Skip navigation
1 2 Previous Next

Whiteboard

20 Posts authored by: jkuvlesk Employee

I recently read a TechTarget article by Stephen Bigelow – “Look beyond APM to unified performance monitoring.”  In this article, Mr. Bigelow explains that traditional performance monitoring tools miss the market because tools often serve one or two silos in the organization.  As a result, businesses rely on multiple tools to monitor for performance issues across multiple silos (application, storage, virtualization, server, etc.). 

 

 

Often it is more the failure of the IT organization that creates tool sprawl than the tool vendors not providing unified performance monitoring.  If there is not a dedicated monitoring team across the organization, defining monitoring objectives (and tools) falls to individual admins.  This is evidenced by the fact that you will see multiple implementations of a single tool in one company.  Without a dedicated monitoring team, there is a lack of knowledge to understand what tools are already owned by the company and how they can be used. 

 

 

A dedicated monitoring team also provides the big picture view into how a service should be monitored to mitigate gaps in visibility – from the hardware to the app to the storage and database and everything in between.  Often, dedicated monitoring teams will decide to standardize on a suite of monitoring tools because the suite shares a common UI, alerting mechanism, database, naming conventions, etc..  When there is a gap in functionality, then the team will look for another tool to fill that gap. 

 

 

There are suites of tools that offer performance monitoring for multiple silos on the market today.  However, many of these traditional suites don’t provide the contextual visibility into how the entire app stack is performing because these tools are generally written by different development teams who are focused on a particular silo (storage, virt, etc.). 

 

 

Today, there are many new vendors that develop performance monitoring tools that provide capabilities for the SME they are serving, but also consider the application’s perspective.  Some examples of this approach include application aware network performance monitoring (for the network admin), transaction tracing  (for developers or application admins), application aware database performance analysis (for DBAs and devs), and app aware infrastructure performance monitoring (for IT Operations or system administrators). For instance, app aware database performance analysis allows you to filter response time for a particular application, and then see the top queries and waits (wait types / wait events) for that specific program. App aware infrastructure performance monitoring helped one customer diagnose a perceived application performance issue to find that it was actually a storage I/O spike caused by a daily backup procedure. 

 

 

Monitoring vendors are getting better at bridging the gap between monitoring silos with contextual linkages, but it is still up to the IT organization to make a conscious decision to minimize tool sprawl.

 

 

Join the conversation on tool sprawl here, or learn more about how SolarWinds’ approach to application aware unified performance monitoring.

Of the organizations surveyed (in the SolarWinds Email Management Survey, March 2014), over 80% are using Microsoft Exchange for their corporate email.  17% of the companies using Exchange have started moving to the cloud and are also using Office 365.  For organizations that have not or have no plans to move to the cloud, there are significant resources devoted to managing this application.  SolarWinds listened to our customers and built a solution to help admins improve Exchange uptime while reducing time to manage Exchange performance.  The latest release of Server & Application Monitor, v6.1, provides the following capabilities for Exchange 2010 & 2013 environments.

 

  • Consolidated visibility to historical mailbox database usage (all copies), regardless of multiple DAG transitions
  • Replication status checks
  • Quick views of dormant mailboxes and top mailbox offenders and drill into individual Exchange user mailbox details for troubleshooting
  • Real-time view of logs, processes, services
  • Monitor the end-user experience to discover patterns that might lead to poor service with round trip tests (MAPI, etc.).
  • Proactive alerting for related applications to include Lync®, ActiveSync® connectivity, and Active Directory® performance.
  • Server hardware health & virtual server performance for multiple vendors
  • Agentless – quick time to deploy and maintain

 

The benefits of having a single view of Exchange performance include:

  1. Better customer satisfaction.  When the help desk is informed of problems in the application, they can better respond to end users and say, “yes, the problem is in XYZ component and we are working to resolve the problem now.”  Help desk admins can also more quickly assist end users because they have all the relevant information at their fingertips to assist end users in reducing their mailbox size (# of attachments, size of attachments, synced devices, sent/received mail).
  2. Faster time to resolve messaging issues.  I spoke to a lot of Exchange admins last week at MEC.  Many were not only responsible for Exchange, but for related applications like Active Directory, Lync, and Active Sync.  About one-third of admins we spoke to said their Exchange environment was virtualized, so it was important to understand VM performance too.  Most of these admins were using PowerShell scripts to identify and troubleshoot performance issues.  This feedback was in line with our Email Management Survey which revealed admins commonly use multiple tools to manage email to include logs, Windows task manager, WMI and EMC/EMS with PowerShell.

 

In speaking with some of our customers, they expect to reduce time managing Exchange by 50% with these new features of Server & Application Monitor.  I encourage you to try it out for yourself!

Email is an application that is vital to business operations.  It’s been around a while and it’s not going away.  Despite email being one of the most important applications in the enterprise, there has been little innovation (with the exceptions of DAGs and SaaS/hosted solutions) to improve the efficiency and effectiveness of email availability—even as factors contributing to email management complexity have increased.

 

 

Is email really that hard to manage?

SolarWinds conducted an Email Management Survey (ending in March 2014) of 162 US and Canadian IT professionals with email management responsibilities.  The survey found that on average, 46% of companies have more than 2 FTEs (full time equivalents) dedicated to managing email.  In organizations with greater than 5,000 mailboxes, 49% employ 6 or more FTEs to manage email.  In addition, the survey found that 53% of time spent managing email is related to monitoring the email application.  For large organizations, that is a lot of people devoted to identifying and responding to problems related to a single process.  Financially speaking, 3 or more FTEs translates from a few to several hundred thousand dollars a year that could be spent on other IT projects that focus on the company’s competitive advantage.

 

Why is email so hard to manage?

Managing email is complex for several reasons. For example,  according to the survey, the prevalence of smart devices has increased the load on email services.  Respondents also believe that BYOx and mobility initiatives (like telecommuters) contribute to the complexity of email management.

 

In addition, administrators are more often using multiple tools to manage email applications. The survey revealed that 53% of respondents use 3 or more tools to manage email.  Many of these tools require scripting and assimilation of outputs into meaningful views using spreadsheets or PowerPoint charts. 

 

What are companies doing to reduce email management complexity?

