TechNet Magazine > Home > Issues > 2006 > January • February >  Toolbox: New Products for IT Professionals
ToolBox New Products for IT Professionals
Greg Steen


Keep an Eye on Your Servers
Overseer Network Monitor
At a mere $39.99 per monitoring system with no per-device charges, the Overseer Network Monitor from Sensible Software Solutions is an extremely cost-effective way to monitor numerous systems on your network. And it doesn’t require client software on the servers you monitor. With companies cinching their IT budget belts, an easy-to-use tool like Overseer doesn’t break the bank and gives you the basic monitoring services all network infrastructures need.
Installation of the software is a breeze, and it runs as a Windows® service, so you don’t have to stay logged in on your host machine to keep the monitor running like you do with other low-cost network monitoring packages. The Overseer interface runs as a Microsoft® Management Console (MMC) snap-in, so if you have your own custom management console view, adding this software takes just a couple of clicks.
The first thing you need to do to get set up is to specify your Notification mechanisms. The software supports e-mail (and thus SMS, cell phone/pager, and e-mail to voice notification) and NET SEND notification. If you are worried about your e-mail relay going down, Overseer also has an integrated backup SMTP delivery agent that will attempt a direct delivery if the primary mail relay server does not respond. In addition to notification, the software supports logging to both text files and ODBC data sources, which is a great way to gather data for trending and to aggregate uptime/failure statistics for your infrastructure. You can also log and notify both failure and success statistics, allowing you to trend your response time.
After setting up your notifications, you are then ready to configure your monitors. Overseer classifies its various monitoring modules by resource class. The first is standard HTTP/HTTPS monitoring, which initiates a GET request to the specified URL at a customizable interval. The software doesn’t handle form or content checks, but it does include the option of supplying a username and password for all server-protected sites and services.
The next resource class is the Ping monitor. This allows you to check ICMP responsive devices. The count and loss tolerance are both configurable, and you can set the failure parameters based upon unreachable destination or latency tolerance.
Overseer’s service monitoring module allows you to monitor local and remote Windows services via authenticated remote procedure calls (RPCs) to the machine. If a service does fail, you can attempt to restart it remotely. Service monitoring, of course, requires you to keep RPC ports open between the monitor and monitored server, so this is best suited to trusted LAN use.
Similarly, you can configure the Event Log module to watch for errors, warnings, and informational log entries for specified log sources. There is only one thing this feature is lacking—the ability to easily monitor the event logs for any error from any event log source.
Overseer’s Disk Space module allows you to check via administrative shares the disk usage percentage and send notification at a specified threshold. This module requires that you leave administrative shares enabled on the remote machine—a setting that your organization’s security best practices policy may not allow. Again, this is a feature thatis best suited for use inside the same network segment.
The last module is the EM1 environmental monitor. This tool allows you to gather and set up alerts based upon environmental data such as temperature and humidity. This data is collected by a SensaTronics EM1 monitoring device. This is a cool feature for those willing to invest $300 in an environmental monitor. But it’s too bad this module isn’t generalized for any SNMP-aware environmental monitor.
For the next version, I’d like to see the ability to check other vital Windows network resources, such as SQL Server™ and Web sites and services running on ports other than 80 and 443. But overall, the current version of Overseer provides the system administrator with an easy to use and inexpensive way to monitor the basic resources of a multi-server Microsoft-based network.
Price: $39.99

Keep Tabs on Bandwidth Usage
PRTG Traffic Grapher
Bandwidth utilization is a key issue for any infrastructure manager. Because the cost of heavy traffic is high, businesses are constantly monitoring to see how much, when, and for what bandwidth is used. Besides lowering costs, careful management of bandwidth usage helps administrators pick the best times to run administrative tasks like backing up and patch delivery—contrary to what some administrators believe, picking 4 A.M. just because it’s early in the morning isn’t always the best option.
PRTG Traffic Grapher, from Paessler, provides a clean and clear-cut visual solution that will satisfy both the IT professional and the business analyst, This cost effective software provides both live usage and periodical usage trends of almost any piece of network and server gear. After installing the Windows-based software, you configure network sensors that measure data. PRTG supports three methods of gathering traffic data: Simple Network Management Protocol (SNMP), packet sniffing, and Cisco Systems Inc.’s Netflow protocol. (Netflow support costs extra.)
SNMP-based measurements are port-based and can be used to monitor switch and router traffic. Though the product is primarily used for bandwidth usage monitoring, its SNMP features can be used to monitor almost any periodic or rate-based SNMP-aware feature your gear utilizes. For example, you can monitor drive space, processor time on individual CPUs or groups of CPUs, memory usage, and disk I/O. Using the packet-sniffing mode, PRTG can measure all the network data that passes by the network card of the host. To accomplish this on a Windows host, the software installs the Open Source WinPcap packet capture library to provide the low-level network access needed to see all traffic passing by the interface. This is useful for LAN traffic management, as well as for monitoring traffic on network devices that have a building monitoring port that replicates all traffic passing through the device on the monitoring port.
Write to Toolbox
If you have a favorite tool or utility you would like to see featured here, please write to the editors at tntools@microsoft.com
The third method of data gathering utilizes the Netflow protocol which, not surprisingly, most Cisco networking gear supports. In addition to the actual monitoring portion of the application, PRTG includes an embedded Web server that enables remote access to the traffic graphs. This, in combination with PRTG’s live usage statistics, offers a great way for your Network Operations Center (NOC) to keep a vigilant eye on current network traffic from a central monitoring location.
The product is also scalable to enterprise environments. Pricing for the software starts at $49.95 for 25 sensors, with an unlimited sensor version available for $499.95. Unfortunately, users who want to use the Netflow features will have to shell out a few hundred more dollars. Paessler also offers a free personal license which gives you one sensor on one interface.
Price: Starts at $49.95 for 25 sensors and no Netflow support.

Book Review
Two leading Microsoft security experts and TechNet Magazine contributors, Jesper Johansson and Steve Riley, have put out a great reference book of guidelines and protection practices for Windows-based networks. Protect Your Windows Network: From Perimeter to Data (Addison Wesley Professional, May 2005) is a "plain-English" book loaded with information. It starts off describing the different elements of a hack and then proceeds into the various layers of a typical corporate or Internet infrastructure, sharing advice on how to best protect that infrastructure.
I especially liked the chapter called "Educating Those Pesky Users." It details the concept of social engineering and explains how people get conned into sharing information. The chapter stresses a very important point—the necessity of user education.
Chapter 9, "Network Threat Modeling," defines three stages: document, segment, and restrict. Though today’s overworked IT professional may find this difficult to maintain, a living data flow document can provide a great way to quickly identify and mitigate vulnerabilities and entry points of attack. The book also contains an excellent chart that delineates the common traffic coming to and from your domain controllers.
When the book reaches the section on authentication mechanisms, a topic the authors call the "Last Line of Defense," it goes into some nice detail about NTLM/LM authentication and guidelines for password protection. And it makes an insightful distinction between "uncrackable" (passwords that are resilient to brute force attack) and "unguessable" (passwords that cannot be guessed remotely).
The section entitled "Security for Small Business" is another highlight, giving a good overview of the basic steps any small business IT person should follow. In the last appendix, you’ll find a reprint of the Microsoft TechNet article "10 Immutable Laws of Security." This is information that every system administrator should have.
Overall, this book is a great way to start familiarizing yourself with the different aspects of security for Windows networks.
Price: $49.99

Find and Merge Differences in Files
WinMerge 2.4
Keeping server configurations in sync can be a nightmare for any multi-server infrastructure. And the complexity increases with every new server added to the farm. It would be ideal if every infrastructure had all the necessary tools in place to consistently deploy and maintain a complex, ever-changing infrastructure. The truth is, however, that many organizations don’t.
The open source WinMerge 2.4 gives system administrators a powerful, yet easy to use, graphical application for comparing files. You can compare IIS 6.0 metabase files, ASP.NET Web application configuration files, custom VBS deployment scripts, and so on, keeping elusive deployment and configuration mismatch problems at bay. In addition to highlighting the difference between files, the application can merge changes between files. This is very useful when you may have had one system administrator make a change on half your servers and another make a different change on a different server.
WinMerge also does directory comparisons to ensure the number of files, timestamps, and sizes are all in sync. So the next time a robocopy script fails, you will have a quick way to determine exactly where it left off in a file copy. If you are looking for a Trojan that has attached itself to your binaries, a clever trick is to use WinMerge to detect the file size differences between your Windows servers. WinMerge also supports Unicode if you are running in a 32-bit character environment. Of course, database administrators will also love this tool, as it allows them to quickly and visually compare and merge SQL scripts.
The application was created with application developers in mind and provides basic integration with Visual SourceSafe® and ClearCase version control systems. Although the tool does not currently support history or check in tools, it does let you check out files under version control and make changes. Developers may also find this an integration life saver for merging projects into a unified form before putting the project under source control. The product is free and is licensed under the GNU public license.
Price: Free

Monitor Your Microsoft Hosts
HealthMonitor 3.0
HealthMonitor 3.0 is a handy open source application for monitoring Microsoft hosts. Written in Visual Basic® .NET under the GPL, HealthMonitor is quite extensible. The application runs as a Windows service on Windows 2000 or later machines that have the .NET Framework 1.1 installed. It utilizes the Windows Management Interface (WMI) to monitor set thresholds and system performance, as well as any custom script, batch, or executable event that returns OK or Error signals to standard output.
The application can employ e-mail, SMS, NET SEND, or a custom script as couriers for event notification. Unfortunately, notification rules are set at a global level, which means you can’t tailor a notification to the specific event being monitored. The application can log to a text file or a Microsoft SQL resource. The application has a plug-in API that lets you develop custom system checks in Visual Basic .NET, as well as use an external custom script. Installation includes six plug-ins. The first is a disk check which will notify you when the host hits a certain percentage or specific space threshold. Memory thresholds can be set in the CheckMemory plug-in. The CheckServices plug-in allows you to check the status of a selected set of Windows services and it will notify you on failure.
Meanwhile, the Check Script plug-in allows you to hook into any custom monitoring scripts and pipe their results into notifications and an event database.
HealthMonitor’s UI leaves a lot to be desired. But if you have a .NET-based developer on staff who can help to extend the application to fit your environment, this app will provide a nice starting point.
Price: Free

Greg Steen is a technology professional, entrepreneur, and enthusiast. He is always on the hunt for new tools and methods to help make operations and development easier for IT professionals.
© 2008 Microsoft Corporation and CMP Media, LLC. All rights reserved; reproduction in part or in whole without permission is prohibited.
Page view tracker