Skip navigation
1 2 3 4 5 Previous Next

Product Blog

661 posts

Recently, Cisco® added a collection of Smart Services reports to Smart Net Total Care™.  The new Smart Net Total Care reports rely on current information about your network devices and how they are configured and used.  To get these reports, you must send information about your network to Cisco. One way to do this is to use SolarWinds® Network Configuration Manager (NCM). NCM utilizes a variety of network discovery methods to identify the network devices it manages. Therefore, NCM knows a great deal about your network devices and how they are configured and used. Using a special connector, NCM is able to send this information to Cisco.


What follows is a quick overview of the reports included with a Smart Net Total Care subscription that are now available using NCM and the NCM Cisco connector.  

Service Coverage

The service coverage reports, also known as Know the Network (KTN), show devices and components not covered under a valid service contract. If service coverage exists, the report includes details about the service agreement, including coverage start and end times. Use this report to identify hardware and software that may not be covered under a service agreement, and identify devices that are covered but are no longer in service.



The Hardware EoX report shows you which devices you have in your network that are approaching critical lifecycle milestones. In addition to providing important dates associated with End-of-Life (EoL), this report provides recommendations for hardware you might consider migrating to. It also provides links to published bulletins that are full of information about planning budgets, preparing for eventual replacement, and ways to avoid problems when devices require service.



The Software EoX report is similar to the EoxHW report, except that it shows the software running on your devices that are approaching critical lifecycle milestones. This report provides important EoL dates associated with iOS® versions, recommends which iOS versions to upgrade to, and includes links to published bulletins. This information can help you identify which devices require iOS updates.



The PSIRT report identifies security vulnerabilities associated with devices on your network as determined by the Cisco Product Security and Incident Response Team. Use this report to identify and investigate potential security problems.


Field Notice

The Field Notice report summarizes all product defects found in devices on your network. It specifies affected devices and provides a URL where you can access a published Field Notice advisory. The advisory provides details on how a product can be replaced or fixed with an upgrade. Use this report to identify hardware and software that may be defective, and receive instructions on how to remedy any defects.


IPv6 Profile

The IPv6 Profile report evaluates your network and tells you what actions you need to take to support IPv6-based network services. Use this report to see which devices are capable of supporting IPv6, which devices are capable of supporting IPv6 with recommended hardware and software upgrades, and which devices are not capable of supporting IPv6.


Medianet Profile

The Medianet™ pre-deploy assessment report helps you determine which network devices are capable of supporting multimedia services. Use this report to see which devices are capable of supporting multimedia, which devices are capable of supporting multimedia with recommended hardware and software upgrades, and which devices are not capable of supporting multimedia.


To use the connector, you must install the most current version of NCM (v7.4).  Then you can access these reports in two ways. First, the NCM connector will download a CSV version of these reports locally for you to use. Second, you can view these reports in your Cisco Smart Net Total care portal.


To download or to learn more about NCM and Cisco connector, visit this Web page. If you already own NCM, you can download the free connector from your customer portal.



On March 1, SolarWinds® Network Configuration Manager (NCM) was recognized for being the Best Policy/Risk Management Solution by SC Magazine for the fourth straight year. Other finalists for this years’ award included Bay Dynamics, TraceSecurity, Trustwave, and Venafi.


SC Magazine wrote, “Managing, monitoring, and auditing configuration policies on network devices are the top three reasons why IT pros select and use SolarWinds Network Configuration Manager.”


Risk management is a central element of IT governance for most organizations, even if they don’t have to comply with information privacy regulations. The purpose of IT risk management is to identify the business impact caused by the loss of IT services, and take measures to reasonably avoid or reduce this impact. Since the network is the very foundation for all IT services, and the function and suitability of the network is defined by the configurations for its constituent routers, switches, controllers, access control devices and more, then it makes sense to carefully manage, monitor, and audit these configurations. This is why NCM plays such a critical role in IT risk management and operations.


So how does NCM manage, monitor, and audit device configurations?  Here is a quick overview.




Device access  – Perhaps the first place to start is by removing ad hoc and remote access to devices. NCM lets you centrally manage device passwords, and even require configuration changes to be made using the change management features in NCM.


Backup and recover – Hardware failure and human error can break your network. Recover from these disasters quickly with the ability to schedule, back up, find, and restore device configurations.


User roles and permissions – Want to control who has access to network devices and what they can do? Use NCM user roles and permissions to determine who can access specific devices and what actions they can perform.


Configuration templates – Have a big network change looming, or need to standardize your configs? Use NCM configuration change templates. Change templates save you time making consistent changes across many devices by providing powerful device- and vendor-neutral automation using control logic and variable-based attributes stored in the device profile. 


Change approval – Want complete visibility on all changes? Use NCM workflow to review and approve changes before they can be applied.


Job scheduling – Want to control when changes are made? Use NCM scheduling to execute changes during maintenance windows.




Change detection – Want to know whenever any change is made and who made the change? Detect configuration changes in near real-time, and even take automated actions, like archiving a configuration, writing a changed configuration to flash memory, or issuing an alert.


