Top 10 tools of the trade

The InfoWorld Test Center puts its heads together to come up with a winning toolbox to keep the datacenter healthy

Most of the time, InfoWorldzeros in on strategic technology decisions that affect the enterprise as a whole. But to keep your organization humming from day to day, it's vital that your IT department be equipped with the right tools. To that end, we polled our own Test Center analysts to find out what gets used on almost every job.

The choices may not be obvious to the casual observer, but they're tried-and-true. Your datacenter may have top-of-the-line networking equipment, big-ticket apps, the latest OS, and every patch ever released. But when the chips are down, your staff had better be equipped with the software arsenal it needs. When all else fails, these are the tools that get the job done.

No one can offer a Swiss army knife to cover every contingency, but our analysts and a cross section of InfoWorldcontributors have come up with the next best thing: A list of the most useful, powerful tools they've used to make things work. You won't find technology that changes the world here. But your staff may be better equipped to handle the slings and arrows of everyday IT.

1. Perl
Perhaps there has never been a more malleable, yet simple language than Perl — traits that have made it indispensable on Unix systems. Combining the portability of a shell language, simple database interfaces, surprising speed, and a world-class regular expression engine, Perl has become the duct tape that holds networks together. It’s that most important type of tool: one for building other tools.

Perl isn’t limited to the Linux/Unix world, either; plenty of time and effort has been put into making it run on Windows. ActiveState’s ActivePerl implementation is generally regarded as the best available for the Win32 platform. Its PPM (Perl Package Manager) emulates the Unix version’s CPAN (Comprehensive Perl Archive Network) access, pulling add-on modules from the Internet on request. Plenty of Windows-specific functions are also available. For example, Perl can interface with Microsoft’s Active Directory to automate object creation and modification. It can even be statically compiled into log-in scripts, for those requiring more flexibility than KiXtart can provide. Best of all, as are all versions of Perl, ActivePerl is fully open source and available at no charge, although ActiveState’s commercial ASPN (ActiveState Programmer Network) Perl package includes a variety of value-added components and support options.

2. Ethereal
rom simple packet sniffing to thorough network performance analysis, software that can peer between the layers and pull out important information about a network is a mainstay of network administration. Of the many network analysis tools available, the most malleable and easily procured is the open source package Ethereal— which explains why it made the top 10 lists of so many of the techies we spoke to.

Available for Windows and most Unix platforms, Ethereal provides an instant view into the network. Although its filtering capabilities can seem somewhat esoteric to the uninitiated, they are very powerful. It can be configured to monitor either a single server or an entire VLAN, with custom filters that display only traffic to or from certain hosts or that narrow the view down to specific protocols. Ethereal can trace captured packets from handshake to FIN (finished), generate summary reports on protocol streams, and analyze TCP streams for round-trip times and throughput. Furthermore, Ethereal’s advanced tools pull apart and inspect every packet seen on the wire, color-coded for easy viewing.

For a deep and instant look into current network traffic, Ethereal can’t be beat. After all, when diagnosing trouble networks, knowing isn’t half the battle; it’s nine-tenths.

3. NetCrunch
IT consulting has plenty of facets that I try to avoid, but few things are worse than that first week on a job, when you’re simply trying to find out what’s going on. That’s why I love NetCrunch from AdRem Software . No, it’s not a freebie open source tool, but it’s worth every penny of its $795 list price.

NetCrunch combines straight pings with a variety of targeted SNMP requests, sending its information-seeking tendrils out onto a network landscape and reporting back its findings. I get back basic IP address and DNS information for each device, as well as information obtainable via SNMP.

NetCrunch provides all this data in a series of linked maps — one for each subnet — identified by different colors and backgrounds. You can see problem devices in red, drill down to problem specifics if the device is SNMP-capable, or send an administrator an alert via e-mail. It’s also great for finding rogue wireless access points.

NetCrunch is an excellent quick administration tool. For consultants like me or for IT managers who rove between installations, there’s no better tool for getting grounded and productive quickly. 

4. HP JetAdmin
Hewlett-Packard printers are popular on enterprise networks. Given multiple printers to manage, there’s no better tool than the newest incarnation of HP’s JetAdmin management software. JetAdmin 7.5 runs as a secure Web application, is accessible from any browser, and allows administrators to query and perform myriad changes to networked printers, either singly or in groups.

For instance, with JetAdmin, a tedious job such as upgrading the firmware on 20 HP 4100N printers can be accomplished with just a few mouse clicks. JetAdmin can display a list of available firmware images for that printer series, provide a link to the latest image on HP’s Web site, and then queue that update for distribution to every matching printer on the network.

Similarly, whereas tasks such as standardizing printer names and reconfiguring printers for DHCP might normally take dozens of Telnet sessions, JetAdmin’s Web interface gets the job done quickly and easily. JetAdmin can create queues on print servers for printers discovered on the network. It can also copy drivers to the appropriate locations, identify printers by model and specified name, and enable printer sharing. Together, these features result in a truly massive reduction in time, hassle, and stress.

5. Symantec Ghost
When setting up a department network means deploying tens or even hundreds of systems, there’s really only one way to handle the load: drive imaging. By spending time up front to build a master reference image, the staff hours required to deploy and maintain desktops, laptops, and even servers can be significantly reduced.

Although a number of imaging solutions are available, the admins we spoke to agree that Ghost, from Symantec, is the top choice. Its powerful combination of drive imaging and support for Intel’s PXE (Preboot Execution Environment) installation services means a single tech can build a dozen laptops, configure them with the required applications, and deploy them — all within a few hours. Although it began as a Windows-only product, Ghost Corporate Edition now includes the ability to image partitions that have been partitioned with Linux’s ext2 and ext3 file systems.

Ghost can also be used to take snapshots of a server during the build process, making it easy to roll back to an earlier step should problems occur later in the build. When it comes to reducing the burden of repetitive installation and maintenance tasks, this handy tool is hard to beat.

6. Microsoft Software Update Services
In the InfoWorld Test Center’s San Francisco lab, I have a few dozen machines running client and server versions of Windows. As does any other systems administrator, from time to time I have to install one or more patches. Windows Update provides one-stop shopping for this purpose, and it works fairly well for individual machines. But even if I had time to fire off 30 or 40 Windows Update sessions, I’d rather use my lab’s Internet connection for other things.

That’s why I kept using Microsoft’s SUS (Software Update Services) long after the reviewhad run. For one thing, it fit my budget: It’s free. For another, it’s insanely easy to set up and use. A group policy on the Active Directory server in my lab schedules Windows Update requests and directs them to the SUS server on my internal network. Now I only need to download those critical updates once; the SUS server takes it from there. I’ve also created a system image using Ghost (see “Symantec Ghost,” above) that replicates the Active Directory policy with registry keys, for those times when I’m going to deploy a Windows client to another environment, such as Novell’s NDS. For my purposes, SUS is simply indispensable.

7. Rsync
Samba developer Andrew Tridgell originally conceived of Rsync as a file tree mirroring utility, usable either locally or across a network. Today, that simple idea has grown into a truly indispensable tool for administering servers.

At its most basic, Rsync is used for many disk-to-disk backup solutions; for instance, synchronizing the main file store to a cheap IDE disk for easy file recovery, or restoring files to production locations from online mirrors. But Rsync is more than just a glorified copy tool. Its comparison algorithm determines not only whether a file has changed on the source side but also what specific parts of the file have changed. It then copies only those parts of the file, accelerating the synchronization of large files significantly. This makes Rsync particularly attractive for tasks such as synchronizing data stores across WAN links, where bandwidth may come at a premium.

In addition, Rsync supports SSH (secure shell) tunneling to provide data stream encryption and is available for Windows through the Cygwin Project . “In 50 years’ time, I doubt anyone would have ever heard of Samba,” says Tridgell of his earlier project. “But they’ll probably be using Rsync in one way or another.” Odds are, he’s right.

8. Microsoft Visio
If there’s a single invaluable tool for network and system architects, it’s Visio. As we all know, a picture is worth a thousand words, and accurate network diagrams can greatly assist troubleshooting efforts and speed problem resolution when time is of the essence.

Once careful diagramming is introduced into the process, more and more uses for Visio will be revealed. For example, Visio 2003 Professional introduced built-in rack diagramming templates, which can be of invaluable assistance when laying out today’s dense datacenters. Forget “I hope this fits”; when combined with scale-level product stencils provided by hardware manufacturers, Visio’s templates make it simple to specify whole racks and verify that there will be room enough for everything, without lifting more than a finger.

9. VNC
RealVNC’s VNC (Virtual Network Computing) is open source, cross-platform software for remote access. According to the Web site, 20 million copies of VNC have been downloaded since it became freely available in 1998. For remote access to Windows boxes, it’s hard to beat Windows XP Pro’s single-user Remote Desktop and Windows Server 2003’s multi-user Terminal Services. I can connect to these from versions of Windows as ancient as Windows 95 and from Mac and Unix/Linux systems. But when I want to go the other way — that is, connect one or more clients to a Mac or Unix/Linux box — VNC is the universal standard.

Secure use of VNC over the Internet is possible, but setting up an SSH tunnel (see “Secure Shell,” right) isn’t as trivial as installing and using VNC itself, although that could soon change. RealVNC’s road map envisions a number of commercial applications. The first of these debuted last month at CeBit, when Adder Technology launched a version of its KVM (keyboard, video, mouse) switch that embeds a VNC server for secure remote control over IP. And because VNC remains an open source project, new uses are being invented all the time. For example, vnc2swfrecords VNC sessions directly to SWF (ShockWave Flash) files for Flash playback. There’s a bright future for this venerable tool. 

10. SSH
Quick and reliable data stream encryption is a must for moving sensitive data over unprotected networks. Configuring an IPSec VPN takes time and coordination, but SSH and its related tools provide the same protection while eliminating the cost and overhead of more complex packages.

Both commercial and free SSH packages are available, on both Unix and Windows systems. In addition to facilitating remote shell access, they typically include secure versions of a variety of file-transfer tools, such as SCP (secure copy) and SFTP (secure FTP). Using these, even automated file transfers can be secured simply and stably; no VPN required.

But SSH has many more uses beyond simple shell access and file copy operations. Remote port forwarding facilitates secure troubleshooting and administration of remote site systems and applications. In this fashion, it’s possible to create temporary encrypted tunnels for other protocols, allowing network applications to communicate with protected systems without modifying the applications to support encryption. With SSH, incorporating encryption into a network is so easy that there’s seldom a reason to leave valuable data traffic unprotected.

Copyright © 2004 IDG Communications, Inc.