Locating Orphaned subnets in IPAM

, ,

Locating Orphaned IPAM Subnets

One of the key features of good IPAM is ability quickly find subnets that are part of the defined address space but have not been explicitly added to list of subnets available for allocation.

These subnets are normally called “orphaned” and can be presented as white spaces within address space.

Orphaned subnets are normally occurring when you import IPAM subnets from external source such as IGP routing table where address space is not contiguously divided among all the existing subnets.

Lets looks at this simplified example of the logic required for locating orphaned subnets.

For example, user defined full address space as 10.0.0.0/8 (10.0.0.0 – 10.255.255.255)

and imported one subnet from IGP: 10.20.20.0/24 (10.20.20.0 – 10.20.20.255)

We can present full address space as a contiguous line starting from 10.0.0.0 and ending 10.255.255.255

Full IPv4 Address Space:

 

10.0.0.0 ———————————————————————————-10.255.255.255

 

 

Now let’s overlay single imported subnet into address space line:

 

 

10.0.0.0 ————-***Used*** —————————————————10.255.255.255

 

We see that there is some unused space to the left and to the right of the used space.

We need to find all the subnets that cover unused space so they can be presented in IPAM list of available subnets. The subnets that we are looking for must be largest subnets possible,

to minimize fragmentation.

Let’s summarize: Our goal is to find the largest subnet(s) that can be fit into the left and right empty segments.

Let first look at “left” empty space:

First IP 10.0.0.0 00001010‬.00000000.00000000.00000000
Last IP 10.20.19.255 00001010.00010100.00010011.11111111

We can see that First and Last IP address of “left” empty segment have matching highest 11 bits.

Largest subnet that will fit into “left” empty segment will have First and Last IP with following parameters:

First IP address:

  1. Has 00001010‬.000 in first 11 bits
  2. Has all zeros in Host portion
  3. Is greater or equal to 10.0.0.0

Last IP address:

  1. Has 00001010‬.000 in first 11 bits
  2. Has all ones in Host portion
  3. Is less or equal to 10.20.19.255

After checking all possible options matching IP addresses are discovered.

First IP 10.0.0.0 00001010‬.00000000.00000000.00000000
Last IP 10.15.255.255 00001010.00001111.11111111.11111111

This combination of First/Last IP gives us largest Subnet that will fit into “left” free segment as 10.0.0.0/12

We can see that 10.0.0.0/12 does not fully cover “left” empty segment so this discovery process has to be repeated for remaining empty space. Discovery may require several iterations until we get 100% coverage.

Similar approach must be applied to “right” empty segment until we identify all orphaned subnets and achieve 100% coverage of required address Space.

If your IPAM can’t perform this type of Discovery, you know where to download the best IPAM on the market: https://www.nectus5.com/download/

 

Splitting and Merging Subnets in IPAM

,

Splitting and Merging Subnets in IPAM

In this chapter, you’ll learn how and why to Split and Merge Subnets.

The specific topics we will cover in this chapter are:

  1. Why Split and Merge Subnets?
  2. How to Split Subnets
  3. How to Merge Subnets
  4. How to Move Subnets

1. Why Split or Merge Subnets?

Splitting and Merging Subnets lets you use your IP address space more efficiently. A full Class C Subnet has 256 usable addresses. But if you only need 30, using the full Subnet would result in a waste of over 200 IP addresses. Splitting the subnet would allow you to get the number of addresses you need, without wasting the rest. In addition, making a smaller Subnet reduces network traffic, as messages on that Subset are broadcast to fewer addresses.

Merging Subnets works the opposite. You may need a Subnet with 80 IP addresses, but instead have several smaller Subnets available. By merging smaller Subnets into one large one, you can use those addresses that might otherwise be wasted.

Nectus also allows you to move Subnets to different IPAM Containers. This makes it easy to reallocate IP addresses from their current location to the physical Sites that need them.

2. How to Split Subnets

To Split a Subnet go to the Nectus Sites Panel and select IPAM > All IPv4 Containers.

Nectus displays all existing IPAM Containers and any Unassigned Subnets. To see how many IP addresses are available in any Subnet, right-click it. In the menu that appears, select View Subnet Info.

This opens the “Subnet View Info” dialog box.

The Total IPs field on the General Info tab shows how many IPs the Subnet contains.

Navigate to the Subnet you want to split and right-click it. In the menu that appears, select Split.

This opens the “Split Subnet” dialog box.

The New Subnet Size list shows you the ways you can split the selected Subnet.

The Place New Subnets to: list allows you to assign the new Subnets you create to any existing IPAM Container.

3. How to Merge and Subnets

To Merge two or more Subnets go to the Nectus Sites Panel and select IPAM > All IPv4 Containers.

Navigate to the Subnets you want to merge and select each one. The Subnets you want to Merge must be contiguous, as in the screenshot below. Right-click one of the Subnets and in the menu that appears, select Merge Subnets.

This opens the “Merge Subnets” dialog box. The dialog box shows you which Subnets will be merged, and gives you the option to place the merged Subnet in any IPAM Container.

4. How to Move Subnets

You can move a Subnet without Splitting or Merging it. To move a Subnet to a different IPAM Container right-click the Subnet.

In the menu that appears, select Move Subnet to… and navigate the list of Containers to select the new location.

 

IPAM initial configuration automation: Subnets

,

IPAM initial configuration automation: Subnets

As soon as you install your favorite Nectus IPAM solution the first question that comes to your mind is “How do I add all of the existing Subnets into new IPAM”?

Let’s see what automation options does Nectus offer to ease your initial deployment pains.

