Raritan keeps close eye on infrastructure
Open source tools form solid base for foray into network management with CommandCenter NOC 250Follow @pvenezia
When it got rolling, the initial configuration of the CC NOC 250 was clear-cut, as you assign an IP to the device via console and then complete the config with a Web browser. The wizard-driven configuration is almost as straightforward, but in a few instances I was left wondering exactly what information was required, such as the initial configuration for vulnerability scans. I found the answers to my questions in the documentation, but the process wasn’t always as straightforward as it should be.
For the CC NOC 250 to gather information on Windows servers and workstations, a WMI (Windows Management Interface) proxy service must be run on a Windows system. This proxy service collects data on other Windows systems and relays that information back to the CC NOC 250 for cataloging.
The proxy is a fairly direct method of gathering this type of information, but Raritan’s documentation and support specifies that this proxy service be run on the Windows XP Pro SP2 platform, not on a server-grade platform. Although the proxy service does run on Windows Server 2003, Raritan insists it is supported only on XP at this time. To run such an integral service on a workstation isn’t good design -- XP isn’t a server-class OS -- but there are plans to support this service officially on Windows Server 2003 in the future.
I configured the CC NOC to use the proxy service for WMI information, and I assigned several internal subnets to be scanned for Windows information. Shortly thereafter, the CC NOC 250 presented a list of Windows servers and workstations, with most systems correctly identified.
Raritan’s Windows focus showed in the system list, however: the CC NOC classified all the Linux systems as workstations whether they were or not, and although some data was gleaned from them via SNMP, by and large, the Linux support in the CC NOC isn’t substantial. The systems will appear in the device lists, but little else is available.
Delving into the scan data, I could pull up a list of every application installed on every system discovered during the scan, as well as run queries on individual applications or workstations to determine where the apps were installed. The combination of the crisp UI and detailed reports make obtaining and maintaining application data easy.
Setting sights on security
The CC NOC can also be used to perform security and vulnerability scans of the internal network, from simple port scanning and patch-level detection to full-blown DoS simulation attacks, and it does a good job.
The core of this capability is based on the Nessus open source vulnerability scanner, and it’s accompanied by Snort-based IDS functionality that uses the promiscuous mirror port to gather IDS data. Also, when the mirror port is used, the CC NOC 250 uses RRDTool graphing to elegantly show network utilization broken down by IP protocol; historical data is available as well.
Overall, many of the features of the CC NOC are available to anyone willing to spend a little time downloading, installing, and configuring the various open source tools that provide the same functions, but the Windows management tools are unique to Raritan. Despite the few fits and starts encountered during initial setup, I found the CC NOC 250 to be a useful network monitoring tool, even if you use it only for gathering Windows data.