Change analysis – Want to know exactly what changed? Compare two configurations side-by-side and see exactly where statements have been added or removed.




Policies – Want to help ensure your configs contain (or don’t contain) specific configuration statements? Use NCM policies to define what is expected (or forbidden) in a configuration. NCM delivers out-of-the-box policies for PCI, DISA STIG, FISMA, SOX, and HIPPA, or you can build or customize your own.


Audit – Want to help ensure configurations never drift from your standards? Automatically audit your configurations as frequently as you like using the policies you have selected to use.


Report – Need to know when a violation occurs? Use interactive reports to see violations organized by policy or device, and then interactively drill into the details.


Remediation – Correct violations fast with remediation scripts (defined as part of the policy), that right violations quickly and consistently. Scripts can be manually executed from within interactive audit reports, or automatically when a violation is detected.




Managing, monitoring, and auditing are just three ways NCM helps you protect your network configs and manage IT risk. To learn about the SC Magazine 2016 awards and other category winners, read this article.  To learn more about Network Configuration Manager, visit our product page. To learn how to write a NCM policy, read this thwack® post.


How you are using NCM to manage, monitor, and audit your network configs? Use the comments below to share your stories.

In the previous two posts, we talked about high level performance information and then we dove into the details around storage performance from the array, pool, and LUN/Volume detail. Now let's talk about thresholds and alerting. This is where we start making Storage Resource Monitor adapt to your environment, while also showing what performance information matters to you. 



Setting thresholds is a key step in making sure your data center runs efficiently. When you start SolarWinds® Storage Resource Monitor the first time, there are pre-set thresholds setup based on general best practices. For most situations this will work, however there are solutions that require something a little more specific. There are applications in your environment that require low latency and if any of them deviate from that it would cause major headaches. There are other applications that require a specific amount of IOPS and any dip will slow the business down and lead to your inbox being filled with not so nice requests for information. Having your thresholds set properly can help you avoid "fire drills." The "SRM Settings" section is where you can set global thresholds for key storage resources.

Thresholds can be set for IOPS, throughput, I/O size, Capacity, and latency (LUN & Volume specific).  In addition, some of these can be set by read, write, or total so you can even customize for applications that are heavy on read or heavy on write performance. 

Using global settings allows you to tailor monitoring for your data center, but, as you know, there are also applications that differ from the others that need special attention.  If that’s the case, Storage Resource Monitor has you covered. Under each details screen (array, pool, and LUN/Volume), you can adjust the thresholds for that specific resource. Pool 1 needs to maintain 500 IOPS and I need to know when it goes below it. You can set the threshold to warning when IOPS are less than or equal to 600 and critical when IOPS are less than or equal to 550. LUN 2 has to maintain latency of 50ms. You can set the threshold to warning when it hits 40ms and critical when it hits 50ms. The thresholds you set for the individual resources will translate to the summary screens we talked about before, so at-a-glance you can see if the required performance needs are being met.



So now you’re thinking, "thresholds are great, but if something happens when the custom thresholds are  reached I need to be alerted."  In addition to custom thresholds, setting custom alerts will make sure you know when something goes wrong quickly. Like before, the standard alerts in Storage Resource Monitor will get you going, however custom alerts help make sure you understand if all of your resources are performing as required. Creating custom alerts can be done for groups of resources with the same performance profile or for specific resources that have a very unique requirement.


You can set a single alert for a specific storage resource or set an alert for multiple resources that share a common performance profile. There is the ability to customize everything from a specific team to handle the alert, to setting that the condition has to exist for a period of time, and even the ability to set the alert to only be enable during a certain time of day to name a few. Setting a custom alert for a specific time helps avoid the unwanted alerting noise during expected downtime and/or planned degraded performance. 



By using thresholds and custom alerts, Storage Resource Monitor has you covered when monitoring storage performance for all your applications. Along with dashboards and storage resource details, you can easily stay ahead of your storage performance needs and track when more resources are needed.


What are some of your best practices around thresholds? What are the items you customize with alerts?

We have been working hard to bring another bulk of enhancements to the Network Configuration Manager (NCM) and NCM 7.5 Beta is available. We have been working on:

  • Additional F5 LTM & GTM Support (Including Binary Config Support)
  • Compliance Reports (security best practices) for various vendors
  • Usability Improvements


To get access to the Beta, you need to be a customer on active maintenance for NCM and sign up here.


You can discuss your experience in the NCM Beta Forum.


As an added incentive, Beta users who submit feedback will receive 2,000 Thwack points to buy swag at the Thwack Store.

Having a high-level view of storage performance is good for a quick overview or understanding of how things are operating.  In order to take your monitoring to the next level, having access to details is critical. In my previous post,  I reviewed storage dashboards and performance data points that SolarWinds Storage Resource Monitor provides.  Below I will cover performance monitoring at the array, storage pool, and LUN/Volume level.

