Review: The best network monitoring system on earth
ScienceLogic EM7 brings ultraflexible, ultrascalable, carrier-grade network monitoring to the enterprise
Built for big networks
One point I want to make very clear is that EM7 should not be compared to WhatsUp Gold or other network monitoring systems designed for the single enterprise. This is a carrier-class system that was born from engineers working with national and international carriers that needed enough flexibility to handle hundreds of entities and a similar number of connected networks. The fact that EM7 can use national weather service map overlays to put potential trouble spots into perspective gives you a good idea of the system scope the Science Logic folks are used to. Even so, keep in mind that I've been using EM7 for the past year or so in a single college on a single campus at a single university. Pricing is a function of the number of systems you're monitoring.
In other words, the EM7 pricing structure doesn't differentiate between a flat enterprise network with 1,000 devices to monitor as opposed to our network that includes dozens of labs with projects behind their own firewalls. All of this sits on a collection of NAT Class C IPv4 subnets -- some with public addressing and a smaller number making the transition to IPv6. If you have projects behind NAT firewalls, you can put in a virtual machine collector that feeds systems information to the main EM7 database for the same price as a flat network with a single collector. If you're not virtualized yet, the database and collectors are also available as a physical appliance. We make use of both physical and virtual appliances.
Initial setup is quite easy, though EM7 has its own way of doing things. At first, I was confused over where to find features and the use of a whole new terminology. Ultimately, the logic of EM7's naming conventions seems to come back to the multitenant nature of the solution.
For instance, the "registry" handles devices, device groups, networks, users, and just about anything you might typically call "assets," but with a multitenant twist. The same goes for "run book" (I might have used "action items"), which is a collection of items the system will run for notifications, scripts, and cascading actions. The run book is where the automation lives, based on scripts contributed by Science Logic and the EM7 user community. My favorite is an automation script we employ in the InteropNet NOC that uses SNMP put commands to turn on a power socket that flashes either red or blue flashing lights to indicate major or critical alarms.
The customizability of EM7 is a huge differentiator. After a year of learning the system, the team at Interop 2011 went to town with a wide variety of dashboards created both by the Science Logic team and by the InteropNet crew. One was designed to fit the massive 55-inch monitor in the NOC, and it allowed the network operations team to keep an eye on the status of various equipment groups from across the room. Because EM7 dashboards are customizable on an individual basis, we even created HTML5 dashboards so that the team could use an iPad to watch key components. (EM7 dashboards are currently a mix of HTML5 and Flash, but Science Logic is migrating more and more of the widgets to HTML5 and away from Flash.)
Another great feature is the ability to have both individual and shared dashboards based on templates that display only the information appropriate to the user account. At the SOEST Research Computing Facility, each research group can have its own set of dashboards to monitor its equipment, while all groups can have access to the school's dashboards that monitor key equipment further up in the network architecture. At Interop, we had different sets of dashboards so that the wireless, VoIP, and router folks could monitor what's important to them, while avoiding status information that might distract them from their mandate.
With a network that spans the entire continental United States, the InteropNet crew needs to know if a storm might affect our network performance. This map of the Century Link Cyber Centers and our cross-country links is overlaid by a live National Oceanic and Atmospheric Administration weather feed.