a day in the life of a netadmin - xray vision with flow monitor
TRANSCRIPT
-
8/6/2019 A Day in the Life of a NetAdmin - XRay Vision With Flow Monitor
1/2
A Day in the Life
of a Network Administrator ABOUT MEMy name is Mark Brown and Im
a Network Administrator. I have a
degree in Information Technology
and have been in my job for almost
four years.
MY COMPANY
I work for a medical device and
technology reseller. We have a main
office and two branch offices. All
together there are about 120 people,which my boss (Director of IT) and I
are responsible for supporting. We do
nearly half of our business online and
the rest via our telesales team. For
a relatively small company, we have
a pretty sophisticated infrastructure
and some key business apps which
need to be available 24x7.
TECHNOLOGY ENVIRONMENT
Our web site and app servers are
located in a datacenter upstate but
our Email Servers, file servers, VOIPServers and our demo machines
are located right in our server room
in office. Our sales folks use Webex
type conferencing facilities regularly
and we moved to a VoIP system
completely two years ago. Altogether
we have around 30 servers, 135
workstations and phones and around
55 network devices
BEFORE AND AFTER
For the last six months, weve
been using a network and systems
management solution called WhatsUp
Gold. It basically runs our network
infrastructure, so I can focus on
what I need to get done. I used to
be forever behind schedule, always
playing catch up, including coming
in on weekends. Now, all that has
changed and its a great feeling
personally and professionally to be
ahead of whats going on rather than
being behind it.
X-RAY VISION WITH
FLOW MONITOR
About one month after we installed
WhatsUp Gold, we added the Flow
Monitor Plug-in Module to provide us
with in-depth application monitoring,
troubleshooting, and bandwidth
utilization capabilities. WhatsUp Gold
was working great - instead of spending
half our day fire fighting network issues,
WhatsUp Gold was proactively alerting
us before any real fires occurred. With
the addition of Flow Monitor to the mix,
we were anxious to see how in-depth
traffic level visibility would impact our
day-to-day operations. The difference
was amazing.
DAY-TO-DAY OPERATIONS WITH
FLOW MONITOR
And just this month, we used the
aggregated data to verify bandwidth
capacity for our corporate office and
links to our two branch offices.
Of course, some of the end users
jokingly refer to Flow Monitor as Big
Brother because it can detect if a
particular user is slowing down the
network with video downloads, talking
on Skype, or using a file sharing
application. We also know exactly who
is streaming audio on their computers,
which we normally allow for, except
during our peak season.
QUICK DEEP-DIVE ON NETWORKISSUES
In the past 5 months, Flow Monitor
has helped us out of quite a few traffic
jams enabling a quick deep dive into
the underlying causes of our network
slowdown.
We recently we set up new company
wide anti-spam software solution
with the most up-to-date anti-spam
signature libraries stored on our
corporate servers. After the installation
was complete, we noticed that the link
to the branch office was experiencing
high utilization nearly every hour. Flow
Monitor quickly detected that client
machines from the remote sites were
communicating with the anti-spam
server for updates - all at the same
time. Problem solved. We staggered
the update requests over the span
of a few minutes and eliminated the
utilization bottleneck.
Another incident occurred when we
relocated our finance and accounts
staff from one floor on our office to
another. The move required a different
subnet and we decommissioned an
old router that we were using earlier.
Unfortunately, a few of the workstations
-
8/6/2019 A Day in the Life of a NetAdmin - XRay Vision With Flow Monitor
2/2
were still configured to be part of the old network. Right
after the move we saw an increase in the amount of
bounced traffic between these workstations and the
default gateway. Problem solved. Knowing exactly which
workstation was part of the routing loops made it easy to
rectify the configuration and get the new network to settle
down smoothly.
Another time, I arrived at work one morning and noticed
there were a large number of failed connections on our
main router and this pattern had persisted for a couple of
hours. Flow Monitor showed that all of the transmissions
were from a few IP addresses outside our network. It was
a classic case of an external attack looking for vulnerable
open ports on our router and firewall. Sure enough the
security logs in our firewall said the same story. Problem
solved. We quickly blocked the offending IP addresses
and called our security services vendor for additional
support. There it was no waiting, no finger pointing and
no fire-fighting.
SETTING UP FLOW MONITOR
Flow Monitor installed in minutes and it was pretty
straightforward to configure our routers and switches
to send the flow management data. In fine-tuning our
implementation we spent a few hours configuring Flow
Monitor to gain automated insight into various traffic
parameters. We set up thresholds for the volume of traffic
and conversations from each workstation source and keyinterfaces (on our router and switches). The VoIP system
is integral to our business, we set up custom thresholds
tracking RTP traffic from/to specific hosts. And we also
set up notifications to track failed connections, which
would alert us to intrusion attempts.
HINDSIGHT IS INDEED 20/20
The funny thing is that we waited several years to bring on
a network management tool. But once we were on it and
saw its power, the transition to getting more sophisticated
in our network management approach took much less
time.
With visibility at
the level of traffic
source/destinations
and conversation
pairs, we would
have known instantly
which machines were
communicating with
external sites locatedout of the country. We
would also have noticed the large number of failed VoIP
connections and the call quality degradation.
WHATS STILL MISSING?
Over the past 6 months, weve achieved a lot in terms
of improving our network management approach and ou
chosen solution has paid for itself many times over. Now
that we know exactly what network management software
can do we plan on extending our application monitoring
capabilities to include Microsoft Exchange and MySQL
We will let you know how it goes.