SaaS providers and application hosting providers are attractive alternatives to on-premise application environments because cloud providers take on and hide much of the complexity. Today, the majority of organizations surveyed (74%) have not transitioned to cloud technology. However, 37% of respondents believe that within 3 years, their organization will transition to a SaaS-based application, and another 22% believe their company will make the move in the next 5 years.

 

1404_SWI_Email_Survey Infographic.jpg

Click here to download a PDF of this infographic.

 

What can organizations do in the meantime to reduce the amount of time and money spent managing email?

 

Check out the SolarWinds Email Management Survey presentation on slideshare.

I recently came across this review of System Center Operations Manger 2012 by Scott Hill.  Scott, like many, has a new enterprise license of System Center, which now bundles many previously sold stand-alone components like System Center Operations Manager (SCOM).  Since SCOM is now a “free” software monitoring tool, IT administrators over the globe are being strongly encouraged to use it.

 

For many organizations, System Center is a good systems management suite that provides comprehensive functionality from monitoring to configuration management to update management and virtual machine management.  However, while System Center provides the breadth of capabilities many IT shop needs, the depth of capability may not be to the level that an organization may require.

 

As Scott points out in his post, to monitor everything offered by Microsoft, you need to plug in management packs.  Unfortunately, management packs do not always offer the best guidance on why alerts fire, and one may have to resort to a Google search to see potential causes of the problem (often attributes that a monitoring tool should have identified).

 

To get the most out of your now-free tool (SCOM), SolarWinds offers a great product at very affordable price, SolarWinds Server & Application Monitor, that can be easily deployed alongside your SCOM environment in order to gain more visibility.  Server & Application Monitor provides out-of-the-box templates for nearly 150 Microsoft and non-Microsoft applications.  The benefits of this native support is:

 

• You don’t need to seek out multiple Management Packs from multiple vendors

• Each application template provides expert advice on metrics that should be monitored for each application.  For example, the Microsoft Exchange template monitors RPC latency (among many other metrics), and the tool provides guidance on what is good or bad performance for that threshold (should be less than 100ms at all times), which is reflected in the out-of-the-box thresholds.

• The time savings is incredible for creating custom application monitors – it literally takes minutes with SolarWinds Wizard driven approach.

• You can send alerts to specific groups or people via SMS or email.

• And Server & Application Monitor can also integrate alerts, via a Management Pack, so you have all your alerts in one place – your SCOM console.

 

Since this product can typically be deployed in less than an hour it is easy to see the value, and when I say value, that is evident in the price tag.  Try it for yourself in your own environment – free for 30 days.

Jennifer


I recently came upon an article by Art Whittmann, “What’s killing APM?”  The gist of the article is that APM is not thought of as a “must have” technology because APM is too expensive and APM solutions don’t keep up with new application vendor releases and new dynamic trends like cloud and virtualization.  Only 42% of organizations feel that APM is critically important.

 

That’s not surprising data.  Many APM vendors have many fancy features that are very expensive and difficult to deploy.  The reason for this is that legacy application performance management vendors are engineering driven and focus a greater portion of their development budget on the next big thing, or a feature responding to a VIP customer rather than spending efforts on easy-to-use software that solves problems customers are having today.

 

SolarWinds does not market itself as an APM vendor because we don’t develop hard to use features that only 20% of the market needs, and we don’t want to be in that kind of company.  That’s why you will likely never see us on Gartner’s APM Magic Quadrant.  SolarWinds does market some of the capabilities in the broad Application Performance Management space to include server monitoring and application monitoring tools.  This is where 80% of the users have a need – for tools that will quickly and easily monitor availability and performance of servers and applications.

 

What is different about our approach is that we have built our tools with ease of use in mind, both from the perspective of the customer and the developer.  For example, monitoring is agentless to reduce the time it takes to deploy and update the software.  Unlike the APM solutions Mr. Whittmann describes ("Because the nature of app life cycles has changed so profoundly, APM as a third-party product has outlived its usefulness for most environments"), SolarWinds is able to update and introduce 10 to 20 new application templates in each release (2 releases per year).

 

As an alternative to APM solutions, Art suggests that “service component deployments with their own self-health reporting capability should be preferred.”  That is indeed a step backwards and would cause a lot of wasted time and aggravation on the part of the user.  A typical system administrator is required to monitor servers, virtual machines, applications, network devices, and so on.  These elements are sourced from multiple vendors for each category.  If the sysadmin was required to view UIs (not to mention managing the monitoring software for each app) for each vendor, they would have tens of screens to view.  This is not the solution.  Can you imagine using 3 different UIs just to visualize hardware information across your datacenter?  This is a reality for many sysadmins, so when they cried for help, we delivered.  Server & Application Monitor not only monitors hardware health across multiple vendors but combines that information with OS, VM and application performance to get a comprehensive view of the environment.

Jennifer

Last week I had a great phone interview with Leon Adatole, SolarWinds MVP.  Leon works for Cardinal Health as the monitoring architect where he is replacing "a certain agent-based monitoring solution that uses the color blue prominently” with SolarWinds and saving the company nearly SEVEN figures (in the US, that’s a lot of money)!  Way to go Leon!  If you get the opportunity to meet Leon, you will find that he can keep you very entertained, even while discussion the exciting topic of monitoring in an enterprise environment.

 

JK: How did you get to be a SolarWinds MVP?
LA:  Through the cunning use of intrigue, bribes, plates of cookies, and being a general nuisance.  Seriously, in my previous job implementing SolarWinds at Sentinel Technologies, an IT service provider, we used NPM, SAM, NCM, Netflow, and IPSLA. During that time I came up with some interesting workarounds for getting machine by machine thresholds for CPU, how to collect performance metrics without alerts, and so on.  From these workarounds I created a series of tips & tricks blog posts, 5 in all, to help the community Stop the Madness.  I have also participated in the review of the new thwack as well as customer feedback sessions on NCM and Netflow.


JK:  SolarWinds is perceived as a mid-market type of company.  However, Cardinal Health is definitely an enterprise and Sentinel is an enterprise type company.  If someone was to ask you, “Is SolarWinds well suited for the enterprise?” – what would you say to them?
LA:  First, a bit of background: I've implemented various monitoring tools in environments as large as 250,000 systems in 5,000 down to just a few machines in a single location. Most of my installs are in the 10,000 device range.    With that said, I believe SolarWinds has a sweet spot in the small to mid-sized market – 2 to5 IT guys, who are completely over worked, who can’t possibly learn every little thing about every system. It's inexpensive relative to the market and installs in no time, is working in no time, and it gives you value in no time.


