ITE 382 - Network Administration 8/24/99 ======= What is network administration? - this involves the use of routers, equipment, et cetera. It basically has two sides: the people side, and the technology / tools side. The People Side: You don't change things unless there is a real need for it. Should you print to one single printer.? Performance and Performance utilization: Are we running as effectively as possible? Tools can find network problems. [Which Ones?] Presentation / Paper: We can all take part and share in the projects We have to describe the content of the paper in detail paper must include a reference list [where it came from] We can find more topics and sources, but we need more than web sources. 8/26/99 ======= What is a network? - a system of computers, terminals, and databases connected by communication lines. This now includes routers, bridges, et cetera... Network names are configured / identified, by 'classes' of connectons. LAN - Connecting several buildings together, similar facilities, et cereta. MAN - Connecting up a metropolitan network - such as the mobile area free net. AT&T also built one in St. Louis to connect all the fire depts, hospitals, precincts, et cetera. (the doctors actually found it more useful...) WAN - This is mostly made up of collections of local area networks. Also utilizes special equipment - routers, hubs, et cetera. Some of this equipment might be owned ; other might be leased ADMINISTRATION - The act or process of administerring. To manage or supervise the execution or use or conduct of something...(a school, class, network, whatever...) Applying some sort of control mechanism. MANAGEMENT - Conducting or supervising of something. The judicous use of means to accomplish an end. ISO-FCAPS Model =============== F - Fault Management C - Configuration Management A - Accounting Management P - Performance Management S - Security Management Fault Management - you're looking for errors, and trying to determine what needs to be done to correct it. Configuration Management- maintain, monitor, manage, the configuration of the network so you can understand how it operates. Accountiung Management - more than one organization or entity may be using those resources, and you want to charge them according to their uses. Performance management - look at what is happening on the network, the throughput, usage, and try to determine if the network is being use effectively - is it meeting its goals? Security management - making sure authorized users can use it and unauthorized users can't. Is the network secure- can hurricanes or power outages affect the network? a quick note about protocols: Protocols have addressing / control information, as well as having the actual payload data. Configuration Management: ========================== There are several ideas about what this means: 1) It could be about gathering information about current network configuration. Could also be about using the information to configure network devices (such as modems communicating to see what speed they CAN communicate at) 2) Configuration is also about maintaining network and confguration information for efficent use. This means if you keep lists of inventories, you keep locations where you might be able to find equipment where you are looking for it. Example: We have Hub # 26, in FCW Room 12, use key #16 to open that cabinent. You can also make drawings when networking. 3) Maintain information for efficent management. Why do we do this? ================== To enhance control of the net, and its devices. Are all of the devices - routers, bridges, hubs, servers, workstations - all doing what they are supposed to be doing? Under the CONTROL Portion - we look at devices that have unique characteristics that have to be configured and monitored. (A router won't work unless you tell it how to route...) Inventory Concepts - this network is made up of equipment from vendors - wires, equipment, et cetera. The neworks successful operation required that you know where they are, what they're doing, who you got them from, where the spares are, et cetera. If we're going to be doing this, WHAT information do we collect? ================================================================ Name of device Model # Serial # Location - where is it in your network? Vendor - Who you bought it from? Settings / Configuration settings Version numbers - firmware - for control information. Addresses On a workstation: Purpose of the computer what software should be loaded user of the computer How do we collect the information? ================================== Manually - get a notebook, go from room to room, and get all the information physically. Unfortuantely, the process is generally tedeous and slow. Automatic - write a program to determine the settings of the computer and the software on it. Unfortunately, users can change the configuration, et cetera. It requires network intelligence, must be done periodically, et cetera. Intelligent Data Gathering - You plug in a new piece of equipment, and the software configures and collects data information. 8/31/99 ======= Paper due thursday on Tools and Techniques. So create a tools oriented portion - in a memo format. Date To From Subject One page. (please put the fast.com here, too) Configuration Reports ===================== 1) Device Configurations - How much RAM do you have, settings, et cetera. What are your hard drive settings? 