An Introduction to Network Monitoring

Ignorance is not bliss, especially when it comes to knowing what's happening on your network. Learn the basics of network monitoring systems, and what these applications and hardware appliances can do

What is network monitoring?

A network monitoring system monitors an internal network for problems. It can find and help resolve snail-paced webpage downloads, lost-in-space e-mail, questionable user activity and file delivery caused by overloaded, crashed servers, dicey network connections or other devices.

Network monitoring systems (NMSs) are much different from intrusion detection systems (IDSs) or intrusion prevention systems (IPSs). These other systems detect break-ins and prevent scurrilous activity from unauthorized users. An NMS lets you know how well the network is running during the course of ordinary operations; its focus isn't on security per se.

Network monitoring can be achieved using various software or a combination of plug-and-play hardware and software appliance solutions. Virtually any kind of network can be monitored. It doesn't matter whether it's wireless or wired, a corporate LAN, VPN or service provider WAN. You can monitor devices on different operating systems with a multitude of functions, ranging from BlackBerrys and cell phones, to servers, routers and switches. These systems can help you identify specific activities and performance metrics, producing results that enable a business to address various and sundry needs, including meeting compliance requirements, stomping out internal security threats and providing more operational visibility.

Why is monitoring the network important?

The reasons to insist on network monitoring can be summarized on a high level into maintaining the network's current health, ensuring availability and improving performance. An NMS also can help you build a database of critical information that you can use to plan for future growth.

The best argument for attempting to predict your network's growth is your existing infrastructure's history, and the problems that resulted from decisions made with too little data.

In addition, if you have a service-level agreement (SLA) in place, monitoring is a must-have. An NMS can ensure that target device, service and application performance level contractual obligations are being met.

What kinds of things can network monitoring systems see?

The usual areas examined are bandwidth usage, application performance and server performance.

Traditional network monitoring starts with the basics at the network's core. It checks and reports WAN link bandwidth numbers, latency or response time from your switches, routers and servers, and server CPU utilization numbers. For example, a server running at 100 percent utilization should raise more than just an eyebrow.

Network monitoring can help you manage users too. Tools with automatic discovery offer the ability to monitor devices as they're added, removed or undergo configuration changes. Some tools can group devices dynamically (on a parameter such as an IP address) or by service, type and location; these are extremely helpful when managing a large network.

What kinds of network monitoring systems are available?

If you're a lab rat, plenty of Command Line Interface (CLI) tools are available. One example is the venerable Ping, a reliable tool for operating on the "KISS" theory.

Obviously, there are learning curve issues associated with CLI tools. For those less geek-minded, an abundance of Web-based GUI solutions including detailed reporting and graphical chart features are available. These tools can be easier to set up and use. Many come with pre-scripted configurations. Plus, the charts they produce are very handy when putting together executive presentations for network investment pitches.

Open-source tools, always an IT geek favorite, abound for network monitoring. They're generally innovative, irreverent but stylish and, best of all, mostly free or cheap. Additionally, open-source monitoring tools are interoperable with almost every other tool or platform. The data from these open-source tools is almost always dumped into XML; even major vendors tend to drink from the XML cup at one stage or another.

What do they cost?

Network monitoring solutions can be totally free or they can be extremely expensive. Most open-source tools are free, as are tools that may have been bundled with infrastructure purchases. Appliances, software-only solutions and services range from $50 on into five figures.

With service vendors, you're likely to be able to choose from a buffet-style menu of monitoring services; these may tally up to a savings over device purchases depending on network priorities. There are other trade-offs. Purchasing services may give you the advantage of rubbing elbows with the latest monitoring technologies; in contrast, purchasing appliances can provide more control.

One thing's a certainty when it comes to network monitoring. The cost of not using these technologies can be greater than you think, if you're not getting the performance and availability you're paying for and if you're not willing to spend sufficiently to ensure that your network is healthy and secure. What's it really worth? It could be worth your job.