But even in larger (enterprise-class) environments, implementations  are almost a non-event.  The installation at Cardinal Health -  6 polling engines and 1 additional web server - only took 4 hours and at that point, SolarWinds was ready to work.  Adding 5,000 devices as an initial load was a 2 hour activity and I could then create meaningful alerts.


The biggest concern larger enterprises have with regard to monitoring is scalability – when will the tool max out and you have to start coming up with creative work-arounds. While SolarWinds certainly does have it's limits (~100,000 elements per cluster of polling engines), my experience is that you can get much more mileage per dollar than other tools, and extending a past those limits (Enterprise Operations Console) is relatively simple.


To fully transition from our current solution to SolarWinds, it will take 3-4 months because we have committed to the philosophy of “no monitor left behind.”  However, most of the 3-4 months will be spent documenting what we are doing in the agent-based system translating that to the agentless world.  This includes taking a hard look at what that alert means – what is the end user doing with that alert and is it worth the effort to monitor it.


Implementing SolarWinds versus the incumbent in FY2013 represents a savings of over US$1 million in the first year and over $500,000 each year after that in software maintenance cost savings.


We will also gain opportunity cost with regard to staffing. Monitoring 5,000 server devices today requires a a staff of 8 guys who are just keeping the monitoring tools alive-not even responding to the alerts.  SolarWinds will probably require half, if that, of the staff to keep the monitoring tool going.  With that additional people savings, we can go out and add more value – be more focused on creating business process monitors – be proactive in our monitoring approach.


JK: You have worked with a lot of monitoring solutions over the years (Tivoli, BMC, HP Openview, Nagios, SCOM, SolarWinds)  – both agentless and agent based.  When choosing a solution at Cardinal Health, agentless was your top requirement.  Why was that?
LA:  Of the tools I have used in the past, I am of the belief that easily 90% of any company’s monitoring requirements can be fulfilled with agentless monitoring.  The time and energy spent to keep agents up to date and working outweighs any of the benefits of having the additional 10% capability.


Again, we have a staff of 8 guys who spent all their time keeping the agents up and running for 5,000 devices.  And by the way, we aren't even playing in the network space. Post SolarWinds we'll be adding ~10,000 network devices to the mix. While agent-based solutions have ways to get to a router, it's usually an after-the-fact solution.  At the end of the day, we just could not monitor network devices and elements with our current solution as easily or as clearly as SolarWinds can.


JK: If you were going to give guidance to SolarWinds users in terms of how to organize a monitoring environment, what would you tell them?
LA:  I'd go with: “Plan to fly by the seat of your pants, stay up late, mainline caffeine, regret every decision you make, and weep pitiably”.


Honestly, you always look back no matter how much planning you do so the first piece of philosophical advice is to be mentally flexible. You aren't going to “get it right” the first time. The bad news is that there is no “right”. The good news is that there is no “first time” either.


In terms of concrete advice, be very thoughtful about custom properties.  Leverage custom properties to group and sort for the purpose of display, reporting, and alerting.  Having a CMDB of some kind would be great to get those custom properties in advance, but many companies do not have this kind of repository, so you might be the one building it. My second piece of philosophical advice is to NEVER mention the word “SolarWinds” and “CMDB” in the same sentence. Just keep building your solution and let people come to their own conclusions.


The next concrete thing is to engage with the people who get the alerts.  Too often the monitoring people engage with the developers and set up alerts for what SOUNDS like a good idea. When creating alerts, you want to make sure you know who is going to actually get the alert.  It’s not cool to wake the application support team up at 2 a.m. for a non-critical “FYI” alert.  Once you identify who those recipients are and talk to them about the things they need to do their job better, patterns begin to emerge and your grouping strategy (and therefore custom fields) will be defined from that.


Finally, consider the actual value of an alert before you go setting it up. Too often we're eager to show off how cool Solarwinds is – what whiz-bang metrics it can pull and show and trigger on. But ask yourself (or the business) what the problem would cost the company if you DIDN'T alert on it. You'd be amazed how often that alert or report that took 20 hours to create saves a single technician 5 whole minutes, while the alert you slammed together in 15 minutes saves the company thousands of dollars.

 

If you would like more of Leon’s advice, you can engage with him on thwack.

This is the first in a series of interviews with SolarWinds MVPs and MSPs and partners who use SolarWinds technology.


Yesterday I had a very interesting phone chat with one of our MSP customers, Byron Anderson of EasyStreet.  EasyStreet uses a variety of SolarWinds products from Network Performance Monitor, Engineers Toolset, NCM & IPAM to Server & Application Monitor and now Log & Event Manager.


EasyStreet has three primary service areas where SolarWinds tools are leveraged:


Co-Location Service where customers can place their servers and EasyStreet provides facilities services like cooling and power.
Cloud Services to include a multi-tenant private cloud and assistance/consultation for customers who are moving to a private cloud.
Integrated Services includes integrated monitoring services across public and private cloud environments.  Connectivity between remote offices is also provided with this service.


JK: What kinds of customers are using your cloud services?
BA: We have seen all sorts of industries moving to the cloud.  We have seen a lot of healthcare customers with HIPPA compliance requirements recently.  We had to build those in a very unique way.


JK: What kind of monitoring do you provide with your cloud services?
BA: With our private cloud hosting services, if we manage a system for a customer, we monitor the server performance and provide customers the same level of visibility we see so they understand how those systems are performing.


Since our services are so personalized to each customer, we sometimes provide unique monitoring for customers who need that level of service – like for custom applications.


As part of our cloud readiness service - for customers moving from a physical environment to a virtual environment – we attach our monitoring system to their physical environment for a month to look at performance trends, like where their high I/O is, so we can determine how to best configure those applications in a virtual environment.  We can really personalize the migration, specific to the customer’s unique application.  This is better than building something generic, and hope that it works.


We have had customers move from physical environments to virtual environments and have seen some performance issues.  Because the monitoring tools (SAM and NPM) are so comprehensive, we can understand performance trends over time, and tune the application, and the virtual environment to improve the performance.  If we don’t have the expertise in a particular application, we bring in a performance expert – like a database expert or a VMware expert.