2) Net Inventory - From a business or management prospective, it's good to have that data available to you. 3) Logical Network View - What does your network look like in a logical diagram? Also here, a physical view, on paper, of how things should be laid out. (physical is difficult - you cross wires and stuff...) Fault Management ================ Goal is to identify faults via fault management: 1) Identify the fault 2) Locate the fault (and if possible isolate it from the system) 3) Correct the fault. (If possible - some issues can't be corrected) More on: IDENTIFY THE FAULT ================== Seems like a trivial task, but the configuration of the network and reporting abilities make it difficult to tell you a fault occurred. Do you do active monitoring to determine if a fault has occurred? You either have: No monitoring, or active monitoring To do this kind of monitoring, you have to gather information (on faults). There are two ways to do this: CRITICAL NETWORK EVENT ======================== gather information on the current state of the network (look at records....did 10 people who NORMALLY log on did not logon, you might realize something is not right...someone might have cut up a wire somewhere between here and there. Devices not human (routers) have to be more intelligent. Of course, power failures can not be reported, because there is no power. :) POLLING ======= Management system goes down the list asking for the current status. Each device in turn is polled around this loop, and returns information about the current status. From that status information, you should be able to determine rather a fault has occurred. Has several design considerations: a) how often do I poll? The more you poll, the more network bandwidth that is used. b) how many devices must be polled? As the list of devices gets larger and larger, the amount of time required to service the 'poll list' once gets larger and larger. c) Can the network support the bandwidth? It's easy to come up with the requirements for checking people, but what if your network has like - a bottleneck? (for example, a 64k line whereas everyone else is 10MB). You need to use the lowest common denominator. DECIDING WHICH FAULTS TO MANAGE =============================== Priority or Severity Level ========================== Faults come with a severity level or a priority level. Some fault which occurred on some severe level, needs to be addresses in the order by priority. Put your effort on the most severe problems first. Example: No matter what happens, the payroll system must run before the engineer's network gets fixed. scope of a fault ================ if you had a small network connected to a larger connection... * * | \ * * --- | --- * (world) | / * * /\ || If a fault occurred here: the smaller section to the left might be the only area affected. Also, smaller "domains" might be online...sometimes, they don't even know about it. Deciding on which fault to manage: The smaller the network, the EASIER the fault to manage. The larger the network, the HARDER the fault to manage. Which fault are you going to resolve if you can't even see it (for example, an error between a lot of logon's and logoff's) 9/2/99 ====== Fault determination & reporting ============================== (a) Fault determination You want to determine what fault occurred in your system (a problem doing this while info goes thru your complex network) if one router is not sending info to the next, the 'receiving' one sends a message that it is not receiving data. then it might try to discern what happened. this can be difficult because the reporting system may not totally describe the problem SOLUTION: improve reporting capabilities of the tools (c) Fault (error) reporting (Envision a network running from the USA to Europe) if a failure occurs over the ocean, you would get a 'link error' message perhaps we could consider an improved error message? The details + impact on the system: "New York to Europe link failure; all communications to Europe stopped." this might allow us to set priorities on errors the error should be descriptive of the location of the error, type of error and the impact of the error (Envision a network running from the Midwest to the East Coast and New England, with an alternate route running between New England and the East Coast.) if a router failed between the Midwest and the East Coast, an error message that said "New York router failed" does not give enough information you might add "no Midwest communication with low-speed (or limited) communication between the East Coast and New England" you have to put intelligence or knowledge with the people operating the system or the tools being used GUI-reporting ============= if you have these systems, why not make a graphical representation that is color-coded as to the status of the network Accounting Management ===================== Definition: the process of gathering network statistics (information) that can be sued to make decisions aobut resource allocations to users A network includes network resources that are shared; if there is no control over the allocation of them, it can fail at any time Uses: can collect and analyze the data forecasting: collect statistics and over time, you see trends helping you to decide what to do next billing: some organizations charge for the use of the resource to the users as a means to account for the usage Why ?