In-Depth
Keep an Eye on Those Servers
The right server management tool closely monitors your network and offers proactive responses to most common problems.
You can't let your guard down when it comes to server management. It can be too costly to just let your servers sit there and hope they're functioning at full capacity.
Whether or not your company has consolidated servers, closely managing those servers is critical. Consolidation reduces the total number of servers and makes each one that much more important (see "You're Fired," December 2004). On the other hand, if you still have servers deployed everywhere fulfilling all sorts of functions, you need to keep a close eye on them to ensure that they're carrying their weight and not draining corporate resources.
You need the right server management tool to keep watch—one that will not only monitor, but proactively correct problems as they occur. It's much better to be told that a server was running out of disk space and that the problem has been fixed than to watch that server come to a screeching halt because its drives are full.
We stress tested six server management tools for this roundup: Microsoft Operations Manager 2005, Altiris
Server Provisioning Suite 6.0,
LANDesk Server Manager 8.5, Argent Guardian 8.0, Fidelia NetVigil 3.6.3 and up.time 3.0.9. While products
like the two highest-scoring tools
from Altiris and LANDesk provide complete server provisioning, others focus specifically on server monitoring and service level maintenance.
|
(Click image to view
larger version.) |
We put each product through its paces on multiple servers running Windows Server 2003, all configured for various roles. This way we knew what to manage at the individual server level and what to manage on all servers. We could then concentrate on managing the specific aspects of each particular server role.
For example, on Active Directory Domain Controllers, you must manage the size of the NTDS.DIT file that stores Active Directory. You also need to make sure replication is working properly and doesn't hog all your bandwidth. That's why server management tools need specific role-based management packs—detailed feature sets that tell you what to manage and monitor for servers fulfilling specific roles like Domain Controller, SQL Server and Exchange server.
You should keep these characteristics in mind when considering a server
management package:
- Ease of installation and deployment
- Ability to monitor servers and
provide scripted responses to
common problems
- Capacity for integration to specific server roles
- Support for industry standard
operational models such as
the Information Technology Infrastructure Library (ITIL)
- Support for integration of standard operating procedures in heterogeneous or homogeneous environments
- Script programming and extensibility of the system
- Support for Web-based Enterprise Management (WBEM)
You also need to know what you should do and when. How often should you perform each activity? What should you do daily, weekly or monthly? Are there any ad hoc management or monitoring tasks you should perform? Click here to access a sample management schedule to help with these decisions.
Evolving Gracefully:
MOM 2005
Microsoft Operations Manager (MOM) 2005 is another step in the evolution of Microsoft's grand plans for systems management and server monitoring. While it stands on its own as a powerful server management and monitoring tool, Microsoft plans to combine MOM and Systems Management Server into a single provisioning package called Microsoft System Center, but that won't happen for a while.
Improvements to MOM 2005 include the new administrator and operator consoles (see Figure 1). The new look is similar to Outlook and offers quick access to remote control, IP configuration, the management console, Event Log and other tools. You'll use the administrator's console for deployment and configuration, as it includes detailed information on deployment procedures.
|
Figure 1. The MOM 2005 operator console has the same look and feel as Outlook
2003, and gives you immediate access to information about managed systems. (Click image to view larger version.) |
MOM's agents now work with the local system account on Windows 2000 servers or the network service account on Windows Server 2003. The latter grants agents only the required access, so Windows Server 2003 deployments are now more secure. MOM 2005 also has a new agentless management mode, which monitors systems through Microsoft remote procedure calls (RPC). This mode is for monitoring servers where you can't install an agent for performance reasons.
MOM 2005 is more manageable
and scalable than earlier versions. For example, MOM management groups can now include up to 3,500 agent-managed servers and 60 agentless systems. A management server can
support 1,200 agent-managed systems and a management group can have up to
10 management servers. A management group can also process up to 120,000 alerts per day, a considerable improvement over the previous version.
MOM 2005 uses management packs for role-based server management that cover Active Directory, Exchange, SQL Server, Terminal Services and even the Microsoft Baseline Security Analyzer servers. Microsoft releases new
management packs every time it updates a product in the Windows Server System (WSS) group.
MOM 2005 also includes the MOM Connector Framework, which lets you integrate third-party tools with MOM, offering a broader view of the network. Smaller enterprises can opt for the MOM 2005 Workgroup Edition (WE), designed to simplify managing smaller environments. MOM WE is a good addition to a small business management toolkit, even though it's limited to monitoring 10 servers.
The Complete Package:
Altiris Server Management Suite 6.0
Altiris Server Management Suite (SMS) supports every phase of a server's
lifecycle—managing server deployment; inventory; desired state management; software and patch delivery; recovery
and problem resolution; and health
monitoring. SMS does more than MOM 2005, which is focused on monitoring and problem resolution. Altiris SMS
provides complete server management and provisioning for a lower cost than the full version of MOM.