JK: How does the SolarWinds tool set help you customize visibility for each customer?
BA: We can provide a single pane of glass for our customers whether it is just for the servers we are managing, or for their remote offices, private cloud, public cloud – we can connect anything into the SolarWinds monitoring tool.  What this provides is a level of personalized visibility, across the customer’s environment, regardless of location and who is managing it.  Giving customers the facts – they get the up-close to understanding of the level of service you are providing and how their infrastructure is performing.


For example, I have been working with a client on a series of dashboards, like a mini-NOC, using all the data we collect anyway, just presenting the data in a view that they want.  We can work with our customers in that sort of way to build that personalization.


JK: How long does it take to customize these dashboards and reports for your customers?
BA: It depends on the complexity of the customer.  Generally just a couple of hours worth of work.  To add even more customization for our clients, we are rolling out a premium service with a specific instance of SolarWinds Orion.


JK: What are the most used reports that you provide to your customers?
BA: Uptime is always of big interest, basic utilization (cpu, memory, disk, interface utilization because of bandwidth) and then application performance.  We have many customers who have custom applications that they have created.  Like the customer I mentioned previously, they had custom applications and wanted to see all the applications, and the databases supporting these applications – to get a quick view of how the service is performing as a whole.


JK: Do you provide Facilities Monitoring for your co-location service?
BA: Our new data center is newer and more cutting edge when it comes to energy efficiency.  One of the things we have done is use the scripting capabilities in Server & Application Monitor to obtain data for monitoring our datacenter.  We have connected Orion to our building environmental systems.  We can pull temperature, on a per cabinet level to see if the exhaust temperature is exceeding thresholds.  We can monitor humidity for alerting so our enterprise operations center can see if there is an issue.  And now we can see power consumption – especially important because we can  see if they are nearing capacity and we can provision more power.  If they use too much, they can start popping circuits in their cabinet.


JK: Do you monitor temperature of servers themselves?
BA: Yes, we also monitor server temperature, which is provided by the product (SAM) out-of-the box.  Before it was available in the product, we used scripting in Server & Application Monitor to monitor server temperature.
If we start seeing temperatures rise, we can see what area of the datacenter to start focusing our resources.  If it is a group of servers, you know it is an environmental issue; if just one cabinet, then there is likely an issue with one customer’s system.


JK: Is remote monitoring important?
BA: Our staff is local to our datacenter and the other building is just across the street.  However, we do remote monitoring for one large customer who has a statewide network made up of many service providers.  We provide monitoring (like an independent assessment) to point out when there are issues with link quality, so the customer can avoid finger-pointing with the different carriers.


To find out how to customize your Server & Application environment, watch the Secrets of SAM webcast replay.

A recent SolarWinds Patch Management survey indicated that 17% or nearly 1 in 5 respondents have had a security incident in the past year that could have been prevented by a patch.  The survey respondents noted that the implications of the breach resulted in service downtime, impacting business revenue, and many hours spent remediating the breach.  There is no doubt that both Microsoft and 3rd party applications can cause pain if left un-patched.  Which applications are the most vulnerable?

In reviewing the August 3rd party patch activity there were more critical patches, and more patches than normal.  For example, Adobe had 7 critical updates in August.  This is out of the ordinary.  In July, Adobe released 4 updates, none being critical and in June, the company released 3 updates, with just Air as critical. 

 

So…..what is normal?

 

Summary of 3rd party updates – March to August 2012

In looking at the 3rd party updates over the last 6 months, Adobe (primarily Flash), Mozilla and Oracle Java are causing sysadmins/network admins the most work with critical updates that need immediate attention – especially those with known exploits.  Including non-critical vulnerabilities, bug fixes and application enhancements, Adobe, Google Chrome, Mozilla and Oracle Java are the winners for greatest number of updates.

 

Below is a run-down of updates by vendor – including number of updates, number of critical updates and whether there have been known exploits of the vulnerability.  This table can be used as a gauge to help prioritize which applications should be patched.

 

Vendor

Total Updates

(March to August)

Critical Updates

(March to August)

Known Exploits

(March to August)

Adobe (Acrobat, Air, Flash, Reader, Shockwave)2111Yes (Reader, Flash)
Apple (Quicktime, iTunes)21
Corel WinZip2
Google Chrome111
Mozilla (Thundebird, FireFox)159
Opera41
Oracle Java83Yes
RealPlayer3

 

I patch Microsoft apps, isn’t this good enough?

Let’s compare 3rd party application critical vulnerabilities with vulnerabilities from Microsoft applications.  In August alone there were 9 3rd party application updates to fix critical vulnerabilities.  This compares with 5 critical fixes provided by Microsoft on Patch Tuesday.  Check out other research on the topic – the CSIS Security Group A/S published last year that 85% of all virus infections occurred as a result of automated drive-by attacks created with commercial exploit kits – targeting 5 applications: QuickTime, IE, Adobe Acrobat & Reader and JRE.

 

Automate your patch management process

Ensure you have a sound and automated patch management strategy for Microsoft, Adobe, Mozilla and Oracle Java.  Automation is key because of the time it takes to research, script, test and then deploy updates.  According to a recent SolarWinds customer survey, respondents spent on average 50 hours researching, scripting, testing and deploying each patch.  You might not even finish deploying a patch, and then the next one comes out (GRRR!).  With an automated patch management tool, Patch Manager, they now spend 2.5 hours on average per patch.

 

Criteria for Picking the Right Patch Management Tool

There are several criteria when choosing a patch management tool for 3rd party updates.  Key criteria include:

 

3rd party updates: Does the vendor provide updates for the applications that are important to your environment?  Do they provide both security updates and bug fixes?  This is easy to find out.  Most vendors list the applications they support on their website.  What is more difficult to determine is how QUICKLY they get the package from the ISV to you.  SolarWinds documents this explicitly and normally can get an update out the door in a day or two from the time of ISV publication.  VMWare/Shavlik also documents the latest patches they have released, but I am not quite sure how often this page is updated as the latest JRE 7u7 update (made available 8/30) is not on this list as of the time of this blog.

 

Custom application packaging & complex deployment scenario support: Does the vendor provide the ability to patch custom applications?  Does the vendor provide the ability to perform complex deployment scenarios (needed for Java)?

Platform Coverage: Do you need coverage for Windows or across your Windows, Linux and UNIX environment?  Be prepared, you will pay a pretty penny for cross platform coverage.

 

Patch Scheduling: Can you schedule a patch to be deployed within the maintenance window?  Can you deploy more than one patch at a time?

 

Out of the box reporting: How easy is it to report on compliance? Do you need SQL skills?

 

Cost and time to deploy the solution: If it takes you 6 months and $10k+ in professional services to roll out a patch management solution, you’ve missed the point of this blog.

 

Want to read more on this topic? Check out these blogs on PatchZone.org

 

 

Where do Application Vulnerabilities Lurk?

 

Patching 3rd Party Applications: Best Practices for What, Why and When

 

Patching 3rd Party Applications is Often Overlooked: How & When to Patch 3rd party apps

dino.jpg

I recently came upon a report comparing CA’s latest monitoring suite, Infrastructure Management 2.0, to SolarWinds Server & Application Monitor, SolarWinds Netflow Traffic Analyzer and SolarWinds Network Performance Monitor.  The independent assessment claims that CA’s monitoring suite is 2.3 to 11.4X faster diagnosing select use cases than SolarWinds products.  Upon a further read into the data, 2.3X to 11.4X equates to a savings of 30 to 146 seconds. Yes, seconds.  And the testers found that in this particular scenario, the CA suite did take fewer clicks and slightly less time.  Let’s give them that.  However, they failed to take into account all the other critical elements users look at when evaluating a software management solution’s ROI.

 

Based off recent customer and prospect research there are 5 elements that go into evaluating systems management software.  They are:

 

  • How long does it take to set up?
  • How intuitive is it for the user?
  • How much time does it save? 
  • How proactive is the solution at solving problems?
  • How much value does the product provide relative to its true cost?

 

CA’s independent report did not look at all of these aspects, just vaguely touched on point #3 – How much time does it save?  To fully evaluate both solutions, users need to evaluate all aspects of ROI.  So here it is - based off internet research.

 

How long does it take to set up?

In looking at some of the documentation for CA Infrastructure Management 2.0, it consists of ”CA Spectrum, CA Infrastructure Management Data Aggregator, CA Performance Center, and CA Network Flow Analysis. CA Infrastructure Management Data Aggregator includes entitlement for the related Data Repository and Data Collector components, as required upon product deployment.”  Wow, that’s a long list of components to install and configure to get up and running.  I would guess it takes a few days and a team of professional services staff to get this solution installed and fully operational.

 

I don’t need to guess how long it takes SolarWinds products to become operational.  I was very impressed with SolarWinds’ quick time to value on my first week of work!  Listening in on a sales call, the customer downloaded, installed the product, and was able to see data and evaluate the product within the hour.  And SolarWinds does not require professional services because we believe that customers want DIY software.

 

How intuitive is it for the user?

In looking at CA’s website, it appears you need 3 weeks of training just to use this product, recommended for 2 to 8 of your staff, depending on the size of the organization.  That is a sizable cost to the organization both in terms of cost of the training and the fact that no “real work” is getting done while the staff is getting trained on a product.  This is why it takes so long for the customer (who purchased the CA solution) to get any real value out of the product – because they must wait for the opportune time, when no other IT projects are taking place, to attend training.  This is arrogance on the part of CA that they expect their customers to spend time on training because their product is not as intuitive as it should be.

 

Again, SolarWinds is all about DIY.  SolarWinds does not offer a formal training program.  Customer training consists of a 1 hour webinar that provides an overview of the new product features with Q&A.   In fact, last evening at ConSec’12, I spoke with a customer who downloaded and installed our product the day before in order to quickly produce a report for the auditors tomorrow.  He had a problem and was able to immediately solve it!

 

How proactive is the solution at solving problems?

I can’t speak for the CA product, because I have never used it.  But I do know that SolarWinds is fanatical about the user experience.  User experience testing is a big piece of our development process, with EVERY release.  Our out-of-the box dashboards fit common use cases, based off customer feedback.  Only our users can tell you how much time the product saves in solving problems.  “In the past, determining an up to date server inventory for annual license agreements was a two to three day process; it now takes only seconds.” – Carilion Case Study

 

How much value does it add?

This speaks to price of the solution over free software.  SolarWinds prices are listed on our website, as SolarWinds believes in being as transparent as possible to help the customer evaluate our software (on-line demo, free software trial, pricing on website, open customer forums). 

 

I was unable to find pricing for CA Infrastructure Management, or any of their products, on their website. If CA operates like most enterprise IT software companies, first, they figure out how much budget you have, and then they sell you an adequate sized solution to fit within that budget.  And then they take you out for a really nice steak dinner, and continue to take out to nice dinners as you go through implementation to smooth out any rifts in the client relationship (as you might be getting very frustrated after 6 months not being able to actually use the software). 

 

Fewer Clicks, NOT Less Time, NOT Less Hassle

When you look at the whole picture (adding up cost and time of installation, training and software cost), fewer clicks (30 to 146 seconds per incident) does not translate to less time and less hassle.  With CA’s solution – and in fact any of the other big 4 vendors in the Systems Management space, you’d likely need to average hundreds of failures a day to justify the ROI.

 

I’m sure if you looked at the dinosaurs, you could find a few things that they did better than mammals, but that didn’t change the fact that once the world changed, the dinosaurs were doomed, and the smaller, faster mammals were set for takeover.  Slow, expensive, unusable software will soon be nothing more than a digital fossil because it just can’t adapt to the new world where IT has been consumerized.   It doesn’t have to be so hard.  Try out our software if you don’t believe us.


Checkout a server monitoring product with tangible ROI -- Download  a free trial of Solarwinds Server and Application Monitor.

We sent out a survey to the patch management community and got some interesting data back regarding what applications users patch with different tools.  The majority of respondents patch Microsoft with WSUS, and secondly System Center Configuration Manager.



 

How are WSUS and System Center users patching 3rd party applications?


Over 40% of WSUS users do not patch 3rd party applications, and 35% use scripts or perform patching of 3rd party apps manually.  ConfigMgr users perform 3rd party application patching more frequently – only 11% of SCCM users do not patch 3rd party apps at all.  However, System Center users are still spending a lot of time patching 3rd party apps – only 22% are using a tool that provides automated 3rd party pre-built packages, like Patch Manager.