The "Array Details" screen is usually the first stop when looking at your storage performance. This is a great starting point for when you want to get a look at the overall performance for a storage array. Having this information is ideal when you want to compare the expected performance of an array versus how the array is actually performing.  In addition, you can get an understanding of read/write performance ratios in relation to the overall performance.


The “Block Storage” and “File Storage” tabs allow you to quickly get into the underlying performance information for the device’s storage pools and LUNS/Volumes.  Each of these tabs will show you latency summaries and performance summaries for the individual resources.  At-a-glance, this will let you see if you have any latency issues at the LUN/Volume level and what your highest performing LUN/volumes are by IOPS, throughput, or latency.



"Storage Pool Details” provide storage administrators the ability to understand performance at a pool/RAID level.  Depending on how storage resources are assigned out to applications, this can provide the ability to understand performance for similar applications.  An example would be a VM farm is created for different instances of the same application.  Having the applications tied to the same pool of storage with different LUNs is ideal so that you have the same pattern of read/write ratio and not running into instances where different read/write ratios are involved.  This can cause application performance problems if the disk is having to store random data in one instance and then sequential the next.



























The "LUN & Volume Details" screen is where you can see performance at the lowest level.  This is where you can tie application performance directly to the assigned storage. In addition, this is where the power of Storage Resource Monitor really comes into play.  Not only can you see the individual LUN performance, you can also see it in relation to other LUNs in the same storage pool.  Did a LUN in the same pool spike performance?  Are all the LUNs in the same pool experiencing high latency?  These are a couple of questions the LUN Details screen can help answer.



As you can see, the more in-depth you go with Storage Resource Monitor, the more information and comparisons become available.  All of the information presented is critical to understanding your storage performance and how it affects your overall environment.  In my next post, I will cover thresholds & alerting and how with the right settings & planning you can make Storage Resource Monitor not just an important monitoring tool, but a critical one.


How have you used the details screens to monitor and troubleshoot your storage performance?

Managing storage is a constant dance of making sure resources are available for the applications that need them, and making sure resources are constantly in use, because having wasted resources in addition to no resources can be problem. SolarWinds® Storage Resource Monitor helps make this dance a little less complicated. Over the next few posts I am not only going to show different parts of Storage Resource Monitor in relation to storage performance, but also how each of these parts can give you the information you need to monitor your environment and maximize one of your largest IT investments.


To start, we will address some basic information regarding storage performance and how Storage Resource Monitor presents the data. Based on customer feedback, one of the best things about SRM is that users are able to quickly view and understand their storage performance problems. Below, I will show you what initial performance information SRM provides, and ways to interpret the data. Depending on your environment, there will always be different ways to interpret performance data, so your mileage will vary.


Here we have part of the SRM Summary screen. In one simple view you get a list of storage devices being monitored, alerts, events, and performance and capacity summaries. The All Storage Objects widget will not only show you all the storage devices, but also point to devices that are having problems using easy-to-see green, yellow, and red notifications. To get to the exact cause, you can drill down into the array date until you get to the specific storage resource with the problem. A faster way to recognize performance problems is with either All Active Alerts or Storage Objects by Performance Risk.



The Storage Objects by Performance Risk will give you a summary of performance problems based and sorted by latency. Like most things, high latency is not an ideal situation. However, the definition of "high" varies by environment and application. In addition to latency, IOPS and throughput are shown, and you can tailor the thresholds for the resources to be more specific to your requirements. Using this allows you to select your top performance problems by latency at the main screen without any digging. 



In addition to the performance information on the SRM Summary screen, the Performance Dashboard lets you see additional performance data points. It includes the performance objects by risk and information for LUNs by Performance and NAS Volumes by Performance. Any of these sections will allow you to instantly dig into the specific storage resource that is experiencing performance problems.



This data allows you to instantly address performance problems. To see overall performance at the array and/or storage pool level, SRM gives you access to that data in a mere one or two clicks.  For array-specific performance information, select an array in the All Storage Objects section and the Array Details screen will show detailed information for that array. Clicking once more in the All Storage Objects section will show the storage pools and allow you to select the Storage Pool Details screen for each pool. Going even lower will show all the LUNs assigned to each pool.  Selecting a LUN will bring up the LUN Details screen.   Each of these screens will present specific performance information as it relates to that storage resource.


Array Details


Storage Pool Details


LUN Details


Now, what do these high-level performance views do for the end-user? Right from the start, you can instantly discover, identify, and start troubleshooting performance problems. The goal is that the critical problems are up front, and the need to check each storage device one by one for problems is eliminated. In addition, having the ability to customize the dashboards and information is critical to tailoring the monitoring to your needs.


My next post will cover the three specific layers we use to help you monitor your storage performance: array, storage pool, and LUN/volume.


I would love to hear your feedback about how SRM has helped you monitor your storage performance. Please leave comments and questions below.

