Can Be Scheduled

You can choose "Schedule" as execution methind for Config Change Templates.




Config Change Templates are scheduled as any other job.




Change Approval System Enhancements


Approved Requests to Be Executed at Specified Date/Time Or to Be Returned to Requestor for Execution

You specify date and time or chose "Return to requestor" when requesting approval in the Web UI. Requestor's view on the left, approver's on the right:


NCM-CCA-Requestor.png NCM-CCA-Approver.png


Approvers and Requestors Can See History of the Requests



SNMPv3 -- Support of AES-256 Encryption

This is an extension for better security; applicable especially to inventory reports.


Make Downloaded Configurations Searchable for IP Addresses with FTS Enabled

You can search configurations for IP adresses in the Web UI while using Full-Text Search.



The dust is still settling after the blowout success of the SAM 5.5 release earlier this week, but that doesn't mean it's time to rest on our laurels. In fact we're hoping the next release is even bigger than the last! With that said, below is a list of some of the bigger items the mad scientists in the lab looking at cooking up.


  • Improvements in SQL Server Database Monitoring
  • Server Asset & Inventory Management
  • Real-Time Windows Event Log Viewer
  • Statistical Baselining with Automatic Recommended Threshold Calculations
  • Disk I/O Performance Metrics for Monitored Processes and Services
  • Web Services Monitoring for SOAP & JSON
  • Host Header Support for HTTP/HTTPS User Experience Monitors
  • Update all Remaining Charts to New Charting Library
  • User Auditing of SAM Configuration Changes and Remediation Actions
  • Additional macros for script monitors
  • Reduce product license key management overhead associated with major version upgrades and maintenance renewals


PLEASE NOTE:  We are working on these items based on this priority order, but this is NOT a commitment that all of these enhancements will make the next release.  We are working on a number of other smaller features in parallel.   If you have comments or questions on any of these items (e.g. how would it work?) or would like to be included in a preview demo, please let us know!

Filter Blog

By date:
By tag: