Monitoring Central Blogs

cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Monitoring Central Blogs

Level 9

Are you an administrator who’s supporting a small environment, and haven’t yet had the time or budget to invest in a centralized IT monitoring toolNo doubt you are tired of coworkers showing up at your desk or calling about an outage you weren’t yet aware of. If an enterprise-class solution would be overkill, but you don’t have the budget to purchase a licensed solution, ipMonitor Free Edition might be able to bridge that gap. 

ipMonitor Free Edition is a fully functional version of our ipMonitor solution for smaller environments.  It’s a standalone, free tool that helps you stay on top of what is going on with your critical network devices, servers, and applications—so you know what’s up, what’s down, and what’s not performing as expected. 

ipMonitor Free Edition at a Glance

  • Clear visibility of IT network dev !ice, server, and application status
  • Customizable alerting with optional automatic remediation
  • Simple deployment with our startup wizard and alerting recommendations
  • Lightweight installation and maintenance

ipMonitor Free Edition is an excellent starting point to more robust, centralized monitoring. It is designed for network and systems administrators with small environments or critical components they need to focus on, and can support up to 50 monitors. Monitors watch a specific aspect of a device, service, or process. Example monitors include: Ping, CPU, memory or disk usage, bandwidth, and response time.

Interested in giving it a try?  Download ipMonitor Free Edition today.  If you have any questions, head over to the ipMonitor product forum and start a discussion. 

Are you an administrator who’s supporting a small environment, and haven’t yet had the time or budget to invest in a centralized IT monitoring tool[MJ1] ? No doubt you are tired of coworkers showing up at your desk or calling about an outage you weren’t yet aware of. If an enterprise-class solution would be overkill, but you don’t have the budget to purchase a licensed solution, ipMonitor® Free Edition [MJ2] [WK3] might be able to help you bridge the gap.


[MJ2]Link to free edition PDP

[WK3]https://www.solarwinds.com/free-tools/ipmonitor-free

Read more
2 0 402
Level 10

Calling network engineers, network architects, and network defenders alike. We are happy to announce the arrival of the all-new SolarWinds® Flow Tool Bundle.

With this free tool, you can quickly distribute, test, and configure your flow traffic. Showcasing some of SolarWinds signature flow traffic analysis capabilities, the Flow Tool Bundle offers three handy, easy-to-install network traffic analysis tools: SolarWinds NetFlow Replicator, SolarWinds NetFlow Generator, and SolarWinds NetFlow Configurator.

So, what exactly can you do with this new addition to the vast family of SolarWinds free tools?

Here’s the breakdown:

SolarWinds NetFlow Replicator

  • Configure devices to send flow data to a single destination, then replicate the flows to a general-purpose flow analysis platform or even to a security analysis platform
  • Split off production flow streams to test new versions of the flow collector
  • Run sampled flow streams to multiple destinations or only to the destinations you designate
  • Reduce traffic through costly or low-bandwidth WAN links to decrease the volume of network management traffic
  • Enable segmentation of the managed domain to separate destination analysis platforms

SolarWinds NetFlow Generator

  • Troubleshoot flow tools to confirm that locally generated simulated traffic is visible in the tool
  • Validate the behavior of load balancing architectures
  • Test firewall rules that span across a network or those that are implemented on a host to confirm that flow traffic can be received
  • Perform performance and capacity lab testing
  • Perform functional testing to confirm that flow volumes are accurately represented
  • Test trigger conditions for newly created alerts and reset the alert behavior
  • Test new NetFlow application definitions
  • Populate traffic for demo environments

SolarWinds NetFlow Configurator

  • Analyze network performance
  • Activate NetFlow and find bandwidth hogs
  • Bypass the CLI with an intuitive GUI
  • Set up collectors for NetFlow data
  • Specify collector listening ports
  • Monitor traffic data per interface

How do you plan on using your Flow Tool Bundle? Install it today and let us know how you have been leveraging these awesome new free tools!

For more information about the SolarWinds Flow Tool Bundle, have a look at this page. You can also access the Quick Reference Guide on THWACK.

Read more
6 1 3,215
Level 18

pastedImage_0.png

Did you ever dream you had a Ferrari® parked in your garage? How about a Porsche®? Or perhaps a finely engineered Mercedes-Benz®?

When I was eight years old, my father briefly flirted with the idea of buying a Ferrari. He was 38. I don't believe additional explanation is needed. However, as the oldest child, it was my privilege to accompany Dad to the showroom. And there, right next to the 308 GTB was a Ferrari bike. No, not a motorcycle. A regular pedal-with-your-feet bicycle. And I knew at that moment that this car was my destin... I mean my Dad's destiny. And that bike leaning beside it was mine, Mine, MINE!

You may be asking yourself why Ferrari would bother making a bicycle?

The obvious answer is "marketing." With a cheeky smile, Ferrari can say "anyone can own a Ferrari." But there's more to it.

Before I dive into the OTHER reason why, I just want to point out that car-manufacturer-bicycles is not just a thing with Ferrari. The trend started in the late 1800s with European car maker Opel® and includes Peugeot, Ford®, Mercedes-Benz, BMW®, and Porsche.

So what's the deal?

Some companies, like Opel, started with bicycles (they ACTUALLY started with sewing machines) and built up their mechanical expertise in sync with the rise of automobile technology. But most decided to build bikes as a side project. I imagine that the underlying message went something like this:

"Our engineers are the best in the world. They understand the complex interplay of materials, aerodynamics, maneuverability, and pure power. They are experts at squeezing every possible erg of forward thrust out of the smallest turn of the wheel. While we are used to operating on a much larger scale, we want to showcase how that knowledge and expertise translates to much more modest modes of conveyance. Whether you need to travel across the state or around the corner, we can help you get there."

