OSI model Enterprise network architectures Distributed information systems

Transcription

1 CHAPTER 11 NETWORK MANAGEMENT Concepts Reinforced OSI model Enterprise network architectures Distributed information systems Top-down model Network development life cycle Protocols and interoperability Concepts Introduced Enterprise network management Server management Desktop management Distributed applications management Internetwork device management Distributed network management Service management Traffic shaping Systems administration Help desk management Consolidated services desk LAN management Internet/WWW management Network management technology Quality of service Bandwidth management OBJECTIVES Upon successful completion of this chapter, you should: 1. Understand the business motivations and forces at work in the current systems administration and network management arena. 2. Understand the relationship between network management processes, personnel, and technology to produce a successful network management system. 3. Understand the differences between systems administration processes and network management processes. 4. Understand the protocols and technology associated with each area of systems administration and network management. 5. Understand how systems administration and network management technology can be most effectively implemented.

2 426 Chapter Eleven/Network Management INTRODUCTION At this point in the text, it should be clear to all readers that a network is a complex combination of hardware and software technologies linked by networking technologies. Once these various categories of technologies are successfully integrated, they must be properly managed. The purpose of this chapter is to expose the reader to how each of the elements of a network can be managed to achieve stated business objectives. Although entire texts are written on network and information systems management, this chapter provides an overview of the key issues surrounding the management of several aspects of networks including business alignment, standards and protocols, interoperability issues, currently available technology, key vendors, and market trends. SERVICE MANAGEMENT PROVIDES BUSINESS ALIGNMENT WITH NETWORK MANAGEMENT To ensure that networks and their associated information systems are delivering expected levels of service to achieve strategic business initiatives, a verifiable methodology to measure service performance levels must be developed. Service management is concerned with the management of IT services and the business processes that depend on them. Service management is achieved through the controlled operation of ongoing service by formalized and disciplined processes. Because of the predictable service environment enabled by strictly defined service processes, the following benefits or characteristics of IT services can be realized: Higher quality Lower cost Greater flexibility and responsiveness More consistent service Faster responses to customer needs Proactive rather than reactive service definition A service management architecture is developed to map required IT services to specific business unit or customer needs. Service Management Architecture Service management architectures provide metrics for service evaluation on both a business and IT infrastructure level. Business expectations as stated by business unit management, the customer, are translated into business performance metrics. These business performance metrics are then mapped to the IT infrastructure expected levels of service that will be required to meet the previously mentioned business expectations. These IT infrastructure expected levels of service are then mapped to IT performance metrics that will objectively measure the IT infrastructure s ability to meet expected levels of service. Figure 11-1 provides a high level view of the components and interaction of a service management architecture.

3 Service Management Provides Business Alignment with Network Management 427 Strategic Business Initiative Business Process Embedded Performance Metrics Service Level Expectations Embedded Performance Metrics Service Definition Service Delivery Service Costing Service Auditing Service Management Required Supporting Services Figure 11-1 Service Management Architecture Service Definition and Frameworks Services are defined in terms of the processes, technical expertise (people), and technology that are required to deliver those services. A given service can vary in terms of several characteristics contributing to measurable differences in cost and price: Complexity Risk (or lack thereof) Required service or support level Level of deviation from basic service Service definition implies that a baseline level of service and the costs associated with that level of service are first determined. Modifications or upgraded levels of that service are available at customer specification for a predetermined cost above the baseline service. Defined services and their associated processes are often organized into categories. Workflow and document flow analysis defines the interaction among these various categories of service management processes. Although network management is only one element of overall IT infrastructure and service management, the OSI Network Management Framework can serve as the basis for a larger list of management services incorporating the broader service management category. The Network Management Forum associated with the OSI Reference Model has divided the field of network management into five major categories in a document known as the ISO Management Framework (ISO ). This categorization is somewhat arbitrary as standards and network management technology apply to multiple categories, and even the categories themselves are interdependent. However, it is important for the network analyst to be aware of this categorization, as it is