Altiris SMS has a nicely designed
step-by-step process for connecting the notification server to a database server and creating the Altiris database. For server management, SMS provides availability and performance monitoring, uptime reporting, trend analysis, service restarting, automated system snapshots before configuration changes and so on. Because it starts with a complete inventory of a system's settings and resources (see Figure 2), the Altiris SMS can provide details about a server from the moment it's deployed to its ultimate retirement. Historical reports show what happened to a system throughout its service cycle.
|
Figure 2. The Altiris Console provides
comprehensive information about any server in your network from any location.(Click image to view larger version.) |
Altiris also offers a comprehensive client management suite that works off the same console. If you're looking for a complete systems management suite, this may well be the one.
Deployment Choices:
LANDesk Server Manager 8.5
Like Altiris, LANDesk offers a complete server lifecycle management tool in LANDesk Server Manager (LSM). Version 8.5 lets you inventory servers, deploy software and patches, perform real-time monitoring, restart services and servers, and ensure that servers are up and running on a constant basis.
LANDesk redesigned this new version from the ground up. One interesting aspect of the new LSM is the on-demand agent, with its small, event-related footprint. When the agent needs to do something, it loads itself into memory. Once it's done, it automatically unloads itself. This is pretty cool because it makes the most of available resources.
LANDesk uses an interface during installation that automatically checks for prerequisites. If any prerequisite is missing, you can't install the software. You can also install LSM separately from the full LANDesk Management Suite. Like MOM and Altiris SMS, LSM can run with MSDE, but also supports SQL Server and Oracle databases. We prefer SQL Server because it's fully relational and considerably cheaper than Oracle.
After installing the LSM core server, activate it to collect system information. To deploy agents, you first must discover devices, using any of several methods. The easiest is using an IP range. It's surprising the Windows edition doesn't include an Active Directory-based discovery method. This would greatly simplify discovery because all servers have an AD account. When items are discovered, select the ones to target (see Figure 3). After this, they're fully managed devices.
|
Figure 3. The LANDesk console is
completely Web-based. (Click image to view larger version.) |
From this point, you can manage security patches and software deployments; use real-time monitoring to view both hardware- and software-related events and predict potential failures; recover crashed servers; and control performance and availability on your servers. LSM is easy to use once it's configured and the Web interface lets you access services from anywhere in your organization. One tip though—on Windows Server 2003, add the LSM Web site to the Local Intranet zone to enable single sign-on.
Like Altiris SMS, LSM is a good choice for complete server management.
A Unique Agentless Approach:
Argent Guardian 8.0
Argent takes an agentless approach to server management, which has less overall impact on the server and its operation than products with agents.
Argent Guardian uses special application programming calls to collect data on Windows machines. For Unix, it relies on telnet or the Secured Shell (SSH). You do need enterprise credentials for this because the system actually logs on to the target machines to collect data. It supports server roles through data collection rules including Active Directory, Terminal Services, Event Log, performance and even several machine-specific collections like HP, Dell, Cisco, Compaq and so on. These rules are designed to support service level agreements (SLA), a key aspect of server management.
Installation is easy, and Argent Guardian performs item discovery right up front. This way you know you'll be managing all your systems. Another nice touch is that AD is the default discovery method when installing on Windows, making discovery very effective. Argent also supports several other discovery methods, mostly based on TCP/IP.
Argent supports several databases. In fact, it offers the widest database support of the products included here. By default, Argent targets a Codebase (or dBase IV format), but it also supports SQL Server 7 and 2000, Microsoft Access and Oracle 8 and above. Codebase turned out to be just fine and was completely automated by the setup process.
|
Figure 4. Argent Guardian’s interface reflects a more traditional service management approach. It also offers a separate Web-based interface. (Click image to view larger version.) |
Argent has specific rule sets for SQL Server, Exchange, AD and so on. There are also several canned reports for network traffic, system uptime, monitoring trends and performance data. The
console is simple and easy to use (see
Figure 4). It is not Web-based by default, but Argent provides a downloadable Web console. The default interface is the closest to a traditional monitoring tool interface with maps built right in. This is cool for large organizations, because you have your entire WAN at a glance on the start-up screen. Larger networks have to sub-divide monitored servers into regions with about 100 servers per region, which is the recommended sizing from Argent.
Argent covers a lot of monitoring ground and supports more than just servers. So if you want a solid network-monitoring tool, Argent Guardian could be the tool for you.
On with Open Source:
Fidelia NetVigil 3.6.3
Fidelia NetVigil also takes a different approach to server management. First of all, the software runs on top of open source components—the database is MySQL and the Web server is Apache. This means you can't have Internet Information Services (IIS) running on the destination server running NetVigil. The NetVigil package is complete—it puts all the required components into a single installation file.
Fidelia NetVigil is installed as the default Web site, so you're brought to the console automatically. Sign in is very "Unix-like." You need to sign in as the "superuser" to administer the system. Default passwords and login information are displayed right on the login screen, so it's hard to miss.
To begin the discovery process, log in as localuser and create devices to
be used in your discovery process. NetVigil can manage several different device types (see Figure 5), so it's really up to you as to what you want to manage. Once you've
created the managed devices list, log off as a user and log in as a "superuser" or administrator, as only administrators can perform discovery.
|
Figure 5. Fidelia NetVigil uses a Web interface driven by an Apache Web server. As you can see, it supports several different types of devices. (Click image to view larger version.) |
Perhaps because of this, the actual
discovery screen is buried under the "superuser" menu. You can set up discovery jobs to run immediately or run them on a schedule. As a "superuser," you can set up different departments and create additional users that play varying roles in the server management process.
NetVigil is based on the concept of tests. When you've discovered and identified the devices to manage, NetVigil runs regularly scheduled tests against them. In the event of a test failure, it runs a set of actions against the machine that failed the test. Those "Action Profiles" can include sending e-mails or pager messages, or running scripts to restart a service or even a server.
There are two classes of profiles for users and administrators. If you have a machine that supports a key group of users in your network, you can warn them when a test fails on the server. Administrative profiles relate to complex operations like rebooting a server or restarting a service. These profiles support service level agreements.
You manage much of NetVigil through scripts and XML file modifications. It is quite powerful in that regard. If you don't mind programming and digging into XML data to modify settings and system operations, this could be the program for you. It requires a lot of technical background to get this product running properly, so it's not as well suited for the average admin. To its credit, Fidelia offers a lower cost version called Helix. We haven't tried it out, but hopefully it's
easier to use than NetVigil.
Web-based Monitoring:
up.time 3.0.9
up.time is a service and application monitoring tool that generates event-based alerts. It works completely through a Web interface, so you need to have IIS installed on the server to run up.time.
You get to the up.time console by opening a Web browser to http://localhost:9999, the default installation port. Log in as admin with a default password of admin. Like Fidelia, the up.time screen tells you the username and the password, so it's hard to miss.
The first thing it asks for is the license file. Cut and paste this into the license dialog box. Then you'll get the welcome screen. One nice touch is that this screen tells you right away what you need to do. Move to the Config screen to add systems individually. This can be time consuming if you have hundreds of servers.
There are two ways to manage systems. Systems with up.time installed are added as a managed system and provide
performance data. If there's no agent present, up.time can still monitor, but can't collect performance data. You'll eventually have to deploy up.time to each server. Because it's a Windows Installer file, it should be pretty easy to do, but you'll need a separate deployment tool. If you're running AD, you can deploy up.time with a Group Policy object.
|
Figure 6. up.time provides extensive
information on the status of each managed system by clicking on the links along the left side of the up.time window. (Click image to view larger version.) |
Once you've added systems, move to the Radar Scan tab to see the status of your systems. To view information on an individual system, click on it (see Figure 6). Once a system's detailed view is open, you can explore an extensive range of information about that server. up.time also provides detailed reports on
monitored systems and can group both systems and users into discreet containers for delegation. up.time's ease of use is most impressive. Everything is simple and straightforward with elements where they should be in the menus.
For monitoring, up.time supports root cause analysis, workload analysis, disk and file system monitors, performance monitors and even user access to systems. Its canned reports include a lot of information out of the box, and you can easily modify them to meet your own needs. This is a good, straightforward, simple-to-use monitoring tool.
Powerful Choices
Altiris and LANDesk have a much broader feature set than the others. They really do more than straight server monitoring. The Altiris suite is a complete server-provisioning tool for bare metal to retirement. It also has the lowest cost. LANDesk is also highly recommended, but it lacks some of what Altiris offers.
We especially liked the MOM 2005 operator's console interface because it is so much like Outlook 2003. Argent and Fidelia also have strong offerings with powerful features, but seem better
suited in a heterogeneous environment than a Windows-centric world. If you've already covered server provisioning and only want to monitor your servers, look to products like MOM, Argent or up.time.
More Information
Use this sample operations schedule to identify what to do when on your Windows Server 2003 servers.
This sample schedule is drawn from Windows Server 2003 Pocket Administrator by Ruest and Ruest from Osborne McGraw-hill, ISBN: 0-07-222977-2 (www.Reso-Net.com/PocketAdmin):