8/6/2019 A Day in the Life of a NetAdmin - XRay Vision With Flow Monitor

1/2

A Day in the Life

of a Network Administrator ABOUT MEMy name is Mark Brown and Im

a Network Administrator. I have a

degree in Information Technology

and have been in my job for almost

four years.

MY COMPANY

I work for a medical device and

technology reseller. We have a main

office and two branch offices. All

together there are about 120 people,which my boss (Director of IT) and I

are responsible for supporting. We do

nearly half of our business online and

the rest via our telesales team. For

a relatively small company, we have

a pretty sophisticated infrastructure

and some key business apps which

need to be available 24x7.

TECHNOLOGY ENVIRONMENT

Our web site and app servers are

located in a datacenter upstate but

our Email Servers, file servers, VOIPServers and our demo machines

are located right in our server room

in office. Our sales folks use Webex

type conferencing facilities regularly

and we moved to a VoIP system

completely two years ago. Altogether

we have around 30 servers, 135

workstations and phones and around

55 network devices

BEFORE AND AFTER

For the last six months, weve

been using a network and systems

management solution called WhatsUp

Gold. It basically runs our network

infrastructure, so I can focus on

what I need to get done. I used to

be forever behind schedule, always

playing catch up, including coming

in on weekends. Now, all that has

changed and its a great feeling

personally and professionally to be

ahead of whats going on rather than

being behind it.

X-RAY VISION WITH

FLOW MONITOR

About one month after we installed

WhatsUp Gold, we added the Flow

Monitor Plug-in Module to provide us

with in-depth application monitoring,

troubleshooting, and bandwidth

utilization capabilities. WhatsUp Gold

was working great - instead of spending

half our day fire fighting network issues,

WhatsUp Gold was proactively alerting

us before any real fires occurred. With

the addition of Flow Monitor to the mix,

we were anxious to see how in-depth

traffic level visibility would impact our

day-to-day operations. The difference

was amazing.

DAY-TO-DAY OPERATIONS WITH

FLOW MONITOR

And just this month, we used the

aggregated data to verify bandwidth

capacity for our corporate office and

links to our two branch offices.

Of course, some of the end users

jokingly refer to Flow Monitor as Big

Brother because it can detect if a

particular user is slowing down the

network with video downloads, talking

on Skype, or using a file sharing

application. We also know exactly who

is streaming audio on their computers,

which we normally allow for, except

during our peak season.

QUICK DEEP-DIVE ON NETWORKISSUES

In the past 5 months, Flow Monitor

has helped us out of quite a few traffic

jams enabling a quick deep dive into

the underlying causes of our network

slowdown.

We recently we set up new company

wide anti-spam software solution

with the most up-to-date anti-spam

signature libraries stored on our

corporate servers. After the installation

was complete, we noticed that the link

to the branch office was experiencing

high utilization nearly every hour. Flow

Monitor quickly detected that client

machines from the remote sites were

communicating with the anti-spam

server for updates - all at the same

time. Problem solved. We staggered

the update requests over the span

of a few minutes and eliminated the

utilization bottleneck.

Another incident occurred when we

relocated our finance and accounts

staff from one floor on our office to

another. The move required a different

subnet and we decommissioned an

old router that we were using earlier.

Unfortunately, a few of the workstations

8/6/2019 A Day in the Life of a NetAdmin - XRay Vision With Flow Monitor

2/2

were still configured to be part of the old network. Right

after the move we saw an increase in the amount of

bounced traffic between these workstations and the

default gateway. Problem solved. Knowing exactly which

workstation was part of the routing loops made it easy to

rectify the configuration and get the new network to settle

down smoothly.

Another time, I arrived at work one morning and noticed

there were a large number of failed connections on our

main router and this pattern had persisted for a couple of

hours. Flow Monitor showed that all of the transmissions

were from a few IP addresses outside our network. It was

a classic case of an external attack looking for vulnerable

open ports on our router and firewall. Sure enough the

security logs in our firewall said the same story. Problem

solved. We quickly blocked the offending IP addresses

and called our security services vendor for additional

support. There it was no waiting, no finger pointing and

no fire-fighting.

SETTING UP FLOW MONITOR

Flow Monitor installed in minutes and it was pretty

straightforward to configure our routers and switches

to send the flow management data. In fine-tuning our

implementation we spent a few hours configuring Flow

Monitor to gain automated insight into various traffic

parameters. We set up thresholds for the volume of traffic

and conversations from each workstation source and keyinterfaces (on our router and switches). The VoIP system

is integral to our business, we set up custom thresholds

tracking RTP traffic from/to specific hosts. And we also

set up notifications to track failed connections, which

would alert us to intrusion attempts.

HINDSIGHT IS INDEED 20/20

The funny thing is that we waited several years to bring on

a network management tool. But once we were on it and

saw its power, the transition to getting more sophisticated

in our network management approach took much less

time.

With visibility at

the level of traffic

source/destinations

and conversation

pairs, we would

have known instantly

which machines were

communicating with

external sites locatedout of the country. We

would also have noticed the large number of failed VoIP

connections and the call quality degradation.

WHATS STILL MISSING?

Over the past 6 months, weve achieved a lot in terms

of improving our network management approach and ou

chosen solution has paid for itself many times over. Now

that we know exactly what network management software

can do we plan on extending our application monitoring

capabilities to include Microsoft Exchange and MySQL

We will let you know how it goes.