I was thinking about that Ferrari bicycle, and the reasons it was built, as I played with ipMonitor® the other day.

For some of you reading this, ipMonitor will be an old and trusted friend. It may even have been your first experience with SolarWinds® solutions.

Some quick background: ipMonitor became part of the SolarWinds family in 2007 and has remained a beloved part of our lineup. ipMonitor is nimble, lightweight, and robust. A standalone product that installs on any laptop, server, or VM, ipMonitor can help you collect thousands of data points from network devices, servers, or applications. It's simple to learn, installs in minutes, and even comes with its own API and JSON-based query engine. Users tell us it quite literally blows the doors off the competition, and even reminds them of our more well-known network monitoring software like Network Performance Monitor (NPM) and Server & Application Monitor (SAM) server monitoring software.

Which is exactly why I remembered that Ferrari bicycle. It also was nimble, lightweight, and robust—a standalone product that could be implemented on any sidewalk, playground, or dirt path. It installed in minutes with nothing more than a wrench and a screwdriver, and epitomized the phrase "intuitive user interface."

And, like comparisons of ipMonitor to NPM, my beloved Ferrari bike was amazing until it came time to add new features or scale.

Much like the Ferrari bicycle, ipMonitor was designed by engineers who understood the complex interplay of code, polling cycles, data queries, and visualizations. Developers who were used to squeezing every ounce of compute out of the smallest cycle of a CPU. While used to creating solutions on a much larger scale, ipMonitor let us showcase how that knowledge and expertise translated to much more modest system requirements.

ipMonitor is designed to perform best in its correct context. For smaller environments with modest needs, when more feature-rich monitoring tools aren’t viable, it can be a game-changer. That Ferrari bicycle was an amazing piece of engineering—until I needed to bring home four bags of groceries or get to the other side of town. Likewise, ipMonitor is an amazing piece of engineering, but, as I said, in its correct context.

When you need "bigger" capabilities, like network path monitoring; insight into complex devices like load balancers, Cisco Nexus®, or stacked switches; application monitors that run scripted actions in the language of your choice; monitoring for containers and cloud; and so on, that's where the line is drawn between ipMonitor and solutions like NPM and SAM. It's not that we've deliberately limited ipMonitor, any more than Ferrari "limited" their bicycle so that it didn't have cruise control or ABS breaking. Of course, this isn't an either-or proposition. No matter your monitoring needs, we've got a solution that fits your situation.

So, consider this your invitation to take ipMonitor for a spin. Even if you own our larger, luxury models, sometimes it's nice to get out and monitor with nothing but the feel of the SolarWinds in your hair.

Read more
2 13 2,737
Level 14

Hello fellow data geeks! My name is Joshua Biggley and I am an Enterprise Monitoring Engineer for a Fortune 15 company. I’m also fortunate enough to be a remote worker on part of an amazing team. One of my favourite career achievements was to be named Canada’s only SolarWinds THWACK Community MVP in 2014.

I joined the THWACK Community in 2008, shortly after moving to beautiful Prince Edward Island on the East Coast of Canada. I’ve attended THWACKcamp for at least one session since its inception 7 years ago, but have been a regularly attendee for the past 4 years.  Humble brag moment -- I had the opportunity to join Leon Adato (@adatole) and Kate Asaff (@kasaff) for THWACKcamp 2016 in presenting the session Troubleshooting with SolarWinds - The Case of the Elusive Root Cause. Leon has been a friend and (short-lived) colleague since 2014 and Kate has quite literally saved my bacon in one of my biggest challenges as a Monitoring Engineer. Sharing the THWACKcamp stage with these two superheros was beyond awesome!  Last year, I was humbled to have my team and I win the Carmen Sandiego Award at THWACKcamp 2017. Our team is entirely remote engineers and having our work recognized for both the high-performance technical and inter-team collaboration we embrace was a highlight of my year.  Will 2018 be able to top it?

I think these two sessions will give 2017 a run for its money, even if I don’t win another THWACK award!

Day 2

Oct 18 @ 10AM CT

What Does It Take to Become a Practice Leader?

Too many organizations view monitoring, alerting, and event management as a necessary evil. It is often relegated to the “All other duties as assigned by your supervisor” category. As organizations mature, finding monitoring engineers becomes a challenge. It’s not just about someone who knows how to use the SolarWinds products you own (you are using SolarWinds products, aren’t you?) but finding someone who can explain why monitoring, alerting, and event management are so important. They need to explain to their peers, their management, and the business why monitoring needs to be a practice not an afterthought. They need to be a data geek. They need to be a storyteller.

Patrick Hubbard, Phoummala Schmitt, and Theresa MIller bring decades of experience and, more important, are recognized leaders in the industry. Discovering how they went from junior analyst to practice leaders will help me understand explain to others how to make that journey. As a practice leader in my full-time job as well as freelance work, being able to help others understand that they can be leaders is crucial to the health of monitoring as a practice. My colleagues and I have worked very hard to elevate monitoring to the respect it deserves. In 2019, we will be starting an internal Community of Excellence that focusing on monitoring, alerting, and event management plus my very favourite new focus -- observability!