There are three primary places where your existing subnets can be imported from

  1. IGP Routing Tables (ISIS, EIGRP, OSPF, RIP)
  2. DHCP Servers
  3. Excel Spreadsheets

Importing from IGP

Importing most of your subnets from IGP is the primary way to get most (if not all) of your subnets into IPAM in a single click of the button. Just right click on IPAM container Tree and select “Import Subnets from Routing Table” Option.

Provide your Core Router’s IP Address and press “Import” button

Nectus will download IGP routing table from core router via SNMP and add each subnet into IPAM database. When importing subnets from IGP Nectus starts loading subnets starting from

smallest (/32) to biggest (/8 and higher). Each new added subnet is validated against overlapping with any of the existing IPAM subnets.

This logic ensures that summarized prefixes that are present in the routing table will not be added to IPAM.

Nectus does not import any BGP subnets to prevent public Internet prefixes leaking into IPAM.

You can repeat IGP Import several times with different Core routers if there is a reason to believe that different Core routers may produce different set of subnets.

Importing from DHCP Servers

Importing subnets from DHCP Servers works similarly to IGP Import. Right Click on any of the IPAM containers and Select “Import Subnets from DHCP” Option.

Nectus load all the DHCP pools from all the DHCP servers configured in “IPAM Integration” page and add those into IPAM database if they have not been already added during IGP Import Phase.

All the subnets imported from DHCP Servers are validated against overlapping with any of the existing IPAM subnets.

Currently DHCP Import is only supported for Microsoft Windows DHCP servers and require

operational WMI Integration configuration.

Importing from CSV Files

And final and still viable option is to Import your subnets from CSV File.

Select “Import from CSV” in context menu of any of the IPAM Containers to load your subnets from CSV File.

Finding Unused Subnets

Once you finished loading your “in-use” Subnets into IPAM next step is to identify what subnets are “available” since subnets that are not allocated yet will not be present in the IGP or DHCP Servers.

To identify unused subnets Nectus takes your Address Space Subnets defined in IPAM Global integration page and excludes all of the “in-use” subnets to calculate list of subnets that can be presented as available. All available subnets will be added to “Unassigned Subnets” default IPAM container.

Right-click on any IPAM container to access this menu option.

 

Making IP Reservations in Nectus IPAM

,

Making IP Reservations in Nectus IPAM

In this chapter, you’ll learn how to make IP reservations in Nectus IPAM.

The specific topics we will cover in this chapter are:

  1. Adding new IP reservation
  2. Deleting IP reservation
  3. Searching for IP reservations

1. Adding New IP Reservation

To create a new IP Reservation, navigate to desired Subnet in selected IPAM container

and right-click for context menu.

Click on “Reservations” option to bring up a list of current Reservations in this specific Subnet.

Switch to a “MAP” Tab to see what is available for Reservations in this subnet

Righ- Click on Selected IP on the MAP and Select “Add IPv4 To Reservation”

Fill all the desired reservation parameters and press “ADD” button

As part of IP reservation creation process you have an option to create DNS “A” Records

in forward and reverse DNS lookup zones with DNS Server configured on IPAM Integration Page.

2. How to Delete IP Reservation

To delete IP reservation right click on desired reservation on subnet MAP view Page and select “Delete Reservation” Option

As part of reservation deletion process, you can also automatically delete DNS “A” records on DNS servers if those records were previously added during reservation creation process.

3. Searching for IPAM Reservation

Best way to search for existing IP reservations is via “IPAM Subnets and Reservations” Table

located in “Inventory -> IPAM Subnets and Reservations” Page

Table view provides multiple search and filtering options for any parameters defined for IP reservations.

 

Managing IPAM Containers in Nectus

,

Managing IPAM Containers in Nectus

In this chapter, you’ll learn what IPAM Containers are and how to manage them.

The specific topics we will cover in this chapter are:

  1. What are IPAM and IPAM Containers?
  2. How to Create IPAM Containers
  3. How to Move IPAM Containers
  4. How to Modify IPAM Containers
  5. How to Delete IPAM Containers

1. What are IPAM and IPAM Containers?

IPAM stands for Internet Protocol Address Management. It is a system for managing the Internet Protocol (IP) address space used in a network. With IPAM you can see which IP subnets are in use and which site is using them.

The Nectus IPAM Container model allows you to create a hierarchical structure for managing subnets and mapping them to physical Sites.

2. How to Create IPAM Containers

To create an IPv4 IPAM Container go to the Nectus IPAM Panel and select IPAM -> All IPv4 Containers.

Nectus displays any existing IPAM Containers. Containers that have subnets assigned to them are displayed in green, with the number of subnets they contain appearing to the right of the Container name.

To add a new IPAM Container right-click an existing Container or All IPv4 Containers. In the menu that appears select Create New Container Level.

This opens the “Create New Container Level” dialog box.

Enter the Container Level Name and click Save. The new Container appears in the hierarchy below the location shown in Container Path:.

3. How to Move IPAM Containers

To move an IPAM Container right-click the Container Name. In the menu that appears, select Move Current Container to… and navigate the list of Containers to select the new location.

4. How to Modify IPAM Containers

To modify an IPAM Container right-click the Container Name. In the menu that appears, select Properties.

This opens the “Edit Container Properties” dialog box.

Edit the Container Level Name as desired.

5. How to Delete IPAM Containers

To modify an IPAM Container right-click the Container Name. In the menu that appears, select Delete Current Container Level.

This opens the “Delete Container Level” dialog box.

Note: Nectus will not let you delete an IPAM Container that has subnets assigned to it. If you try, Nectus displays the following message:

 

Configuring AD LDAP Integration for User Authentication

,

Configuring AD/LDAP Integration for User Authentication

In this chapter, you’ll learn how to configure Nectus to work with Microsoft Active Directory and the LDAP protocol for user authentication.

