Skip navigation
1 2 3 4 5 Previous Next

Product Blog

657 posts

Having a high-level view of storage performance is good for a quick overview or understanding of how things are operating.  In order to take your monitoring to the next level, having access to details is critical. In my previous post,  I reviewed storage dashboards and performance data points that SolarWinds Storage Resource Monitor provides.  Below I will cover performance monitoring at the array, storage pool, and LUN/Volume level.

The "Array Details" screen is usually the first stop when looking at your storage performance. This is a great starting point for when you want to get a look at the overall performance for a storage array. Having this information is ideal when you want to compare the expected performance of an array versus how the array is actually performing.  In addition, you can get an understanding of read/write performance ratios in relation to the overall performance.

 

The “Block Storage” and “File Storage” tabs allow you to quickly get into the underlying performance information for the device’s storage pools and LUNS/Volumes.  Each of these tabs will show you latency summaries and performance summaries for the individual resources.  At-a-glance, this will let you see if you have any latency issues at the LUN/Volume level and what your highest performing LUN/volumes are by IOPS, throughput, or latency.

 

 

"Storage Pool Details” provide storage administrators the ability to understand performance at a pool/RAID level.  Depending on how storage resources are assigned out to applications, this can provide the ability to understand performance for similar applications.  An example would be a VM farm is created for different instances of the same application.  Having the applications tied to the same pool of storage with different LUNs is ideal so that you have the same pattern of read/write ratio and not running into instances where different read/write ratios are involved.  This can cause application performance problems if the disk is having to store random data in one instance and then sequential the next.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The "LUN & Volume Details" screen is where you can see performance at the lowest level.  This is where you can tie application performance directly to the assigned storage. In addition, this is where the power of Storage Resource Monitor really comes into play.  Not only can you see the individual LUN performance, you can also see it in relation to other LUNs in the same storage pool.  Did a LUN in the same pool spike performance?  Are all the LUNs in the same pool experiencing high latency?  These are a couple of questions the LUN Details screen can help answer.

 

 

As you can see, the more in-depth you go with Storage Resource Monitor, the more information and comparisons become available.  All of the information presented is critical to understanding your storage performance and how it affects your overall environment.  In my next post, I will cover thresholds & alerting and how with the right settings & planning you can make Storage Resource Monitor not just an important monitoring tool, but a critical one.

 

How have you used the details screens to monitor and troubleshoot your storage performance?

Managing storage is a constant dance of making sure resources are available for the applications that need them, and making sure resources are constantly in use, because having wasted resources in addition to no resources can be problem. SolarWinds® Storage Resource Monitor helps make this dance a little less complicated. Over the next few posts I am not only going to show different parts of Storage Resource Monitor in relation to storage performance, but also how each of these parts can give you the information you need to monitor your environment and maximize one of your largest IT investments.

 

To start, we will address some basic information regarding storage performance and how Storage Resource Monitor presents the data. Based on customer feedback, one of the best things about SRM is that users are able to quickly view and understand their storage performance problems. Below, I will show you what initial performance information SRM provides, and ways to interpret the data. Depending on your environment, there will always be different ways to interpret performance data, so your mileage will vary.

 

Here we have part of the SRM Summary screen. In one simple view you get a list of storage devices being monitored, alerts, events, and performance and capacity summaries. The All Storage Objects widget will not only show you all the storage devices, but also point to devices that are having problems using easy-to-see green, yellow, and red notifications. To get to the exact cause, you can drill down into the array date until you get to the specific storage resource with the problem. A faster way to recognize performance problems is with either All Active Alerts or Storage Objects by Performance Risk.

                        

 

The Storage Objects by Performance Risk will give you a summary of performance problems based and sorted by latency. Like most things, high latency is not an ideal situation. However, the definition of "high" varies by environment and application. In addition to latency, IOPS and throughput are shown, and you can tailor the thresholds for the resources to be more specific to your requirements. Using this allows you to select your top performance problems by latency at the main screen without any digging. 

 

                             

In addition to the performance information on the SRM Summary screen, the Performance Dashboard lets you see additional performance data points. It includes the performance objects by risk and information for LUNs by Performance and NAS Volumes by Performance. Any of these sections will allow you to instantly dig into the specific storage resource that is experiencing performance problems.

              

 

This data allows you to instantly address performance problems. To see overall performance at the array and/or storage pool level, SRM gives you access to that data in a mere one or two clicks.  For array-specific performance information, select an array in the All Storage Objects section and the Array Details screen will show detailed information for that array. Clicking once more in the All Storage Objects section will show the storage pools and allow you to select the Storage Pool Details screen for each pool. Going even lower will show all the LUNs assigned to each pool.  Selecting a LUN will bring up the LUN Details screen.   Each of these screens will present specific performance information as it relates to that storage resource.

 

Array Details

 

Storage Pool Details

 

LUN Details

 

Now, what do these high-level performance views do for the end-user? Right from the start, you can instantly discover, identify, and start troubleshooting performance problems. The goal is that the critical problems are up front, and the need to check each storage device one by one for problems is eliminated. In addition, having the ability to customize the dashboards and information is critical to tailoring the monitoring to your needs.

 

My next post will cover the three specific layers we use to help you monitor your storage performance: array, storage pool, and LUN/volume.

 

I would love to hear your feedback about how SRM has helped you monitor your storage performance. Please leave comments and questions below.

I am excited to announce that Server & Application Monitor (SAM) 6.3 Beta 3 is now available . The team at Solarwinds has been hard at work at producing the next release of SAM with some great new features that continue from the SAM 6.3 Beta 1.  The Beta is open to SAM customers currently on active maintenance.  The beta is the best opportunity to provide feedback and have direct input which can affect this release and improve the usability of SAM.  We encourage all to sign-up and kick the tires.  Just as in beta 1 your feedback might just earn you some much deserved Thwack points that can be redeemed for some cool SolarWinds SWAG!

 

The SAM 6.3 Beta 2 includes some of the features mentioned in the Server & Application Monitor - What we're working on beyond SAM 6.2 post. Don't forget to signup for the Beta and provide your feedback in the Server & Applications Monitor Beta forum!!

 

Beta 2 Button.png

NCM Compliance reporting isn’t just for security auditors!  Use it to ensure network devices are compliant with your operational standards and controls.

 

As a busy network engineer, are you always looking for cool skill hacks to help you work smarter? Well if so, here is new one for youcompliance reporting.  That’s right, NCM compliance reporting.  Compliance is an incredibly powerful tool that helps you ensure all network devices are compliant with your operational standards and controls.

 

Consider this example, a network engineer queues all planned network changes into a quarterly update and pushes the changes out using a versioned config.  After the push, he audits his configs using the NCM audit feature to make sure all devices are running the right config. By auditing configs for a specific version, he knows if a device is missed, or if a config has been rolled back to a prior version. If you’re looking for other practical uses, consider the following: Make sure public SNMP community strings are never enabled, password changes are synchronized, or you have required QoS settings needed for VoIP.  The NCM Compliance feature isn’t just for security auditors!

 

To show you how simple this is, let’s step through it together.  But first a little context.  When enabled, NCM Compliance Reports automatically run when the config backup job has completed.  At which time NCM will scour through your configs looking for violations as defined in Compliance Rules.  Compliance Rule use pattern matching to identify configuration commands which should be included in, or excluded from, your config files.  If a rule match is found, then a violation is recorded. In addition, a Compliance Rules also includes an optional remediation script.  A remediation script can be executed automatically or manually against each identified violation.  Compliance Rules are grouped and organized into Policies. A Policy is a container for rules and associated: 1) with one or more devices to audit and 2) a Compliance Report through which violations are reported.  From this quick overview, it should be easy to see how Compliance Auditing is a powerful tool to help you keep your network in sync with required regulatory and operational standards and controls.  Now let’s build a simple compliance report.  We will start with building the Compliance rule, associate with a policy and then associate the policy with a report.  For our example, we want to make sure we never have any devices that allow the use of public SNMP community strings.

 

 

1: Create Audit Rules

 

Follow along with these steps:

  1. Log in to the Orion® Web console website as an administrator.
  2. Click CONFIGS > Compliance.
  3. Click Manage Policy Reports.

 

Pic1.png

 

 

  1. Select Manage Rules, and click Add New Rule.

 

Pic2.png

 

 

  1. Enter a name for your new rule.
  2. Add a description, if needed.
  3. Click the alert level to associate with this rule.
  4. If you want to assign this rule to a folder, enter a name in New folder name. Otherwise, select an existing folder from Save in folder.
  5. Click the type of alert trigger to associate with this alert.
  6. If you want to search the device config for a simple string, click the appropriate option in String Type and enter text in the box. (Note: in this example we will build a remediation script and not use the testing tools.)
  7. Click Submit to save

 

 

Revised SNMP Rules1.png

 

 

2: Create an Audit Policy

 

Follow along with these steps:

 

  1. Click Manage Policies and Add New Policy.

 

Pic4.png

 

 

  1. Enter a name for your new Policy.
  2. Enter a Policy description.
  3. Specify where to save the Policy
  4. Select nodes to use with this Policy (default is all nodes).
  5. From the list, select the type of configuration you want to search with this Policy.
  6. Select and add Rules to associate with this Policy.
  7. Click Submit to save and exit.

 

Pic5.png

 

 

3: Create an Audit Report

 

Follow along with these steps:

 

  1. Click Manage Reports and then Add New Report.

Pic6.png

 

 

  1. Enter a name for your new report.
  2. Enter a description of the report.
  3. If you want to assign this report to a folder, enter a name in New folder name or select an existing folder from the Save in folder list.
  4. If you want to also display rules without violations, select Show rules without violation.
  5. Select the policy created from our previous task and associate it with this Report.
  6. Click Submit to save and exit.

 

Pic7.png

 

By default, your report is now enabled.

 

Pic8.png

 

The next time NCM archives your device configs, this report will automatically run and you will see any violations from the NCM summary screen using the Policy Violations resource.

 

Pic9.png

 

 

Are you a Network Control Freak?

 

Are a Network Control Freak? Try compliance auditing on your network and enter to win a SolarWinds Certified Network Control Freak swag-packClick here for contest rules and to enter.  Then simply take a screen-shot of a policy rule you create using this tutorial and submit it to here to win.  If you create something awesome, be sure to share it on thwack!

We have been working hard to bring another bulk of enhancements to the Storage Resource Monitor (SRM). SRM 6.3 Beta 1 contains the following improvements:

  • Support for Pure Storage arrays
  • Support for EMC XtremIO arrays

 

To get access to the beta, you need to be a customer on active maintenance for SRM and sign up here.

 

As an added incentive, beta users who submit feedback will receive 2,000 Thwack points to buy swag at the Thwack Store.

A SIEM tool is not a vacuum cleaner; you can’t just turn it on and have it siphon up all your log information, and bag it up nicely for you to later dump with out getting your hands dirty. A SIEM requires hands on work, and careful consideration of your particular environment. What may be perfectly normal in your environment may very well be a red flag for another environment. Many times companies will buy a SIEM to simply "check off the box" of some compliance requirement without ever seeing if the solution will work for them.

 

SIEM vendors, including Solarwinds, have worked diligently to make the out of the box experience with SIEM more “vacuum-esque”, with easier configuration tools, and out of the box rules, alerts and reports. Unfortunately there is no one-size-fits-all approach a vendor can take to apply to all industries and businesses.

 

With all that being said I would encourage the following: Know your network, spend time with it (many of you already do). Then spend time and effort configuring your SIEM for your network and your needs. In the end it will be a much more fulfilling experience. After all, what is the point of a tool if it isn’t used properly?

To check out the most up-to-date information regarding What We're Working on, please visit the LEM Product Roadmap page.

 

Be sure to let us know in the Log & Event Manager Feature Requests forum, if there are features you're really keen on. This list doesn't enumerate a lot of the features we're looking into for long term development and further releases, but we continually use Thwack as our biggest source of feedback.

We are busily working on the next release and among many things we are looking at, there is Checkpoint R77 and PCI 3.0 support!

 

If you would like to influence this feature and Firewall Security Manager in general and if you are interested in these particular feature, please reach out to me as soon as possible!

 

Sign up for the beta here: FSM Beta Survey

 

Please note this beta is open to current customers with active maintenance on Firewall Security Manager and is NOT suitable for production environment and you need a separate test system.


This Beta is focused on small, but high quality feedback and you will be rewarded by crazy number of Thwack points!   First come, first served!

 

After you sign up and confirm Beta agreement, I will contact you shortly.

New NCM utility helps you quickly find vulnerable, obsolete, and unsupported hardware on your network

 

The care and feeding of your network involves more than managing configuration changes. To keep devices healthy and end-users happy, you must tend to a list of important things that usually get put off because you are just too busy. Let’s take a look at that list now and discuss why it’s so important.

 

Device failure

Network devices fail for a number of reasons, including human error and hardware and software defects. Many times, there are warranty fixes and technical workarounds, but determining whether you have a defective device isn’t exactly easy. Do you have a reliable way to identify defective devices in your network?


Out-of-support devices

Paying for support is like buying insurance. You don’t want to spend too much for it, but when you need it, you’re glad it’s there. So when devices are mistakenly excluded from support agreements, or you pay for a device that has been taken out of service, you have the problem of either not having sufficient coverage or paying too much for the support you have.  Are you over insured or under covered? How do you know?


Device vulnerabilities

Security is a never-ending cat-and-mouse game. When the bad guys find a vulnerability to exploit, you need to address it, and fast. If you don’t know about the vulnerabilities on your network, you can’t do anything about them.  Do you know what vulnerabilities are lurking in your network?


Device end-of-Life

Devices that have reached obsolescence are a particular problem because they are no longer supported. This means no technical support, no alerts or notifications, no engineering defect or security fixes. Once a device goes EoL, it’s a ticking time bomb. In this case it’s no longer a matter of if, but when they can be replaced with the least amount of disruption. Do you have the foresight, budget, plans and other preparations needed to make a smooth transition? 


Network evolution

Chances are the network you manage now is not the same network you built five years ago. Devices you installed and configured even a year ago may not have the capability to handle the new services your organization now demands.  Which devices can support the change?  Which devices require an upgrade?  Which devices are just too old?  What new devices should replace obsolete devices?  When the boss comes asking, will you have the answers?


The problem

The problem here is two-fold. First, we need to know about potential problems with our devices. Second, we need to know who these problems affect. Vendors publish notices on things like warranty-covered defects, security alerts, and obsolescence, so it’s important that you have a convenient way to receive and review such notices. This can be difficult because you have to have an understanding of your devices, whether they are in use, their number, which version they are, and how they are configured. Due to the tediousness, many network engineers and admins reluctantly admit that it’s a difficult situation to manage.


The solution

Luckily, there is a solution. SolarWinds and Cisco® have worked together to offer a network health check. This health check can tell you quickly and easily whether you have unsupported, defective, vulnerable, or obsolete devices in your network. This health check utilizes SolarWinds® Network Configuration Manager and Cisco SmartAdvisor reports.