Day 1

Oct 17 @ 12PM CT

Observability: Just A Fancy Word for Monitoring? A Journey From What to Why

Observability and high-cardinality data are sultry words to any data geek. Observability was introduced in the 1960s as part paper written by Rudolf E Kálmán entitled “On the General Theory of Control Systems”. If the status of a system can be known simply by examining the outputs of that system, the system is considered observable. In recent years, the idea of observability has been embraced by systems engineers as applications have moved from bare-metal to virtualized to containerized to serverless. Instead of monitoring the things that allow your system to do what it does, we’re now measuring how the system does what it does without much concern for why.

Of all of the sessions as THWACKcamp 2018, this is the one I would want every engineer, every application developer, every CTO --- OK, pretty much everyone who is involved in building, supporting, and managing any critical application anywhere -- to watch. Application Performance Management is coming to every organization. If you deliver any services through an application, APM provides the insight and observability is the methodology for measuring those insights.

Do I sound a little passionate about observability?  What?!? Only a little?!? Observability is my new passion. I recently wrote a white paper that defined an APM strategy and the foundation was observability. This idea of observability is probably the most important shift in our industry in 20 years. Unnecessary hyperbole? Maybe, but I think there are seminal moments in every industry and this focus on observability is going to be one of them. I’m Canadian, would I steer you wrong?

Read more
4 3 504

Dashboards are important. Your NOC is an essential avenue for collecting and relaying information about your network, and combined with a finely crafted set of alerts there’s nothing that can get past you. Not only are dashboards effective, but they just look so stinkin’ awesome when done properly. In this post I’m going to focus on my ‘Dashboard Philosophy,’ which is all about efficiency, information, and design. A dashboard should display the most data possible in the space that you have, it should include pertinent information that summarizes your environment, and it should look good doing it. Let’s talk about what the SolarWinds® Orion® Platform brings to the table to help make our dashboards the best they can be.

  1. NOC Views

Using the NOC view feature is a must. These space-saving views allow you to combine multiple sub-views that can be set on a rotation. Creating one is easy: simply add a new summary view, edit it, then enable left navigation and the NOC view feature. Here you can enter an interval for how often the NOC view rotates between individual sub-views. If you aren’t using NOC views, you’re wasting valuable space on your dashboards! Enter NOC mode, full-screen your browser window, and bask in the glory of a massive canvas to display all your fancy metrics and charts. Rob Boss would be proud.

     2. Network Atlas

Admit it, you both love and hate Network Atlas. It’s an incredibly useful tool that requires a bit of extra patience, but the results can be amazing once you get the hang of it. As Henry David Thoreau probably once said, “SolarWinds Network Atlas is but a canvas for your imagination…” or something like that. Check out this amazing example from THWACK® user spzander​:

pastedImage_17.png

Hungry for more? Here is some of my favorite THWACK content for tuning your Network Atlas skills and getting the creative juices flowing:

10 Hidden Gems in Orion Network Atlas

Using Custom Properties to send messages to your NOC using Network Atlas

The “Show us your Network Atlas Maps” thread

     3. PerfStack

With the release of NPM 12.1 came a game-changing new feature… PerfStack. This new charting tool allows you to quickly and easily create attractive charts that contain the data you need while optimizing page space. PerfStack is what makes you, the monitoring professional, shine when an application owner is looking for a way to view monitoring data for their systems. Check out the original release notes for PerfStack here. Since its first iteration, the SolarWinds team has been putting a lot of work into this tool. With PerfStack 2.0, they have added support for many major Orion modules including VMAN, SAM, VNQM, NCM, and DPA, along with a pile of new features such as fast polling, syslog/trap support, quick links, and full screen mode (which makes a great dashboard). As of this post, the next iteration of PerfStack is available in the latest NPM 12.3 Release Candidate and includes… drumroll please… A PERFSTACK WIDGET FOR YOUR DASHBOARDS!

pastedImage_18.png

Here we have a node detail view… WITH PERFSTACK! You can do the same thing with any view type in Orion, including Summary Views (which means dashboards). For dashboard nerds such as myself, this is truly a good day. Sign up for the NPM RC program for more details and awesome sneak peeks at what SolarWinds is doing to improve tools like PerfStack.

     4. AppStack

This is really one of the most efficient ways to display a mass amount of information in such a small space. AppStack is a one-size-fits-all tool that will satisfy your devs, their managers, and your director. An efficient dashboard should have MAXIMUM information in MINIMUM space, and AppStack is the answer. Whether you only have SAM or you’re running multiple products on the Orion platform the AppStack widget gives you a flexible, filterable, and fun-tastic (I couldn’t think of another word that started with ‘f’) resource to add to your dashboards and NOC views. There’s not much more to say. It’s the perfect widget for my Dashboard Philosophy.

pastedImage_19.png

     5. SWQL and Other Advanced Methods

Are you a dev nerd? Do you like to yell at code until it bends to your will? Are you ready to bring your SolarWinds deployment to an unreasonably awesome level? With a little bit of fidgeting and some help from THWACK, you can create your own charts, tables, dashboards, maps, and much more. Check out this post from THWACK MVP CourtesyIT, which has a master list of all the amazing ideas and customizations that have been posted in the community. Be sure to check out the section from THWACK MVP wluther:  he’s got some great content specifically tailored to dashboards. One thing to always keep in mind when using more advanced methods… SolarWinds support may not be able to assist you with the bending of spacetime. Fidget at your own risk!

In my opinion, one of the most powerful tools for creating custom resources is SWQL, the SolarWinds Query Language. With it, data is your slave. THWACK MVP mesverrum makes it easy in this post, where he provides an awesome example of how to create your own custom SWQL tables.