I am excited to announce that Server & Application Monitor (SAM) 6.3 Beta 3 is now available . The team at Solarwinds has been hard at work at producing the next release of SAM with some great new features that continue from the SAM 6.3 Beta 1.  The Beta is open to SAM customers currently on active maintenance.  The beta is the best opportunity to provide feedback and have direct input which can affect this release and improve the usability of SAM.  We encourage all to sign-up and kick the tires.  Just as in beta 1 your feedback might just earn you some much deserved Thwack points that can be redeemed for some cool SolarWinds SWAG!


The SAM 6.3 Beta 2 includes some of the features mentioned in the Server & Application Monitor - What we're working on beyond SAM 6.2 post. Don't forget to signup for the Beta and provide your feedback in the Server & Applications Monitor Beta forum!!


Beta 2 Button.png

NCM Compliance reporting isn’t just for security auditors!  Use it to ensure network devices are compliant with your operational standards and controls.


As a busy network engineer, are you always looking for cool skill hacks to help you work smarter? Well if so, here is new one for youcompliance reporting.  That’s right, NCM compliance reporting.  Compliance is an incredibly powerful tool that helps you ensure all network devices are compliant with your operational standards and controls.


Consider this example, a network engineer queues all planned network changes into a quarterly update and pushes the changes out using a versioned config.  After the push, he audits his configs using the NCM audit feature to make sure all devices are running the right config. By auditing configs for a specific version, he knows if a device is missed, or if a config has been rolled back to a prior version. If you’re looking for other practical uses, consider the following: Make sure public SNMP community strings are never enabled, password changes are synchronized, or you have required QoS settings needed for VoIP.  The NCM Compliance feature isn’t just for security auditors!


To show you how simple this is, let’s step through it together.  But first a little context.  When enabled, NCM Compliance Reports automatically run when the config backup job has completed.  At which time NCM will scour through your configs looking for violations as defined in Compliance Rules.  Compliance Rule use pattern matching to identify configuration commands which should be included in, or excluded from, your config files.  If a rule match is found, then a violation is recorded. In addition, a Compliance Rules also includes an optional remediation script.  A remediation script can be executed automatically or manually against each identified violation.  Compliance Rules are grouped and organized into Policies. A Policy is a container for rules and associated: 1) with one or more devices to audit and 2) a Compliance Report through which violations are reported.  From this quick overview, it should be easy to see how Compliance Auditing is a powerful tool to help you keep your network in sync with required regulatory and operational standards and controls.  Now let’s build a simple compliance report.  We will start with building the Compliance rule, associate with a policy and then associate the policy with a report.  For our example, we want to make sure we never have any devices that allow the use of public SNMP community strings.



1: Create Audit Rules


Follow along with these steps:

  1. Log in to the Orion® Web console website as an administrator.
  2. Click CONFIGS > Compliance.
  3. Click Manage Policy Reports.





  1. Select Manage Rules, and click Add New Rule.





  1. Enter a name for your new rule.
  2. Add a description, if needed.
  3. Click the alert level to associate with this rule.
  4. If you want to assign this rule to a folder, enter a name in New folder name. Otherwise, select an existing folder from Save in folder.
  5. Click the type of alert trigger to associate with this alert.
  6. If you want to search the device config for a simple string, click the appropriate option in String Type and enter text in the box. (Note: in this example we will build a remediation script and not use the testing tools.)
  7. Click Submit to save



Revised SNMP Rules1.png



2: Create an Audit Policy


Follow along with these steps:


  1. Click Manage Policies and Add New Policy.





  1. Enter a name for your new Policy.
  2. Enter a Policy description.
  3. Specify where to save the Policy
  4. Select nodes to use with this Policy (default is all nodes).
  5. From the list, select the type of configuration you want to search with this Policy.
  6. Select and add Rules to associate with this Policy.
  7. Click Submit to save and exit.





3: Create an Audit Report


Follow along with these steps:


  1. Click Manage Reports and then Add New Report.




  1. Enter a name for your new report.
  2. Enter a description of the report.
  3. If you want to assign this report to a folder, enter a name in New folder name or select an existing folder from the Save in folder list.
  4. If you want to also display rules without violations, select Show rules without violation.
  5. Select the policy created from our previous task and associate it with this Report.
  6. Click Submit to save and exit.




By default, your report is now enabled.




The next time NCM archives your device configs, this report will automatically run and you will see any violations from the NCM summary screen using the Policy Violations resource.





Are you a Network Control Freak?


Are a Network Control Freak? Try compliance auditing on your network and enter to win a SolarWinds Certified Network Control Freak swag-packClick here for contest rules and to enter.  Then simply take a screen-shot of a policy rule you create using this tutorial and submit it to here to win.  If you create something awesome, be sure to share it on thwack!

We have been working hard to bring another bulk of enhancements to the Storage Resource Monitor (SRM). SRM 6.3 Beta 1 contains the following improvements:

  • Support for Pure Storage arrays
  • Support for EMC XtremIO arrays


To get access to the beta, you need to be a customer on active maintenance for SRM and sign up here.


As an added incentive, beta users who submit feedback will receive 2,000 Thwack points to buy swag at the Thwack Store.