There is a misconception that System Center Configuration manager is very effective at patching 3rd party applications. The SCCM users patching 3rd party applications spend on average 3.8 hours researching, scripting, publishing and testing each 3rd party update, and spend an average of 3 days deploying the update.  On average, Patch Manager customers surveyed spend 2.5 hours patching 3rd party updates.

 

Comparison of WSUS, ConfigMgr and Patch Manager


Let’s compare the capabilities for patch management in these three tools.

 

Capability

WSUS

SCCM

SolarWinds Patch Manager

Centralized & automated software installation

Yes, Microsoft only

Yes, Microsoft & SCUP

Yes, via WSUS & SCCM. Patch Manager leverages this robust feature of these tools.

On demand patching

N/A

N/A

Yes

Application inventory

Hardware inventory limited, no software inventory

For System Center Essentials (SCE) environments, which use WSUS natively, they enable the use of the WSUS/WUAgent. The Extended Inventory collection tool, includes software and hardware inventory.

Microsoft & 3rd party applications, hardware inventory, disk space & other metrics

Reporting – visibility into what needs to be patched/what has been patched.

Limited

Requires some knowledge of SQL programming as well as administration of SQL Server Reporting Services (SSRS).

  1. Custom reporting requires no SQL programming or scripting

Filtered views

N/A

N/A

Yes

Schedule approvals

N/A

N/A

Yes

Notification of failed updates

Provides notification but no information why the update failed.

N/A

  1. Provides information via the client log file as to why the update failed.

Patch scheduling

No WSUS does allow some primitive patch scheduling… pick a particular hour of the day, and optionally a single day of the week, and hope the  target machine is actually powered on at that time.

Yes

Yes, push patches at discrete times to accommodate different time zones and network impacts of patching large numbers of endpoints.

3rd party pre-built & tested packages

N/A

Only for catalogued patches

Yes, for most common applications

Custom package creation

N/A

Requires SCUP

Wizard driven.  Includes PackageBoot™ for complex before and after deployment scenarios (Java).

Client health diagnosis & remediation

N/A

Client health data

Repair WMI, WUAgent, and Configuration Manager Agent.

 

As you can see from the above chart, Patch Manager is a great add-on for any WSUS or SCCM environment.  The top Patch Manager features which have benefited customers patching Microsoft applications include scheduling, reporting and filtering capabilities.  Customers patching 3rd party applications appreciate the pre-tested & pre-built 3rd party applications as well as the ability to create custom packages and perform pre-and post deployment scenarios.  In speaking with one customer yesterday, he reduced the time it took to patch Microsoft applications using WSUS by 50% with Patch Manager.


And now, Patch Manager has native integration with System Center Configuration Manager 2012.  Check out this short video to see 3rd party updates directly from the Software Library page of the Configuration Manager 2012 console.



Check out this recent infographic commissioned by Skype, and you’ll see why you shouldn’t trust the patching of your workstations to be left to your end users.  According to the survey results, 40% do not always update their software when prompted to do so.  The reason?  Half of users don’t see a benefit to doing so, nor do they understand the impact of the upgrade.  Nearly one-third of respondents think patching takes too long.

 

This can be very problematic, especially as we are seeing an increase in BYOD, and according to a joint survey by SolarWinds & Network World, 27% of IT pros are not at all confident on the level of visibility into personal devices accessing the corporate network.

 

This is also very concerning because applications residing on workstations are the kind that have critical vulnerabilities.  Just take a look at 3rd party updates and you can see that many of the critical patches in recent months are for applications like Chrome, Firefox and Flash.  In this other article from ars technica, Peter Bright reveals that 37% of Firefox users are running older versions of Firefox that are not being updated (by Firefox) with critical patches for known vulnerabilities.

 

How can you control whether applications on endpoints are protected from the latest known vulnerabilities?

  • Implement a policy to patch desktops, determining which and when these applications should be patched.  For example, your policy should outline timing of patching all on-line workstations, and when off-line workstations are updated.
  • Enable the Network Access Policies (NAP) feature of Windows Server 2008.  This feature was designed exactly for the scenario of a guest device desiring to connect to the network.  With NAP, before the device is allowed to connect, it must have certain requirements, e.g. current AV signature files; all security patches applied, etc.
  • Ensure these policies can be timely adopted with automated patch management software.  Automated patching software will help you very quickly inventory computers that are at risk, provide pre-built/pre-tested patches and will deploy patches to the right computers at the right time (within maintenance schedules), automate system re-boots and so forth.
  • Educate end users on the logic behind how frequently updates are made, examining the trade-offs between system downtime and risk of vulnerability.

 

Security incidents can be very costly and damaging to your business.  Responsibly protect your company’s reputation and assets with a sound patching strategy for all end users accessing the corporate network.

 

If you have not done so already, download a free 30 day trial of Solarwinds Patch Manager and automate the patching process for your endpoints.

1-bote_logo.jpg

SolarWinds just returned from a super Microsoft TechEd show in Orlando -- our first ever participation in Microsoft's premier technology conference for IT professionals and developers. We met literally thousands of great people and learned a ton about their ongoing IT challenges.  About half of the customers that stopped by the booth were existing SolarWinds or DameWare customers, and the other half were either on the development side of the house or or IT Pros that knew Solarwinds as a Network Management vendor but had not heard yet of our foray in the Systems Management space. It was a great mix. It was also great to see several instances of our existing customers demoing our software on to a colleague and commenting to other attendees what they loved about our Systems Management products – ease of use and value for the money. 

 

On that note, our Sysman products were really the stars of the show:


2 - booth[1].png

 

Patch Manager Was On Fire!

Our WSUS Microsoft MVP, Lawrence Garvin, was bombarded with requests to demo SolarWinds Patch Manager. Patch Manager simplifies a lot of the issues with WSUS and it handles 3rd party patching as well. It was a big hit at the show as well as our new free Diagnostic Tool for the WSUS Agent that we just launched on Wednesday.

 

3 - buttons.png


Mobile Admin Rocks the House

This was Solarwinds Mobile Admin’s first show, and attendees were very interested in learning about this time saver product, whether you are an existing Solarwinds customer or not.. Mobile Admin lets you manage your systems remotely from any of your mobile device such as a smart phone or tablet. You can diagnose, triage, and resolve issues in just a few clicks. It supports popular software including Exchange, AD, VMware, and much more. This is perfect to have for summer – when you plan to be out of the office more.

