Raritan COMMANDCENTER NOC, Administrator'S Manual

Page 1: ...CommandCenter NOC Administrator Guide Release 5 4 Copyright 2006 Raritan Computer Inc CCNOC 0D E June 2006 255 80 5301 00...

Page 2: ...This page intentionally left blank...

Page 3: ...15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a commercial installation This equipment generates uses and can radiate radio frequency...

Page 4: ...It is recommended to change this immediately Rack Mount Safety Guidelines In Raritan products which require Rack Mounting please follow these precautions Operation temperature in a closed rack environ...

Page 5: ...te Devices 19 Configure Performance Thresholds 21 Configure Outage Report 22 SNMP Reparenting Exclusion List 23 Associate CommandCenter Secure Gateway CC SG 23 Configure a CC SG 23 Create a CC SG Peer...

Page 6: ...2 Authenticate Windows Computers 64 Manage Unmanage or Rescan Devices 64 Configure Windows Performance Thresholds 65 Configure WINS Server or LMHOSTS File on 2500M 65 Edit WINS Settings 65 Edit LMHOST...

Page 7: ...dresses in the SNMP Interfaces Table 111 Why Can t My CC NOC Manage X Service 112 Pollers 112 Notifications 113 Why am I Not Receiving Notifications 113 What Conditions Cause a Notification to be Sent...

Page 8: ...ture Profiler and the Rules Engine 133 Responding to Events and Notifications 134 Event Categories 134 What do I do when 134 What if I have been hacked 135 Security An Elusive Goal 135 Appendix F Noti...

Page 9: ...e 23 Associate a CommandCenter Secure Gateway 25 Figure 24 Create a CC SG Peer 25 Figure 25 Disconnect a CommandCenter Secure Gateway 26 Figure 26 Delete a CommandCenter Secure Gateway 26 Figure 27 Ma...

Page 10: ...proxy authentication credentials 60 Figure 75 List of Windows Management Proxies 61 Figure 76Selecting Internet Protocol TCP IP for WINS Settings 62 Figure 77Selecting WINS Tab 63 Figure 78 Change Au...

Page 11: ...g Modem Parameters 88 Figure 113 Editing Modem Parameters 88 Figure 114 Importing assets 90 Figure 115 Exporting assets 91 Figure 116 Mapping unassociated assets to nodes 91 Figure 117 Clear all asset...

Page 12: ...xii FIGURES...

Page 13: ...ly are deployed in smaller networks or satellite offices CC NOC 100 CC NOC 250 For instructions on deploying and configuring a CC NOC 100 or CC NOC 250 see Raritan s CommandCenter NOC Deployment Guide...

Page 14: ...al Authentication By default CC NOC users will be locally authenticated if remote authentication is not configured Local authentication is also used if remote authentication is configured but the CC S...

Page 15: ...devices connected to CC SG CSV comma separated value files are simple database files that can be easily imported into a spreadsheet or database program so that you can generate custom reports This ex...

Page 16: ...ID coupled with the node label for the node experiencing the outage the address of the impacted interface the service name and the time the outage occurred are all tracked within the Outages Browser A...

Page 17: ...users to the categories that they are most interested in Vulnerability Scan the CC NOC can be configured to scan for vulnerabilities for example unpatched systems and older known vulnerable server da...

Page 18: ...ion Service availability polling SNMP performance data collection SNMP performance thresholding You can transition a device with an Infrastructure license to any of the following licensed states Works...

Page 19: ...ted Workstation licenses provide a mechanism for you to obtain additional polling and performance data from a troublesome device on a temporary basis without taking up a Server or Infrastructure licen...

Page 20: ...8 COMMANDCENTER NOC ADMINISTRATOR GUIDE...

Page 21: ...afe state for power removal Appliance Shutdown Restart The System Shutdown and System Restart buttons are one way that your CC NOC can be shut down or restarted You can also shutdown and restart a CC...

Page 22: ...ime will be reset when you continue to the next step 6 Click the drop down arrow and select your time zone from the select box The list is sorted first by country two character code then an order with...

Page 23: ...default gateway 5 Click save changes Change the ISP Gateway Address This page provides a way to manipulate the address monitored for inclusion in the Internet Connectivity category The CC NOC handles...

Page 24: ...e provide the IP address of an SMTP server below 1 Click on the Admin tab in the top navigation bar 2 Click Appliance Network Settings 3 Click Outgoing Email Communication Figure 5 Configure Outgoing...

Page 25: ...3 Click Change Nameserver Addresses Figure 6 Configure Nameserver Addresses 4 Type addresses for primary required secondary tertiary DNS servers and WINS server Note The WINS Server that you can speci...

Page 26: ...s and the last address and click add to includes Ranges may span multiple networks If there are any ranges or addresses that cannot or should not be discovered make sure to add an entry to add to excl...

Page 27: ...55 Within that range you can specify one IP address we do not want managed 192 168 0 210 You also included a specific IP outside of the range we specified 192 168 5 100 to manage This is a good setup...

Page 28: ...or range for each string if you wish to provide an SNMP string for all devices that the CC NOC is managing just specify the range as 0 0 0 0 255 255 255 255 Click remove if you wish to remove the defi...

Page 29: ...1 Edit Scheduled Outages 5 Type a name for the scheduled outage 6 Select a node label that is a DNS hostname or IP address from the Included Node Label drop down list and click add Adding a node label...

Page 30: ...default because in most cases the availability of SNMP data is not integral to the core business of a company thus it is excluded from availability calculations Even if this poller is disabled SNMP pe...

Page 31: ...e custom poller click apply changes on the Configure Pollers page to apply the settings When specifying ports if there is more than one port where the service can be located it is recommended to creat...

Page 32: ...equires that it is under Windows management please see Chapter 4 Configuring Windows Management for additional information You can have up to five promoted workstations 6 If you delete one or more dev...

Page 33: ...d on a per device basis see Edit Performance Thresholds Per Device later in this chapter Per device thresholds override values that are configured here Please see Appendix C Performance Monitoring for...

Page 34: ...ring the entire week Another for availability during business hours You can edit the time period that is used to calculate the business hours availability by changing the data in the fields in this pa...

Page 35: ...se nodes separate 1 Click on the Admin tab in the top navigation bar 2 Click Network Management Configuration 3 Click SNMP Reparenting Exclusion List Figure 18 SNMP Reparenting Exclusion List 4 Type a...

Page 36: ...ntirely 6 If you click Enable Link in Sidebar all normal and administrator users will have a link in the left hand sidebar that will take them directly to your CC SG appliance s user interface Note th...

Page 37: ...s to you which you will enter here Once the certificate exchange process is complete a secure channel is established between CC NOC and CC SG The secure channel created here is available for one year...

Page 38: ...to CC SG and a secure channel exists deleting the CC SG will tear down the secure channel You will not be able to access this CC SG from CC NOC 1 Click on the Admin tab in the top navigation bar 2 Cl...

Page 39: ...strator group they will be given Administrator rights To map CC SG user groups to CC NOC user roles 1 Click on the Admin tab in the top navigation bar 2 Click Map Secure Gateway User Groups to Local U...

Page 40: ...nagement platforms or Raritan appliances use Configure Event Recipients to specify where your events should be forwarded 1 Click on the Admin tab in the top navigation bar 2 Click Multi site Managemen...

Page 41: ...Severities to Forward to specify which events should be forwarded 1 Click on the Admin tab in the top navigation bar 2 Click Multi site Management 3 Click Configure Event Forwarding 4 Click Configure...

Page 42: ...ery queue For example if a new server has been added to your environment and you want to monitor it immediately it can be added here The discovery process will then determine the characteristics of th...

Page 43: ...tive data samples e g triggers which must be exceeded before an event is generated 5 Enter values for Value Rearm At and Trigger The Value column indicates the threshold which varies by metric at whic...

Page 44: ...2 Click Administrator Tools 3 Click Export Download Configuration Files Figure 35 Export Download Configuration Files 4 Access http CommandCenter_NOC_IP_Address public to view the file Download Log F...

Page 45: ...tabase of collected management information that includes event and notification records It is possible to exhaust the storage space on this CC NOC if you are monitoring a number of devices that exceed...

Page 46: ...en download this file by accessing http CommandCenter_NOC_IP_Address public 1 Click on the Admin tab in the top navigation bar 2 Click Administrator Tools 3 Click Generate Diagnostics File Figure 39 G...

Page 47: ...rt tools which may be useful when troubleshooting specific problems such as when applying system patches upgrades or as directed by support personnel Options in this page allow you to perform several...

Page 48: ...on 3 Click System Software Signature Updates 4 Click Download Updates Figure 43 Download Updates 5 The list is all of the updates that the CC NOC does know about If no updates are displayed click chec...

Page 49: ...pdates 4 Click View Installed Updates Figure 45 View Installed Updates 5 If desired click the file to view details View All Updates The View All Updates page provides an overall view of updates which...

Page 50: ...ing a proxy click Yes to the question and enter in the proxy information in the provided fields If you are not using a proxy click No 7 Click save settings Upload Update Manually For those who do not...

Page 51: ...type of data you wish to purge 5 Click remove data and confirm your choices 6 Clicking recreate database causes the database structure to be purged and re built This is necessary if your database has...

Page 52: ...have Internet access or choose not to use the web based upload functionality backup files can be manually uploaded to the CC NOC The Upload File dialog box was created to facilitate that upload Note t...

Page 53: ...the route table click Add static route Figure 52 Add a New Network Route 2 Type the destination address netmask and gateway for the new network route The gateway is optional 3 Click add route Prune Un...

Page 54: ...municate directly with the management data on the CC NOC If the management data is deleted on the CC NOC while a Windows Management appliance is connected the Windows Management appliance may continue...

Page 55: ...Deployment Guide If you have not yet received the appliance license please contact Technical Support 1 Click on the Admin tab in the top navigation bar 2 Click Install CommandCenter NOC License Figure...

Page 56: ...ces List The table above reflects all of the appliances that have been configured to report information back to this Web Console This listing of appliances also includes a free form note with each ent...

Page 57: ...see the appropriate manuals for configuration of the Roving Analysis Port To ensure that the CC NOC is passing packets correctly you can view your network traffic please see Raritan s CommandCenter N...

Page 58: ...re incoming or outgoing from the home network For this reason it is important to set up the home network for the device to ensure that the intrusion detection is as accurate as possible and that the n...

Page 59: ...dresses that are not a part of a subnet This includes individual addresses and all addresses within your ranges 7 Click finish configuration Configure Port Scan Detection Intrusion Detection appliance...

Page 60: ...box The Last Change field indicates the last time that the home network for the appliance was changed Figure 61 Selecting an Intrusion Detection Appliance for Portscan Detection 4 Choose the appliance...

Page 61: ...ranges 7 To prevent detection of portscans originating from the home network of the appliance check the Exclude all traffic originating from your home network check box This can prevent some types of...

Page 62: ...inistration for additional information If an Intrusion Detection appliance is listed as Not Configured you must use the Signature Profiler to configure its signatures so that it can begin relaying eve...

Page 63: ...work does not contain any devices or services of a type listed below you may wish to disable detection of signatures that only affect that device or service For instance if you have Linux servers but...

Page 64: ...rom the drop down selection list and click Load Configuration Figure 65 Load Intrusion Detection Settings 12 When you have changed the settings to reflect the devices and services on your network clic...

Page 65: ...er 1 Click on the Admin tab in the top navigation bar 2 Click Intrusion Detection Configuration 3 Click Advanced Security Administration 4 Click Manage Signatures Figure 67 Selecting an Intrusion Dete...

Page 66: ...nature file that is uploaded must adhere to these rules Custom signatures must be in a file with one signature entry per line Comment lines must begin with the character The signatures must be in Snor...

Page 67: ...n Check that all MS Office applications are legally licensed Obtain a list of workstations that have just installed new software Pinpoint machines that are running Spyware which should be uninstalled...

Page 68: ...l performance on your Windows external proxies as they collect management information Download and Run ProxyInstaller Configuring a system as a proxy is accomplished in two steps The first step is to...

Page 69: ...vice type fileandprint mode enable scope custom address address of external proxy or 2500M For example if the IP address of your external proxy or CC NOC 2500M is 192 168 1 45 then you would enter net...

Page 70: ...Windows Management 5 Click add new external proxy Note To access the Windows Management Configuration Wizard in a distributed environment that is from a CommandCenter 2500N in the navigation tab bar a...

Page 71: ...tem is categorized as either a Server Infrastructure Device or Workstation device and the appropriate license is assigned if available Note It is recommended not to include DHCP devices in the discove...

Page 72: ...that is associated with hosts you wish to manage you will need to provide authentication information for example username and password which will be used to log into the systems and pull performance...

Page 73: ...arget system is a member a username that must be a member of the Local Administrators group on the target systems In most cases the Domain administrator will be a member of this group a username that...

Page 74: ...igure it as explained in section Configure WINS later in this chapter To ensure successful name resolution a route for the remote network must exist on the default router and an entry is needed in the...

Page 75: ...INS server Edit LMHOSTS File on External Proxy If a WINS server is not available but you need to resolve NetBIOS names to IP addresses for Windows servers that exist in another network you can also ed...

Page 76: ...ect WMI data from the computer with the given username and password and it will be displayed with status Auth Failed in the device list Click cancel to end the authentication test and return to the li...

Page 77: ...Configure Windows Performance Thresholds Figure 80 Configuring Windows Performance Thresholds Listed above are the current values at which Windows performance metrics are considered problematic which...

Page 78: ...ettings 3 Select the CC NOC 2500M appliance from the pull down menu next to edit WINS settings 4 Click edit WINS settings Figure 82 WINS Server IP Address 5 Specify a WINS server for the remote applia...

Page 79: ...ternal proxy on the CC NOC 2500M appliance and a WINS server is not available 1 Click on the Admin tab in the top navigation bar 2 Click CommandCenter NOC 2500M Configuration Figure 83 CommandCenter N...

Page 80: ...RATOR GUIDE 5 Specify the IP address of each remote Windows server from which you wish to collect WMI data 6 You can also delete all of the lmhosts settings for the appliance by clicking delete LMHOST...

Page 81: ...oftware updates to fix known security holes Shut down unwanted or unnecessary services Remove access to sensitive information on your network Change security settings and passwords to make them more d...

Page 82: ...the target some nodes can be disabled by this type of port scanning Scan Level 1 has been proven potentially harmful to some platforms and services including but not limited to Solaris 2 6 some patch...

Page 83: ...4 carry out real intrusion attempts against targets and can have negative effects on the target machines to the point of data loss and denial of services Use these scan levels with extreme caution You...

Page 84: ...ur when it won t adversely impact your network This will allow you to perform the more intensive vulnerability scanning without impacting your network availability Recurring scans can also be configur...

Page 85: ...h can have any arbitrary number of escalations or targets that is users or groups and can send notices through email pagers etc Each notification path can be triggered by any number of CC NOC events a...

Page 86: ...ck arrange these notices for the particular list you want to order as shown below see section Arrange Notice Hierarchy for additional information The Send To column shows the notification path that th...

Page 87: ...y be encountered select one of the event types to associate with this notification If the event that you pick occurs the system will send this notification 5 Click next Build and Validate an Interface...

Page 88: ...Matches any address with 192 168 1 in the first three octets 192 168 0 1 99 Matches 192 168 0 1 192 168 0 2 192 168 0 3 etc Another example The following fields are all valid and would each create th...

Page 89: ...the name is not unique the previous notice that had the name will be overwritten 11 Type a textual Description for this event notification This is optional 12 Type the Destination Path that describes...

Page 90: ...hardware responsible for the notification Please see Appendix F Notification Parameters for a list of asset table variables Arrange Notice Hierarchy If you created multiple notices for a single event...

Page 91: ...otification groups Each group is listed in its own panel and you may modify the definition of the group by clicking modify or remove a group by clicking delete next to it The next section explains how...

Page 92: ...than one user or hold down the Shift key and click on the opposing end to select a range of users Select to move the users to the Currently in Group box 7 Change the ordering by selecting a user in th...

Page 93: ...or information about how to configure the paging functions 1 Click on the Admin tab in the top navigation bar 2 Click Notification Configuration 3 Click Configure Notification Paths Figure 100 Configu...

Page 94: ...re 101 Configuring a Notification Path To create a new notification path 4 Type a unique new path name The name must be alphanumeric and can include and and _ characters 5 Choose one of the target typ...

Page 95: ...get and type an email address for the notification path Figure 104 Configuring an Email Target in Notification Path 6 Click add path Modify a Notification Path In this page you can confirm the notific...

Page 96: ...ure 106 Define Escalation in Notification Path To define the escalation for a notification path 5 Select a time interval that is minutes hour or days that specifies how long to wait before sending the...

Page 97: ...an interval that is minutes hour or days to indicate how long to wait before sending the notification to users in this group Then select one or more delivery methods for the group Figure 108 Configuri...

Page 98: ...need to attach a modem to the CC NOC and to a phone line so that pager messages can be sent Please contact Technical Support for a list of supported modem devices Next you must set up the modem and se...

Page 99: ...required are marked with an asterisk To add a TAP provider 4 Click add new tap service Figure 111 Editing TAP Service 5 Type a unique identifier for this TAP service in Service Name This is required...

Page 100: ...meters 1 Click edit in the TAP Modem Settings box Figure 112 Editing Modem Parameters 2 Type the Modem Initialization Command which should be an AT command that is sent to the modem to bring it online...

Page 101: ...nventory tracking delivers on demand reports of hardware and software inventory enabling greater productivity financial accountability and end user satisfaction Manage Assets This section describes ho...

Page 102: ...ll be duplicated After importing you can supply a Target Node field that will be used to do a best guess mapping between an asset and a node based on a match between the Target Node and the node s IP...

Page 103: ...have not yet been associated with a node Any assets that you imported with a Target Node field and have not already been associated with a node will be listed along with a best guess as to what node...

Page 104: ...ver need to recover this data in the future If you are rebuilding the asset records from an export via the CC NOC you will need to clear the asset table prior to re importing Otherwise all asset recor...

Page 105: ...tion addresses and duty schedules to individual technicians If adding or modifying users be prepared with user IDs passwords notification contact information for example email addresses and or pager e...

Page 106: ...have configuration access to the CC NOC 7 Click create user Edit a User When adding or editing a user the procedure below will be the same 1 Click on the Admin tab in the top navigation bar 2 Click Us...

Page 107: ...ll phone messaging services that cannot display text messages To configure a TAP pager service now gather your service provider s TAP information and click here please see section Configure TAP Paging...

Page 108: ...ies are logical groupings of devices based on filters that you create CC NOC provides these default categories Category Description DNS DHCP Servers Includes all managed interfaces which are running e...

Page 109: ...ddress matching functionality the filters can be created quickly and easily while being extremely powerful as well Note Categories should be created first before building a view 1 Click on the Admin t...

Page 110: ...first three octets 192 168 0 1 99 Matches 192 168 0 1 192 168 0 2 192 168 0 3 etc Another example The following fields are all valid and would each create the same result set all TCP IP addresses fro...

Page 111: ...ll receive the view that is alphabetically presented first The view under the Avail Report Default column is used when creating the Availability Report please see Raritan s CC NOC User Guide for addit...

Page 112: ...them please see section Configure Categories earlier in this chapter for additional information Figure 127 Add Modify Views 1 To create a new view type a new name 2 Select the categories that will co...

Page 113: ...re not mapped to a specific view then the Default view that was selected in section Configure Views will be displayed 1 Click on the Admin tab in the top navigation bar 2 Click Category and View Confi...

Page 114: ...102 COMMANDCENTER NOC ADMINISTRATOR GUIDE...

Page 115: ...dware Specifications Processor AMD Opteron 146 Memory 2 GB Network Interfaces 2 10 100 1000 Ethernet RJ45 Hard Disk Controller 2 80 GB SATA 7200 rpm RAID 1 CD ROM Drive DVD ROM Remote Connection Modem...

Page 116: ...Shock N A Electrical Specifications INPUT Nominal Frequencies 50 60 Hz Nominal Voltage Range 100 240 VAC Maximum Current AC RMS 3A AC Operating Range 100 to 240 VAC 10 50 60 Hz OUTPUT 5 VDC 12VDC N A...

Page 117: ...shooting issues surrounding your CC NOC If you next make certain that your CC NOC appliances are healthy they will be the tools that help you heal your network The Raritan Support Structure Raritan is...

Page 118: ...the following messages Degraded RAID Array RAID Array Failure RAID Array Dissapeared These are critical errors and you should contact Raritan Tech Support immediately if they occur Important If instru...

Page 119: ...ey are monitoring The default for most pollers is to run every five minutes unless an outage occurs You can adjust the polling interval from the Admin page but it is strongly advised that you consider...

Page 120: ...ystem it will be identified in the scan list and all relevant information available for that vulnerability will be listed Events Historic Data and Graphs All events and historic data are stored or sum...

Page 121: ...ery you must first understand when it runs and how it runs The discovery service initially runs after the managed IP address ranges are configured After that point it will run once per day for the ent...

Page 122: ...elect on Settings 3 Select Network and Dial up Connections 4 Right click on Local Area Connection 5 Select Properties 6 Select Internet Protocol TCP IP 7 Select Properties Select Advanced Select the W...

Page 123: ...formation Depending on the type of device and the services it provides you will need to check either the NetBIOS node names are resolving correctly or that the SNMP interfaces table contains both addr...

Page 124: ...ry the device with SNMPv2 only as it s more efficient and there is no need to retrieve redundant data Pollers The pollers decide what to poll by analyzing the interfaces and services in the database a...

Page 125: ...on the Outgoing Email Communications page under the Admin tab Appliance Network Settings use it to verify that the email system is configured You can easily change the configuration from this page to...

Page 126: ...ormation has changed the Network Systems group will receive an Email notification Additionally when the Windows management sub system identifies a system fault or software installation removal on a ma...

Page 127: ...at is hosting that agent In the case of an NT Server that sysObjectID might look something like 1 3 6 1 4 1 311 1 1 3 1 which when decoded reveals an embedded series of qualifiers that look something...

Page 128: ...of GetIF is in using it to minimally expose the ability the gather data On the main panel you have a series of fields that if data is available are automatically populated In the case that they are y...

Page 129: ...estion rather than a problem each section in this chapter will cover a common question In our next section we will return to the normal troubleshooting format How is Performance Data Summarized Perfor...

Page 130: ...get percentage x x 10 thousandths of a percent divide by 10000 to get percentage Additional Support For additional support you can contact Technical Support We are here to help you In addition to our...

Page 131: ...aritan com For technical support call the number as stated in the front of this document Note that Technical Support is intended to provide resellers and customers with technical assistance if necessa...

Page 132: ...120 COMMANDCENTER NOC ADMINISTRATOR GUIDE...

Page 133: ...s SNMP determines whether the device supports SNMPv1 and or SNMPv2 SNMPv2 introduced several mechanisms for making data collection more efficient and if the device supports it we will opt for the most...

Page 134: ...rucial resources are being taxed Microsoft Windows CPU Utilization Drive Size Utilization C Drive Size Utilization D Provides insight as to processor scalability and drive usage Novell NetWare CPU Uti...

Page 135: ...ail Waiting Mail Messages waiting for delivery Average mail delivery time Average mail size delivered Mail transmission failures Replication failures Average transactions minute Total calendar users T...

Page 136: ...or you feel should be addressed differently please let us know at Technical Support Windows Performance Metrics Windows monitoring has been re engineered from the ground up to better allow Raritan to...

Page 137: ...SNMP service be loaded and running however we interface with that service at the system level not via the SNMP protocol Logical Drives Free Space Free Kilobytes Total Kilobytes Kilobytes In Use This i...

Page 138: ...r low threshold A high threshold means that an event will be generated if the actual value is higher than the threshold value Conversely a low threshold will cause an event to be generated when the ac...

Page 139: ...is taken Eventually the reported value is 53 This is below the rearm value so the threshold is active again The next time the reported value exceeds 70 three times in a row another event will be gene...

Page 140: ...ft reveals The event associated with a reported value violating a threshold is High Threshold Exceeded for a High threshold type and Low Threshold Exceeded for a low threshold type Note that all thres...

Page 141: ...ry default asp url downloads list wmi asp On the page from the link above click the link titled Windows Management Instrumentation WMI Core 1 5 Once the agent is downloaded and installed on Windows 98...

Page 142: ...venerable SNMP agent that exists on many platforms However instead of data being accessed via obscure numeric strings and often arranged into tabular views WMI uses an object hierarchy based upon CIM...

Page 143: ...ll be made to the system registry by the binary provided by Raritan Note HKCR is short for HKEY_CLASSES_ROOT All values are of type REG_SZ strings HKCR AppID key value Wbem Scripting Object Path SetVa...

Page 144: ...132 COMMANDCENTER NOC ADMINISTRATOR GUIDE...

Page 145: ...ch is considered by many to be an industry best practice But too many false positives is not good either so Raritan has taken great strides to help you reduce them in your environment by leveraging th...

Page 146: ...o generate the traffic or exploits necessary to create a denial of service attack Large Scale Information Leak This category includes attacks in which the loss of system or environmental information a...

Page 147: ...following responses They might not save you this time around but considering the threats at play and the responses you ll need to take developing a planned response before an event is a critical piece...

Page 148: ...136 COMMANDCENTER NOC ADMINISTRATOR GUIDE...

Page 149: ...if node id is provided in the event notice nodelabel replaced by nodelabel if node id is provided in the event Events event uei Raritan s internal representation of the event event source The system...

Page 150: ...ess 1 asset operatingSystem asset address2 asset port asset assetNumber asset rack asset building asset region asset circuitId asset room asset city asset serialNumber asset comment asset slot asset d...

Page 151: ...ement tools On an arbitrary box we measured the traffic generated by four different CC NOC poll types ICMP pings TCP socket reachability used for monitoring database listeners HTTP synthetic transacti...

Page 152: ...session close Due to the nature of the protocol this carries significantly more overhead than other more simple tests but it also proves conclusively that the server is responding and is capable of se...

Page 153: ...bps Ethernet 00000431 of 100Mbps Ethernet 000000431 This data is extremely system time and network specific your results WILL undoubtedly vary However for the sake of our argument let s proceed to loo...

Page 154: ...orm for example Raritan s CC NOC emerge this overhead will become increasingly nominal Additional Notes The design team at Raritan has gone to great lengths to minimize impacts on networks we are mana...

Page 155: ...APPENDIX G NETWORK TRAFFIC OVERHEAD NETWORK MANAGEMENT S NECESSARY EVIL 143 255 80 5301 00...

Page 156: ...1 03 3523 5991 Fax 81 03 3523 5992 Email sales raritan co jp http www raritan co jp Raritan Computer Japan Osaka Office Honmachi Phoenix Bldg 8F 1 15 8 Nishihonmachi Nishi ku Osaka Japan 550 0005 Tel...