The specific topics we will cover in this chapter are:

  1. What are AD and LDAP?
  2. Why Configure Nectus Integration with AD/LDAP?
  3. How Nectus Authenticates Users
  4. Connecting Nectus to an LDAP Server
  5. Mapping AD/LDAP Groups to Local User Groups
  6. Mapping AD/LDAP Users to Local User Groups

1. What are AD and LDAP?

AD stands for Active Directory Domain Services. It is a Microsoft service that provides authentication and other services to devices on a network. It is an LDAP compliant database of users, groups, and other objects.

LDAP stands for Lightweight Directory Access Protocol. It is an Internet standard for accessing distributed directory services. Nectus uses LDAP to communicate with AD.

2. Why Configure Nectus Integration with AD/LDAP?

Configuring Nectus to integrate with AD/LDAP simplifies user management for large organizations. Like most applications, Nectus has its own local user authentication database. But when a organization has many applications maintaining separate user accounts for each application isn’t practical.

The solution is to maintain user accounts in AD. Using LDAP, each application can query the AD database for the user authentication information it needs. This greatly simplifies user account maintenance.

3. How Nectus Authenticates Users

Nectus is designed to function on its own or integrated with AD/LDAP. Security settings are based on Local User Groups whether the User Account is stored locally, or in AD.

When a user logs in Nectus first checks to see if the active user has a Local User Account. If so, Nectus uses this account for the login.

Note: To manage the Nectus Local User Accounts and the Local User Groups go to the Nectus Home Screen and select Settings -> Admin Accounts. This opens the “Admin Accounts” dialog box. See the article, “Creating User Accounts and User Groups” for details.

If the active user does not have a Local User Account, Nectus checks to see if Active Directory integration is configured. If so, it checks to see if the active user has an account in AD.

If the user has an account in AD, and the user’s LDAP Group Name is mapped to a Local User Group, Nectus uses the Local User Group settings.

If there is no mapping to a Local User Group, Nectus checks to see if the active user’s LDAP Account Username is mapped to a Local User Group and uses those settings.

If none of the above is true, Nectus denies the user access.

Important: We recommend that you always maintain at least one Local User Account in Nectus to ensure access even if the AD/LDAP connection is down.

4. Connecting Nectus to an LDAP Server

To integrate Nectus with AD you need to configure the LDAP Server settings and enable LDAP.

To configure the LDAP Server settings and enable LDAP go to the Nectus Home Screen and select Settings -> LDAP Integration.

This opens the “LDAP Integration” dialog box.

Select the LDAP Server tab and enter the LDAP parameters. You can see examples of the format for these parameters to the right of the relevant fields. Check LDAP Enabled.

5. Mapping AD/LDAP Groups to Nectus Local User Groups

Mapping an AD/LDAP Group to a Nectus Local User Group causes the entire AD/LDAP group to inherit the security settings from the Nectus Local User Group.

To map AD/LDAP Groups to Nectus Local User Groups, open the “LDAP Integration” dialog box and select the LDAP Access Groups tab.

Use a Browse button on the left to open the “Select group from LDAP Server” dialog box and select an LDAP Group Name.

Nectus returns you to the “LDAP Integration” dialog box. In the drop-down list to the right of the LDAP Group Name, select the Local User Group to map it to. An example of the proper LDAP Group Name format appears at the bottom of the dialog box.

6. Mapping AD/LDAP Usernames to Nectus Local User Groups

Mapping an AD/LDAP Username to a Nectus Local User Group causes the specific AD/LDAP User to inherit the security settings from the Nectus Local User Group.

To map AD/LDAP Account Usernames to Nectus Local User Groups, open the “LDAP Integration” dialog box and select the LDAP Access Accounts tab.

Use a Browse button on the left to open the “Select user from LDAP Server” dialog box and select an LDAP Account Username.

Nectus returns you to the “LDAP Integration” dialog box. In the drop-down list to the right, select the Local User Group to map the LDAP Account Username to. An example of the proper LDAP Account Username format appears at the bottom of the dialog box.

 

Preventing Specific Subnets from Being Discovered by Nectus

,

Preventing Specific Subnets from Being Discovered by Nectus

In this chapter, you’ll learn how to prevent specific subnets from being discovered by Nectus.

The specific topics we will cover in this chapter are:

  1. Why Prevent Specific Subnets from Being Discovered?
  2. How Does Nectus Prevent Subnets from Being Discovered?
  3. Working with the Excluded Subnet List

1. Why Prevent Specific Subnets from Being Discovered?

Preventing specific IP subnets from being discovered can provide improved security. For example, if your client is a city government, they might want to hide the Subnet of the police force or other crucial services. A bank might want to hide the Subnet that their ATMs run on.

2. How Does Nectus Prevent Specific Subnets from Being Discovered?

Before Nectus scans the network, it consults the Excluded Subnets List. It doesn’t scan any Subnets it finds in this list and deletes any information about those Subnets from the Management Information Base (MIB).

3. Working with the Excluded Subnet List

To work with the Excluded Subnet List go to the Nectus Home Screen and select Settings -> Network Discovery Settings.

This opens the “WMI Monitoring Settings” dialog box. Select the Excluded Subnets tab.

Click Add to open the “Add Excluded Subnet” dialog box.

Enter the IPv4 Subnet and the number of Mask bits to identify the Subnet you want excluded.

Note: If you remove a Subnet from the Excluded Subnet List, it, and all the Devices on it, will appear the next time Nectus runs Discovery.

 

Preventing Specific Devices from Being Discovered by Nectus

,

Preventing Specific Devices from Being Discovered by Nectus

In this chapter, you’ll learn how to prevent specific Device types from being discovered by Nectus. These Devices remain hidden until you allow Nectus to discover them again.