 

SolarWinds Server and Application Monitor Turns Some Heads

Even though the audience was full of SCOM users, attendees were clearly delighted by how simple and powerful SAM is (and the price is right too)! Lots of SCOM customers are facing an ugly and expensive migration to SCOM 2012, so many are looking for alternative, and that drove quite a bit of traffic and interest in our booth. Plus…. SAM was a big winner at the show! Keep reading!

 

SolarWinds Server & Application Monitor Makes the Biggest Splash of All!

SolarWinds SAM won the Best of TechEd award in the “Systems Management and Operations” category. This is a fantastic achievement and we’re very proud of this product that has grown to lead its marketspace with a roadmap heavily driven by our users’ input. Seeing it topping the list of traditional Systems Management vendors is a real honor.We also had a customer, Jed Kirsch, in the booth and he was constantly surrounded by attendees learning about his experiences with Server & Application Monitor.

We are delighted that Server & Application Manager (SAM) is getting the attention it deserves. To learn more about this winning application, visit our website.


4- booth.png


Wait There is More

Missed TechEd? We have a webinar for you..

 

TechEd 2012 – What Happened when You Weren’t Looking.

WHEN: June 21st, 2012

TIME: 11:00 am CDT

REGISTER HERE!


5-booth.png

We like to keep it really simple here at SolarWinds - from download, to install, from purchase to daily use.  Our newly acquired product, SolarWinds Patch Manager, has all these characteristics.  The following points outline why SolarWinds believes Patch Manager is a simpler, better, and easier to use patch offering than what is provided by Shavlik, now part of VMware ("VMware / Shavlik").


Patch Manager leverages WSUS and SCCM, and there is no need to package Microsoft patches because they are synchronized directly from Microsoft by WSUS.

VMware / Shavlik does not leverage WSUS and needs to package Microsoft content.  This can cause concern for users for two reasons:

     1) There is a delay in getting critical Microsoft patches to VMware / Shavlik customers.  Microsoft releases content on the 2nd and 4th Tuesdays of the month.  Until the time of release,  the installation files are not available to any company, and packages cannot be built without the installation files nor without knowing what the installation behavior should be.  Ergo, companies with their own patch engine and schema cannot begin working on that content until after Microsoft releases it.

     2) Pressure to quickly provide Microsoft updates may cause quality issues. For example, a recent post in patchmanagement.org stated there were issues in running vCenter Protect Essentials 8.0.0 - three Windows 7 (x64) patches were not installing or being detected as having been installed.  The post went on to say that Shavlik was fixing the problem. Lack of quality is the reason SolarWinds opted to not package the Adobe Reader v10 and Adobe Acrobat v10 content that is now available from Adobe.


Patch Manager automatically synchronizes the 3rd Party Updates Catalog and other catalogs on a schedule, convenient to the customer's organization.

VMware / Shavlik requires customers to install the software update catalog on their own.


Because Patch Manager leverages WSUS & SCCM, SolarWinds Patch Manager scale is unlimited.

Each WSUS server scales to 30k endpoints out of the box.  WSUS can integrate with up to 100k endpoints per WSUS Server with custom configuration.  One Patch Manager server can integrate with an unlimited number of WSUS servers.

Alternatively, per this comparison of Shavlik to IBM BigFix by Productive, VMware / Shavlik only scales to 50k endpoints and is not suitable for very large environments.


SolarWinds' list price (as of the date of posting) is more affordable than the VMware / Shavlik published catalog price (as of 5/29/2012).

To patch 500 nodes (where 1 node equates to 1 device, a virtual or physical desktop, laptop, server, etc.), SolarWinds Patch Manager will cost $5,595 (USD).  This perpetual license price includes year 1 maintenance.  Based upon the list price of the product at the time of renewal, the support cost for 2 years is 20% of list price for each year.  At this time, if a customer purchased 500 nodes and support for 3 years, the approximate cost would be $7,833 (USD) for Patch Manager.

Per VMware / Shavlik's published catalog price posted on 5/29/2012, VMware vCenter Protect Essentials Plus costs $150 per server for 3 year support and $96 per workstation for 3 year support.  At this time, 3 year software cost for 500 servers is $75,000 and $48,000 for 500 workstations.

 

In addition to pricing and architectural differences, there are two unique features SolarWinds Patch Manager provides that VMware / Shavlik does not: PackageBoot & Package Wizard.

  • The first feature, PackageBoot, helps with tricky deployment scenarios - especially useful in patching  Java.  A recent post on Spiceworks outlines the difficulties of patching Java with VMware / Shavlik.  With PackageBoot, SolarWinds customers can build and designate specific actions to occur before or after package deployment to ensure that patches get deployed correctly each time.
  • The second feature, Package Wizard, gives users an easy way to build custom packages for any application – without  the use of SCUP or complicated scripting.

 

At SolarWinds, our goal is to help our clients keep patching simple: from direct integration to WSUS; for ease of use and scale; to pricing; and finally, to an extensible platform for managing and patching 3rd party applications.  We invite VMware / Shavlik users to try our "keep it simple" approach to patching.  Free 30-day trial.

Top 5 Reasons Why Sysadmins Should Find SolarWinds® Server & Application Monitor a Refreshing Alternative to Microsoft® SCOM

 

There’s been a lot of buzz around System Center 2012 lately.  Microsoft has made significant improvements to System Center Operations Manager (SCOM), including new capabilities for dashboarding, selective network monitoring and application monitoring for J2E and .NET applications. These improvements are great for very large enterprises that have already invested heavily to get SCOM deployed and keep it running.

 

SolarWinds offers an alternative for companies that aren’t necessarily in Microsoft’s “sweet spot.”  Here are five differences between Microsoft and us:


 

Visibility into ALL your supporting resources.

System Center Operations Manager does a good job of providing coverage for Microsoft applications and operating systems and now provides some coverage for Unix, Linux, .NET and J2E.  For other applications and operating systems, you may need to purchase a third-party management pack or create one yourself.  Enter complexity – from importing, compatibility issues and the need to add multiple vendor packs.  Suddenly, the amount of time needed to manage the management tool begins to impact its value. 

 

SolarWinds provides a different approach.  SolarWinds Server & Application Monitor (SAM) provides out-of-the-box performance and user experience monitors for virtually any application – Microsoft and non-Microsoft environments – even monitoring of J2E applications.  