4 428 Chapter Eleven/Network Management often referred to when discussing network management architectures and technology. Figure 11-2 lists and explains the five OSI categories of network management. Other service management frameworks may include other categories of management that further expand the list presented in Figure Many of these categories are concerned with the definition, costing, reporting, support, management, and auditing of the services that must be collectively delivered by the combined elements of the IT infrastructure. Some of the potential additional categories of service management include: Service level management: Concerned with the definition and management of offered service levels. Incident management: Reactive process to resolve issues as quickly as possible. Problem management: Proactive process that attempts to prevent incidents from recurring. OSI Category of Network Management Fault Management Configuration Management Performance Management Security Management Accounting Management Explanation/Importance Monitoring of the network or system state Receipt and processing of alarms Diagnosis of the causes of faults Determination of the propagation of errors Initiation and checking of error recovery measures Introduction of trouble ticket system Provision of a user help desk Compile accurate description of all network components Control updating of configuration Control of remote configuration Support for network version control Initiation of jobs and tracing of their execution Determination of quality of service parameters Monitor network for performance bottlenecks Measure system and network performance Process measurement data and produce reports Capacity planning and proactive performance planning Monitor the system for intrusions Provide authentication of users Provide encryption in order to assure message privacy Implement associated security policy Record system and network usage statistics Maintain usage accounting system for chargeback purposes Allocation and monitoring of system or network usage quotas Maintain and report usage statistics Figure 11-2 OSI Categories of Network Management

5 Service Management Provides Business Alignment with Network Management 429 Change management: Concerned with the management and documentation of changes to the IT infrastructure. Capacity management: Proactive management practice concerned with ensuring that the IT infrastructure has sufficient capacity to support current service level agreements as well as unforeseen sudden increases in demand. Asset management: Concerned with the monitoring and management of the hardware and software technology that comprises the IT infrastructure. Availability management, risk management, and contingency planning: All are related to the desire to be able to meet or exceed system availability commitments as contained in service level agreements. Many of these categories of management are described in more detail in the remainder of the chapter. Another network management model or framework that is more specifically focused on public telecommunications networks owned by carriers, as opposed to privately owned enterprise networks, is the Telecommunication Management Network (TMN). Standards for TMN are issued by the ITU-T (International Telecommunications Union Telecommunications Standardization Sector). TMN standards are organized according to the particular focus areas such as: architecture, functional requirements, information models, protocols, conformance, profiles, and methodology. Overall TMN management functionality can be organized into a four-layer TMN Model consisting of the following four functional layers, following an overall top-down model approach: Business management: focus on high-level business aspects of telecomm management including strategic business and financial planning. Service management: focus on the implementation, support, and management of telecommunications services that will meet business and financial strategic goals described in the business management layer. This layer includes all customer service interaction with end users of services. Quality assurance and billing processes are included on this layer. Network management: focus on the end-to-end management of the network infrastructure that will be delivering the services described in the service management layer. Functionality on this layer is considered vendor independent. Element management: In TMN, all networks are comprised of a combination of network elements (NE). The element management layer is concerned with the management of the distributed individual network elements that comprise the networks that deliver the services. Functionality on this layer is considered vendor dependent, based on the vendor of a particular network element. Service Level Agreements Once services are defined and a given level of service is agreed upon between the customer and the IT services department, a formally documented service level agreement is negotiated. The service level agreement clearly describes expected levels of service, how that service will be measured, what that service will cost, and what the consequences will be if the agreed upon service levels are not met.

6 430 Chapter Eleven/Network Management Measurements defined in service level agreements must be able to clearly show how effective services are in meeting business objectives, not how much of an IT commodity was used. For example, it is no longer appropriate to report bandwidth consumed, CPU cycles consumed, or amount of disk space consumed. What really matters is whether or not the total IT infrastructure was able to support the success of the business initiative. Among the network management tools capable of monitoring service level agreements, especially with carriers for wide area network services, are the following: Service Level Monitoring Tool Visual Uptime Vital Suite OpenLANE Vendor Visual Networks Lucent Paradyne Service Costing Once services have been defined, they must be assigned a cost. Costing IT services is not a simple matter. Initially costs can be differentiated as follows: Direct costs: Those that can be directly attributed to the provision of a given service. Indirect costs: Those that go to support the overall IT infrastructure on which all services depend. Variable costs: Those that vary directly with the amount or level of service required or purchased. Fixed costs: Those that do not vary as additional amounts or levels of service are required or delivered. Figure 11-3 provides a simple model of how variable levels of services can be effectively costed. As illustrated in Figure 11-3, different types of customers from different business units or business initiatives would interact with IT account managers to assist them in defining their IT service needs. This represents a customercentric approach to IT services. Conversely, a systemcentric approach requires the customer to interact individually with all of the managers of the various components of the IT infrastructure (e.g., network, application development, data management, systems management). The systemcentric approach requires the customer to act as a general contractor, whereas the customercentric approach offers the customer one-stop shopping for business-oriented IT services. Customers are free to choose distinct levels of different services to meet their IT needs. The variable levels of service imply variable, direct costs associated with the chosen level of service. A given level of service requires a combination of technical expertise, defined processes, and requisite technology. The IT infrastructure represents a fixed or indirect cost to the services purchased by the customer. An allocation formula, sometimes called a cost generator, must be calculated to determine how much of the fixed IT infrastructure costs should be passed to the service level cost.

7 Application and Database Management 431 Variety of Customers IT Account Managers Variety of Services Service A Variable Levels Technical Expertise (People) Processes Service Specific Technology Shared Enterprise IT Infrastructure Service A Variable Costs Fixed Cost Component Service Level Specific Total Cost Hidden Costs Figure 11-3 Service Costing Model Hidden costs are those costs that must still be covered by organizations other than IT. Informal support of systems and applications by end-user departments or business units is a commonly cited source of hidden costs. IT INFRASTRUCTURE MANAGEMENT Whereas service management provides the methodology to measure business performance expectations, the achievement of these expectations depends on properly managed components of the IT infrastructure. An IT infrastructure is made of a combination of separately managed and monitored elements. This presents a challenge as these different management tools often do not interoperate or share data. As a result, multiple different categories of management and monitoring tools are required to ensure end-to-end performance of the overall IT infrastructure. Figure 11-4 illustrates some of the different categories of IT infrastructure management that are explained further in the remainder of the chapter. APPLICATION AND DATABASE MANAGEMENT Distributed Application Management Although distributed applications can be developed for local area networks that possess the power equivalent to those deployed on mainframes, distributed applications have not yet matched mainframe applications in terms of reliability and manageability. This is primarily due to a lack of effective application management tools and underlying application management protocols that can expose an application s dependencies and measure numerous aspects of performance. This lack of application management tools can make it impossible to diagnose and correct application problems ranging from poor performance to system crashes. Fortunately, an effort is underway to build self-diagnosing intelligence into applications during the development stage. By having these predefined events and

8 432 Chapter Eleven/Network Management WAN or INTERNET Router Enterprise Network Management Router Mainframe Application Management Transaction processing Client application Application server Application server Remote Access Management Data warehouse Desktop Management LAN Management Database server Server Management Remote client Help Desk and Consolidated Services Management (all components) Database Management Figure 11-4 Elements of IT Infrastructure That Must Be Managed performance metrics included within the application, management consoles will be able to detect problems with application performance and take corrective action. These embedded performance metrics are sometimes referred to as instrumentation. Two such development environments are Unify VISION and Sun One Studio. In between the intelligent application, reporting on event conditions and performance metrics, and the management console is an autonomous piece of software known as an agent that collects these performance statistics and properly formats them for transmission to the application management console. In turn, these agents are able to communicate with a variety of application management consoles or any SNMP-based administrative program. Examples of agents include AgentWorks from Computer Associates and AppMan from Unify. Eventually, it is hoped that such application management information can be consolidated into enterprise management frameworks such as CA-Unicenter and Tivoli Management Environment. Application monitoring tools such as Application Expert from OPNET provide real-time statistics on application behavior and network impact as well as the ability to perform what-if simulation analysis on captured applications. The two primary network-related variables that can affect distributed application performance are bandwidth and latency. It should be obvious at this point in the text how network bandwidth can have a significant impact on application performance. The effect of latency on applications performance, however, is not as widely understood. Latency is simply the delay introduced by any computer or processing node that takes part in the execution of a distributed application. Downloading the client portion of an application from a server, processing SQL queries, or server-to-server queries all introduce latency to an application. The part of application optimization that is surprising to some people is that more bandwidth is not always the answer. If an application is constrained by latency, introducing more bandwidth will have little or no

9 Application and Database Management 433 impact on application performance. Application monitoring and simulation tools are extremely valuable in their ability to pinpoint bandwidth and latency constraints before distributed applications are deployed throughout a global enterprise. An alternative to developing your own applications with embedded management intelligence is to purchase a prewritten event management tool that has been written to monitor specific commercially available applications such as Lotus Notes, SAP R2/R3, Oracle Financials, or a variety of databases including IBM DB2, Oracle, Informix, and Sybase. An event can be thought of as a transaction or database update. PATROL from BMC Software, Inc. is an example of such an event management tool. One of the key stumbling blocks to widespread deployment and support of distributed application management is the lack of a standard of what application performance information should be gathered and how that information should be reported. One proposal for standardizing how instrumentation should be developed within applications is known as the applications management specification (AMS). AMS defines a set of management objects that define distribution, dependencies, relationships, monitoring and management criteria, and performance metrics that can subsequently be processed by agents and forwarded to management consoles. These AMS agents are placed into applications through the use of the ARM software developers kit. An API that can be used by applications developers is known as application response measurement (ARM) and can measure several key application statistics. Agents are able to forward application performance statistics to ARM-compatible application management consoles. ARM 2.0 added the capability to track applications to multiple servers, to track business-specific transaction information, and to more effectively explain application performance problems. Vendors such as Hewlett Packard, Tivoli, Oracle, and Compuware have committed to supporting the ARM specification. Figure 11-5 illustrates some of the key concepts involved in a distributed application management architecture. Another possible standard for distributed application management is a proposed IETF standard known as Web-based enterprise management (WBEM), which integrates SNMP, HTTP, and DMI (desktop management interface) into an application management architecture that can use common Web browser software as its user interface. Another IETF initiative is developing a two-part applications MIB, the first part of which is known as the SysAppl MIB dealing with collection of applications performance data without the use of instrumentation, and the second part of which Packaged Application Lotus Notes Server Event Management Tool Specifically written to monitor particular applications Patrol BMC, Inc Management Console CA-Unicenter Agent Factory Tivoli Management Environment Agent Collects performance statistics. Forwards to management console. Server Internally Developed Application with embedded ARM objects Performance Metrics Logic Oracle Financials Assorted databases SNMP AMS PM 1 PM 2 PM 3 PM 4 Figure 11-5 Distributed Application Management Architecture

10 434 Chapter Eleven/Network Management deals with the collection of performance data that requires instrumentation (performance metrics). The RMON Application MIB is explained in more detail later in this chapter. As can be seen from the previous paragraph, when it comes to application management, the standards arena is anything but decided. Enterprise Database Management Distributed database management is also important to overall enterprise information system management. Although most distributed data management platforms provide their own management system for reporting performance statistics, there is currently no way to consolidate these separate management systems into a single enterprise-wide view. As a result of corporate mergers and the need to consolidate once isolated departmental databases, it is a very common phenomenon for a corporation to have data stored in a wide variety of incompatible database systems. The IETF has been working on a database MIB specification that would allow any enterprise data management system to report performance statistics back to any SNMPcompliant enterprise network management system. Enterprise database management tools that are able to manage a variety of different databases should include the following important major functional areas: Global user administration: User and group authorization and security management across a variety of different databases are important characteristics for an enterprise-wide database management system. Heterogeneous data schema and content manipulation: In other words, from one console, an administrator can change the database record layout or the contents of those records, regardless of the particular database management system. In some cases, these changes can be automated across an entire enterprise s databases, scheduled to be run at a later time, or saved for future reuse. Such systems should be able to add columns to or otherwise modify database tables automatically across a variety of different databases. In some cases, databases may need to be replicated from one platform to another or one databases schema, or a portion thereof, may need to be copied to a different database platform. Effective troubleshooting: Enterprise database management systems must be able to monitor a variety of different databases for such critical events as: inadequate free space, runaway processes, high CPU utilization, or low swap space. Events and alarms should be able to trigger , pagers, or onscreen events. In some cases, the enterprise database management system can take corrective action as defined by user-supplied script files. Among the databases such an enterprise database management system should support are Oracle, Informix, SQL Server, adaptive server, and DB2. CLIENT AND DESKTOP MANAGEMENT Desktop Management Desktop management is primarily concerned with the configuration and support of desktop workstations or client computers. In most cases, this management is more

11 Client and Desktop Management 435 concerned with the assorted hardware and operating systems software of the desktop machines than with the applications or database software discussed in the previous section. Desktop Management Architecture and Protocols Desktop management systems rely on an architecture and associated protocols proposed by the desktop management task force (DMTF), which is composed of over fifty companies including Intel, Microsoft, IBM, Digital, Hewlett-Packard, Apple, Compaq, Dell, and Sun. The overall desktop management architecture is known as the DMI or desktop management interface and is illustrated in Figure Although they differ in both strategic intent and governing standards-making organizations, desktop management and enterprise management systems must still be able to transparently interoperate. Since DMI-compliant desktop management systems store performance and configuration statistics in a MIF (management information format), and enterprise management systems employ a MIB, a MIF-to-MIB mapper is required to link desktop and enterprise management systems. The DMI architecture is composed of four primary components: DMI services layer is the DMI application that resides on each desktop device to be managed. The DMI services layer does the actual processing of Desktop Management System Manager Desktop Management System Network Transport Protocols Remote Procedure Calls Enterprise Network Management System IP SNMP MIF-to-MIB Mapper Enterprise Management System Manager MIF Management Information Format management interface API DMI Services Layer DMI Client component interface API Desktop Services Desktop Applications Figure 11-6 Desktop Management Interface Architecture

12 436 Chapter Eleven/Network Management desktop management information on the client platform and serves as an interface to two APIs. The management interface API is designed to interface to the desktop system management program that will consolidate the information from this client with all other desktop information. The component interface API is designed to interface to the individual application programs or desktop components that are to be managed and monitored on the local client. Information about the local desktop components is stored locally in a MIF or management information format. Desktop Management Technology Desktop management technology offerings from different vendors are best characterized as suites of associated desktop management applications. Current offerings differ in the variety of management modules within a given suite as well as the extent of integration between suite modules. Among the modules that some, but not necessarily all, desktop management suites include are the following: Hardware and software inventory Asset management Software distribution License metering Server monitoring Virus protection Help desk support Key functional characteristics of desktop management systems are listed in Figure Many of the functional areas described briefly in Figure 11-7 are explained in further detail later in the chapter. Mobile Desktop Management Extending desktop management functionality such as software distribution, change analysis, job scheduling, asset monitoring, and backup to mobile laptop computers linked only occasionally to corporate headquarters over relatively low bandwidth network links presents some unique challenges. Mobile users have a need to receive not only updates to their application software but also corporate data such as product and pricing information. It is equally important for support personnel at corporate headquarters to know exactly what is installed on each laptop computer in terms of hardware and software technology. XcelleNet, Inc produces a series of remote management modules known collectively as RemoteWare that are able to manage software distribution, antivirus protection, backup, and inventory management for laptop computers. RemoteWare differs from traditional desktop management software packages in that all files transmitted between the management software and the remote laptop computers are in a compressed format. If the transmission is interrupted midstream, the transmission is able to restart where it left off, rather than having to start over from the beginning. Once received at the remote laptop computer after disconnection from the transmission

13 line, the installation application is executed locally on the laptop. Backup management software saves time and bandwidth by only transmitting changes to files rather than the entire file in a process known as delta file synchronization. In terms of standardized protocols for mobile desktop management, the desktop management task force has created a mobile MIF as an extension to the desktop management interface (DMI) 2.0. Among the types of information that management software supporting the Mobile MIF will be able to gather from compliant laptops are the following: Battery levels AC lines Docking status Infrared ports Video display types Pointing devices Device bays Client and Desktop Management 437 Configuration Management Single Sign-On Providing single sign-on services for distributed applications deployed across multiple servers is a benefit to users as well as systems administrators. By establishing a distributed security directory housed on a central security server, single sign-on software is able to provide a single login location for multiple, different types of computing platforms. This precludes users from having to remember multiple passwords and allows systems administrators to maintain user accounts and privileges for an entire enterprise from a single location. Single sign-on software is ideally deployed as part of the consolidated service desk. Among the single-sign-on technology available are the following: Single Sign On Technology V-GO-PRO VPN 1 SafeWord Plus Vendors Passlogix Checkpoint Software Secure Computing Configuration or Policy-based Management Tools Once hardware and software desktop configuration standards have been established and enforced, ongoing maintenance and monitoring of those standards can be ensured by configuration management tools such as electronic software distribution tools, license metering tools, and automated inventory tools. To more easily integrate configuration management tools with corporate policy and standards regarding desktop configurations, a new breed of policy-based management tools has emerged. These desktop-oriented, policybased management tools should not be confused with policy-based network management tools, discussed later in the chapter, which are designed to ensure end-to-end quality of service via bandwidth management.

14 438 Chapter Eleven/Network Management Functional Category Integration Network Operating System Compatibility Desktop Compatibility Hardware and Software Inventory (Asset Management) Server Monitoring Network Monitoring Importance/Implication Are all desktop management applications tied together through a single interface to a single console? Do all desktop management applications share information with each other via a single database? Can software modules be added individually as needed? Suites may be either modular or tightly integrated in design. Does the system support the DMI architecture? Output data in MIF format? Which network operating system must the desktop management console or server run over? Which network operating systems is the desktop management system able to monitor? Some desktop management systems can monitor only a single NOS. For example, Novell ManageWise is able to monitor only NetWare networks and Microsoft s System Management Server is able to manage only Microsoft networks, although this may not always be the case. Since the primary objective of this software category is to manage desktops, it is essential that as many desktop platforms as possible are supported. Examples of supported client platforms include Macintosh, Windows 95/98, Windows NT, Windows 2000, or Windows XP. Can the inventory software auto-detect client hardware and software? Can changes in files or configuration be tracked? Can versions of software be detected and tracked? How many applications can be identified? Libraries of 6000 are not uncommon. Can CPU types and speeds be correctly identified? Is a query utility included to identify workstations with given characteristics? Does the software support the setting of threshold limits for CPU activity, remaining disk space, etc.? What server attributes can be tracked? CPU activity, memory usage, free disk space, number of concurrent logins or sessions. Can data-link layer traffic be monitored and reported on? Can network layer protocol traffic activity be monitored and reported on? Can MAC layer addresses be sensed and monitored? Can activity thresholds be established for particular data-link or network layer protocols? Figure 11-7 Functional Categories of Desktop Management Systems (Continues)

15 Client and Desktop Management 439 Functional Category Software Distribution License Metering Virus Protection Help Desk Support Alarms Remote Control Management Reporting Capabilities Importance/Implication Can software be distributed to local client drives as well as network servers? Can updates be automatically installed? Can the system track which software needs to be updated through ties with the software inventory system? Can updates be uninstalled automatically? Can progress and error reports be produced during and after software distribution? Where can software licenses be tracked? Clients Server Across multiple servers Can license limit thresholds be set? Will the manager be notified before the license limit is reached? Will users be notified if license limit has been reached? Will users be put into a queue for next available license after license limit has been reached? Can virus protection be provided for both clients and servers? Can both diskette drives and hard drives be protected? Can viruses embedded within application programs be detected? Are trouble ticketing and call tracking utilities included? Are query capabilities included to search for similar problems and solutions? Are reports available to spot trends and track help desk effectiveness and productivity? Can managers be notified of changes to files or configuration? Can violations or preset thresholds be reported? Can alarms be sent by , pager, fax, cellular phone? Can managers take over remote client workstations for monitoring or troubleshooting purposes? Can this be done via modem as well as over the local LAN? Can files be transferred to/from the remote client? Can files on remote client be viewed without taking over complete control of the remote client? Can remote reboots be initiated? How many predefined reports are available? Can users define their own reports? Can information be exported to documents, spreadsheets, or databases? Which export file formats are supported? Figure 11-7 Functional Categories of Desktop Management Systems (Continued)

16 440 Chapter Eleven/Network Management Policy-based management tools in their simplest form are able to automate certain tasks by using job scheduling utilities to schedule background and after-hours jobs. Another key point about these tools is that they are able to administer multiple different types of client platforms such as Windows 2000, Windows XP, Windows NT, HP-UX, AIX, and Solaris, to name but a few. More advanced tools not only automate administrative tasks, but also provide an interface for managing the corporate desktop configuration policies themselves. Administrators are able to set policies for an entire global enterprise, for specified domains, or for individual workstations. For example, some policy-based management software can store policies in a knowledge base that arranges the policies in a hierarchical fashion to identify policy conflicts. However, once again, mere throwing technology at a problem will not provide an adequate solution. First, internal policies must be developed within the corporate environment before they can be entered into the policy-based management system. This policy development may involve a tremendous amount of work before the software can ever be implemented. Examples of the types of policies that might be enforced by policy-based management tools are the following: User access rights to files, directories, servers, and executables. Desktop start-up applications and background colors, or corporate-approved screen savers. Deny user access to network if desktop virus checking or metering has been disabled. Facilitate changes when applications move or devices are added to the network. Prevent users from trying to install and run programs their desktops can t support. Help Desks As processing power has moved from the centralized mainframe room to the user s desktop, the support organization required to facilitate that processing power has undergone significant changes. When mission-critical business applications are shifted to distributed architectures, effective help desk operations must be in place and ready to go. Although some help desk management technology is aimed at setting up small help desks on a single PC or workstation to provide simple trouble ticketing and tracking, the higher end of help desk technology supports such additional processes as: Asset management Change management Integration with event management systems Support of business-specific processes and procedures The basic objective of this higher end technology is to proactively manage system and network resources to prevent problems rather than merely reacting to system or network problems.

17 Client and Desktop Management 441 Because the help desk is held accountable for its level of service to end-users, it is essential that help desk management technology be able to gather the statistics necessary to measure the impact of its efforts. Since a significant amount of the interaction with a help desk is via the phone, it is important for help desk management software to be able to interact with call center management technology such as automatic call distributors (ACD) and interactive voice response units (IVRU). The overall integration of computer-based software and telephony equipment in known as computer telephony integration (CTI). The heart of any help desk management software package is the knowledge base that contains not just the resolutions or answers to problems, but the logic structure or decision tree that takes a given problem and leads the help desk staff person through a series of questions to the appropriate solution. Interestingly, the knowledge bases supplied with help desk management software may be supplied by third parties under license to the help desk management software vendor. Obviously, the knowledge base is added to by help desk personnel with corporate-specific problems and solutions, but the amount of information supplied initially by a given knowledge base can vary. The portion of the software that sifts through the knowledge base to the proper answer is sometimes referred to as the search engine. Figure 11-8 summarizes some of the other key functional areas for help desk management software. Asset Management Asset management is a broad category of management software that has traditionally been divided into three subcategories: Electronic software distribution License metering software LAN inventory management software Electronic Software Distribution As the distributed architecture has taken hold as the dominant information systems paradigm, the increased processing power possessed by client workstations had been matched by increasing amounts of sophisticated software installed on these client workstations. The distribution of client software to multiple locally and remotely attached client workstations could be a very personnel-intensive and expensive task were it not for a new category of LAN-enabled software known as ESD or electronic software distribution. ESD software can vary widely in the types of services and features offered as well as the costs for the convenience offered. For example, in addition to simply delivering software to LANattached clients, ESD software may also: Update configuration files Edit other files Capture commands entered during a manual software installation and convert the captured text into an automated script to control subsequent electronic software distribution Figure 11-9 summarizes some of the key functional characteristics of ESD software.

18 442 Chapter Eleven/Network Management Help Desk Management Software Functionality Administration, Security and Utilities Call Logging Call Tracking and Escalation Customizability Explanation/Importance What types of adds, deletes, and changes can be made with the system up and running and what types require a system shutdown? Must all help desk personnel be logged out of the system to perform administrative functions? Can major changes be done on a separate version offline, followed by a brief system restart with the new version? Can changes be tested in an off-line environment before committing to live installation? Is security primarily group level or individual? Can agents belong to more than one group? Can priorities and response times be flexibly assigned? Can information be imported and exported in a variety of formats? How easy is it to log calls? Can call logging link to existing databases to minimize amount of data that must be entered? Can number of steps and keystrokes required to add a user or log a call be controlled? Can multiple calls be logged at once? Can one call be suspended (put on hold) while another one is logged? Can special customers or users be flagged as such? How flexible are the call escalation options? Are escalation options able to support internally defined problem resolution and escalation policies and processes? Can the system support both manual and automatic escalation? Can automatic escalation paths, priorities, and criteria be flexibly defined? Can calls be timed as part of service level reporting? How flexibly can calls be assigned to individual or groups of agents? Is escalation system tied to work schedule system? Can subject area or problem experts be identified and used as part of the escalation process? Customizability is an issue at both the database level and the screen design level How easy is it to add knowledge and new problems/solutions to the knowledge base? Does the software offer customizability for multinational companies? Can entire new screens or views be designed? Do existing screens contain undefined fields? Figure 11-8 Help Desk Management Software (Continues)

19 Client and Desktop Management 443 Help Desk Management Software Functionality Integration with Other Products Performance Problem Resolution Reporting Explanation/Importance Computer telephony integration with automatic call distributors and interactive voice response units Which other integrated modules are included: asset management, change management, scheduling, training, workstation auditing? Does the software link to enterprise network management software such as HP Open View or IBM System View? Variables to consider when evaluating performance: number of simultaneous users on-line, number of calls per hour, required platform for database/knowledge base and search engine, required platform for agents. Which SQL-compliant databases are supported? Can searches be limited to improve performance? Products can differ significantly in how they search knowledge bases. This can have a major impact on performance. Decision trees, case-based retrieval, troubleshooting tools and embedded expert systems or artificial intelligence are the most intelligent, most complicated, and most expensive options for problem resolution methodologies. Many products provide more than one search engine or problem resolution method. Some problem resolution products learn about your environment as more problems are entered. Some problem resolution methods can use numerous different knowledge sources or problem databases. How many standard reports are included? How easily can customized reports be created? How easily can data (especially agent performance data) be exported to spreadsheet or database programs for further analysis? Figure 11-8 Help Desk Management Software (Continued) License Metering Software Although license metering software was originally intended to monitor the number of executing copies of a particular software package vs. the number of licenses purchased for that package, an interesting and beneficial side effect of license metering software has occurred. In recognition of this beneficial side effect, this category of software is now sometimes referred to as license management software. The previously mentioned beneficial side effect stems from the realization that at any one point in time, less than 100% of the workstations possessing legitimate licenses for a given software product are actually executing that software product. As a result, with the aid of license management software, fewer licenses can service an equal or greater number of users, thereby reducing the numbers of software licenses purchased and the associated cost of software ownership. License management software is able to dynamically allocate licenses to those users wishing to execute

20 444 Chapter Eleven/Network Management ESD Software Functional Category NOS Support Update Control Interoperability Licensing Description/Implication Since ESD software distributes software via the LAN, it is important to know which network operating systems are supported. Can updates be scheduled? Can updates be selectively done based on hardware configuration? Can updates be done only on selected machines? Can only certain files be searched for and replaced? Can files be edited or updated? Can files in use be replaced? Can files be moved and renamed? Can the update be done in the background on client workstations? How secure is the update control? Can updates be scripted? Can update keystrokes be captured and converted to an automated update control file? Can users perform their own selected updates from a distribution server? Are unattended updates possible? Are in-progress status screens available? Can outside distribution lists be imported? Can remote workstations be shut down and rebooted? How extensive are the update reporting and logging capabilities? Is the ESD software integrated with license metering or LAN hardware/software inventory software? Are other software packages required in order to execute the ESD software? Are licensing fees based on numbers of clients or numbers of distribution servers? Figure 11-9 Electronic Software Distribution Functionality a particular software package in a process known as license optimization. Popular license optimization techniques include: Dynamic allocation gives out either single user or suite licenses based on the number of suite applications used. As an example, a user who starts a word processing package within an application suite would be issued a single user license for the word processing package. However, if the user were to subsequently also execute a spreadsheet package within the same suite, he/she would be issued a suite license rather than a second single user license. Load balancing shifts licenses between servers to meet demands for licenses put on those servers by locally attached users. Licenses are loaned between servers on an as-needed basis. In this way, every server does not need to have a full complement of licenses to meet all anticipated user demands. This technique is also known as license pooling. Global license sharing recognizes the opportunity for license sharing presented by the widely distributed nature of today s global enterprise networks.

21 Distributed IT Infrastructure Architecture 445 While users on one side of the globe are sleeping, users on the other side of the globe are sharing the same pool of licenses. License metering and management software has traditionally been supplied as add-on products written by third-party software developers. However, this trend may change abruptly. Novell and Microsoft have cooperated (an unusual circumstance in itself) on a licensing server API (LSAPI). This API would build license metering capability into Microsoft and Novell s network operating systems and would eliminate the need for third-party license metering software. LSAPI-compliant applications would communicate with a specialized license server that would issue access tokens, more formally known as digital license certificates, based on the license information stored in the license server database. Applications wishing to take advantage of the NOS-based license metering service would need only to include the proper commands as specified in the LSAPI. LAN Inventory Management Software LAN Inventory Management Software is often included or integrated with electronic software distribution or license metering software. However, it has a unique and important mission of its own in a widely distributed architecture in which hardware and software assets are located throughout an enterprise network. A quality LAN inventory management software system is especially important when it comes to the planning efforts for network hardware and software upgrades. An enormous amount of human energy, and associated expense, can be wasted going from workstation to workstation figuring out what the hardware and software characteristics of each workstation are when LAN inventory management software can do the job automatically and can report gathered data in useful and flexible formats. Figure highlights some of the key functional capabilities of LAN Inventory Management software. DISTRIBUTED IT INFRASTRUCTURE ARCHITECTURE Having covered the issues involved in the management of client workstations whether mobile or desktop oriented, it is now time to look at what is involved with the management of the remainder of the distributed IT infrastructure. To delineate the processes and technology involved with the management of the infrastructure that underlies an enterprise-wide local area network, one must first define those components that make up the infrastructure to be managed. Traditionally, a distributed IT infrastructure is composed of a wide variety of servers and the various networks that connect those servers to each other and to the clients that they serve. There is no single right or wrong way to divide the processes or responsibility for the management of these various components. For the purposes of this chapter, the topic of distributed IT infrastructure management is segmented into the following components: Systems administration focuses on the management of client and server computers and the operating systems and network operating systems that allow the client and server computers to communicate. This could also be considered as local area network administration. Enterprise network management focuses on the hardware, software, media, and network services required to seamlessly link and effectively manage distributed client and server computers across an enterprise. This could also be considered internetwork (between LANs) administration.