Network+ Guide to Networks, 6th Edition Chapter 15 Network Management At a Glance Instructor’s Manual Table of Contents Overview Objectives Teaching Tips Quick Quizzes Class Discussion Topics Additional Projects Additional Resources Key Terms 15-1 Network+ Guide to Networks, 6th Edition 15-2 Lecture Notes Overview In this book, the students have learned the technologies and techniques necessary to design an efficient, fault tolerant, and secure network. However, their work is not finished once all the clients, servers, switches, routers, and gateways have been installed. After a network is in place, it requires continual review and adjustment. A network, like any other complex system, is in a constant state of flux. Whether the changes are caused by internal factors, such as increased demand on the server’s processor, or external factors, such as the obsolescence of a router, the student should count on spending a significant amount of time investigating, performing, and verifying changes to the network. In this chapter, the student will learn about changes dictated by immediate needs as well as those required to enhance the network’s functionality, growth, performance, or security. The student will also learn how best to implement those changes. Chapter Objectives After reading this chapter and completing the exercises, the student will be able to: Explain basic concepts related to network management Discuss the importance of documentation, baseline measurements, policies, and regulations to assess and maintain a network’s health Manage a network’s performance using SNMP-based network management software, system and event logs, and traffic-shaping techniques Identify the reasons for and elements of an asset management system Plan and follow regular hardware and software maintenance routines Teaching Tips Fundamentals of Network Management 1. Define and describe the term network management. 2. Explain the scope of network management. a. Note that the scope of network management techniques differs according to the network’s size and importance. 3. Point out that several disciplines fall under the heading of network management. a. Emphasize that all disciplines share the goal of enhancing efficiency and performance while preventing costly downtime or loss. 4. Explain that ideally, network management accomplishes its goals by helping the administrator predict problems before they occur. Network+ Guide to Networks, 6th Edition 15-3 5. Point out that before a network professional can assess and make predictions about a network’s health, however, they must measure and understand the networks logical and physical structure and understand how it functions under typical conditions. Documentation 1. Explain that there are many different types of network documentation. 2. Describe the documentation that should be implemented for sound network management. 3. Define the term configuration management. 4. Explain why documenting all aspects of a network promises to save work in the future. 5. Define and explain the term network diagram. 6. Explain how understanding conventions for network documentation can make a network professional’s task easier. a. Point out that the diagrams use icons standardized or made popular by Cisco. 7. Use Figure 15-1 to illustrate a network diagram using Cisco symbols. 8. Point out that network diagrams provide broad snapshots of a network’s physical or logical topology. 9. Define and describe a wiring schematic. 10. Use Figure 15-2 to illustrate a wiring schematic. Teaching Tip Students may download packages of Cisco networking icons at http://www.cisco.com/web/about/ac50/ac47/2.html. Baseline Measurements 1. Define and explain the term baseline. 2. Explain what might be included in baseline measurements. 3. Use Figure 15-3 to illustrate an example baseline for daily network traffic over a sixweek period. 4. Note that baseline measurements allow a network professional to compare future performance increases or decreases caused by network changes or events with past network performance. Network+ Guide to Networks, 6th Edition 15-4 5. Point out that the more data gathered while establishing a network’s baseline, the more accurate a prediction will be. 6. Describe why network traffic patterns might be difficult to forecast. 7. Explain how a network professional gathers baseline data on the network. Policies, Procedures, and Regulations 1. Explain why an organization should follow rules. 2. Describe internal policies, procedures, and regulations that make for sound network management. 3. Point out that state and federal regulations need to be addressed. a. Describe the CALEA (Communications Assistance for Law Enforcement Act). b. Describe the HIPAA (Health Insurance Portability and Accountability Act). 4. Emphasize that many of the policies and procedures mentioned in this section are not laws, but best practices aimed at preventing network problems before they occur. Fault and Performance Management 1. Point out that after documenting every aspect of a network and following policies and best practices, the network’s status may be assessed on an ongoing basis. 2. Define the term performance management. 3. Define the term fault management. Network Management Software 1. Explain why organizations often use enterprise-wide network management software. 2. Point out that there are many network management software applications. Teaching Tip Some popular applications include IBM’s Tivoli NetView and Cisco’s CiscoWorks. Navigate to each product’s Web page to illustrate the products capabilities. IBM Tivoli: http://www-01.ibm.com/software/tivoli/products/netview CiscoWorks: http://www.cisco.com/en/US/products/sw/cscowork/ps1008 3. Define the term polling. 4. Define the term agent. Network+ Guide to Networks, 6th Edition 15-5 5. Describe the objects that may be managed. 6. Explain what is contained in a MIB (Management Information Base). 7. Explain how agents use SNMP (Simple Network Management Protocol). 8. Use Figure 15-4 to illustrate the relationship between a network management application and managed devices on a network. 9. Point out that a network management application can present an administrator with several ways to view and analyze the data. 10. Use Figure 15-5 to illustrate a map showing network status. 11. Explain the benefit and drawback of network management applications. 12. Explain why it is important to collect only useful data and not an excessive amount of routine information. 13. Describe one of the most common network management tools used on WANs. Teaching Tip Navigate to the MRTG (Multi Router Traffic Grapher) Web site at http://oss.oetiker.ch/mrtg to demonstrate capabilities of the product. System and Event Logs 1. Explain how virtually every condition recognized by an operating system can be recorded on a computer. 2. Introduce the Windows-based system event log. 3. Introduce the Windows-based system Event Viewer. 4. Use Figure 15-6 to illustrate an example of data collected in the event log on a workstation running the Windows 7 operating system. 5. Define and describe the UNIX and Linux system log. 6. Point out that most UNIX and Linux operating systems provide a GUI application for easily viewing and filtering the information in syslog files. 7. Explain why using these logs for fault management requires thoughtful data filtering and sorting. Network+ Guide to Networks, 6th Edition Teaching Tip 15-6 Demonstrate to the class where the event logs can be found on a Windows-based system. Open the logs to see the recorded information. Traffic Shaping 1. Define and describe the term traffic shaping. a. Include an explanation of traffic shaping goals. 2. Describe the techniques used in traffic shaping. a. Define and explain the term traffic policing. 3. Use Figure 15-7 to illustrate how traffic volume might appear on an interface without limits compared to an interface subject to traffic policing. 4. Describe the controversial example of traffic shaping that became known in 2007 with Comcast. 5. Define and explain traffic prioritization. Caching 1. Define and explain the term caching. 2. Define and explain web caching. 3. Explain how caching benefits an ISP. a. Include an explanation of a cache engine. Quick Quiz 1 1. True or False: The scope of network management techniques differs according to the network’s size and importance. Answer: True 2. Because of its status in the networking world and the volume of networking hardware it sells, ____________________ has set trends for network diagramming. Answer: Cisco 3. In addition to internal policies, a network manager must consider ____ regulations that might affect her responsibilities. a. state b. federal c. state and federal d. local Answer: C Network+ Guide to Networks, 6th Edition 15-7 4. The network management protocol that provides for both authentication and encryption is ____. a. SMTP b. SNMPv1 c. SNMPv2 d. SNMPv3 Answer: D 5. True or False: Much of the information collected in event logs and syslog files does not point to a problem, even if it is marked with a warning. Answer: True Asset Management 1. Define and explain the concept of asset management. 2. Review the first step of inventory management. 3. Explain that the asset management tool selected depends on an organization’s needs. 4. Describe the benefits of asset management. Change Management 1. Explain why managing change while maintaining a network’s efficiency and availability requires good planning. 2. Introduce change management and techniques for approaching the most common types of software and hardware changes, from installing patches to replacing a network backbone. Software Changes 1. Point out that an important part of keeping a system running optimally is upgrading its software. 2. Describe the common software change types. 3. Review the general steps involved in implementing software changes on a network. 4. Emphasize that generally, upgrading or patching software according to a vendor’s recommendations is a good idea and can often prevent network problems. 5. Define and explain the term patch. a. Describe how they may be distributed. Network+ Guide to Networks, 6th Edition 15-8 b. Describe how patches are installed. c. Explain how to stay appraised of patches. 6. Define and explain client upgrades. a. Emphasize the importance of reading all documentation before applying the upgrade. b. Note that the upgrade may be completely transparent to the user or offer a new appearance. c. Describe the pre- and post-installation steps. 7. Define and describe shared application upgrades. a. Emphasize that these software upgrades affect all users at once. b. Point out that these upgrades use the same principles as other upgrades. c. Note that because these upgrades tend to enhance functionality, one must weigh the time, cost and effort involved with the true need for the new functionality. d. Note that training may be required for significant changes. 8. Define and describe network operating system upgrades. a. Point out that this is one most critical type of software upgrades a network professional will perform. b. Emphasize that this type of upgrade involves significant, potentially drastic, changes to the way servers and clients operate. c. Note that this type of upgrade requires plenty of forethought, product research, and rigorous testing before being implemented. d. Review with the class, the significant questions that should be asked and answered before this upgrade. e. Reemphasize that this type of upgrade is a complex and far-reaching change, noting that it should not be undertaken with severe budgetary, resource, or time constraints. f. Review steps to undertake when planning an NOS upgrade. 9. Explain that if the software upgrade creates problems in an existing system, a network professional should be prepared to reverse the process. 10. Define the term backleveling. 11. Emphasize that the steps that constitute backleveling differ, depending on the complexity of the upgrade and the network environment involved. 12. Use Table 15-1 to summarize some basic techniques to reverse a software upgrade. 13. Note that a network professional should always refer to the software vendor’s documentation to reverse an upgrade. 14. Emphasize that for backleveling a network operating system upgrade, a network professional should also consult with experienced professionals about the best approach for the network environment. Network+ Guide to Networks, 6th Edition 15-9 Hardware and Physical Plant Changes 1. Explain why hardware and physical plant changes might occur. 2. Note that the same issues apply to hardware changes as apply to software changes. 3. Review the eleven steps to consider when considering a change to network hardware. 4. Discuss the difficulty involved in adding or upgrading hardware on a network. a. Explain how a great deal depends upon whether an organization or the network professional has used the hardware in the past. b. Note the special steps that may need to be taken due to hardware changing so rapidly. c. Explain the different types of preparation that may need to be taken for the various network device types. Networked workstation Networked printer Hub or access point Server Switches and routers d. Emphasize that the most disruptive and complex hardware to add or upgrade is also the most difficult to remove or backlevel. e. Point out that keeping safety in mind when upgrading or installing hardware on a network is important. 5. Discuss the difficulty involved in cabling upgrades on a network. a. Point out that cabling upgrade can require significant planning and time to implement, depending on the size of the network. b. Remind students that troubleshooting cabling problems is easier with current and accurate wiring schematics. c. Emphasize that the best way to ensure that future upgrades go smoothly is to document existing cable before making any upgrades. d. Explain why it is best to consider upgrading the network cabling in phases. e. Discuss why it is important to weigh the importance of the upgrade against its potential for disruption. f. Describe how large and small organizations approach cabling upgrades. 6. Discuss the difficulty involved in network backbone upgrades. a. Emphasize that this is one of the most comprehensive and complex upgrade types. b. Describe the requirements that need to be in place before upgrading the backbone. 7. Discuss the need to provide a way to reverse the hardware change if something should go wrong. a. Point out that if the hardware upgrade is for a faulty device, then there is no possible reinstallation. Network+ Guide to Networks, 6th Edition 15-10 b. Discuss how old components should be stored in case they are needed to reverse the hardware change. Quick Quiz 2 1. True or False: The first step in asset management is to take an inventory of each node on the network. Answer: True 2. A patch is a form of a(n) ____ change. a. hardware b. software c. monitoring d. asset Answer: B 3. ____________________ upgrades affect all users at once. Answer: Shared application 4. The most critical type of software upgrade a network professional will perform is an upgrade to the ____________________. Answer: NOS (network operating system), network operating system, NOS 5. If you are replacing a(n) ____ hardware component or device, restoration is not possible a. faulty b. live c. important d. critical Answer: A Class Discussion Topics 1. Documenting a network is essential in troubleshooting and support. Discuss the security implications in keeping such documentation. How should an organization balance access to the documentation against protecting the network from intentional hacking, compromise or damage? 2. As a class, discuss how long an upgraded hardware and software components should be stored in case there is a need to back out and reinstall. What considerations should be taken into account when determining the appropriate time to discard old or upgrade equipment? Network+ Guide to Networks, 6th Edition 15-11 Additional Projects 1. Have the student research network diagramming products on the market and write a report of their findings. The research should include three products and a comparison of the technical specifications, ease of use (if available), price, availability, and product ratings (if available). 2. MRTG is an excellent tool for graphing network performance, but for larger enterprises, the approach used by MRTG is not ideal. Investigate the tool Cacti, which uses a similar database for data collection as MRTG, and determine if such a tool can be used for an organization with several hundred stacks of network switches, dozens of routers, and a complex set of MAN-level links. Additional Resources 1. Communications Assistance for Law Enforcement Act (CALEA) http://www.fcc.gov/calea/ 2. HIPAA (Health Insurance Portability and Accountability Act) http://www.dol.gov/dol/topic/health-plans/portability.htm 3. Cisco Support Page http://www.cisco.com/en/US/support/index.html 4. Cisco PIX Firewall System Log Messages http://www.cisco.com/en/US/docs/security/pix/pix44/system/message/pixemint.html 5. Microsoft Help and Support http://support.microsoft.com/ Key Terms agent - A software routine that collects data about a managed device’s operation and provides it to the network management application running on the console. backleveling - The process of reverting to a previous version of a software application after attempting to upgrade it. cache engine - A network device devoted to storage and delivery of frequently requested files. caching - The local storage of frequently needed files that would otherwise be obtained from an external source. CALEA (Communications Assistance for Law Enforcement Act) - A United States federal regulation that requires telecommunications carriers and equipment manufacturers to provide for surveillance capabilities. CALEA was passed by Congress in 1994 after pressure from the FBI, which worried that networks relying solely on digital communications would circumvent traditional wiretapping strategies. Network+ Guide to Networks, 6th Edition 15-12 Communications Assistance for Law Enforcement Act - See CALEA. configuration management - The collection, storage, and assessment of information related to the versions of software installed on every network device and every device’s hardware configuration. event log - The service on Windows-based operating systems that records events, or the ongoing record of such events. Event Viewer - A GUI application that allows users to easily view and sort events recorded in the event log on a computer running a Windows-based operating system. fault management - The detection and signaling of device, link, or component faults. Health Insurance Portability and Accountability Act - See HIPAA. HIPAA (Health Insurance Portability and Accountability Act) - A federal regulation in the United States, enacted in 1996. One aspect of this regulation addresses the security and privacy of medical records, including those stored or transmitted electronically. Management Information Base - See MIB. MIB (Management Information Base) - A database used in network management that contains a device’s definitions of managed objects and their data. network diagram - A graphical representation of a network’s devices and connections. network management - The assessment, monitoring, and maintenance of the devices and connections on a network. patch - A correction, improvement, or enhancement to part of a software application, often distributed at no charge by software vendors to fix a bug in their code or to add slightly more functionality. performance management - The ongoing assessment of how well network links, devices, and components keep up with demands on them. polling - A network management application’s regular collection of data from managed devices. Simple Network Management Protocol - See SNMP. Simple Network Management Protocol version 1 - See SNMPv1. Simple Network Management Protocol version 2 - See SNMPv2. Simple Network Management Protocol version 3 - See SNMPv3. SNMP (Simple Network Management Protocol) - An Application layer protocol in the TCP/IP suite used to convey data regarding the status of managed devices on a network. SNMPv1 (Simple Network Management Protocol version 1) - The original version of SNMP, released in 1988. Because of its limited features, it is rarely used on modern networks. SNMPv2 (Simple Network Management Protocol version 2) - The second version of SNMP, which improved on SNMPv1 with faster performance and slightly better security, among other features. SNMPv3 (Simple Network Management Protocol version 3) - A version of SNMP similar to SNMPv2, but with authentication, validation, and encryption for packets exchanged between managed devices and the network management console. SNMPv3 is the most secure version of the protocol. syslog - A standard for generating, storing, and processing messages about events on a system. Syslog describes methods for detecting and reporting events and specifies the format and contents of messages. Network+ Guide to Networks, 6th Edition 15-13 system log - On a computer running a UNIX or Linux operating system, the record of monitored events, which can range in priority from 0 to 7 (where “0” indicates an emergency situation and “7” simply points to information that might help in debugging a problem). You can view and modify system log locations and configurations in the file /etc/syslog.conf file on most systems (on some systems this is the /etc/rsyslog. conf file). traffic policing - A traffic-shaping technique in which the volume or rate of traffic traversing an interface is limited to a predefined maximum. traffic shaping - Manipulating certain characteristics of packets, data streams, or connections to manage the type and amount of traffic traversing a network or interface at any moment. upgrade - A significant change to an application’s existing code, typically designed to improve functionality or add new features. Web caching - A technique in which Web pages are stored locally, either on a host or network, and then delivered to requesters more quickly than if they had been obtained from the original source. wiring schematic - A graphical representation of a network’s wired infrastructure.