Users can also extend monitoring in the same web console to a wide range of network devices and storage arrays, as well as network traffic through native integration of SolarWinds' other products, including Network Performance Monitor and its modules and Storage Manager. 

 

SolarWinds SAM makes it easy to extend out-of-the-box monitors with WMI performance monitors, SNMP monitors, event log monitors, SQL query monitors, process monitors, Windows Service monitors, DNS query monitors, and all-purpose and script monitors – often through just the click of an icon. With the Nagios Script Monitor, you can even use SAM to alert on scripts you have written in Nagios.


And then, there is thwack, and its 100k+ users.   SAM’s interactive web console enables you to browse, download, and share monitor templates and scripts from directly within the product, giving you access to the expertise offered by super-smart sysadmins without worrying about compatibility.  Microsoft has a vibrant community, technet, which provides a lot of advice for using Microsoft SCCM, but it doesn’t provide free, community-created management packs.



Agentless monitoring.

My agent is down! Is my server down too?   Monitoring with agents adds another layer of complexity – another piece of software to install, upgrade and watch.  There are pre-requisites and compatibility issues.  You can get a glance into all the problems with agent-based monitoring by looking at this Beanspy readme… you get deeper monitoring, but it’s not easy.

 

SolarWinds’ customers don’t need to devote as much time to deploying and updating monitoring, because of our agentless monitoring and an automated application and server discovery engine for quick assignment of monitors.  Typically, based on reports in customer surveys, SolarWinds’ customers devote less than 10% of one person’s time to administering the SolarWinds product. One customer said they were able to achieve 100% monitoring coverage of their server environment in 2 days with SolarWinds; something they had been trying to achieve with SCOM for approximately 4 years.

 

 

Functional dashboards and common sense navigation are standard.

While Microsoft has worked to integrate functionality into the System Center product family (see the integration of Virtual Machine Manager to SCOM via Orchestrator), they haven’t reached the level of usability that our customers expect. Two examples:  dashboards and reporting. 

 

Cameron Fuller, Operations Manager MVP, covered dashboards here.  “You build Operations Manager 2012 dashboards directly into the Monitoring pane of the Operations Manager console, by creating a new dashboard view.” IT admins want to solve IT problems, not administer management software.  So, we created out of the box dashboards for all of the platforms monitored.  With feedback from thousands of users, we created navigable views to get the user to the root of the problem in very few clicks.

 

To create custom reports with SCOM, users need a mastery of the SQL Reporting Services. SolarWinds provides the ability to create custom reports with the easy to use Report Writer tool.

 

 

Frequent, functional updates under maintenance.

Why pay maintenance if you don’t get frequent function updates?  For the last 4 years, SolarWinds has provided one major version release and at least one minor release each year.  

 

System Center Operations Manager 2012 released in April 2012; the previous version was System Center 2007, before that MOM 2005, and before that MOM 2000.  Shouldn’t you expect a little more from your vendor when you pay an annual maintenance fee?

 

 

SolarWinds SAM is affordable. 

The System Center 2012 license includes a lot of components, but a lot of companies will only need an easy to use monitoring product. System Center 2012 may be too much function and too expensive. 

 

Also, Microsoft customers may need training and professional services, which may increase the bottom-line.  In recent Linkedin post on the SCCM group, Rohitash Kathuria, a SCCM admin, said installing and configuring SCCM 2012 on one primary site will take a week. SolarWinds doesn't require professional services or training staff because our products can be installed and deployed by IT admins in a DIY fashion.

 

Learn more in this webcast, “SOLARWINDS’ TOP 3 REASONS SOLARWINDS SERVER & APPLICATION MONITOR IS A REFRESHING ALTERNATIVE TO SCOM,” on May 24th, 11:00am CST.

In a recently published article, “Forget Improvements, Systems Management Needs a New Approach,” Denny LeCompte and I argued that the challenge around adopting application performance management is largely organizational.  Software companies can help remove these organizational barriers with easy to purchase, deploy and use software.  One of our competitors, NetIQ. agrees with our assessment that usability issues hold back success in IT management.  In a recent NetIQ blog, written by Travis Green, he indicated usability was the focus of their latest release of AppManager v8, although to back up his claim, he describes a somewhat obscure, “big enterprise” use case.

 

Perhaps NetIQ uses the term differently, but when we refer to usability, we mean that the product can be learned quickly and easily, that the daily use of the product is efficient, and the experience of the product is satisfying and pleasing.  Inextricable from usability is whether the product provides the proper features to solve the problems for which it is intended.   SolarWinds is maniacal about our focus on getting the features right.  We don’t care about winning irrelevant battles between software feature checklists.   We simply won’t add a new feature because one big customer wants it; we only add features that hundreds of our customers need.  In the end, SolarWinds uses the acid test of usability:  If our products were not easy to use, SolarWinds would not make any money because every prospective customer downloads, installs, and deploys the software all on their own.  The truth is that we don’t have any professional services staff to do it for them.

 

Getting a product to be usable requires focused effort and an user-centric approach to development.  What this means is providing frequent and varied means of customer feedback and interaction such as:

 

·         Usability Tests

·         Iterative, user-centered design

·         Customer experience interviews

·         Beta programs with high participation

·         An open forum (like thwack) for customers to criticize, praise, or explain their needs

·         and frequent product releases.

 

Over the last four years, SolarWinds Server & Application monitor (SAM) has iterated on usability improvements using all of these methods, providing one major release and one minor release each year.   In fact, I spoke with one customer this morning and he told me that the latest version of SAM (which shipped in March, 2012) is now one of the best products on the SolarWinds Orion base.  What an accomplishment for a product with such a short life span!

 

Take the Technology Taste Test

I am curious to hear how NetIQ AppManager v8 customers like the new release.  I am also curious when NetIQ will iterate on these improvements.  For the sake of their customers, I hope the time span will not be as great as in previous releases (AppManager v7 GAed in March 2007, or nearly 5 years prior to v8).  Better yet, NetIQ customers, Enterprise Systems Journal readers or anyone else should compare SolarWinds’ usability against NetIQ.  Download both products and  I have a pretty good idea who will win the blue ribbon, but, like I said, SolarWinds is open to constructive criticism.

Filter Blog

By date: By tag: