Overview
With the ever increasing pace of technology advancements and requirements, it is important that we identify failure symptoms on the network before they develop into mature issues that create downtime and lost productivity.  The average network today involves three or more servers, multiple switches and printers, and at least one firewall. Without automated monitoring and management systems, it is nearly impossible for an IT manager to have global insight into all that is occurring on their network.

Event logs
On a regular basis, the IT manager should review the event logs on all servers.  The event logs are designed to catch all of the errors that show up on the screen when something goes wrong, but they also catch all of the errors that never get displayed to the user. Each server has its own logs for security, applications, and system.  The Security log records audited logins and permissions related events. It can be configured to monitor successful and/or failed attempts and provides basic info such as username, domain name, and login type. The Application log provides insight into application related events that point to file locations, failed services, and program start-ups and shut-downs. The System log deals more with network and OS level event reporting. DHCP, WINS, DNS, and TCPIP related errors are all logged. Each of these logs should be reviewed to identify the ongoing issues on the network. To view a workstation or server Event Viewer, right-click on My Computer and select Manage.

Internet Security log
Internet security has become a primary concern of most firms today. With the threat of autonomous hacking systems and vulnerabilities in all of the various systems that are deployed within a firm, proactively monitoring and eliminating threats is critical. Security management requires special competencies and experience. Identifying that attacks have been made on your system is fairly straight forward – knowing how to mitigate those vulnerabilities is where specialized knowledge of protocols and firewall management is required.

Resource management
Often times the discovery of low drive-space comes from receiving system errors that state that there is not enough free space to perform a certain action. Ideally, we would be able to trend drive space utilization so that we can budget time for maintenance and funds for drive additions. Manually trending drive, memory, and processor utilization is very difficult and is rarely done well. This is because IT managers have limited time to be proactive and the volume of information that must be recorded to properly report trending can be overwhelming.

Asset management
Most accounting firms have difficulty keeping an accurate inventory of their technologies. Keeping metrics on workstation models/types, operating system versions, hard drive sizes, amount of RAM, etc. is very hard to track manually.  All of this information must be considered when preparing IT budgets or when allocating equipment to new staff.

Proactive management and monitoring
Effectively monitoring all event logs, managing firewall security configurations, managing the availability of resources and assets is a key component of any firm’s overall IT management plan. Utilizing automated systems to assist in performing the actions will minimize the amount of time IT managers must spend to stay on top of these areas. Below is a list of features that should be evaluated when selecting a monitoring product.

Support for IP enabled devices
Most monitoring products can gather metrics on and IP-enabled device on the network; however, some systems are built with manufacturer biases and dependencies. As an example, Dell OpenManage works best with Dell servers due to the fact that Dell builds Dell-specific drivers for their servers to facilitate management and monitoring of their server hardware. When used with non-Dell systems, functionality is limited. The same is true for HP OpenView and other products released by server manufacturers.

Alert notification
The ability to set and measure thresholds for free drive-space, RAM, processor utilization and bandwidth is a key component to most monitoring systems. The monitoring system should alert IT staff when any system goes off-line unexpectedly or when it meets or exceeds any defined threshold. With alerts, we have the ability to know before a server runs out of disk space or when a tape backup fails. Alerts should be available via email, pager, and /or text message.

Service monitoring
On Microsoft Windows servers, applications that run at the operating system level are called “services.” Such services are designed to run databases, handle email, and provide workstation connectivity, among other things. When these services fail or take an extraordinary amount of time to respond, proactively restarting the service can often times resolve issues before users on the network are affected.

Asset inventory
Inventory can be collected at regular user-defined intervals to ensure that the firm always has access to up-to-date asset inventory information. When evaluating monitoring systems, the inventory features include the following: auto-discovery and updating, detailed asset reports with listing for all hardware (including CPUs, memory, and drives). It should also include reporting of installed software and patch information, as well as OS info with version number and service pack build.

Reporting
Performance reports should be available that depict graphical trending charts for all measurable aspects of a server or device. Some systems allow for web-based performance charts and executive summary reports that are delivered automatically on a scheduled basis.

Remote control
Various systems incorporate features that allow IT staff to quickly and easily control the desktop of computers and servers on the local and wide-area network. Remote control functions enable the ability for the IT manager to see the application and related error message(s) just as the end-user sees it. Remote control of the mouse and keyboard is also an option for most systems.

Ticketing system
The ability for the IT staff to track issues on the network is critical.  Having a working list of issues with the associated statuses of each ticket can provide valuable insight into staff productivity or lack thereof. For instance, knowing that several users are having application reliability or performance related problems may point to a common issue that will eventually affect all of the users on the network.

Secure connectivity
We prefer a secure communication process that requires limited configuration of the firm’s firewall security profile. For multi-office firms or in the case of outsourced monitoring, secure outbound web messages should use current web services SOAP/XML through HTTP/HTTPS rather than via the less secure SNMP protocol. Monitoring traffic should require very low bandwidth consumption and offer the option for dial-up Internet connections from remote sites where high-speed Internet connections are not available or cannot be cost-justified.

Outsourced model
Many of the monitoring services on the market can be installed and managed on the firm’s local network. Separate servers are generally required to host the monitoring system so that they are discrete from the rest of the network infrastructure. For firms with less than two FTEs on the IT management and administration team, we find that using an outsourced monitoring service is most beneficial due to the fact that hosting the system internally requires additional hardware and software licensing that must also be maintained. Along with the recommendation that the firm outsource all security-related management and administration, it is also advisable to outsource the system management technology so that the additional computing requirements and skill-sets can be maintained without any extra expertise on behalf of the firm’s IT personnel.

Monitoring systems
There are several systems available in the market that can be used to assist the firm with system monitoring. Below is a chart that outlines the general functions of each monitoring system.

For more information on several of the industry’s leading monitoring systems, please visit the following links: 

Dell OpenManage -- http://www1.us.dell.com/content/topics/global.aspx/solutions/en/opmng_monitoring

HP/Compaq OpenView -- http://www.openview.hp.com/news/about/index.html

IBM Director -- http://www-1.ibm.com/servers/eserver/xseries/systems_management/director_4.html

Xcentric Halo -- http://www.xcentricgroup.com/solutions/maintain/managedservices/halo.aspx

Trey James is the President and CEO of Xcentric, LLC, a technology consulting group that provides “Certified Networks for CPAs”.  With offices in Tulsa, Oklahoma; Birmingham, Alabama and headquarters in Atlanta, Georgia, Xcentric is the only technology firm that specializes in the accounting industry. You can reach this author or any member of Xcentric by calling 866-XCENTRIC or by email at info@xcentricgroup.com. We’re online at www.xcentricgroup.com.