     Results

Let’s put all this together and create a shiny new dashboard that follows the idea of efficiency, information, and design. We need something that doesn’t waste space, contains useful data, and looks awesome. Something like this:

pastedImage_20.png

First thing’s first… we’re using the NOC view, indicated by the black bar at the top with the circles in the upper-right corner that represent the various sub-views in rotation. We have a map from Network Atlas (upper left), a PerfStack project added as a widget (lower left), AppStack (lower right), and a custom SWQL table that displays outage information (check out mesverrum​'s post about it here).

And there we have it! Five useful tools that you can use to make your dashboards amazing. Be sure to post your creations in the community. Here are some threads for NOC views and Network Atlas maps. Now go forth and dashboard!

Read more
36 25 8,031
Level 12

You’ve been asking and we’ve been listening.  We are excited to announce that the newest member of the SolarWinds product family, Log Manager for Orion, is now available for trial.  Built on the Orion Platform, Log Manager provides unified infrastructure performance and log data in a single console. No need to hop back and forth between your infrastructure and log monitoring tools.

Through platform integration with Network Performance Monitor, Server & Application Monitor, and other Orion based products, Log Manager closes the gap between performance and log data.  With Log Manager you get:

  • Log aggregation
  • Filtering by Log Type, Level, Node name, IP Address, and more
  • Keyword, IP address, and Event ID search
  • Interactive log charting
  • Color-coded event tagging

To learn more about Log Manager, visit the Log Manager Thwack Forum or to try for yourself in your environment, download a free trial.

Read more
0 3 674
Level 9

Are IP requests for virtual machines overwhelming your current IP address management practices?  You are not alone. In a June 2016 survey of IP Address Manager customers[1], 46% of respondents stated that virtual machines were creating challenges for managing IP addresses for their company.

Independent author Brien Posey explores this topic in the whitepaper “Overcoming IP Address Management Challenges in VMware Environments.” A challenge with virtual environments is that their dynamic nature can quickly lead to depleted address pools if IP addresses are not quickly de-provisioned. Utilizing DHCP services is a less than ideal solution, as IPs can be tied up by lease expiration dates. Using manual processes for provisioning IP addresses is another option, but this can be slow, error-prone, and limit the dynamic scaling of virtual environments. DNS records obviously must also be updated in tandem.

A solution to overcoming these IP address management challenges is fully automating the process of provisioning IP addresses and updating DNS records. VMware developed vRealize® Automation (vRA) to automate tasks in virtual environments. However, as Brien discusses, vRA was not designed to be a comprehensive IP address management solution, thus the need for third-party solutions to fill this gap. SolarWinds® IP Address Manager (IPAM) helps overcome this limitation by providing a plug-in for VMware® vRealize Orchestrator (vRO). The plug-in provides actions and workflows critical for managing IP addresses and DNS records. These actions and workflows integrate with vRA and enable the creation of blueprints to automate the provisioning and de-provisioning of VMs.

To learn more about this topic, please read Brien Posey’s whitepaper, and attend the live webcast coming up February 21, where our very own IPAM Product Manager Connie Dowdle will take you through a demonstration of the plug-in and the latest and greatest that SolarWinds IPAM 4.6 has to offer.


IP Address Manager customer survey, June 2016, survey result


Read more
1 1 418
Level 9

Update – February 7, 2018:

Cisco® updated their vulnerability advisory on Monday, February 5, 2018 after identifying “additional attack vectors and features that are affected.” What does this mean? If you patched last week, you may need to patch again. Be sure to read the advisory notice carefully to find out if your environment is at risk.

-------------------------------------

(Originally posted Wednesday, January 31, 2018):

What is it?

Earlier this week, Cisco revealed that there is a security vulnerability in the Cisco® ASAs, exposing these firewalls to remote attackers. Of course, now we all know about it, as does anyone who may want to exploit this opening. The good news: Cisco has released a critical update to address the issue. The bad news? There is no other workaround, so affected devices must be updated to be secured, and now you’re in a race against anyone who may be trying to take advantage. It’s worth noting that some FirePower devices are affected also, so read the Cisco post in detail to help ensure that you know where your vulnerabilities may lie.

What can you do?

Fortunately, if you have SolarWinds® Network Performance Monitor (NPM), our own KMSigma has created a report so you can quickly see if you have vulnerable devices. (For a refresher on implementing user-created reports, see How to export and import reports in the Orion® web console.)

Once you’ve identified affected devices, you can use Network Configuration Manager (NCM) to easily schedule, patch, and monitor your ASA devices using the firmware upgrade process. Are you running multi-context ASAs? No problem. The firmware upgrade path supports both single- and multi-context upgrades.

In this industry, it doesn’t take long to realize that discovering vulnerabilities of this nature—and subsequently addressing them—is a standard part of the job description. Having the right tools available can make a notable difference in how long your network is exposed and how much effort is required to remediate issues.

Tell us:

Were your devices affected? Have you already updated, and if so, did you use NPM and NCM to do so? Use the comments to tell us how it went. Were you affected but don’t have NPM or NCM? Download free 30-day trials of Network Performance Monitor and Network Configuration Manager today and see how they can help.

Learn more about Network Insight for Cisco ASA:

Did you know that SolarWinds added a new Network Insight feature for Cisco ASA in the NPM 12.2 and NCM 7.7 releases? Learn about all the functionality included in Network Insight for Cisco ASA.

Read more
0 1 1,372
Product Manager
Product Manager

Keeping a network up and running is a full-time job, sometimes a full-time job for several team members! But it doesn’t have to feel like a fire drill every day. Managing a network shouldn’t be entirely reactive. There are steps you can take and processes you can put in place to help reduce some of the top causes of network outages and minimize any downtime.

1. The Problem: Human Element

The dreaded “fat finger.” You’ve heard the stories. You may have done it yourself, or been the one working frantically late into the night or over a weekend to try to recover from someone else’s mistake. If you’re really unlucky (like some poor employee at Amazon® last spring), the repercussions can be massive. No one needs that kind of stress.


The Protection:
First, make sure only the appropriate people have access to make changes. Have an approval system built in. And, since even the best of us can make mistakes, ensure you have a system that allows you to roll back changes just in case.

2. The Problem: Security Breaches

Network security is becoming more and more critical every day. People trying to break the system get better, and privacy needs for users gets higher. There are many critical elements to trying to keep your network secure, and it’s important not to miss any. It doesn’t do any good to deadbolt your door when your window is wide open.

The Protection:

Protect your devices from unauthorized changes. Monitor configurations so you can be alerted to any changes, see exactly what was changed, and know what login ID was used to make the change. Also, you should be regularly auditing your device configurations for vulnerabilities. Whether you have custom policies defined for your organization or need to comply with HIPAA, DISA STIG, SOX, or other industry standards, continuously monitoring your devices to help ensure your network stays compliant is one way to help.

3. The Problem: Lack of Routine Maintenance

Over time, networks can become messy and disorganized if there aren’t standards in place, increasing both the risk of errors and the time needed to resolve them.

The Protection:

Network standardization simplifies and focuses your infrastructure, allowing you to become more disciplined with routines and expectations. Naming conventions, standard MOTD banners, and interface names are just a few things you can do to help troubleshoot and keep a balance within your team and devices, allowing for better management and less human error.

4. The Problem: Hardware Failures

It’s not if hardware will fail, but when. Are you ready to make a speedy recovery? When a device unexpectedly goes down, it can have a big impact, depending on which device it is and what redundancies you have in place.

The Protection:

Ensure that you can quickly recover devices or bring a replacement online by having device configurations automatically backed up so you can quickly bring new devices online.

5. The Problem: Firmware Issues / Faults in the Devices

When you support hundreds of devices, required firmware updates can be tedious, and executing commands over and over increases the risk of error.

The Protection:

With network automation, you can easily manage rapid change across complex networks. Bulk deploy configurations to ensure accuracy and speed up deployment times.

Increase your uptime and reduce the challenges of keeping your network running smoothly so you can focus on other projects. With SolarWinds® Network Configuration Manager, you can bulk deploy configuration changes or firmware updates, manage approvals, revert to previous configurations, audit for compliance, and run remediation scripts. Take action today to reduce these five causes of network outages.

Read more
1 0 613
Product Manager
Product Manager

We just can't have anything nice, now can we?  Oh, well. We knew there would be new vulnerabilities and ransomware attacks in 2018. However, this time hardware is the culprit, and patching is not going to be a cure-all for the situation. Consider yourself warned: expect more slowdowns in 2018.

Stop and think about this for a second: as the days progress, we are literally learning how much this new vulnerability impacts us. Anyone who says they have the full solution is not being honest with you or themselves. What I would like to do is help you to see how you can use the tools you likely already have to make you more aware of past, present, and future vulnerabilities and threats. That said, let's move on to the importance of using SolarWinds tools to do just that.

SolarWinds® Patch Manager will allow you to update your Windows® machines to their Microsoft® patches. If you are currently using this product, you should already be scheduling and looking for these. I discovered that there can be some issues with third-party Windows antivirus or you might get the BSOD. Read more here, because the awesome chart helps clarify these issues and how to prevent them from happening to you.

Further, Patch Manager will allow you to schedule and report on your Windows devices regarding updates. The reporting is key to showcase your compliance and, in this case, start your baseline. Plus, just because you update your devices does not mean you are 100% in the clear. Updating your third-party packages is an added bonus with Patch Manager, a fact that is often overlooked though desperately needed.     

SolarWinds® Server & Application Monitoring (SAM) will help you validate your business, yourself, and your vendor support for any degradation that patching may have on your applications. This is something you will want to have in place as soon as possible. It allows you to see any anomalies that may present themselves to your applications after the patching is applied. And because SAM is multi-vendor, you’ll be able to address even broad-scale hardware issues. The avid SAM users among you will likely know even more tricks for using the software, and I encourage you to share your knowledge in the comments to help us all be more aware in terms of application-centric monitoring.

SolarWinds® Network Configuration Manager (NCM) comes helps when there are firmware upgrades\updates that need to be applied to impacted network devices. It also helps you to roll these out. There is a compliance reporting function built into NCM that will assist with audits automatically. Remember, this incident is ongoing, which makes NCM’s ability to import very helpful. In fact, you can plug into firmware vulnerability warnings provided by the National Institute of Standards and Technology (NIST). This puts you even further ahead of future vulnerabilities.

SolarWinds® Network Performance Monitor (NPM) is all about the baseline. If you have ever been to one of our SWUGs, you have heard me preach endlessly about baselines and their extreme importance. However, I understand that sometimes you need black and white in front of you to truly understand this. The mindset I’m currently following regarding this vulnerability looks something like this:

  1. Patched and we have our checkbox
  2. Monitoring our application performances
  3. Ready for updates to needed network devices
  4. Monitoring the common vulnerabilities database
  5. Waiting for any anomaly that may present its ugly face (my favorite)

We can now show that we have implemented the patching to put a Band Aid® on the issues that could present themselves. However, as I’ve already mentioned, this is not a full fix. A hardware option would be the best solution, but is obviously not available to billions of devices at this time. YOU ARE THE THE FIRST RESPONDER!

Using NPM in combination with the other tools that I have outlined allows you to verify the patching and the results. Also, if there are ticks or drops or spikes that do NOT match your current baseline, you can share that solid reporting and documentation with your vendor to work out the possible issue, which makes you part of the solution. Is there anything better than working at the edge of technological advancements to create countermeasures to vulnerabilities? NO. The answer is a solid NO.

If you don’t already have it in place, set up threshold alerting and monitoring on critical devices that are housing your applications. That helps ensure that you are alerted to anything out of the ordinary, allowing you to get things back on track. It also shows your team and other departments that you are fully invested in the integrity of application uptime and performance. Also, if you have DevOps, you really need the documentation and baselines to prove that perhaps the performance issue is not the in-house application, but an actual patching issue. That, right there, can save a lot of unneeded cycles through rabbit holes.

Please let me know if you have additional ways to protect and help through these beginning stages of 2018 vulnerabilities. The ideas we share could literally help the many of you who act as a one-person army fighting your way to the top!

Thank you all for your eyes,

~Dez~

In case you’d like more information on any of the products mentioned above, check these out:

SolarWinds® Patch Manager

SolarWinds® Server & Application Monitor

SolarWinds® Network Performance Monitor

SolarWinds® Network Configuration Manager

Other resources:

https://www.pcworld.com/article/3245606/security/intel-x86-cpu-kernel-bug-faq-how-it-affects-pc-mac....

https://www.nytimes.com/2018/01/03/business/computer-flaws.html

Check out our Security and Compliance LinkedIn® Showcase Page for ideas on how to socialize this content: https://www.linkedin.com/showcase/solarwinds-security-and-compliance/

Follow our Federal LinkedIn page to stay current on federal events and announcements: https://www.linkedin.com/showcase/4799311/

Read more
3 7 2,761
Level 12

Virtual Private Networks (VPNs) allow secure connections through the open internet. With VPN authentication, encryption, availability, and speed, end-users can work from anywhere as if they were sitting within a millisecond’s ping from the server room. Remote branch offices are connected, cloud resources are securely available, and all is well. That is, if the VPN tunnel works as it should.

Colleagues not talking to each other? Could be a grudge, could be trouble joining the call because “that VPN tunneling thingy keeps timing out.” No traffic from the remote office? Could be just lunch break, could be that the site-to-site VPN tunnel is down. What if it really is the network this time?

Setting up a trusted tunnel between two endpoints is a multi-step process—this also means that troubleshooting requires knowledge of its complexity. See these handy VPN tunnel troubleshooting flowcharts for LAN-to-LAN and Remote Access VPNs for examples of a systematic approach to figuring out why the remote connection is flunking out.

In short, you need to:

  • Send packets that are recognized as initiating a VPN connection attempt.
  • “Phase 1” establishes a secure communication channel by generating a shared secret key to encrypt further communications. Troubleshooting this phase often deals with IP addressing, encryption config, or pre-shared keys.
  • Following the working secure channel, in “Phase 2,” you establish IPSec security associations and negotiate information needed for the IPSec tunnel—connection type, authentication method, and access lists—resulting in a crypto map.
  • On we go to the data transfer:  encrypted, authenticated, and secure.

When the VPN connection fails and it’s troubleshooting time, you want visibility into your VPN environment. We’ve come up with Network Insight for Cisco® ASA to help you with just that. One of the most popular security devices on the market meets the worldwide leader in network management software. Sounds promising, right?

In SolarWinds® Network Performance Monitor 12.2, your monitored ASA devices now show additional information beyond SMNP statistics.

Site-to-Site VPN shows you whether the tunnel is up, down, or inactive. See traffic ingress and egress, duration of the VPN tunnel uptime, encryption, and hashing info. If the tunnel is down, information about the last phase completed successfully is available. Search, filter, and favorite tunnels to quickly access them in the Node Details view. You can also select specific errors from Phase 1 or Phase 2 to be ignored.

05_site2site.png

The Remote Access VPN subview presents a list of remote access tunnels, with the username and tunnel duration details, as well as the amount of data downloaded and uploaded. For failed connections, you’ll see the time and reason why the connection was ended, IP address, and client used. As always, you can use tools to search and filter the sessions.

06_remote.png

Several predefined reports and alerts are available to keep your finger on the VPN’s pulse. Tunnel down? You’ll know first. Reaching a threshold? Won’t catch you by surprise. And of course, you can customize your own advanced reports and alerts.

You can learn more about Network Insight for Cisco ASA or try it for yourself in the fully featured 30-day trial.

Read more
10 22 9,424
Level 9

DO YOUR FIREWALLS HAVE ACCESS CONTROL LISTS OR OUT-OF-CONTROL LISTS?

Do you badge in and out of your office each day? That electronic lock should be doing two things: making sure you can get in (and get to work), and keeping people who shouldn’t be there out.  If the permissions aren’t right, you could be blocked from entering. Or, worse, people who aren’t authorized could walk right in. This is what happens if the Access Control Lists (ACLs) on your firewall aren’t properly configured. Valid traffic could be blocked, or unauthorized traffic could slip through. This can impact productivity and even be a security risk.

ACLs can be hundreds or even thousands of lines long. They may have been set up years ago and been modified too many times to count. Are you confident that they are controlling the traffic the way you want? Do you need deeper network insights to see what is really going on?

Reviewing your Access Control Lists can be a tedious task, but the latest release of SolarWinds® Network Configuration Manager (NCM) makes it easy. This release introduces a new feature, Network Insight™ for Cisco® ASA, so you can easily review and audit ACLs for your Cisco ASA firewall.

  1. Review what ACLs are configured
    You can’t control it if you don’t know you have it. First, take a look to see what Access Control Lists are set up. The network insights you get with NCM will allow you to view all ACLs configured on the ASA. See if you have an ACL that was configured but never applied. Do you have ACLs that were set up so long ago that none of the original creators are still around?

  2. Audit where and how they are assigned
    An ACL may be configured correctly but assigned to the wrong zone, reducing its effectiveness. Are your ACLs assigned to the correct zones? What interfaces are assigned to those zones? Review where your Cisco ASA ACLs are assigned to maximize their strength.

  3. See what rules are being used
    Do you have rules in place that are never used, or rules that are getting hit all the time? Use NCM’s ACL Rule Browser to browse to object group definitions, search and filter within your ACLs, and view the hit count for individual rules to debug your access rules. Rules that are never hit may have been superseded by other policy changes. Rules that are getting hit all the time may indicate a need to refine the rule. With increased network insight you can optimize the ACL rules on your Cisco ASA.

  4. Detect shadow or redundant rules
    Access Control List rules are applied in the order they are listed. When a rule is overridden by a previous rule that does a different action, it is a shadow rule. A rule that is hidden because a previous rule does the same action is a redundant rule. For example, your office wants to let in anyone who is an employee, but not on the weekends. If the badge reader checks “let in all employees” first and then checks the day of the week, the weekend rule is a shadow rule. It will not matter because the door unlocked after confirming it was an employee who was trying to enter. You can reduce security risks and help ensure your ACLs are working as intended by identifying shadow or redundant rules.

  5. Compare ACLs for changes
    It can be difficult to troubleshoot ACL config issues. Network Configuration Manager helps make this process easier with side-by-side ACL config comparisons on your Cisco ASAs. You can compare an ACL to a previous version on the same node, or compare to other nodes, interfaces, or to a different ACL. Identify errors and verify consistency with Network Insights for Cisco ASA.

By working through this simple checklist, you can restore confidence that your firewalls are effectively managing the traffic flow in and out of your network. You can try Network Insight for Cisco ASA in the latest release of Network Configuration Manager. With a free, 30-day trial of NCM, you can see for yourself how easily you can bring your ACLs back under control. Look like a firewall expert without having to be a firewall expert!

Read more
2 3 3,642
Level 12

Monitoring Your Cisco ASA with Network Insight

Firewalls have a unique place in the network topology. Found at the perimeter, they control network traffic, connect branch offices, and provide remote access to business services. You don’t any network component to go down or cause problems, but this is especially true of firewalls.

Some mishaps can cost you hours of troubleshooting time, and others will make you sweat while you’re trying to put out the fire on your firewall. Consider these critical failures as situations you want to avoid at all costs.

  • No entry/exit allowed – When the firewall goes down, traffic cannot enter or exit—or worse, any traffic can get into your network.
  • High availability (HA) or no availability – If you’ve set up your firewalls correctly, you’ve designed in high availability. Correct HA configuration requires that your firewalls are synchronized. If they aren’t, then a failover situation may result in no availability.
  • Failure to communicate – Connectivity to your remote locations is dependent on VPN tunnels. Tunnel down = bad, tunnel up = good.
  • No worker is an island – Unless, of course, they cannot connect remotely.
  • The shadow knows – But unless you want to dig through your ACLs, you’ll never know if you have shadowed or redundant rules.
  • Needle in a haystack – Something changed in your ACLs, but finding the changes in hundreds of lines of configurations and rules is like… well, it goes without saying.

Given the criticality of your firewalls, it’s obvious that monitoring said firewalls is equally, if not more so, important as any other piece of network equipment. Good old SNMP might not always give you enough information for a complete picture of your appliance's health. Plus, let’s face it: using each vendor’s own toolset for troubleshooting and combining the data into a complete picture gets old, fast.

We’ve tackled this and are proud to present the latest of our Network Insight features—this time, for Cisco® ASA. Thanks to CLI polling, you can now get enhanced insight into your Cisco ASA firewalls directly within Network Performance Monitor (NPM) and Network Configuration Manager (NCM).

In Network Performance Monitor 12.2 you can get visibility into the health and performance of your Cisco ASA infrastructure in a single pane of glass.

  • See the health and availability of your LAN-to-LAN VPN tunnels. Remote access VPN shows you details about connected users, tunnel duration, and more.
  • Monitor your ASA's High Availability sync status, type, and overall health for reassurance that you are prepared for a failover event.

Network Configuration Manager 7.7 automates the monitoring and management of ACLs and configurations.

  • The new ACL Rule Browser enables you to filter, search, snapshot, and compare ACL versions.
  • Identify shadow rule redundancies and rules that are configured but not pushed out.
  • Contexts are a great way to segment your ASA as independent virtual devices. With Network Insight for Cisco ASA, you can dig into each of your contexts. Update firmware using NCM’s firmware update tool, both in multi- and single-context modes.

Network Insight for Cisco ASA might just be one of the “can’t go back now” features for monitoring your firewalls. See for yourself with our free, fully featured 30-day trials of Network Performance Monitor and Network Configuration Manager, and cover your ASA!

To try Network Insight for Cisco ASA you can download a free 30-day trial of NPM, NCM or download both.

Read more
0 0 1,249
Level 9

We’ve been listening to our SolarWinds® IP Address Manager (IPAM) customers who have ventured down the path of cloud automation, and we would like to share with you a new solution from SovLabs. It’s geared toward solving end-to-end IP address management for vRealize Automation (vRA).

The issue

vRA is widely used to provide self-service automation for infrastructure provisioning. One of the gaps in self-service is finding the next available IP address to assign to a new virtual machine. This requires a workflow that involves changing tools and manually looking for an address, which can be time-consuming and error-prone.

How does SovLabs help?

The SovLabs® vRA Integration Pack for SolarWinds consists of IPAM and DNS integration modules for VMware® vRealize® Automation based on the new SolarWinds IPAM API. The modules bring a simplistic approach to integrating SolarWinds IPAM with vRA. Combining IPAM with the SovLabs vRA Integration Pack enables a fully automated method of obtaining and releasing IP addresses as well as DNS record creation and removal as the cloud environment dynamically scales.   IP subnets can now easily be shared between vRA deployments alongside existing tools/devices with little fear of IP address conflicts.

SovLabs IPAM and DNS modules eliminate the pain of building and managing custom workflows by simplifying the integration between SolarWinds IPAM and vRealize Automation using a software-driven approach.  The modules share a built-in template engine that allows for dynamic data to be injected into endpoint definitions and configurations. Need to customize the comments field for IPAM records using vRA metadata?  Here’s an example of how to dynamically generate the comments using vRA properties via the SovLabs Template Engine configured on the SovLabs SolarWinds IPAM endpoint:

This comment template:

Reserved by {{ownerName}} on {{creationDate}} via vRA {{plugins.vCAC}} using blueprint {{blueprintName}} (NIC# {{SovLabsIPAMProfile.nic}})

Is rendered and inserted as a comment during VM provisioning/IP assignment:

Reserved by fred@sovlabs.com on 2016-10-07T14:23:38.360 via vRA 7.3.0 using blueprint Win2012R2 Prd (NIC# 0)

Getting started

To get started, create a SolarWinds endpoint, then create/link to an IPAM profile and DNS configuration, and finally associate to the blueprint – all directly in vRA.

pastedImage_0.png

pastedImage_2.png

For more information on the SovLabs vRA Integration Pack for SolarWinds and to request a free trial, visit the SovLabs website or email info@sovlabs.com.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks of) their respective companies.

© 2017 SolarWinds Worldwide, LLC. All rights reserved.

Read more
1 1 783
Level 10

SolarWinds® Port Scanner is a standalone free tool that can be used in various ways to identify the ports running on your network. It also helps unveil network vulnerabilities.

This versatile tool has many applications. Check out the ideas shared in this post, and let us know in the comments below how you use Port Scanner.

***

Idea 1: Use Port Scanner to run a security analysis

A security engineer would like to see how vulnerable his network is by performing an analysis of open and closed ports within his network. By running SolarWinds Port Scanner, he is able to scan IP addresses and their corresponding TCP and UDP ports. In doing so, he can verify if the ports that are supposed to be filtered are, in fact, filtered.

Once he establishes whether the corresponding ports are open, he can run a security analysis using Port Scanner and receive the status of all the TCP and UDP ports on his network. If he finds an open port that is not supposed to be open, he can go into his firewall or router to disable traffic on that port.  

Idea 2: Run the CLI to export results

Network administrators must understand the peaks of IP usage within their network to see if they will still have IP addresses available during peak hours. To achieve that, the network administrator must run recurring scans to see the differences in IP usage.

Using Windows® Scheduler to run the command line interface (CLI) of SolarWinds Port Scanner every 15 minutes, network admins can export the results to a CSV file. After that, he can run a PowerShell® script to compare the results from all of the CSV files. This will give him a clear understanding of IP usage within his network, which is critical to his job. Without this information, it is nearly impossible to maintain a secure network with optimal performance.  

Idea 3: Use Port Scanner to detect rogue devices

Network administrators need to know if only whitelisted devices are connecting to their Wi-Fi network. To achieve that, he needs to run recurring scans to see the differences in host names and MAC addresses. 

To do this, the network admin can use the Windows Scheduler to run the CLI of SolarWinds Port Scanner every 15 minutes and export the results to an XML file. He can then run a PowerShell script to compare the results from all of the XML files, which will give him a clear understanding of the devices connecting to his network. If he finds any rogue devices, he can simply disable them from his wireless controller.   

***

We hope you find Port Scanner to be a useful free tool, one of many new SolarWinds free tools to come. How will you discover your network with SolarWinds Port Scanner?

Read more
1 0 1,764
Level 10

SolarWinds THWACK® community has grown to become one of the largest and most active communities for IT professionals, expecting about two million unique visitors this year alone.

We see it as a great opportunity to have a conversation and to connect.

IT is changing all the time. That’s what makes it such an interesting industry. SolarWinds® solutions have been changing, too. In addition to our traditional product line, powered by the Orion® Platform, SolarWinds now offers a remote monitoring product line for MSPs, and a portfolio of cloud monitoring products for DevOps teams building cloud-first applications.

This makes it more important than ever that we have a space to connect with customers and with the IT industry. This is that space.

Monitoring Central complements our two other blog communities on THWACK: Geek Speak, where you can read opinions from industry thought leaders, and the Product Blog, where you find out about product updates and new releases.

Monitoring Central is a new space to talk about all things monitoring.

We invite you to participate, ask questions, voice your opinions, and actively participate in this blog. For example, write a comment below suggesting any topics you would like to hear about.

We look forward to the conversation.

Read more
18 16 2,546