There are a number of elements to managing networks:
- Log and Event Management
- Network Performance Management
- Network Administration
Log and Event Management
Modern managed Automation networks keep a watching eye on virtually everything going on across the network. The only question is "are you listening?"
Effective listening requires investment in a few key log and event management tools that make the sense of what can be significant amounts of event based data.
An event could be notification that someone has logged into a device's management interface or a firewall has dropped data that falls outside of a policy.
Out of the box these alerts will be stored locally on the devise tagged with the time stamp from the respective device.
The issue here is that unless time synchronised all the device internal clocks will be different so identifying what happened first will be virtually impossible. Also the process of connecting to each device is extremely time consuming. There is a better way!
Implementing a central Network Time 'NTP' Server will synchronise all devices to the same time. Implementing a central logging 'SYSLOG' server and pointing all devices to this server will bring all events back to a single point making the information hugely more valuable and insightful.
With events time sync'd and centrally captured the second stage is classification and interpretation and remediation. This requires investment, skills and competence.
The investment is in the software that processes and presents the data; this can be anything from a simple event viewer to a complex and feature rich Security Information and Event Management System (SIEM). The latter is extremely powerful and a central component of a network automation strategy; IT4A believe SIEM is a fundamental component of a large Automation network.
Once events are classified and prioritised, skills and competence are required to interpret and, as necessary, remediate the issue.
Network Performance Management
In addition to generating messages when events occur, managed network devices collect information using the Simple Network Management Protocol (SNMP) that describes a multitude performance characteristics. Whilst product dependent this information will include interface errors, packet drops, link utilisation, etc. SNMP management can either be vendor based or, as SNMP is a standard, non-vendor specific.
A SIEM can combine data from various sources to provide a greater insight into what is going on within a network. The SIEM is a specialist software environment that requires significant configuration to maximise its benefit.
Finally there is the administration element that simplifies and automates some of the more routine activities such as backup and restore, firmware updates, multi device configuration. These tools are generally vendor specific.