A SIEM tool is not a vacuum cleaner; you can’t just turn it on and have it siphon up all your log information, and bag it up nicely for you to later dump with out getting your hands dirty. A SIEM requires hands on work, and careful consideration of your particular environment. What may be perfectly normal in your environment may very well be a red flag for another environment. Many times companies will buy a SIEM to simply "check off the box" of some compliance requirement without ever seeing if the solution will work for them.


SIEM vendors, including Solarwinds, have worked diligently to make the out of the box experience with SIEM more “vacuum-esque”, with easier configuration tools, and out of the box rules, alerts and reports. Unfortunately there is no one-size-fits-all approach a vendor can take to apply to all industries and businesses.


With all that being said I would encourage the following: Know your network, spend time with it (many of you already do). Then spend time and effort configuring your SIEM for your network and your needs. In the end it will be a much more fulfilling experience. After all, what is the point of a tool if it isn’t used properly?

To check out the most up-to-date information regarding What We're Working on, please visit the LEM Product Roadmap page.


Be sure to let us know in the Log & Event Manager Feature Requests forum, if there are features you're really keen on. This list doesn't enumerate a lot of the features we're looking into for long term development and further releases, but we continually use Thwack as our biggest source of feedback.

We are busily working on the next release and among many things we are looking at, there is Checkpoint R77 and PCI 3.0 support!


If you would like to influence this feature and Firewall Security Manager in general and if you are interested in these particular feature, please reach out to me as soon as possible!


Sign up for the beta here: FSM Beta Survey


Please note this beta is open to current customers with active maintenance on Firewall Security Manager and is NOT suitable for production environment and you need a separate test system.

This Beta is focused on small, but high quality feedback and you will be rewarded by crazy number of Thwack points!   First come, first served!


After you sign up and confirm Beta agreement, I will contact you shortly.

New NCM utility helps you quickly find vulnerable, obsolete, and unsupported hardware on your network


The care and feeding of your network involves more than managing configuration changes. To keep devices healthy and end-users happy, you must tend to a list of important things that usually get put off because you are just too busy. Let’s take a look at that list now and discuss why it’s so important.


Device failure

Network devices fail for a number of reasons, including human error and hardware and software defects. Many times, there are warranty fixes and technical workarounds, but determining whether you have a defective device isn’t exactly easy. Do you have a reliable way to identify defective devices in your network?

Out-of-support devices

Paying for support is like buying insurance. You don’t want to spend too much for it, but when you need it, you’re glad it’s there. So when devices are mistakenly excluded from support agreements, or you pay for a device that has been taken out of service, you have the problem of either not having sufficient coverage or paying too much for the support you have.  Are you over insured or under covered? How do you know?

Device vulnerabilities

Security is a never-ending cat-and-mouse game. When the bad guys find a vulnerability to exploit, you need to address it, and fast. If you don’t know about the vulnerabilities on your network, you can’t do anything about them.  Do you know what vulnerabilities are lurking in your network?

Device end-of-Life

Devices that have reached obsolescence are a particular problem because they are no longer supported. This means no technical support, no alerts or notifications, no engineering defect or security fixes. Once a device goes EoL, it’s a ticking time bomb. In this case it’s no longer a matter of if, but when they can be replaced with the least amount of disruption. Do you have the foresight, budget, plans and other preparations needed to make a smooth transition? 

Network evolution

Chances are the network you manage now is not the same network you built five years ago. Devices you installed and configured even a year ago may not have the capability to handle the new services your organization now demands.  Which devices can support the change?  Which devices require an upgrade?  Which devices are just too old?  What new devices should replace obsolete devices?  When the boss comes asking, will you have the answers?

The problem

The problem here is two-fold. First, we need to know about potential problems with our devices. Second, we need to know who these problems affect. Vendors publish notices on things like warranty-covered defects, security alerts, and obsolescence, so it’s important that you have a convenient way to receive and review such notices. This can be difficult because you have to have an understanding of your devices, whether they are in use, their number, which version they are, and how they are configured. Due to the tediousness, many network engineers and admins reluctantly admit that it’s a difficult situation to manage.

The solution

Luckily, there is a solution. SolarWinds and Cisco® have worked together to offer a network health check. This health check can tell you quickly and easily whether you have unsupported, defective, vulnerable, or obsolete devices in your network. This health check utilizes SolarWinds® Network Configuration Manager and Cisco SmartAdvisor reports.


SolarWinds NCM knows a lot about your network, including which devices are in use, their model numbers, hardware and software revisions, and how they’re configured. A free connector we developed delivers this information to Cisco, where your network data is expertly analyzed and returned to you in the form of six insightful SmartAdvisor reports. Using your Cisco CCOID and SmartNet subscription, you can access these reports conveniently and as often as you like. By conducting this network health check regularly, you can receive important information about problems that exist on your network before they have a chance to negatively impact end-users.

To learn more about this powerful network health check, visit If you already use SolarWinds NCM, you can download the free connector by visiting the SolarWinds Customer Portal.