SmartAdvisor.png


SolarWinds NCM knows a lot about your network, including which devices are in use, their model numbers, hardware and software revisions, and how they’re configured. A free connector we developed delivers this information to Cisco, where your network data is expertly analyzed and returned to you in the form of six insightful SmartAdvisor reports. Using your Cisco CCOID and SmartNet subscription, you can access these reports conveniently and as often as you like. By conducting this network health check regularly, you can receive important information about problems that exist on your network before they have a chance to negatively impact end-users.


To learn more about this powerful network health check, visit www.solarwinds.com/smartadvisor-bundle.aspx. If you already use SolarWinds NCM, you can download the free connector by visiting the SolarWinds Customer Portal.

SolarWinds Server Health Monitor Quick Reference Guide

The SolarWinds® Server Health Monitor (SHM) is a free diagnostic tool that provides basic-level health status server monitoring for up to five servers in a corporate enterprise. You can download it from SolarWinds pages here.

Using Simple Network Management Protocol (SNMP), Windows Management Instrumentation (WMI), and Common Information Model (CIM) calls to your network frameworks and application servers, the tool polls the basic system components in each configured server (such as the power supply, temperature, and fan) and displays a server health overview of all monitored servers in the Dashboard tab. The tool is supported on selected VMware® hypervisors and Dell™, HP®, and IBM® servers.

If you need expert-level health status server monitoring for over 200 applications and 1000 servers in a corporate enterprise, see the SolarWinds Server and Application Monitor.

 

 

Installation requirements

 

Component

Requirements

Operating system

Microsoft® Windows® 7

Windows 8

Windows 10

Windows Server® 2008 R2  Windows Server 2012 R2

System details

Processor: 2 GHz

RAM: 1 GB

Disk Space: 100 MB

.Net: 4.0

 

Systems supported for monitoring

 

Component

Model

Servers

Dell PowerEdge™ HP ProLiant™

IBM eServer™ xSeries

Blade enclosures

Dell PowerEdge M1000e Blade Enclosure HP BladeSystem c3000 Enclosure

HP BladeSystem c7000 Enclosure

Hypervisors

VMware vSphere® ESX Hypervisor  VMware vSphere ESXi™ Hypervisor

 

Hardware monitoring agent software

Each computer hardware vendor installs hardware monitoring agent software on their systems, which includes a Web server that operates on a unique port.

Remote servers include the hardware monitoring agent software for both SNMP and WMI.

Note: The blade enclosures do not use hardware monitoring agent software.

To ensure that the hardware monitoring agent software is installed on your system, open a Web browser and navigate to the following URL:

https://<remote_ip_address>:Port

where remote_ip_address is the remote server IP address and Port is one of the following ports:

 

HP: 2381

Dell: 1311

IBM: 423

 

Install the tool

 

  1. Download and install the SolarWinds Server Monitor from the SolarWinds Free Tools website.
  2. Double-click the installer icon. The SolarWinds Server Health Monitor Setup Wizard appears.
  3. Click Next.
  4. Follow the prompts on your screen to complete the installation.

 

Add your monitored servers

 

  1. Click the Configure tab. The Configure Tab screen appears.
  2. Click  . The Server and Credentials box appears.
  3. In the top field, enter the IP address or host name of the server you want to monitor.
  4. Click the drop-down menu and select the method used to poll the server and gather health monitor details.
  • You can poll the following servers using SNMPv2 or SNMPv3.
    • Dell PowerEdge servers
    • HP ProLiant servers
    • Note: Array and Battery information requires WMI polling.

 

  • You can poll the following servers using WMI:
    • Dell PowerEdge M1000e Blade Enclosure
    • HP BladeSystem c3000 and c7000 Enclosures
    • HP ProLiant servers
    • IBM eServer xSeries

 

  • You can poll the following hypervisors with no required polling setup:
    • VMware vSphere ESX
    • VMware vSphere ESXi
    • These hypervisors use the CIM protocol that should be enabled by default after you install the ESX or ESXi hosts.

Configure polling using SNMPv2

 

  1. Ensure that SNMP is enabled on the monitored server. See your server or VMware documentation for information about configuring SNMP.
  2. Click the drop-down menu and select SNMPv2.
  3. In the Community String field, enter your SNMP credentials.
  4. Click . The monitored server connection is configured, and the tool automatically polls the server for server health data. The polling process may require several minutes to gather the server data.

Configure polling using SNMPv3

 

  1. Ensure that SNMP is enabled on the monitored server. See your server or VMware documentation for information about configuring SNMP.
  2. Click the drop-down menu and select SNMPv3. The Server and Credentials box appears.
  3. In the Username field, enter the IP address or user name of the server you want to monitor.
  4. In the Context field, enter your SNMP credentials.
  5. In the first drop-down menu, select an encryption algorithm for the polling connection. MD5 (Message Digest) provides a 128-bit hash algorithm. SHA1 (Secure Hash Algorithm) provides a 160-bit hash algorithm.
  6. Click the second drop-down menu and select an encryption cipher for the polling connection.
  7. In the Password field, enter an authentication password.
  8. Select the Password is a key check box to select the algorithm of the encryption. Note: If you select this check box, leave the Context field blank.
  9. Click . The monitored server connection is configured, and the tool automatically polls the server for server health data. The polling process requires one to two minutes.

Configure polling using WMI

 

  1. Ensure that WMI is enabled on the monitored server. See your server or VMware documentation for information about configuring WMI.
  2. Click the drop-down menu and select WMI. The Servers and Credentials box appears.
  3. In the Username and Password fields, enter your WMI user name and password.
  4. Click . The monitored server connection is configured.

 

 

View your server health

When you click the Dashboard tab, the tool polls the monitored servers and displays a health status overview of all servers. The overview includes a pie chart, node count, and summary information of all monitored servers.

The polling process requires up to two minutes to complete, depending on your network configuration. During the polling process, Processing appears at the bottom of the window.

The Node Count lists the number of monitored nodes and the corresponding status. The Summary lists all monitored servers and their corresponding status.

The following table provides descriptions of each status.

 

 

 

Status

Definition

Up

All monitored components are functioning properly.

Warning

One or more components are in working condition, but a failure may exist.

Critical

One or more components failed, requiring imme- diate attention.

Undefined

One or more components have a status that the tool cannot recognize.

 

View server details

When you click an IP address (or host name) in the Dashboard tab, the Server Details window appears. This window displays the IP address (or host name), current health status, and additional information about the selected server.

 

The Current Server Health section lists the sensors polled by the tool. Maximize a sensor name to view the status and corresponding value. The server and current health details listed in the window may vary for each server.

To return to the Dashboard tab, click Back to Summary.

Update the polling interval

The Update Polling Interval setting in the Configure tab allows you to select the time interval (between 5-60 minutes) when the tool polls the monitored servers for health status information.

 

 

 

View additional resources

The Resources tab provides links to resources for managing your corporate enterprise.

 

Troubleshoot error messages

The following table lists error messages that may appear after you configure your devices in the Configure tab.

 

 

 

Error Message

Description and Resolution

Unable to resolve the host name. Please use the IP address

The host name is spelled incorrectly or DNS could not resolve the host name to an IP address.

To resolve this issue, ensure that:

 

  • The host name in the Configure tab is correct.
  • The DNS server is configured properly with corresponding host name and IP addresses.
  • The IP address is entered in the correct format.

An unknown error occurred.

The tool experienced an issue with monitoring the targeted server.

To resolve this issue:

 

  1. Open the %ALLUSERPROFILE% directory.
  2. Navigate to the following directory: SolarWinds\ServerHealthMonitor
  3. In the directory, locate the followin file. ServerHealthMonitor.log
  4. Open the file in a text editor (such as Notepad) and search for an error (for example, a disabled WMI service).

Not a supported server type. For a list of sup- ported server types, see Help for details.

The targeted device is not supported by this tool.

See Hardware requirements for a list of supported servers, blade enclosures, and hypervisors.

Different polling method required.

The tool could not poll the device based on the selected polling method specified in the Configure tab.

To resolve this issue, select a different polling method that is appropriate for the targeted device.

The user credentials are wrong.

The user does not have remote access to the computer through a DCOM

The tool does not have Distributed Component Object Model (DCOM) permissions to access the targeted Windows server. WMI uses the DCOM protocol to communicate directly over a network with Windows-enabled servers.

To resolve this issue, ensure that:

 

  • The server credentials are entered correctly in the Configure tab.
  • DCOM is enabled on the targeted server.

See the Microsoft TechNet website for information about enabling and disabling DCOM on servers running Windows Server 2008 R2 and Windows 2012 R2 operating systems.

The computer really doesn't exist.

The Windows Firewall is blocking the connection.

To resolve this issue, ensure that:

 

  • The targeted server is running and connected to the network.
  • The Windows Firewall is deactivated on the targeted server.

Polling of chassis (CIM_Chassis class) failed. Unable to estab- lish session with all provided credentials.

The VMware credentials are incorrect.

To resolve this issue, ensure that the VMware server credentials in the Configure tab are correct.

Polling of chassis (CIM_Chassis class) failed. Unable to con- nect to the remote server.

The selected polling method is not supported on the targeted server.

To resolve this issue, ensure that the selected polling method in the Configure tab is correct. If the

issue still exists, change the polling type method and poll the server.

Unable to find the server type. Could be due to incorrect cre- dentials or the server type is not supported.

The credentials in the Configuration tab are incorrect or the server type is not supported.

To resolve this issue, ensure that:

  • The server credentials in the Configure tab are
  • The server is listed in the hardware requirements as a supported server.

 

 

 

 

 

Copyright © 2015 SolarWinds Worldwide, LLC. All rights reserved worldwide.

No part of this document may be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the written consent of SolarWinds. All right, title, and interest in and to the software and documentation are and shall remain the exclusive property of SolarWinds and its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON SOFTWARE AND DOCUMENTATION FURNISHED HEREUNDER INCLUDING WITHOUT LIMITATION THE WARRANTIES OF DESIGN, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SOLARWINDS, the SOLARWINDS & Design, DAMEWARE, ORION, and

other SolarWinds marks, identified on the SolarWinds website, as updated from SolarWinds from time to time and incorporated herein, are registered with the U.S. Patent and Trademark Office and may be registered or pending registration in other countries. All other SolarWinds trademarks may be common law marks or registered or pending registration in the United States or in other countries. All other trademarks or registered trademarks contained and/or mentioned herein are used for identification purposes only and may be trademarks or registered trademarks of their respective companies. Microsoft®, Windows®, and SQL Server® are registered trademarks of Microsoft Corporation in the United States and/or other countries.

Understanding network bandwidth content is one of the essentials for each IT admin who needs to ensure the business traffic has always the priority over someones private Youtube streaming during a lunch break. SolarWinds Network Traffic Analyzer has been used many years for its ability to finger point at IP address which was behind suspicious high-volume data transfer. NTA historically used widely used port-based application detection known as NetFlow (used in protocols NetFlow v5, v9, IPFIX, sFlow, jFlow, Huawei Netstream).

 

As many of you know, port-based application detection works effectively if each application you care about communicates via its own, specific, port (SNMP, SQL, DNS, etc.). As a natural reaction to block unwanted traffic you may create firewall rules and allow specific ports only. This works unless the owner of the application change its protocol to HTTP or even better HTTPs and port-based categorization is not as useful anymore (as firewall rules based on ports only). Most of the traffic will look like "WEB" or "Encrypted".

At the end of a day, it's still better than knowing nothing but it leads to the further inspection by using firewalls and logs or user browsing history or Wireshark hunt.

 

But we all would like to have better visibility into the corporate network traffic and understand if business traffic or video call is not negatively impacted by somebody's web browsing or media streaming. Many network-gear vendors are aware of that problem with "tunneling" over ports 80 or 443 to various cloud storage apps, SaaS or social networks. Cisco, Citrix or PaloAlto introduced "Application Flows" known as NBAR2, Citrix AppFlow and Palo Alto App-ID in IPFIX. All these names have one common element - advanced application classification technique using application signatures database and deep packet inspection. This is all done directly within your network gear (Routers, some L3 switches, firewalls and Wireless Controllers).

 

The advantage of "AppFlow" technology is obvious. It gives you better application classification even though applications are using the same port (for example port 80). It gives you visibility (even though limited) into encrypted traffic (port 443) and it gives you that without need of additional probes, spanning ports and other complicated things. Palo Alto, Cisco and Citrix keep their application signature databases up to date and usually offer new device updates every month as a classic software update for your gear. As example look at this page NBAR2 (Next Generation NBAR) Protocol Pack FAQ - Cisco which list NBAR2 supported devices and also typical Protocol Pack update time-lines.

 

Many of you already have Cisco ASR 1000 or ISR-G2 devices and if you haven't, you can use SolarWinds NTA (beta) now and get better application visibility of your bandwidth. NTA 4.2 beta brings support for Cisco NBAR2 as a first (but not last) implementation of Application Flow information. NTA still uses flow-based technology to read app-flow and is quite easy to enable NBAR2 on your devices and let NTA to tell you who deals to much with Youtube over SSL, Google cloud application or torrents.

 

I know you're interested to try this out and takes you just few steps:

 

1) Enable NBAR2 as part of Flexible NetFlow (if you haven't yet)

 

flow record SolarwindsNetflow

match ipv4 tos

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

collect transport tcp flags

collect interface input

collect counter bytes long

collect counter packets long

collect timestamp sys-uptime first

collect timestamp sys-uptime last

collect application name

 

flow exporter SolarwindsNetflow

destination 10.140.27.226

source GigabitEthernet0/1

transport udp 2055

template data timeout 60

option application-table timeout 60

option application-attributes timeout 300

 

flow monitor SolarwindsNetflow

exporter SolarwindsNetflow

cache timeout active 60

record SolarwindsNetflow

2) Configure the interface from where you want to monitor Netflow (with NBAR2) - this part is the same as you do when configuring classical port-based NetFlow (in my example GigabitEthernet 0/0/1)

 

interface GigabitEtherent 0/0/1

ip flow monitor SolarwindsNetflow input

ip flow monitor SolarwindsNetflow output

 

3) Check NBAR2 support & configuration by runing  "show ip nbar version" command

 

You should get output similar to this:

NBAR software version:  20

NBAR minimum backward compatible version:  20

 

Loaded Protocol Pack(s):

 

Name:                            Advanced Protocol Pack

Version:                         14.0

Publisher:                       Cisco Systems Inc.

NBAR Engine Version:     20

Creation Time:                 Wed Mar 25 13:17:24 UTC 2015

File:                                flash0:pp-adv-isrg2-154-3.M2-20-14.0.0.pack

State:                             Active

 

 

4) Subscribe to NTA 4.2 Beta program (available for those who have NTA commercial license)

button(1).png

 

5) Install NTA Beta on the non-production server and add NetFlow source Node into NTA (same process as you adding classical NetFlow source).

 

Once you start getting the data in NTA you will see a switch in a top right hand corner on a summary page in the "Top 5 Applications" resource. Use it to select between NetFlow - port based and NBAR2 - AppFlow data view. This switch is available everywhere in NTA for the charts which show some application classification. NBAR2 is automatically detected and if device doesn't support NBAR2 you'll be not able to use that switch.

 

Let's demonstrate the added value of App-Flow NBAR2 comparing classical NetFlow v5 and NBAR2 data classification for the situation where some IP address watch Youtube over SSL:

 

NBAR2NetFlow v5

 

I would very happy if you - SolarWinds users - can try this beta and help me to collect feedback on two main questions:

 

1) What version of your protocol pack you have on your devices (step #3 from the list above)

2) Does NBAR2 in NTA helps you to see better data than the current port-based flow?

 

As always, I appreciate all your effort and enthusiasm you spent with this Beta version of NTA. I'd like to hear to any other comments and feature request you may have around this theme such as reports, alerts, etc.

 

We do not want to end support with NBAR2 on ASR or G2 devices, but also working on WLC support and to the future Citrix and PaloAlto AppFlows. If you have other app-flow capable device, let us know.

 

button(1).png

I’m thrilled to announce that Dameware 12.0 is now publicly available. In this release we focused all our efforts to finalise the remote support story with unattended over the internet sessions. Dameware now allows to assist remotely without presence of the end-user, who is not in the intranet but travelling. Technicians can now support end-user in company network as well as in Internet anytime.

 

This release brings several bigger and smaller improvements, so let me highlight a few of them:

 

  • Over the Internet (OTI) unattended sessions for Dameware Centralized users
    • Allows you to remotely support users on the move, and assist remotely without the presence of the end user
    • Deploy agents with OTI unattended support to end-points
    • Manage agents for OTI unattended sessions to maintain high security and control
  • Search Hosts in Mini Remote Control
  • Support for Windows 10
  • Ability to switch between the Standalone and Centralized versions without reinstallation
  • And many other improvements and bug fixes

 

Dameware 12.0 is available for download on your customer portal for those customers under current maintenance.

 

If you are not a Dameware user yet, now go and download new version from www.dameware.com now!

We’ve all been there. Your day has been going swimmingly– until suddenly – it’s not. Something’s gone wrong, your CIO is bearing down on you like his hair caught fire, and you need Support pronto.

Well, first up – we’re here to help. It’s a point of pride for us Support Geeks (and we know you love it too), that when you need to contact SolarWinds Support, you’re directly on to a Technical Engineer.

I’d like to briefly explain our support structure, give you a better understanding of what we do, how we can help you, and how you can get the best support experience. For full detailed information on our Support Team and your entitlements as a customer, please see our reference guide here: SolarWinds Customer Support Information - SolarWinds Worldwide, LLC. Help and Support

 

So, who are we?

SolarWinds Support is made up of two teams:

 

Customer ServiceTechnical Support
SolarWinds Customer Service is available to assist you with the general operation of your account, 24 hours a day, 5 days a week (Monday - Friday).SolarWinds Technical Support is available to assist you with technical product issues 24 hours a day, 7 days a week, 365 days of the year.
  • Any license related issues: resets, registration, merging
  • Logging into your customer portal
  • Updating customer account information, contact information or billing address
  • Checking the status of orders or invoices
  • Reporting issues with the website
  • Follow-the-sun model – cases can be transferred to a close geographic location to best match your work hours
  • Assist with any Technical Product related issues
  • Specialized in a number of products

 

First off, there are two ways to contact Support – you can Call our Support Line, or you can submit an Online Support Ticket. We ask that you use your judgment here and reserve calls for when you have an urgent issue, or when your system is down. This in turn helps to keep the queue clearer – so when you do have an urgent issue or your system is down, we can get to you faster.

 

Speaking of case priorities – we allow for five different priority levels when you create a ticket with us, outlined in the table below. If you need to increase the ticket priority after submitting it, you can easily do so by responding to the case to let your Support Engineer know, by calling us, or by mailing TechnicalSupportFeedback@solarwinds.com where a Technical Support Manager will action your request.

 

PriorityBusiness Impact
System DownProduct is nonfunctional and/or has unrecoverable service failure. Critical Business Impact.
UrgentProduct is functional but with major issues. Significant business impact.
HighProduct is functional but with consistent issues or one product area is nonfunctional. Functionality is degraded. Some business impact.
MediumProduct is functional with minor or intermittent issues. Occasional functionality degradation. Minimal business impact.
LowProduct is functional with no apparent issues. Requests for upgrade documentation, feature requests, technical information, how to questions, product use questions. No business impact.

 

Before opening a case with us, check out the wide range of self-help options we have available. You may find yourself pleasantly surprised by how quickly your issue gets resolved this way!

  • The SolarWinds Success Center contains all documentation, knowledge base articles, training videos, getting started guides and more, and it is easy to search.
  • Don’t forget the fine folks of Thwack, in particular, the Alert Lab and Report Lab denizens who are nothing short of logic gurus – no matter how awkward your alert or report requirements, they’ll probably have figured that logic out for someone else already.