(benefits) =============== measure usage of all resource devices on the system --------------------------------------------------- you gather metrics: storage space, logins, that sort of thing all can be derived from asking the resources or from info around them recover costs ------------- some organizations want to recoup costs by determining who uses them have to figure out how you are going to implement it some methods use actual money while others use 'funny money' (money never changes hands, it is just used to keep up with usage) Forecasting (or future-planning) -------------------------------- kinds of trends usage: to predict growth id specific areas where there may be a problem the managers of the system have data that justifies the kinds of things they do or would like to do "Even though we know what we are talking about, people don't listen." - rule of thumb 9/7/99 ====== Accounting Management - Why should you do it? ============================================= Recover Expenses - billing people on a per usage basis Assist in future planning and forecasting How should you collect the data? ================================ ** Accounting for everything For accounting purposes, the goals have to be set by some administrative part. Once those goals are set, the kinds of information collected can be decided by the administrator. One goal would be to count for everything. One extreme might be network must pay for itself. (in this case, you'd collect information about everything - users, when they're logged on, amount of bandwidth used, amount of time they're on, resource usage, even uploads and downloads). Also - network services, printing per sheet, et cetera. ** No accounting We're going to buy it, put it in, and use it because it is required. There's no need to try to trace everyone's usage, because it's GOING to be here. "We have to have it anyway" - methodology. SETTING QUOTAS ============== If you plan to do accounting, have the fun is to determine what reasonable quotas should be? Network Examples: Bytes saved on the hardrive Number of files available Choose some value of the metric that insures fairness in access to the resources. Set the quotas where everyone has access and can be productive. Divide resources equally among all the users. OR Let users estimate how much they'll be using. This is riskee, but if you involved money, or if you ask for estimates and then evaluate the space used, that concept might work. Purchased quotas: Every megabyte costs ya 10 cents. Enforcing quotas and benefits - next: 9/9/99 ====== If we set a usage value which becomes a quota, how do we find out what this quota could be? Divide everything up evenly. Ask people what they use. Enforcing quotas - how do you enforce quotas? Primary mechanism is denial of resource. This is system based. Once you fill your quota, it will not let you write any more data. Sometimes, also, the system can instigate a denial of service, too. If you can't play by the rules, you simply can't get on the system either. Enforcing quotas brings up some interesting problems: ===================================================== Suppose you have 4.5 megs of space used on a 5.0 megabyte quota, and you're trying to get a one meg file. If that file is important, you try not to be back-stabbed. Soft limits would allow the file to be saved ; but then emails and stuff would fly all over the place to get people not to deal with it... BILLING ======= One of the goals of accounting is to recover the cost of building the network. 1. Flat fees are one way to recover this fee. 2. Based on usage. (Charge based user's consumption of resources) Transaction Billing - bill local branch for each transaction Packet Billing - most communication system transfer information by packet, therefore, packets are easy to count. :) Byte killing - you move so many bytes...we'll count them and bill you. :) Lots of people are looking at this now in the client / server environment. Novell keeps track of: blocks read from a hard disk written amount of time user is logged on amount of data stored on the hard disk 9/16/99 ======= Future Homework Assignment: Configure a network based on prices. Midterm was Tuesday, October 5. Now it's on the 7th. Presentations - Start on the 30th. 9/30 - Talk one and Talk two (Thursday) - Michael Black, Jarrod 10/5 - Talk three and talk four (Tuesday) - Jason, Steven 10/12 - Talk five and talk six (Thursday) - Jay , Micah 10/14 - Talk seven and talk eight (Tuesday) Brett, Joshua 10/19 - Talk nine and talk ten (Thursday) Yvonne, Theresa 10/21 - Talk eleven and twelve (Tuesday) ? ? , Costess FCAPS - (this is the model) CIMP? NDMP? Availability is a function of time: E to the minus something T. IF you think about availability over time, that term goes to zero. Availability: Avail = MTBF (Mean time between failure) ==== MTBF + MTIR (fail) (repair) If you have multiple components in a system, then the availability of a system is a product of the availablility of each compent. RELIABILITY =========== The probability that a system will continue to function over a period of time. Reliability (T) = e (to the) -t === MTBF where t = time interval t=3 -> .0086333 (seconds in an hour) r(3) = e .999999583 What is the probability that this system will run for 3,000 hours? Rsys - Reliability of the components. (r1*r2*r3) WE have problems here....one thing to say about reliability is if you are looking for reliability for systems like this: (a) (b) * - - - - - -* (r) that reliability of that link will determine how reliable this is. Some people build a system with redundant paths. Therefore if one link is down, another one should function. 9/23/99 ======= Structure and Balance . (get missing notes) 9/23/99 ======== Another type of problem that can occur is a TIMING problem. if (a) transmits to (b), and data is dispatched, then there is some expectation that a response will be received on the sender's side again within a finite time. two conditions could occur between these exchanges: if the timeout value is too low, the data will be sent, and the acknowledgement is returning, but the timer expires. When that occurs, you needlessly go into error processing, and you re-transmit the message - and by definition, you are increasing the traffic on the system. You could also pick a value that is too high. If you have a bad packet or broken link, you are letting the network sit idle when you could be doing something more profitable. Communication will slow as we wait too long to discover the problem. (SYSTEM IS IDLE) BANDWIDTH TIMING PROBLEMS ========================= You could have high speed data connections, but that just assisted you in getting the data on the network. It does not increase the transmission time between two points on a network based on DISTANCE. Utilization of this system = 500 microsec (putting information on the wire) divided by 40 millasec (total communciation session time - time for a,b ; b=a) ============ 1.25% The only thing that you improved here was the time it takes to get data onto the system (from 10 megabit to 100 megabit) A bandwidth delay product ========================= This will allow you to figure out how much data would be required to fill up that line. This is the data rate in bits per second times the total transit time (in seconds, round trip time) If we did a one gigabit line - it would take 40,000,000 bits (40 million) to fill the system up. The bandwidth delay problem would be approximately 1,000,000,000 bits per second x 40 millasecs. (0.04 seconds). you're left with 40 million bits or approximately 5 megabytes. _IF_ you have a node on the middle - you will have a bottleneck if you don't have enough buffer space on that system, it will be a bottleneck. This is also a problem under your sliding window methodology from data comm (cis221). Usually, the bottleneck (sliding window) does not change. MEASURING PERFORMANCE ===================== a) methods of measuring performance. This sounds simple, but is a little complex. Performance is a PERCEIVED kind of thing. If it is going 'fast enough' , no one really notices. If it's NOT running right - you get calls from the users. Generally you would want to setup some kind of expectations and normal parameters under which the thing is operating correctly. Methods of measure: =================== 1. Measuring (watching) a relative network parameter, and some performance measure. 2. Try to understand what is happening. 3. To increase performance or make the processing better, you'd change one parameter for testing..(important) 4. Repeat. repeat until performance problem goes away or you change the parameters where it doesn't increase performace. performance is maximized. Measuring performace: This is complex because there are a lot of places and 'things' to check. If I wanted it to move data from here to the home office, or if I wanted it to be available from time to time, what do you masure? You should change only ONE parameter at a time, and see how much better it works. Of course, people are out there doin work as you're doing this, and those people who are out there working will call you :) This network gererally will be running when you work on it, so be careful!! ;-) 9/28/99 ======= Suggestions for undertaking network "testing" - (b) Have a large sample size (c) use a representitve sample (d) accurate time measurements (e) be sure the environment is the actual working environment (f) be careful of cacheing (g) understand the measues (h) be careful when extrapolating Have a large sample size. IF you find a big network like the internet, something like ping and traceroute can find out if a network is performing correctly. You may not have access to a lot of data ; you may not send just one packet, you might send a lot of them. Instead, you send one packet a million times. If you sent one packet and got a timed performance, that packet may go through the network very quickly. Take an average performance reading to find out how the network is running. Use a representative sample. If your network sends small amounts of information such as email - test using that kind of data. You want to be representative of the environment you work in. You should also performance measure at particular times. There are bottleneck times. ;-( One thing that network manageers have always depended on is that once everyone goes home, the network is "ours". It's no longer that case. Networks run all the time now. ACCURATE TIME MEASUREMENTS ========================== Make sure you have accurate time measurements. Some of the activities that happen so far on the network happen faster than system clocks. If you use system clocks to try to measure the time, you won't get any time. That becomes a problem for trying to get an accurate time measurement. A millisecond clock (which is the type of clock we have) might totally miss a picosecond event. The event data is not going to be accurate enough to do the timing event. Do many of them, add them together, and get an average. Be sure the environment you're testing in is the actual environment. Before you do any measurements, make sure the system is operating the way it usually operates. (For example, is someone is running a big job, this might slow us down rarely) Be careful of CACHEING ====================== You never know when something is actually in cache. This is in lots and lot of hardware. Understanding the measures: =========================== There are so many things you can measure ; and some things which are indicated might not be related to one simple thing it might be multiple problems. These communications systems are hardware and software (system software and application programs). There are three areas where potential problems could be. be careful when extrapolating ============================= Say you measured a load - and are measuring data along a curve. Time goes up. What happens if you put on 20 more machines? Extrapolations allows you to predict what would happen based on prior data. You don't have any kinds of data to prove this is going to happen. Most of our systems have non-linear performance. www.blackbox.com 10/26/99 ======== Security Management =================== Its purpose is to protect sensitive information on devices connected to the network. If you're talking security, you're talking about several things. Usually, you're trying to protect something. If you have nothing to protect, you don't need locks on your doors, et cetera. IF information is sensitive, it should be protected. Here is a four point process as to how it should be protected: 1) Identify the sensitive information - 2) Identify the potential security access points - (security holes) 3) plug those holes / secure those access points 4) monitor and maintain One of the reasons security is an issue is because a lot of this information you share back and forth. Users believe there is security because people don't mind exchanging information back and forth. Benefits: ========= Organizations have confidence that information will remain safe within the company. Two people need confidence - the users and the organization themselves. Decreased reliance on slower, less productive data transfer methods. (such as grade reports at the end of the semester) Dis-advantages ============== Require additional software and hardware and proceedures to require security. 3 components of security ======================== hardware software proceedures How do we do security? ======================== How, um, exactly, do we, um , DO IT? A. Basic Problem - It's ACCESS versus. CONTROL. You build a network to provide connectivity and access to things. The better you do this, the better the chance for security braches. How do you build a secure system that is easy to use? The chuck of data that is wrapped in gold and dropped in the bottom of the mariana trench, it's pretty secure, but completely useless. The least secure piece of information might be printed on a billboard in times square. easy to use, but no security. ACCESS vs. CONTROL - they're in opposition of each other. yvonne (inside network) info.............||...........>>>>>>>>>>>>>>>>>> world vs. info..........................>>>>>>>>>>>>>>>>>> world || (jay) (outside net) In either case, we have to apply different types of techniques to each setup. How do we figure out what the information is that is sensitive? How do we figure out WHERE it is? How do we get access to it? 2. Where are the potential access holes? 3. Plug them up somehow 4. Monitor them to make sure they're doing what they're supposed to do. for next time: in security for next time, what actually constitutes secure information? how can you identify it or specify it? 10/28/99 ======== B. Identifying Sensitive Information - Identify what is sensitive - - The organization must decide / specify what is sensitive What are the criteria for judging sensitive information? Identify the location of the information. For example, keep prices updated via satellite, et cetera. Inventory management keeps up with all the information. So...location is a problem C. Examine or locate the access points to the system itself - Places where attackers can access -- say, if you owned a fort or a castle -- the main drawbridge might be up and secure, but people snuck in through the sewer pipe. ;) Lets evaluate the difference between physical and logical access points. Anyone who can gain access to the physical access points of a network (the wire at the end of this building) - this is physical access. Ftp, web, netbeux, things that periodically broadcast information are logical access points. Sometimes, you forget about these over time, but they're there to basically say "hiya..i'm here!" computer - single workstations. (what accesses are avail..?) file transfers - typically in systems we want to transfer... can also include logical connections to network drives. remote executions - can run remote programs file directory access / directory service - happen transparently. physical medium - that's the lan wire that runs in/out of the machine email - currently has been known to provide problems. ;-( for local systems ================= we have trusted users - they're inside the system because we trust them with our accounts...have physical access. unfortunately trusted local users can screw things up themselves. bumbling - they don't know any better. dark side - they can be lured by the dark side. If you're having trouble, and you're about to get fired at QMS, the next day your computer account is not available anymore. Their corperate policy is once someone is going to terminate you, you're just...cut off. The other problem revolves around physical security to local systems. Remote Access ============= Systems that have to provide for remote connectivity. This is typically to provide service to the users. If you have a company, more than likely you want a website, and you also have other uses (sales on the road...et cetera) How can we let people have it without allowing people to destroy it at the same time? ;-) For logical access - we have software that provides "transparent access" - that's the goal. At this point, the user has little access to what is really actually having. So...a user punches a button, retrives a data record. The kinds of operations to allow this smooth operation are complex, and provide oppurtunities for security problems. (classic example was internet world....got out from cornell....dad worked at at&t, and he let something out...) 11/2/99 ======= Memos about topics coming up next. ;-) Virus Protections - Yvonne Theresa Ryals - Privacy How do you do it? ================== 1) Secure the information -- Don't necessary keep them out, but try to slow them down. Then make what is on the inside...useless for them. A way to do this might be to use encryption. We generally have two kinds of problems we are trying to solve here: A) protect information that is local to the system from people who might hack into the inside world. we realize info on our servers is under attack from the outside world by hackers and other kinds of people. OO - local data {WAN} - >> info flow... (encryption should solve this...) (a) DES - Single key encryption - you have to keep the key secret because she same key crypts and decrypts. There are several ways to pass keys...the best of which might be the US postal service. ;) The security of this system is dependent upon the security of the key. (sometimes called a symetric key) (b) Public Key System - Public and Private. One does encrpytion and one does decryption. The receiver can receive encrpyed messages encrypted by a user's public key - but only the user can decrypt it. You can have security or authenticitiy or BOTH to protect the message. 2) - Packet Filtering - here's how it works: * * * \/\/ -- ROUTER -- (WAN) * * Make sure the router filters out bad data from the WAN. You can check addresses, packet types, et cetera. Advantages - keep unwanted people out of your system Disadvantages - you have to come up with the rules. 3) Another method of securing system information is called HOST AUTHENTICATION - we provide host information that can connect to a set of other machines. The host maintains a table that says what HOSTS he will accept and what SERVICES it will allow. Example: HOST SERVICE ==== ======= A B FTP D DIRECTORY A D REMOTE LOGIN All this service does is identify the host - it does not identify the person. 4) User Authentication - We identify or authentication the user. The traditional way is passwords. Advantages - relatively simple to do. Disadvantages - also relatively easy to breach. In the beginning, passwords in UNIX were encrypted one way to create security. 5) Generate Random Passwords - sometimes these are good for one use. 11/4/99 ======= Authentication - To combine both host and user ideas together to provide another level of security. Having both a user and a machine TOGETHER goes a long way to strengthen security. Key Authentication - - We're moving in this direction. PKI - Public Key Infrastructure. It uses a 3rd party to provide authentication codes. The Process: 1) Request a key. 2) Source receives a key 3) Makes his request ; includes key Other issues: a) Trust the issued key - because of how it was issued. b) Verify the key with the issuer E. Monitoring and Maintaining Security ====================================== (monitoring) 1. We have a security system in place, and we either manually make sure its working, or we build mechanisms and systems that can alert us. 2. I'm interested in collecting information in that did a breach occur, and is there an attempt? Was there a breech? Was there an attempt to breech? -- which path did they try to come in through? -- was it an unexpected path? SATAN - Is a suite of programs that actually attack your system and check it for flaws. (Security Administraor Tool for Analysing Networks) Improves security - or it's supposed to. Third way to monitor security - Advertise your security system. (maintaining) Because communication systems are dynamic, as you change equipment, et cetera, you must re-assess the security access points, and make sure you're still secure. PROTOCOLS NEXT... ================= 11/11/99 ======== Management Information Base - More Detail Used a Hiarchical tree: Root /=\ CCITT(0) ISO(1) Joint ISO/CCITT / org(3) \ internet(1) /=\ ngm (2) experimental(3) enterprise /=\ (cicso) miis(1) Example: Management TCP Connection State: 1.3.6.1.2.1.6.1.3.1.1 That's where the connection state is supposed to be. 1.3.1.4.1.9.whatever - - CICSO information SNMP V1 ========= People were trying to build a protocol for use - it's a stop gap method. IT's very simple, and it's simplicity is probably it's biggest reason for making it work. It has five commands / operations: (which fall in 3 classes) GET-REQUEST NMS | Network | Managed Device / Agent (get request) -->> (processes it)| returns it <<---- GET-NEXT-REQUEST This is for gaining information to list type information SET-REQUEST Allows you to send a value to the agent and processes that agent. You might get problems and turn something such as a router off. Then you correct the problem, and turn it back on. TRAP A one way message from the agent. Some external event occurs, someone hits a pole or something - software from the agent software sees this, and issues a trap message that something has occurred. These are unsolicited - - the network managemnet system did not ask for them - it justh has them. Initially there were only 7-8 traps that might occur somewhere. MORE ABOUT SNMP =============== Information is sent back and forth using packets. Here's how it works: (layout) VERSION # COMMUNITY STRING SNMP PROTOCOL DATA UNIT (moves get request, set, et cetera) Community String sort of acts as a "password" - and a sniffer can snip them right out. SNMP is the most commonly used network management system SNMP v2 is a better copy of SNMP, but it doesn't have much penetration because SNMP is running primarily. CMIP and ARMON are out there , too, but don't have much of the market. SNMP V1 Advantages ================== It is SIMPLE It has low network usage Widely Accepted Extensible Disadvantages ============= Designed for IP network (data packet designed on TCP/IP network) data could conflict with UDP part of packet - which also does DNS If you want to use it, you have to also build a proxy which will convert the packets to something usable on the network. Inefficient at moving large amounts of data. If you ask for a dump of a big table - you could clog your network (16,000 packets!) Very little security. SNMP V2 ========= Has enhanced security - in addition to the community string, provides stronger authentication and encrpytion. It was defined for multiple protocols. It'll do IP, appletalk, novell IPX, or 'osi connectionless network model'. 2 new message types - "get next bulk" (to solve the 'bursting' of data packets...which were small in SNMP v1) - new data types - now they use -/+ 64 bit numbers. (instead of 32 bit unsigned int) It has not won acceptance in the marketplace because version one still has the dominance in the market. CMIP ==== Common Management Information Protocol Has _11_ different PDU's (SNMP has 3) Advantages ========== Transmits information the same way SNMP does - but the transfer of information can trigger events to run. It has enhanced security Disadvantages ============= Requires more resources to operate (more memory, more processing power) The more complex you make these systems, the more resources have to be dedicated to doing the management instead of what it was designed for. It is difficult to implement. It's a lot harder to write CMIP programs than it was to write SNMP programs. RMON ===== Takes a slightly different solution. They have to have more complexity to manage the system. Out on the network, they might put an 'rmon probe' - and sit on your wire and do all of this "stuff". The agent would put it on a dedicated device and put it on a probe. RMON agents are small enough they can talk to the probes. They defined _9_ seperate MIB's to hold all kinds of information. (MIB=Management Information Base) - INCLUDING: (MIB) Applicable to (FCAPS) Statistics (GROUP) - gathers information about the network P,F,C History P,A Host Top N - stored info about the host connected and ranks them P,A Matrix Group (series of data between two addresses) S,A,P Filter Group (specify exactly what you're looking for...) F,S,P Host (being able to look at all packets) C,S Alarm (collects info on measurements, if overkill, generate event) P Capture Group (works with filter group - buffer idea - stores) P,S Event Group (allows definition of trapped events - set events) FPAS Looks like they solved the problems of SMNP - but it's complicated, and it has some severe disadvantages - - there's a dedicated piece of stuff collecting its information - that does present a drawback. BUT....because that dedicated device is running - - it doesn't require that the management system be up to collect the information. Now, it's not necessarily a seperate device. It's disadvantage is that it's just simply not accepted - and it costs a lot. PRESENTATION: Tuesday, November 30 - 2nd 12/7/99 ======= FINAL EXAM NOTES: Thursday, 9th December We will have to discuss more generalized discussion from the first part of class. Examples FCAPS Details of the various aspects of network management You should be able to deal with the bigger "why" issues of network management. If you think about it, one of the things you have to come away with is understanding of the details and a larger understanding of why those things are important and how they fit into the scheme of an organization. 2nd half of class: ================== Covers people and policy related issues. Review presentations, come up with advantages and disadvantages from: Training Policies (Steve Grimes) Security (Brett Williams) Virus Policies (Yvonne Totty) Software Policies (Jay Fuller) -- in general, what software people should use, how it should be used ; aquired ; et cetera Privacy (Theresa Ryals) Accounting Policies (Jason LaPorte) Email (Joshua Carter) -- who owns the email systems? Are they private? Connection Policies (Michael Black) -- why would a company or organization want to have a connection policy? What might advantages or disadvantages be for having a policy? What issues are involved in building such a policy? A general approach to management protocols. What are they? What do they do? Why to we use this? They are : Easy - SNMP to Complex - RMON , CMIP