SolarWinds Server Health Monitor Quick Reference Guide

The SolarWinds® Server Health Monitor (SHM) is a free diagnostic tool that provides basic-level health status server monitoring for up to five servers in a corporate enterprise. You can download it from SolarWinds pages here.

Using Simple Network Management Protocol (SNMP), Windows Management Instrumentation (WMI), and Common Information Model (CIM) calls to your network frameworks and application servers, the tool polls the basic system components in each configured server (such as the power supply, temperature, and fan) and displays a server health overview of all monitored servers in the Dashboard tab. The tool is supported on selected VMware® hypervisors and Dell™, HP®, and IBM® servers.

If you need expert-level health status server monitoring for over 200 applications and 1000 servers in a corporate enterprise, see the SolarWinds Server and Application Monitor.



Installation requirements




Operating system

Microsoft® Windows® 7

Windows 8

Windows 10

Windows Server® 2008 R2  Windows Server 2012 R2

System details

Processor: 2 GHz


Disk Space: 100 MB

.Net: 4.0


Systems supported for monitoring





Dell PowerEdge™ HP ProLiant™

IBM eServer™ xSeries

Blade enclosures

Dell PowerEdge M1000e Blade Enclosure HP BladeSystem c3000 Enclosure

HP BladeSystem c7000 Enclosure


VMware vSphere® ESX Hypervisor  VMware vSphere ESXi™ Hypervisor


Hardware monitoring agent software

Each computer hardware vendor installs hardware monitoring agent software on their systems, which includes a Web server that operates on a unique port.

Remote servers include the hardware monitoring agent software for both SNMP and WMI.

Note: The blade enclosures do not use hardware monitoring agent software.

To ensure that the hardware monitoring agent software is installed on your system, open a Web browser and navigate to the following URL:


where remote_ip_address is the remote server IP address and Port is one of the following ports:


HP: 2381

Dell: 1311

IBM: 423


Install the tool


  1. Download and install the SolarWinds Server Monitor from the SolarWinds Free Tools website.
  2. Double-click the installer icon. The SolarWinds Server Health Monitor Setup Wizard appears.
  3. Click Next.
  4. Follow the prompts on your screen to complete the installation.


Add your monitored servers


  1. Click the Configure tab. The Configure Tab screen appears.
  2. Click  . The Server and Credentials box appears.
  3. In the top field, enter the IP address or host name of the server you want to monitor.
  4. Click the drop-down menu and select the method used to poll the server and gather health monitor details.
  • You can poll the following servers using SNMPv2 or SNMPv3.
    • Dell PowerEdge servers
    • HP ProLiant servers
    • Note: Array and Battery information requires WMI polling.


  • You can poll the following servers using WMI:
    • Dell PowerEdge M1000e Blade Enclosure
    • HP BladeSystem c3000 and c7000 Enclosures
    • HP ProLiant servers
    • IBM eServer xSeries


  • You can poll the following hypervisors with no required polling setup:
    • VMware vSphere ESX
    • VMware vSphere ESXi
    • These hypervisors use the CIM protocol that should be enabled by default after you install the ESX or ESXi hosts.

Configure polling using SNMPv2


  1. Ensure that SNMP is enabled on the monitored server. See your server or VMware documentation for information about configuring SNMP.
  2. Click the drop-down menu and select SNMPv2.
  3. In the Community String field, enter your SNMP credentials.
  4. Click . The monitored server connection is configured, and the tool automatically polls the server for server health data. The polling process may require several minutes to gather the server data.

Configure polling using SNMPv3


  1. Ensure that SNMP is enabled on the monitored server. See your server or VMware documentation for information about configuring SNMP.
  2. Click the drop-down menu and select SNMPv3. The Server and Credentials box appears.
  3. In the Username field, enter the IP address or user name of the server you want to monitor.
  4. In the Context field, enter your SNMP credentials.
  5. In the first drop-down menu, select an encryption algorithm for the polling connection. MD5 (Message Digest) provides a 128-bit hash algorithm. SHA1 (Secure Hash Algorithm) provides a 160-bit hash algorithm.
  6. Click the second drop-down menu and select an encryption cipher for the polling connection.
  7. In the Password field, enter an authentication password.
  8. Select the Password is a key check box to select the algorithm of the encryption. Note: If you select this check box, leave the Context field blank.
  9. Click . The monitored server connection is configured, and the tool automatically polls the server for server health data. The polling process requires one to two minutes.

Configure polling using WMI


  1. Ensure that WMI is enabled on the monitored server. See your server or VMware documentation for information about configuring WMI.
  2. Click the drop-down menu and select WMI. The Servers and Credentials box appears.
  3. In the Username and Password fields, enter your WMI user name and password.
  4. Click . The monitored server connection is configured.



View your server health

When you click the Dashboard tab, the tool polls the monitored servers and displays a health status overview of all servers. The overview includes a pie chart, node count, and summary information of all monitored servers.

The polling process requires up to two minutes to complete, depending on your network configuration. During the polling process, Processing appears at the bottom of the window.

The Node Count lists the number of monitored nodes and the corresponding status. The Summary lists all monitored servers and their corresponding status.

The following table provides descriptions of each status.







All monitored components are functioning properly.


One or more components are in working condition, but a failure may exist.


One or more components failed, requiring imme- diate attention.


One or more components have a status that the tool cannot recognize.


View server details

When you click an IP address (or host name) in the Dashboard tab, the Server Details window appears. This window displays the IP address (or host name), current health status, and additional information about the selected server.


The Current Server Health section lists the sensors polled by the tool. Maximize a sensor name to view the status and corresponding value. The server and current health details listed in the window may vary for each server.

To return to the Dashboard tab, click Back to Summary.

Update the polling interval

The Update Polling Interval setting in the Configure tab allows you to select the time interval (between 5-60 minutes) when the tool polls the monitored servers for health status information.




View additional resources

The Resources tab provides links to resources for managing your corporate enterprise.


Troubleshoot error messages

The following table lists error messages that may appear after you configure your devices in the Configure tab.




Error Message

Description and Resolution

Unable to resolve the host name. Please use the IP address

The host name is spelled incorrectly or DNS could not resolve the host name to an IP address.

To resolve this issue, ensure that:


  • The host name in the Configure tab is correct.
  • The DNS server is configured properly with corresponding host name and IP addresses.
  • The IP address is entered in the correct format.

An unknown error occurred.

The tool experienced an issue with monitoring the targeted server.

To resolve this issue:


  1. Open the %ALLUSERPROFILE% directory.
  2. Navigate to the following directory: SolarWinds\ServerHealthMonitor
  3. In the directory, locate the followin file. ServerHealthMonitor.log
  4. Open the file in a text editor (such as Notepad) and search for an error (for example, a disabled WMI service).

Not a supported server type. For a list of sup- ported server types, see Help for details.

The targeted device is not supported by this tool.

See Hardware requirements for a list of supported servers, blade enclosures, and hypervisors.

Different polling method required.

The tool could not poll the device based on the selected polling method specified in the Configure tab.

To resolve this issue, select a different polling method that is appropriate for the targeted device.

The user credentials are wrong.

The user does not have remote access to the computer through a DCOM

The tool does not have Distributed Component Object Model (DCOM) permissions to access the targeted Windows server. WMI uses the DCOM protocol to communicate directly over a network with Windows-enabled servers.

To resolve this issue, ensure that:


  • The server credentials are entered correctly in the Configure tab.
  • DCOM is enabled on the targeted server.

See the Microsoft TechNet website for information about enabling and disabling DCOM on servers running Windows Server 2008 R2 and Windows 2012 R2 operating systems.

The computer really doesn't exist.

The Windows Firewall is blocking the connection.

To resolve this issue, ensure that:


  • The targeted server is running and connected to the network.
  • The Windows Firewall is deactivated on the targeted server.

Polling of chassis (CIM_Chassis class) failed. Unable to estab- lish session with all provided credentials.

The VMware credentials are incorrect.

To resolve this issue, ensure that the VMware server credentials in the Configure tab are correct.

Polling of chassis (CIM_Chassis class) failed. Unable to con- nect to the remote server.

The selected polling method is not supported on the targeted server.

To resolve this issue, ensure that the selected polling method in the Configure tab is correct. If the

issue still exists, change the polling type method and poll the server.

Unable to find the server type. Could be due to incorrect cre- dentials or the server type is not supported.

The credentials in the Configuration tab are incorrect or the server type is not supported.

To resolve this issue, ensure that:

  • The server credentials in the Configure tab are
  • The server is listed in the hardware requirements as a supported server.






Copyright © 2015 SolarWinds Worldwide, LLC. All rights reserved worldwide.

No part of this document may be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the written consent of SolarWinds. All right, title, and interest in and to the software and documentation are and shall remain the exclusive property of SolarWinds and its respective licensors.



other SolarWinds marks, identified on the SolarWinds website, as updated from SolarWinds from time to time and incorporated herein, are registered with the U.S. Patent and Trademark Office and may be registered or pending registration in other countries. All other SolarWinds trademarks may be common law marks or registered or pending registration in the United States or in other countries. All other trademarks or registered trademarks contained and/or mentioned herein are used for identification purposes only and may be trademarks or registered trademarks of their respective companies. Microsoft®, Windows®, and SQL Server® are registered trademarks of Microsoft Corporation in the United States and/or other countries.

Understanding network bandwidth content is one of the essentials for each IT admin who needs to ensure the business traffic has always the priority over someones private Youtube streaming during a lunch break. SolarWinds Network Traffic Analyzer has been used many years for its ability to finger point at IP address which was behind suspicious high-volume data transfer. NTA historically used widely used port-based application detection known as NetFlow (used in protocols NetFlow v5, v9, IPFIX, sFlow, jFlow, Huawei Netstream).