 

Before you submit the ticket, please gather the following details for us, as it will help us to resolve your issue as quickly as possible:

  1. Clearly define the issue, providing symptoms, screenshots, how often the issue occurs, steps to reproduce the issue, any recent changes made, any steps you’re already tried when troubleshooting this yourself, and the business impact this has for you (if any). The more information you can provide, the faster we can get to the root cause - and to a solution.
  2. Provide environmental and product information, including the product version you are running, whether you are using multiple pollers or not, OS version, server details such as CPU & RAM, and any infrastructure details you believe may be relevant.
  3. For Orion products gather diagnostics and any other relevant logging (error details, memory dumps, trace files – whatever is relevant to that particular issue)
    1. To gather diagnostics, open SolarWinds Orion -> Documentation and Support -> Orion Diagnostics in the Start Menu. Click Start to kick it off, and it will produce a zip file.
    2. If you’re concerned that your issue could be environmental or permissions related, run the Orion Permission Checker tool as a Local Administrator – this checks a list of system folders to ensure the system accounts we’re using have the correct level of access. Click Check, and click Repair if you spot any failures.
  4. When you submit the ticket, you’ll get an automated email response with your ticket number. You can reply back to this to attach any small files to the case (<5MB), but anything larger, you’ll need to upload them to us:
    1. Open LeapFile and upload your file (or files), using your ticket number as the subject and support@solarwinds.net as the recipient.
    2. Ping an email through to your support ticket to let us know you’ve got files uploaded already for us – we’re not automatically notified. It will make your Support Engineer’s day.

Once you’ve submitted your case, you can check its status and update it from the Customer Portal. Log in, and click Support Cases, then ‘Review all Cases’ to view and update your ticket. You’ll also receive our responses to your case by email, directly to your inbox.

cdoyle

How to Upgrade to SAM 6.2.1

Posted by cdoyle Support Sep 21, 2015

Interested in upgrading to SAM 6.2.1? Here’s all the information you might need to upgrade, and the steps you’ll need to take to do it quickly and easily.

 

Prepare your Upgrade

1. Check the Release Notes for Orion SAM 6.2.1

2. Review the system requirements and ensure your server is up to spec.

3. Back Up your Database (Microsoft KB Links: 2005, 2008, 2008 R2, 2012)

4. Check your upgrade path

    • For a quick shortcut if you have only SAM installed, this is the standard upgrade path:  SAM 5.0 SAM 6.1 SAM 6.2
    • To confirm which version of SAM you’re currently running, check the footer of any page on your Orion SAM Web Console.
    • If you’re running NPM or any other modules with SAM, use the Product Upgrade Advisor tool to get an exact upgrade path to ensure you maintain compatibility while you upgrade.

5. Download the required versions from the customer portal

 

To download the current version, and any previous versions you require, you’ll need to log into the customer portal. Once you’ve logged in, use the License management menu to select ‘My Downloads’.

customer_portal.png

Next, select the product you want to download

mydownloads.png

And under the Server Downloads section, you’ll see the latest release selected by default. If you need an earlier version for your upgrade path, you can select it from the drop-down menu.

versiondownloads.png

 

 

Complete your Upgrade

  1. Log into your Orion SAM server using the Local Administrator account to perform the upgrade.
  2. Run the installations, in order, to upgrade your product - the upgrade can be installed 'on top' of your existing older version.
    1. If you’re unsure of what order to use for the upgrade use the Product Upgrade Advisor tool for guidance.
    2. You’ll find the upgrade instructions for Orion SAM here, and a wealth of documentation, including upgrade and installation guides for all our products here.
  3. Always complete the configuration wizard before moving on to the next step!
  4. Got additional polling engines? You'll need to upgrade each of them at each step in the upgrade path to ensure they maintain compatibility. Make sure you upgrade your main poller at each step first, then update the additional pollers to match, for that step of the upgrade. Again, always complete the configuration wizard before moving on to the next step or the next polling engine.

 

 

If you run into any trouble during your upgrade, call us in Support on our toll-free numbers or submit a ticket – we’re happy to help!

 

 

 

Got a question that wasn’t covered here? Try these resources for help:

Orion SAM Product Page

Orion SAM Product Training

Upgrading SolarWinds Orion when FailOver Engine is installed

Migrating SAM to another server

Manual License Registration

I'm happy to announce that Storage Resource Monitor (SRM) v6.2 is now available in the SolarWinds Customer Portal for customers on Active Maintenance. This version includes the following new features and improvements:

 

  • Additional Device Support for Storage Resource Monitor's Orion Module :
    • EMC® Isilon®
    • Hitachi® Data Systems AMS, USP VM, USPV, VSP G1000, G200/400/600, HUS 100 Block-Side, HUS VM
    • HP® StorageWorks XP
    • IBM® Spectrum™ Virtualize (Vxxx and SVC)
  • Hierarchical Storage Pools

 

More details can be found in the Release Notes and in the RC blog post: More array support for Storage Resource Monitor in 6.2 RC.

Filter Blog

By date:
By tag: