Raritan keeps close eye on infrastructure

Open source tools form solid base for foray into network management with CommandCenter NOC 250

The Raritan company name is absolutely synonymous with KVM switching. In fact, I’ve heard more than a few admins use the word Raritan to describe KVM switches made by another manufacturer, and Raritan’s MasterConsole KVM switches can be found in datacenters far and wide.

That’s why its new product, the CC (CommandCenter) NOC 250, is so interesting. Nearly a year ago, Raritan acquired Oculan, a maker of network management appliances. This was a big move on Raritan’s part, pushing it beyond the KVM business and into the realm of in-band network management.

As the first Raritan-branded appliance of its type, Oculan’s expertise shows in the CC NOC 250’s strong scanning abilities. After putting the device through its paces for a few weeks, it seems to me that this first salvo is a good one, but not quite a bull’s-eye.

Open source tools, closed-source code

A 1U rackmount appliance built on a standard PC mainboard, the CC NOC 250 is equipped with a normal complement of ports for video, PS/2 keyboard, and mouse, plus a serial port and two gigabit NICs. One network interface is configured for management; the other is reserved to run in promiscuous mode, listening on a switch mirror port to track traffic flows through network aggregation points.

The CC NOC 250 is built on a custom Linux distribution, booting a relatively recent kernel, and is essentially a collection of open source tools that provide a wide array of network management functions. These tools, combined with some closed-source code, provide a solid view of a network from several perspectives: Network scan reports provide information on all discovered network devices from routers to workstations to servers; system and service availability reports show trends in service uptime; active vulnerability scans gauge the security level of the network.

The CC NOC 250 can be combined with the Raritan Secure Gateway, and it hooks into Raritan’s Dominion KVM switches directly from the Web interface to serve up several types of alerts, including e-mail notifications of network events. Thus, when a problem is detected with a server that’s connected to a Dominion KVM switch, the CC NOC 250’s warning notification e-mail contains a link that will immediately bring up the Dominion KVM console for that server. That’s handy.

Because this device is designed to function on a midsize network, I deployed the CC NOC 250 on a production network with approximately 250 workstations, 20 Windows servers, and about 60 Linux servers. The CC NOC 250’s licensing limits it to 25 Windows servers and 250 Windows workstations, so this was a good fit.

Ideally, the initial configuration is performed via a serial console session when the device is first powered up. Unfortunately, this never seemed to work properly in my testing, which is perplexing because serial console support in Linux is as old as the hills.

The first CC NOC 250 device I received had a problem booting, although I did get boot messages via the serial connection. I had better luck with the replacement appliance, although the serial connection would not function.

Thoughtfully, the bootloader on the appliance has two sets of boot modes: one with serial support and another with standard KVM support. Using the latter, I was able to configure the appliance and bring it up on the network.

Proxy powers

When it got rolling, the initial configuration of the CC NOC 250 was clear-cut, as you assign an IP to the device via console and then complete the config with a Web browser. The wizard-driven configuration is almost as straightforward, but in a few instances I was left wondering exactly what information was required, such as the initial configuration for vulnerability scans. I found the answers to my questions in the documentation, but the process wasn’t always as straightforward as it should be.

For the CC NOC 250 to gather information on Windows servers and workstations, a WMI (Windows Management Interface) proxy service must be run on a Windows system. This proxy service collects data on other Windows systems and relays that information back to the CC NOC 250 for cataloging.

The proxy is a fairly direct method of gathering this type of information, but Raritan’s documentation and support specifies that this proxy service be run on the Windows XP Pro SP2 platform, not on a server-grade platform. Although the proxy service does run on Windows Server 2003, Raritan insists it is supported only on XP at this time. To run such an integral service on a workstation isn’t good design -- XP isn’t a server-class OS -- but there are plans to support this service officially on Windows Server 2003 in the future.

I configured the CC NOC to use the proxy service for WMI information, and I assigned several internal subnets to be scanned for Windows information. Shortly thereafter, the CC NOC 250 presented a list of Windows servers and workstations, with most systems correctly identified.

Raritan’s Windows focus showed in the system list, however: the CC NOC classified all the Linux systems as workstations whether they were or not, and although some data was gleaned from them via SNMP, by and large, the Linux support in the CC NOC isn’t substantial. The systems will appear in the device lists, but little else is available.

Delving into the scan data, I could pull up a list of every application installed on every system discovered during the scan, as well as run queries on individual applications or workstations to determine where the apps were installed. The combination of the crisp UI and detailed reports make obtaining and maintaining application data easy.

Setting sights on security

The CC NOC can also be used to perform security and vulnerability scans of the internal network, from simple port scanning and patch-level detection to full-blown DoS simulation attacks, and it does a good job.

The core of this capability is based on the Nessus open source vulnerability scanner, and it’s accompanied by Snort-based IDS functionality that uses the promiscuous mirror port to gather IDS data. Also, when the mirror port is used, the CC NOC 250 uses RRDTool graphing to elegantly show network utilization broken down by IP protocol; historical data is available as well.

Overall, many of the features of the CC NOC are available to anyone willing to spend a little time downloading, installing, and configuring the various open source tools that provide the same functions, but the Windows management tools are unique to Raritan. Despite the few fits and starts encountered during initial setup, I found the CC NOC 250 to be a useful network monitoring tool, even if you use it only for gathering Windows data.

InfoWorld Scorecard
Management (25.0%)
Value (10.0%)
Setup (10.0%)
Interoperability (10.0%)
Performance (20.0%)
Ease of use (25.0%)
Overall Score (100%)
Raritan CommandCenter NOC 250 8.0 9.0 6.0 8.0 9.0 8.0 8.1