As many of you know, port-based application detection works effectively if each application you care about communicates via its own, specific, port (SNMP, SQL, DNS, etc.). As a natural reaction to block unwanted traffic you may create firewall rules and allow specific ports only. This works unless the owner of the application change its protocol to HTTP or even better HTTPs and port-based categorization is not as useful anymore (as firewall rules based on ports only). Most of the traffic will look like "WEB" or "Encrypted".

At the end of a day, it's still better than knowing nothing but it leads to the further inspection by using firewalls and logs or user browsing history or Wireshark hunt.


But we all would like to have better visibility into the corporate network traffic and understand if business traffic or video call is not negatively impacted by somebody's web browsing or media streaming. Many network-gear vendors are aware of that problem with "tunneling" over ports 80 or 443 to various cloud storage apps, SaaS or social networks. Cisco, Citrix or PaloAlto introduced "Application Flows" known as NBAR2, Citrix AppFlow and Palo Alto App-ID in IPFIX. All these names have one common element - advanced application classification technique using application signatures database and deep packet inspection. This is all done directly within your network gear (Routers, some L3 switches, firewalls and Wireless Controllers).


The advantage of "AppFlow" technology is obvious. It gives you better application classification even though applications are using the same port (for example port 80). It gives you visibility (even though limited) into encrypted traffic (port 443) and it gives you that without need of additional probes, spanning ports and other complicated things. Palo Alto, Cisco and Citrix keep their application signature databases up to date and usually offer new device updates every month as a classic software update for your gear. As example look at this page NBAR2 (Next Generation NBAR) Protocol Pack FAQ - Cisco which list NBAR2 supported devices and also typical Protocol Pack update time-lines.


Many of you already have Cisco ASR 1000 or ISR-G2 devices and if you haven't, you can use SolarWinds NTA (beta) now and get better application visibility of your bandwidth. NTA 4.2 beta brings support for Cisco NBAR2 as a first (but not last) implementation of Application Flow information. NTA still uses flow-based technology to read app-flow and is quite easy to enable NBAR2 on your devices and let NTA to tell you who deals to much with Youtube over SSL, Google cloud application or torrents.


I know you're interested to try this out and takes you just few steps:


1) Enable NBAR2 as part of Flexible NetFlow (if you haven't yet)


flow record SolarwindsNetflow

match ipv4 tos

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

collect transport tcp flags

collect interface input

collect counter bytes long

collect counter packets long

collect timestamp sys-uptime first

collect timestamp sys-uptime last

collect application name


flow exporter SolarwindsNetflow


source GigabitEthernet0/1

transport udp 2055

template data timeout 60

option application-table timeout 60

option application-attributes timeout 300


flow monitor SolarwindsNetflow

exporter SolarwindsNetflow

cache timeout active 60

record SolarwindsNetflow

2) Configure the interface from where you want to monitor Netflow (with NBAR2) - this part is the same as you do when configuring classical port-based NetFlow (in my example GigabitEthernet 0/0/1)


interface GigabitEtherent 0/0/1

ip flow monitor SolarwindsNetflow input

ip flow monitor SolarwindsNetflow output


3) Check NBAR2 support & configuration by runing  "show ip nbar version" command


You should get output similar to this:

NBAR software version:  20

NBAR minimum backward compatible version:  20


Loaded Protocol Pack(s):


Name:                            Advanced Protocol Pack

Version:                         14.0

Publisher:                       Cisco Systems Inc.

NBAR Engine Version:     20

Creation Time:                 Wed Mar 25 13:17:24 UTC 2015

File:                                flash0:pp-adv-isrg2-154-3.M2-20-14.0.0.pack

State:                             Active



4) Subscribe to NTA 4.2 Beta program (available for those who have NTA commercial license)



5) Install NTA Beta on the non-production server and add NetFlow source Node into NTA (same process as you adding classical NetFlow source).


Once you start getting the data in NTA you will see a switch in a top right hand corner on a summary page in the "Top 5 Applications" resource. Use it to select between NetFlow - port based and NBAR2 - AppFlow data view. This switch is available everywhere in NTA for the charts which show some application classification. NBAR2 is automatically detected and if device doesn't support NBAR2 you'll be not able to use that switch.


Let's demonstrate the added value of App-Flow NBAR2 comparing classical NetFlow v5 and NBAR2 data classification for the situation where some IP address watch Youtube over SSL:


NBAR2NetFlow v5


I would very happy if you - SolarWinds users - can try this beta and help me to collect feedback on two main questions:


1) What version of your protocol pack you have on your devices (step #3 from the list above)

2) Does NBAR2 in NTA helps you to see better data than the current port-based flow?


As always, I appreciate all your effort and enthusiasm you spent with this Beta version of NTA. I'd like to hear to any other comments and feature request you may have around this theme such as reports, alerts, etc.


We do not want to end support with NBAR2 on ASR or G2 devices, but also working on WLC support and to the future Citrix and PaloAlto AppFlows. If you have other app-flow capable device, let us know.



Filter Blog

By date:
By tag: