I like tools. The more complex they are, the better. I can easily spend an hour in a hardware store like Lowe’s or Home Depot and never leave the tool aisle. If it has laser beams, sharp blades, and requires hearing and eye protection, even better! There’s a problem with the bigger tools though. They tend to cost a lot and they typically do only one or two things. They do them well for the most part, but their ability to help you out in a variety of situations is limited. They also tend to be a lot bigger and difficult to lug around.
There’s another class of tool though. It tends to do several things, but probably not as well as the specialized ones. One of my favorites is the Leatherman multi-tool made by the fine folks in Portland,Oregon. What would take me an entire set of tools purchased individually, this tool can do rather well. It has a variety of different mini-tools on it. There’s pliers, a knife blade, a file, multiple driver bits, a can opener, etc.
When you consider the wide range of network monitoring tools out there, we tend to buy single use tools. Granted, there are some out there than can accomplish a wide range of things like SolarWinds Orion, but for the most part, our tools do either one or just a few things. In the network world, I typically categorize the various tools in one of about 4 different categories.
1. Configuration – These are the tools that aid you in pushing out changes to a large number of devices. Infoblox NetMRI, HP Network Automation software, and SolarWinds Orion NCM are a few of the more well known programs.
2. Real Time Monitoring – These are the tools that alert you when something is down, going down, or experiencing other anomalies in near real-time. EMC Smarts(now branded as EMC Ionix), Whats Up Gold, GFI NSM, and SolarWinds Orion are a few of these.
3. Flow Data/Network Trending – These are the tools that show you historical, or near real time flow statistics on your network infrastructure. CA NetQos ReporterAnalyzer, Compuware Gomez NPM(formerly Compuware NetworkVantage), Plixer Scrutinizer, and Fluke Networks OptiView NetFlow Tracker are a few of these.
4. Authentication/Policy Enforcement – These are the tools that permit or deny access to the network or a specific device within the network. Cisco ACS, Microsoft Network Policy Server(formerly Microsoft IAS), and Juniper Networks Steel Belted Radius are some of the more well known programs.
Perhaps like me, you find yourself wondering why the bulk of the tools we have in use on enterprise networks only do a certain amount of tasks. I believe the answer has to do with complexity. It is a rather monumental task to develop software that can handle just one of the four areas I mentioned. Add virtualization to that and it becomes even more difficult.
HP has an interesting product called Intelligent Management Center(IMC) that aims to handle all 4 areas I listed above to one degree or another. Not only can it keep configurations of all your network devices, it can monitor their up/down state, keep traffic flow statistics, and even enforce security policies. Here’s a short list of what it can do according to HP:
“Fault management, device configuration, device policy enforcement, change alerts, VPN management, user access management, network traffic analysis, virtualization management, network discovery, centralized reporting, access control list management, QoS policy management, MPLS VPN management, endpoint posture checking, identity and access management over LAN, WAN, wireless, and VPN.”
It is important to note that this product is not designed to only work with HP systems. It supports several thousand different non-HP products. Just about every Cisco product you can think of is supported by this tool. For that matter, just about every vendor you can think of is supported as well. I saw a live demonstration of this product at HP Discover earlier this year. During the IMC session, the challenge was made to name an obscure brand to see if IMC would support it. There was only one product out of a half-dozen or so that were named that wasn’t supported. It was a SonicWall device. Not surprising considering how GUI heavy those products are.
The goal of IMC is simple. You can see it represented in this picture:
Swivel Chair Management – This is what happens when we have to use several different tools to manage the network. We shift from one tool to another. Back and forth repeatedly. You have no doubt heard the term “single pane of glass” before. That is the term HP uses to counteract the typical swivel chair management most enterprises use when it comes to network management applications. IMC puts it all in one place allowing multiple silos within an IT department to use the same tool for all their management needs.
That’s the basic rundown on IMC. It’s modular, built off the FCAPS model, and consists of the following modules:
Icing On The Cake
IMC has some serious hooks into the virtual ecosystem. For those of us who are from traditional networking backgrounds, we have struggled with visibility into the virtual ecosystem over the past several years. Traffic goes into blade enclosures or ESX hosts and doesn’t necessarily come back out. Monitoring VM’s has become quite difficult, and if that VM changes ESX hosts, it gets even harder. Cisco has a solution to that problem in the Nexus 1000v, but that involves an additional purchase. Not everyone wants to go down that route. While IMC cannot do all of the things that the Nexus 1000v can, it gets pretty close due to extensive use of the vCenter API. As vSphere matures, so will IMC’s ability to see into the virtual environment.
IMC is by all rights a great product that I think is going to set the bar for other all encompassing management tools. However, I think it would be naive to assume that IMC can replace all other management tools out there. There are going to be several things that specialized software from vendors can do that IMC cannot. That doesn’t mean IMC can’t do the bulk of the functions of these other tools. It just means that you have to be realistic when it comes to a product like IMC.
Like my Leatherman that I described at the start of this post, IMC is able to do a variety of things. However, there are limitations around the knife or the screwdriver on my Leatherman. Sometimes you do need a specialized tool to get the job done. The efficiency you gain from leveraging a tool like IMC in an enterprise network is a tradeoff I am willing to make. All of it comes down to knowing what your needs are and using the best tool to meet them.
This was the third and final post for the Blogger’s Reality Show Contest 2011 sponsored by HP and Ivy Worldwide. If you wouldn’t mind, click the thumbs up or thumbs down right below this paragraph and let me know if you enjoyed this post, or if it didn’t really apply to you. You can also leave a comment if you wish.