The specific topics we will cover in this chapter are:

  1. Why Prevent Specific Devices from Being Discovered?
  2. How Does Nectus Prevent Specific Devices from Being Discovered?
  3. Adding Devices to the Ignore OID List
  4. Editing the Ignore OID List

1. Why Prevent Specific Devices from Being Discovered?

Preventing certain Device types from being discovered and displayed in the SNMP Devices list makes it easier to manage your network. For example, you could have hundreds or thousands of printers connected to your network. But under normal circumstances, you probably don’t need to monitor them. Preventing Nectus from discovering them saves system resources for the Device types you do want to monitor.

2. How Does Nectus Prevent Specific Devices from Being Discovered?

Nectus maintains information about every SNMP Device on the network in a Management Information Base (MIB). It groups information about similar Devices into levels. The highest level is the Manufacturer Level. Next is the Major Product Category Level, followed by the Product Specific Level. Nectus groups all instances of a particular Device type (Dell iDRACs for example) at the Product Specific Level. They are all assigned a Sub-Category Name and a common Object ID (OID) Prefix.

To prevent a specific type of Device from being discovered, you add its OID Prefix to the Ignore OID List. Once a day Nectus scans the network looking for Devices. Before it does, it consults the Ignore OID List, and ignores any Device with an Object ID (OID) contained in the List.

3. Adding Devices to the Ignore OID List

To add a Device type to the Ignore OID List, go to the SNMP Devices Panel on the Nectus Home screen and open the All Devices list. Navigate to the Product Specific Level containing the type of Device you want to hide and right-click it. In the shortcut menu that appears, select Add to Ignore List and Delete.

Confirm the operation in the “Add to Ignore List and Delete” dialog box that appears.

Nectus adds the Device type to the Ignore OID List and removes this Sub-Category and all its Devices from the SNMP Devices list.

4. Editing the Ignore OID List

You can manually edit the Ignore OID List to hide Device types, make them discoverable again, or change the OID Prefix associated with them.

To edit the Ignore OID List go to the Nectus Home Screen and select Settings -> Network Discovery Settings.

This opens the “WMI Monitoring Settings” dialog box. Select the Ignore OID List tab.

Use the controls here to add Device types to the Ignore OID List or remove them from it. Any previously hidden Devices will appear the next time Discovery runs.

You can also manually change the OID Prefix by clicking the Edit icon to the right of the Sub-category to open the “Update OID” dialog box.

 

Monitoring Windows Event Log with WMI in Nectus

,

Monitoring Windows Event Log with WMI

In this chapter, you’ll learn how to use WMI to monitor the Windows Event Log. Nectus lets you create profiles that use WMI to monitor specific Events and to send Alerts related to them.

The specific topics we will cover in this chapter are:

  1. What is WMI?
  2. Why Monitor the Windows Event Log?
  3. Creating a WMI Monitoring Profile
  4. Configuring Event Log Monitoring
  5. Assigning a Profile to a WMI Server Group

1. What is WMI?

WMI (Windows Management Instrumentation) is a set of specifications and interfaces that provides information about the status of local and remote computers running Microsoft Windows. In this chapter we look at how Nectus uses WMI to monitor the status of Windows Processes and send Alerts based on that status.

Note: WMI is the Microsoft implementation of the Web-Based Enterprise Management (WBEM) standard and the Common Information Model (CIM) standard from the Distributed Management Task Force (DMTF).

2. Why Monitor the Windows Event Log?

There are many reasons to monitor the Windows Event Log. One of the most important is preventing security breaches. Events that show a configuration change, a failure, or an unexpected login attempt could be triggered by an attack on the server.

3. Creating a WMI Monitoring Profile

To create a WMI Monitoring Profile go to the Nectus Home Screen and select Monitoring -> WMI Monitoring Settings.

This opens the “WMI Monitoring Settings” dialog box.

Click Add Profile -> System.

Create a new Profile by entering the Monitoring Profile Name and checking the Event log monitoring Enabled box. In addition, check the types of Alerts you want to send. See Section 4, “Editing a WMI Monitoring Profile” for details on how to specify which Events you want to monitor and how you want to be alerted.

Check the Default Profile box if you want to make this the new default WMI Monitoring profile.

4. Configuring Event Log Monitoring

To configure Event Log monitoring, open the “WMI Monitoring Settings” dialog box and select the Edit Profile icon for the Profile you want to edit. In “Edit WMI Monitoring Profile” dialog box that appears select the System tab.

4.1 Editing Options

Select the Event log monitoring Options icon to open the “WMI Event Log Filters” dialog box.

Click Add Filter to open the “Add Event Log Filter” dialog box.

Enter the Filter Name and optionally select a specific Event Log File to monitor. Fill out the rest of the fields as necessary to specify the Event you want to monitor. The new filter will appear in the “WMI Event Log Filters” dialog box.

4.2 Editing Alerts and Templates

In the System tab of the “Edit WMI Monitoring Profile” dialog box, check or clear the types of Alerts to send for the Events. To edit the format of the Alerts, open the “Edit Alert Handler” dialog box by clicking the Edit Alert Templates icon.

5. Assigning a Profile to a WMI Server Group

In the WMI Servers Panel on the Nectus Home screen, open the WMI Servers list. Right-click a WMI Server Group and select Properties.

This opens the “Edit WMI Server Group” dialog box.

Check the Enable Monitoring box, then select the WMI Monitoring Profile to use from the Monitoring Profile drop-down list, and specify which groups will receive the Alerts.

The icons to the right of the Monitoring Profile list allow you to edit a Profile or add a new Profile directly from here.

Monitoring Windows Processes with WMI in Nectus

,

Monitoring Windows Processes with WMI

In this chapter, you’ll learn how to use WMI to monitor Windows Processes. Nectus lets you create profiles that specify which Processes to monitor with WMI and to send Alerts related to them.

The specific topics we will cover in this chapter are:

  1. What is WMI?
  2. Why Monitor Windows Processes?
  3. Creating a WMI Monitoring Profile
  4. Editing a WMI Monitoring Profile
  5. Assigning a Profile to a WMI Server Group

1. What is WMI?

WMI (Windows Management Instrumentation) is a set of specifications and interfaces that provides information about the status of local and remote computers running Microsoft Windows. In this chapter we look at how Nectus uses WMI to monitor the status of Windows Processes and send Alerts based on that status.

Note: WMI is the Microsoft implementation of the Web-Based Enterprise Management (WBEM) standard and the Common Information Model (CIM) standard from the Distributed Management Task Force (DMTF).

2. Why Monitor Windows Processes?

You will normally want a particular set of Windows Processes running on your servers. Nectus can notify you when these Processes run, ensuring you that everything starts properly. You can also watch for specific Processes you don’t want on your servers.

For example, viruses run as Processes. If you know the names of the Processes associated with a specific virus, Nectus can notify you if any of those Processes starts running on one of your servers.

Monitoring for stopped Windows Processes lets you respond quickly to the failure of an important business Process.

3. Creating a WMI Monitoring Profile

To create a WMI Monitoring Profile go to the Nectus Home Screen and select Monitoring -> WMI Monitoring Settings.

This opens the “WMI Monitoring Settings” dialog box.

Click Add Profile -> Processes.

Create a new Profile by entering the Monitoring Profile Name and checking the Enabled boxes next to the metrics you want to monitor. In addition, check the types of Alerts you want to send for each Monitored Metric. See Section 4, “Editing a WMI Monitoring Profile” for details on how to specify which Processes you want to monitor and how you want to be alerted.

Check the Default Profile box if you want to make this the new default WMI Monitoring profile.

4. Editing a WMI Monitoring Profile

To edit a WMI Monitoring Profile, open the “WMI Monitoring Settings” dialog box and select the Edit Profile icon for the Profile you want to edit. In “Edit WMI Monitoring Profile” dialog box that appears select the Processes tab.

4.1 Editing Options

Select the Options icon for the Metric you want to edit to open the “WMI Options” dialog box.

Set the number of Consecutive Readings needed to trigger an alert then click the Add Name button to add the Processes you want to monitor.

4.2 Editing Alerts and Templates

In the Processes tab of the “Edit WMI Monitoring Profile” dialog box, check or clear the types of Alerts to send for each Monitored Metric. To edit the format of the Alerts, open the “Edit Alert Handler” dialog box by clicking the Edit Alert Templates icon.

5. Assigning a Profile to a WMI Server Group

In the WMI Servers Panel on the Nectus Home screen, open the WMI Servers list. Right-click a WMI Server Group and select Properties.

This opens the “Edit WMI Server Group” dialog box.

Check the Enable Monitoring box, then select the WMI Monitoring Profile to use from the Monitoring Profile drop-down list, and specify which groups will receive the Alerts.

The icons to the right of the Monitoring Profile list allow you to edit a Profile or add a new Profile directly from here.

Monitoring of Windows Services with WMI in Nectus

Monitoring of Windows Services with WMI in Nectus

In this chapter, you’ll learn how to use WMI to monitor Windows Services. Nectus lets you create profiles that specify which services to monitor with WMI and how to send alerts related to them.

The specific topics we will cover in this chapter are:

  1. What is WMI?
  2. Why Monitor Windows Services?
  3. Creating a WMI Monitoring Profile
  4. Editing a WMI Monitoring Profile
  5. Assigning a Profile to a WMI Server Group

1. What is WMI?

WMI (Windows Management Instrumentation) is a set of specifications and interfaces that provides information about the status of local and remote computers running Microsoft Windows. In this chapter we look at how Nectus uses WMI to monitor the status of Windows Services and send Alerts based on that status.

Note: WMI is the Microsoft implementation of the Web-Based Enterprise Management (WBEM) standard and the Common Information Model (CIM) standard from the Distributed Management Task Force (DMTF).

2. Why Monitor Windows Services?

Knowing which Windows Services are running lets you spot misconfigured servers easily. You can ensure that all required services such as anti-virus software are running. You can also see if any unwanted services such as a web server are running.

Monitoring for stopped Windows Services lets you respond to the failure of an important service quickly.

3. Creating a WMI Monitoring Profile

To create a WMI Monitoring Profile go to the Nectus Home Screen and select Monitoring -> WMI Monitoring Settings.

This opens the “WMI Monitoring Settings” dialog box.

Click Add Profile -> Services.

Create a new Profile by entering the Monitoring Profile Name and checking the Enabled boxes next to the metrics you want to monitor. In addition, check the types of Alerts you want to receive for each Monitored Metric. See Section 4, “Editing a WMI Monitoring Profile” for details on how to specify which Services you want to monitor and how you want to be alerted.

Check the Default Profile box if you want to make this the new default WMI Monitoring profile.

4. Editing a WMI Monitoring Profile

To edit a WMI Monitoring Profile, open the “WMI Monitoring Settings” dialog box and select the Edit Profile icon for the Profile you want to edit. In “Edit WMI Profile” dialog box that appears select the Services tab.

4.1 Editing Options

Select the Options icon for the Metric you want to edit to open the “WMI Options” dialog box.

Set the number of Consecutive Readings needed to trigger an alert then click the Add Name button to add the Services you want to monitor.

4.2 Editing Alerts and Templates

In the Services tab of the “Edit WMI Monitoring Profile” dialog box, check or clear the types of Alerts to receive for each Monitored Metric. To edit the format of the Alerts, open the “Edit Alert Handler” dialog box by clicking the Edit Alert Templates icon.

5. Assigning a Profile to a WMI Server Group

In the WMI Servers Panel on the Nectus Home screen, open the WMI Servers list. Right-click a WMI Server Group and select Properties.

This opens the “Edit WMI Server Group” dialog box.

Check the Enable Monitoring box, then select the WMI Monitoring Profile to use from the Monitoring Profile drop-down list, and specify which groups will receive the Alerts.

The icons to the right of the Monitoring Profile list allow you to edit a Profile or add a new Profile directly from here.

How to Implement Device View Restrictions in Nectus

,

In this chapter, you’ll learn how to implement User Group based Device Access Restrictions with the help of Device Views. By assigning one of these Views to a User Group, you control which Devices the Users in that Group can see.

Implementing Device View restrictions allows members of User Groups to focus on only those devices that are relevant to their work. For example, if your company has three facilities, you might create one View for each facility, showing only the servers that are physically located at that facility.

The specific topics we will cover in this chapter are:

  1. Creating a Device View
  2. Creating a User Group
  3. Applying the Device View to the User Group
  4. Creating a User Account and Assigning it to the User Group
  5. Viewing the Results of Applying Access Restrictions

1. Creating a Device View

To create a Device View go to the Nectus Home Screen and select Inventory -> Views -> SNMP Device Views.

This opens the “SNMP Devices Views” dialog box.

Click the Add View button to open the “Add SNMP Devices View” dialog box. Create the new View by entering a View Name and adding Devices to the “Selected SNMP Device” list.

2. Creating a User Group

To create a new User Group go to the Nectus Home Screen and select Settings -> Admin Accounts.

This opens the “Admin Accounts” dialog box. Select the User Groups tab.

Click Add New Group to open the “Add Group” dialog box. Enter the Group Name and make any changes necessary for the GUI and Context Menu tabs.

3. Applying the Device View to the User Group

Select the Views tab. Select the Device View in the “SNMP Devices Views” drop-down list.

4. Creating a User Account and Assigning it to the User Group

Return to the “Admin Accounts” dialog box. Select the User List tab.

Click Add New Account to open the “Add Account” dialog box. Enter the required information for the User and select the User Group in the “Group” drop-down list.

5. Results of Applying the Access Restrictions

Applying the Device View to the User Group results in Access Restrictions for the Users in that Group.

When a User from that group views the SNMP Devices Pane on the Nectus Home Screen, he can only see the Devices that were included in the Device View.

When the User views the Sites pane, he can only see the Sites that contain Devices included in the Device View.

Setting up AWS permissions to perform monitoring and backup with Nectus

,

Nectus AWS monitoring does not require root user permissions to performs it’s actions. Actually it requires a small set of permissions, so it’s more secure and reasonable to have a special AWS user’s account having that minimal set of grants. This guide will show to create such user’s account.

First login to the AWS console as a root user and choose IAM from the list of Services.

When you see the following form, choose Users.

Then select “Add user” on the following screen.

Enter user name and enable “programmatic access” in the next form.

Select “Attach existing policies directly” and then enable following 3 policies:

  • AmazonEC2FullAccess
  • CloudWatchActionsEC2Access
  • CloudWatchReadOnlyAccess

They could be found using “Filter policies” field.

After that click “Next: Review” button and you’ll see the following screen. Click “Create User” button.

If everything is OK and the user was created in AWS then the following form will appear. You should store Access key ID and Secret access key of the user since they are required by Nectus Monitoring. Click “Download .csv” and store this file. Also you can click “Show” to display the secret access key on the screen.

Last step is integrating AWS user’s access keys into Nectus Monitoring. Select Settings -> General Settings -> AWS integration in the Nectus GUI.

In the following form paste Access Key ID and Secret Access Key copied from AWS console (or from downloaded .csv-file).

Click OK to save the changes and Nectus is ready to perform AWS monitoring and backup.

Creating User Accounts and User Groups

,

Creating User Accounts and User Groups

In this chapter, you’ll learn how to create User Accounts and assign them to User Groups. You’ll also learn how to create User Groups and set their Access Rights.

The specific topics we will cover in this chapter are:

  1. Creating User Accounts
  2. Creating User Groups
  3. Setting User Group Access Rights

1. Creating User Accounts

Every Administrator should have their own User Account. To create a new User Account go to the Nectus Home Screen and select Settings -> Admin Accounts.

This opens the “Admin Accounts” dialog box.

 

Select the User List tab and click Add New Account to open the “Add Account” dialog box.

Enter the information for the user. Fields marked with an asterisk ( * ) are required. The group you assign determines the User’s Access Rights. You can assign the User to an existing Group, or create a new Group.

2. Creating User Groups

To create a User Group return to the “Admin Accounts” dialog box and select the User Groups tab.

Click Add New Group to open the “Add Group” dialog box and enter a Group Name.

Note that you can use the icons to the right of the Group Names to edit or delete an existing User Group.

3. Setting User Group Access Rights

Select the Group’s Access Rights from the drop-down list. Selecting “Read Only” or “Read / Write” rights sets all the GUI and Context Menu options to those values.

Selecting “Custom” rights allows you to set each GUI and Context Menu item individually. The options are “Read Only”, “Read / Write”, and “Hide”.

Select the Views tab to specify which views the User can see.

The drop-down list next to each view lists the items that will appear for that view. Setting “SNMP Devices Views” to “Cisco” for example causes only Cisco devices to appear in the SNMP Devices section or the Sites Section.

You can also designate the User Group as a “Super Admin.” Your installation must always have at least one Super Admin Group to ensure that Users have access to the system.

Tracking Objects in Wireless Networks

, ,

Troubleshooting of any wireless problems usually starts with determination of specific Access Point where client is currently associated with and tracking wireless client’s roaming behavior in time.

Access Point detection helps to understand current RSSI levels at given selected channel and presence of alternative AP at the client’s location.

Nectus provides basic tools that make locating and tracking wireless objects an easy task.

The specific topics we will cover in this chapter are:

  1. Using the Wireless Client Search Tool
  2. Using the Wireless Client Tracking Tool

1. Using the Wireless Client Search Tool

The Wireless Client Search tool shows you which access point (AP) a Wireless Client is connected to right now. To use Wireless Client Search go to the Nectus Home Screen and select Tools -> Wireless Tools -> Wireless Client Search.

This opens the “Wireless Client Search” dialog box.

Search for the wireless object by entering all or part of the Client MAC Address, IP Address, or Username. Set the Search Scope by checking any of the supported Wireless Controller types.

The search returns any matching objects in a table.

Click the MAC Address of the object to see all the Basic information the system has about that object.

Click the Client RSSI Info tab to see the RSSI (Received Signal Strength Indication) for every access point the object can detect.

2. Using the Wireless MAC Tracking Tool

The Wireless MAC Tracking tool is useful for troubleshooting intermittent problems. It uses the object’s MAC address to record which AP the object is connected to over a period of time. To use Wireless Client Search go to the Nectus Home Screen and select Tools -> Wireless Tools -> Wireless MAC Tracking.

This opens the “Wireless MAC Tracking” dialog box.

Click Add to begin tracking a MAC Address.

Enter the MAC Address you want to track, the Controller type, the Frequency of recording data, and the Duration of time you want to track the MAC address.

Once the Duration is complete, you can see the results by clicking the View MAC Tracking icon.

 

Silicon Valley in 1992

Silicon Valley

Generating Wireless Heat Maps in Nectus

, ,

Generating Wireless Heat Maps

Wireless Heat Map is the visual representation of the wireless signal levels at different locations of specific selected area.

Area can be a building floor or outdoors. We read signal level directly at the antennas of the Wireless APs and calculate signal attenuation with a distance

and overlay resulting signal levels on top of area map with a known dimensions.

In this chapter, you’ll learn how to generate Wireless Heat Maps of any area.

The specific topics we will cover in this chapter are:

  1. Preparing the Background Image
  2. Creating a New L2 Topology
  3. Placing the Background Image and Specifying the Scale
  4. Selecting the Wireless Controller
  5. Expanding the Topology and Selecting Your Access Points
  6. Positioning Wireless APs on the Heat Map

1. Preparing the Background Image

The Background Image shows the physical layout of the area that will be included in the Heat Map.

The image needs to be scaled with equal proportions horizontally and vertically. PNG and JPEG image formats are supported. You will need to be able to enter the corresponding length of the image, in feet, to create an accurate Heat Map.

Create the Background Image before proceeding to Step 2.

2. Creating a New L2 Topology

Once you have the Background Image prepared, you will need to create a new L2 Topology for your Heat Map. To create a new L2 Topology go to the Nectus Home Screen and select Topologies -> Start New L2 Topology.

An empty L2 Topology appears.

3. Placing the Background Image and Specifying the Scale

To place the Background Image in the Topology, click the L2 Topology Settings icon to open the “Settings” dialog box then select the Background tab.

Check the Display Image check box and load the Background Image you created in Step 1.

Enter the horizontal length of the Background Image (in feet) in the Background image length in Feet field.

Once the Background Image is visible in the Topology you can resize and reposition it as desired.

4. Placing the Wireless Controller

Find the Wireless Controller for this area in the Wireless Controllers section of the Sites Panel and drag it onto the Topology.

Click the Settings icon to open the “Settings” dialog box. Select the Wireless tab.

Check Show Wireless APs along with any other options you want displayed on the Heat Map. Nectus includes a large collection of Wireless AP icons you can use to customize the map.

Once you click OK the Heat Map reappears with a color-coded scale of signal levels.

5. Expanding the Topology and Selecting Your Access Points

Now you need to expand the Topology. This displays the Wireless Access Points that are connected to the Wireless Controller. To expand the Topology, right-click the Wireless Controller icon and select Expand L2 Network Topology.

This opens the “Expand L2 Network Topology” dialog box. Select the Wireless tab and expand the All Wireless Controllers list to see the Wireless APs connected to the controllers in the Topology. Check the Wireless APs you want to include in the Heat Map.

Click Generate Topology to add the selected Wireless APs to the Heat Map.

6. Positioning Wireless APs on the Heat Map

Drag each Wireless AP to its physical location on the Background Image. Once you do this, the Heat Map will show wireless coverage for this area.

Enabling Monitoring for SNMP Interfaces

,

Enabling Monitoring for SNMP Interfaces

In this chapter, you’ll learn how to enable monitoring and create monitoring groups for SNMP Interfaces.

The specific topics we will cover in this chapter are:

  1. Automatic Discovery and Grouping of SNMP Interfaces
  2. Creating and Activating Monitoring Groups
  3. Creating and Customizing Monitoring Profiles
  4. Customizing Alerts
  5. Placing Interfaces in Monitoring Groups

1. Automatic Discovery and Grouping of SNMP Interfaces

During the Discovery phase all network Interfaces are automatically added to the group called “No Monitoring Group.” This group has all monitoring functionality disabled and serves as a parking space for all unmonitored Interfaces.

To enable monitoring for a particular Interface you must move that interface from the “No Monitoring Group” to any group that has the monitoring checkbox set to “ON” and has a Monitoring Profile assigned.

2. Creating and Activating Monitoring Groups

To create and activate SNMP Interface Monitoring Groups go to the Nectus Home Screen and select Monitoring -> SNMP Monitoring Groups -> Interface Monitoring Groups.

This opens the “Interface Monitoring Groups” dialog box.

Nectus provides you with two predefined Monitoring Groups:

  • No Monitoring Group – Interfaces in this group are not being monitored.
  • Default Monitoring Group – Interfaces in this group are monitored by Nectus.

Click the Add Group button to open the “Add Monitoring Interface Group” dialog box and create an additional Monitoring Group.

To monitor a group, check its Enable Monitoring box in the “Interface Monitoring Groups” dialog box.

Next select the Monitoring Profile you want to use for the Group. See the next section for more information on Monitoring Profiles.

Then click the Edit Alert Recipients icon to open the “Alert Recipients” dialog box and select lists that specify who will receive alerts from this particular Monitoring Group and Profile.

3. Creating and Customizing Monitoring Profiles

Each Monitoring Group must have a Monitoring Profile that determines which parameters are monitored. You can customize each Profile, and create individual Profiles for each Monitoring Group.

To create a new Profile, go to the Nectus Home Screen and select Monitoring -> SNMP Monitoring Profiles -> Profiles – SNMP Interface Monitoring. This opens the “Interface Monitoring Profiles” dialog box. Click the Add Profile button to create a new Profile.

To edit a Profile click the Edit icon to the right of the Monitoring Profile for the Group. This opens the “Edit Device Monitoring Profile” dialog box.

Some of the parameters here allow you to set Threshold values or other customizations.

Set the Enabled checkbox next to each Parameter you want to monitor. Check any of the Log to DB, Email Alerts, SMS Alerts, or Traps Alerts boxes to send those types of alerts.

4. Customizing Alerts

To customize the alerts, click the Edit Alert Templates button to open the “Edit Alert Handler” dialog box.

If you select Email Alerts or SMS Alerts, Nectus will generate Alert messages when the Monitored Parameter exceeds threshold and Recovery messages when the Parameter returns to normal.

Selecting the tab for one of these messages allows you to customize the appearance of that message.

5. Placing Interfaces in Monitoring Groups

Once you have created the Monitoring Groups you want to use you need to place Interfaces in them. To do so, click the Monitoring Group Name to open the “Edit Monitoring Interface Group” dialog box.

Select the Group you want to add Interfaces to on the left, and the Group you want to take them from on the right. Use the arrows to move Interfaces between the two Interface Groups.

Note that if you move an Interface that is currently being monitoring into the No Monitoring Group, Nectus will immediately stop monitoring that Interface. This can be useful for situations where you know an Interface will be down for some time (extended maintenance, for example) and you don’t want the system to send alerts.

Enabling Monitoring for SNMP devices

Enabling Monitoring for SNMP Devices

In this chapter, you’ll learn how to enable monitoring and create monitoring groups for SNMP Devices.

The specific topics we will cover in this chapter are:

  1. Automatic Discovery and Grouping of SNMP Devices
  2. Creating and Activating Monitoring Groups
  3. Creating and Customizing Monitoring Profiles
  4. Customizing Alerts
  5. Placing Devices in Monitoring Groups

1. Automatic Discovery and Grouping of SNMP Devices

Nectus automatically discovers all live SNMP Devices. These devices are listed in the SNMP Devices Panel on the Home Screen. While Devices are detected automatically, they are not automatically monitored. New SNMP Devices are automatically added to the default “No Monitoring” Group.

To Enable monitoring for a Device you need to move it from “No Monitoring” group to any

of the group where monitoring is enabled.

2. Creating and Activating Monitoring Groups

To create and activate SNMP Device Monitoring Groups go to the Nectus Home Screen and select Monitoring -> SNMP Monitoring Groups -> Device Monitoring Groups.

This opens the “Device Monitoring Groups” dialog.

Nectus provides you with two predefined Monitoring Groups:

  • No Monitoring Group – Devices in this group are not monitored, and appear with a grey icon in the SNMP Devices Panel.
  • Default Monitoring Group – Devices in this group are monitored by Nectus. Their icons are either green or red, reflecting the state of the Device.

Click the Add Group button to open the Add Monitoring Device Group dialog and create an additional Monitoring Group.

To monitor a group, check its Enable Monitoring box in the Device Monitoring Groups dialog box.

Next select the Monitoring Profile you want to use for the Group. See the next section for more information on Monitoring Profiles.

Next click the Edit Alert Recipients icon to open the Alert Recipients dialog box and select lists that specify who will receive alerts from this particular Monitoring Group and Profile.

3. Creating and Customizing Monitoring Profiles

Each Monitoring Group must have a Device Monitoring Profile that determines which parameters are monitored. You can customize this Profile, and create additional Profiles for each Monitoring Group.

To edit the default Profile or create a new one, click the Edit icon to the left of the Monitoring Profile for the Group. This opens the Edit Device Monitoring Profile dialog box.

Each of the four tabs in this dialog contains parameters you can monitor. Many of the parameters allow you to set Threshold values or other customizations.

Set the Enabled checkbox next to each Parameter you want to monitor. Check any of the Log to DB, Email Alerts, SMS Alerts, or Traps Alerts boxes to send those types of alerts.

4. Customizing Alerts

To customize the alerts, click the Edit Alert Templates button to open the Edit Alert Handler dialog box.

If you select Email Alerts or SMS Alerts, Nectus will generate Alert messages when the Parameter goes out of bounds and Recovery messages when the Parameter returns to normal.

Selecting the tab for one of these messages allows you to customize the appearance of that message.

5. Placing Devices in Monitoring Groups

Once you have created the Monitoring Groups you want to use you need to place Devices in them. To do so, click the Monitoring Group Name to open the Edit Monitoring Device Group dialog box.

Select the Group you want to add Devices to on the left, and the Group you want to take them from on the right. Use the arrows to move Devices between the two Device Groups.

Note that if you move a Device that is currently being monitoring into the No Monitoring Group, Nectus will immediately stop monitoring that Device. This can be useful for situations where you know a device will be down for some time (extended maintenance, for example) and you don’t want the system to send alerts.