The "No Network is 100% Secure" series
- Monitoring Basics 102 -
A White Paper
All rights reserved - may not be copied without permission
Easyrider LAN Pro, NOC Design Consultants
Monitoring Basics 101
NOC Design Primer
Types of monitoring
The pitfalls of self-monitoring
Remote Monitoring History
What drives the IT decision to spend money on monitoring?:
Every once in a great while, I will be contacted by a forward thinking manager
who recognizes the need to build a proactive view into the computing environment
in the data center. I'm sorry to say that this situation is the exception rather
than the rule.
Fire prevention or hiring lots of fire fighters?: More often than not, I am contacted shortly after a very painful, embarrassing, high visibility and usually expensive negative event has occurred in the enterprise that a manager is responsible for. Maybe millions of dollars were lost. Perhaps Government regulators became involved. Possibly senior executives found themselves on the nightly news or had to testify before Government committees. Whatever the outcome, it was BAD!
By the time someone does a Google search to find me, there is almost always a Board of Directors level edict that "an event like this will never happen again". And by the time I get involved, the cost to solve their data center monitoring problems is usually a non-issue. And *NO ONE* in the company is advocating finding ways to solve these problems "on the cheap" or to build a solution in-house to save money. Neither does anyone want to "shop around" to find a low paid, inexperienced tech who will install "pick-your-favorite-software for the least amount of money. And no one is interested in looking at free or nearly free monitoring software anymore. When I am contacted under these circumstances, the company is looking for an expert -- someone who can look at what they are doing and figure out which monitoring software would work best for them. Someone who has built many NOCs already and who can design and deploy an effective, efficient, comprehensive monitoring environment that will provide maximum visibility into all service delivery aspects of their entire data center. And someone who can present data center health status information to their monitoring NOC Techs in a clear, concise and useable manner. In short, the decision to have an overworked Admin build a "monitoring environment" using Sitescope, Nagios or something similar to "save money" is no longer open to discussion.
Wouldn't it be better to be proactive, since that's sort of an IT guy's job anyway?: Why are situations like this allowed to get this far? Isn't your valuable data center and the vitally important computing services that it provides worth a little spending to protect those assets? Would you hire the neighborhood kid who cuts your lawn to do brain surgery on one of your children because going that route would cost less? Using free monitoring software and having it installed by an already overworked Administrator and calling it a "NOC" makes about as much sense. And not to rub salt in the wounds, but had these guys contacted me earlier, they most likely wouldn't be in this fix now. NOCs that I build do not "miss" important symptoms that result in service delivery outages. period.
Why are NOCs that Easyrider LAN Pro builds so much better than most?: It's not that I am so much smarter than anyone else. Truly. But I've been doing this type of work for over 25 years and after all this time, I know what works and what doesn't work. For example, here's how most NOCs get built:
- Someone decides to acquire or purchase some monitoring software based on a sales visit, magazine article or some other means.
- An employee is assigned or perhaps volunteers to "build the NOC". Employee may or may not attend the one week Vendor training class (if one even exists) to learn how to install the software and do basic configuration work. The number of NOCs this person has previously built is usually zero.
- The monitoring software is installed and configured pretty much "out of the box", utilizing 5-10% of the product's capabilities.
- Event messages (usually very raw) are presented in the NOC Tech view in a not-very-useable format. Over time, the NOC techs "learn" how to interpret the information that comes along and they learn which events and messages are important and which ones can be ignored.
- The person who built the monitoring environment is tethered to it for the duration. Typically, they become very territorial about allowing access or providing any information about how the monitoring environment is set up. The monitoring software becomes highly customized over time, to the point where it is completely unsupportable.
- The person leaves the company, leaving behind this white elephant, so-called "monitoring environment".
- A major computing infrastructure outage occurs that the NOC completely misses. No one knows what to do. Heads roll. There is the weeping and gnashing of teeth.
- I get a call.
Next in the security white paper series:
How Cyber Criminals will mature over the next ten years
Are you vulnerable to drive-by exploits?
High value sites recent hacks
IT employment challenges of the 21st century
Employment reference checking white paper
Competency Certifications White Paper
Firewall White Paper
Virus White Paper
GhostNet White Paper
Password White Paper
Digital Identification Certificates White Paper
Cryptography White Paper
OpenID White Paper
Intrusion Detection Systems IDS White Paper
Rootkit White Paper
Unnecessary Windows XP Services White Paper
Scareware White Paper
Exaflood Internet Brownout White Paper
Cloud Computing White Paper
Proxy Server White Paper
Personal Computer PC Security White Paper
Conficker White Paper
Phishing White Paper
DNS Poisoning White Paper
SPAM White Paper
Best Practices White Paper
Denial of Service DoS White Paper
Trojan Virus Attacks White Paper
Port Scanning White Paper
Monitoring Basics 101 White Paper
Monitoring Basics 103 White Paper
Virtual Machine Security White Paper
Aurora vulnerability White Paper
Shelfware White Paper
Outsourced IT White Paper
Easyrider LAN Pro Consulting services:
Network Security Audit and PC Tune-up service
- Proxy server installation and configuration
- Enterprise security consultations
- Disaster recovery planning
- Disaster recovery services
- Capacity, migration and upgrade planning
- Build and deploy central syslog server
- Build trouble ticket systems
- Design and build monitoring environments
- Design and build Network Operations Centers (NOC)
- HP Openview, BMC Patrol consulting
Last modified March 25, 2009
Copyright 1990-2009 Easyrider LAN Pro