Previous Installments in this Series:

• Part 1 - SNMP Monitoring in OpsMgr and Essentials - Intro to SNMP
• Part 2 - Behind the Scenes of SNMP Discovery and Monitoring in Operations Manager 2007

In Part 2, we took an in-depth look at native SNMP device discovery and availability monitoring functions in Operations Manager 2007. While everything we discussed in part 2 applies here, there are several differences in SNMP device definition, discovery and monitoring between Operations Manager 2007 and Essentials 2007 you should be aware of. While the extent of the native SNMP network device monitoring Operations Manager 2007 is simple device availability (up/down), Essentials 2007 goes further than this, with a somewhat more detailed offering for network monitoring designed for smaller environments.

As in part 2, I am going to avoid trap-based monitoring entirely in this article, as I will cover that in detail in a separate post.

NOTE: At this end of this article, I’ll include links to MP reports (in Excel format) for download for any management packs described in this article, with the items of interest and discussion highlighted.

Object Classes and Discovery

Just like in OpsMgr, Essentials has a Network Device Library MP (Microsoft.SystemCenter.NetworkDevice.Library.mp) that contains a class defining SNMP network devices, conveniently called SNMP Network Device. The MP also contains an object discovery for the class and a single monitor, the Device Status Check monitor.

And up to that point, OpsMgr and Essentials are the same in their treatment of network devices. That’s where definition of our network devices ends with OpsMgr. Not so with Essentials. All of the above was described in detail in part 2, so if you missed that installment, it’s worth taking a look before you continue.

Unique SNMP Classes and Discovery in Essentials 2007

Essentials includes an additional management pack for SNMP network device monitoring you wont find in OpsMgr called the Network Device Monitoring Library MP (Microsoft.SystemCenter.NetworkDevice.Monitoring.Library.mp). This MP contains several additional object classes, most of which define types of network interfaces. See a snapshot of the additional classes delivered in this MP in figure 1.

Notice that the additional classes are all types of network device interfaces. There are no classes or discoveries (and thus, no monitoring) for other  device components, such as CPU, memory, or power supply.

Figure 1. Object Classes defined in the Network Device Monitoring MP installed by default in Essentials 2007.

Object Discoveries

There are a few discoveries in this MP, including a  discovery to identify routers, and another to identify all the interface types shown in figure 1.  Nothing unusual here, but if you’d like a list, see the “Discoveries” tab in the Network Device Monitoring Library MP Report I posted for download.

Monitoring and Performance Data Collection

There are numerous monitors and rules for monitoring network interfaces in this MP. Let’s start with monitors. As mentioned earlier, availability monitoring for SNMP network devices works the same in Essentials as it does in OpsMgr. Refer back to part 2 on that topic.

Monitors

There are quite a few monitors (about 45 by the MP report) in the Network Device Monitoring Library, which by and large focus on monitoring various types of network interfaces that can be discovered by the MP. If one were simply to look at the Monitors (Unit) page of the report, it appears that almost all monitors are DISABLED by default. However, I did find some overrides included in this MP (see the “Overrides” tab in the Network Device Monitoring Library MP Report), which show that  the Operational Status monitor for various types of network interfaces is enabled through an override.

Tuning Opportunities - There are several other monitors that may be useful, and you may want to enable. They are listed below with my thoughts.

• Late Collisions - Late collisions tell you when you have a port duplex mismatch. In other words, if the network card is set to half duplex and the network port is set to full duplex, this monitor will alert you to the problem. Duplex mismatch is a common issue that results in performance issues that can be hard to trace back to this configuration issue. My personal recommendation is that this monitor be ENABLED for all network interfaces.
• % Inbound Utilization /  % Outbound Utilization - Available on some of the specific interface types, these monitors that would alert on bandwidth utilization are disabled by default. These should probably be enabled, at least for devices supporting WAN links to ensure administrators are alerted on excessive bandwidth utilization. The default threshold is 60%, which should work well for most environments. Tune up or down based on your situation.
• Any monitor containing the word “Error” - I cannot say that there is any one error-related monitor that must be enabled, but you many want to consider enabling something to watch for network communication issues not related to bandwidth, such as physical layer issues. While there are several monitors for each type of network interface, figure 2 shows available monitors for the object type SNMP Ethernet Interface - a standard Ethernet interface. The appropriate monitor to ID these issues will vary by interface. Looking at figure 2, I would say the FCS Errors or Alignment Errors would be good candidates for catching these types of issues for Ethernet interfaces.

Figure 2 - Unit Monitors for SNMP Ethernet Interface Object Type

Rules

The rules you will find are largely used for performance data collection. Other than an Average Ping Response collection rule targeted at the SNMP Network Device class and the rules collecting % Inbound Utilization and % Outbound Utilization which are enabled (either by default or through those overrides I mentioned are included in the MP) most other rules are disabled.

While I cannot point to any other specific performance data that must be collected, you may have your network guru review the Rules tab of the the Network Device Monitoring Library MP Report for items of interest.

Views

I do like to create a custom Performance View that shows the last couple of hours of bandwidth consumption for my WAN interfaces to aid in troubleshooting.

That’s it for this installment. In part 4, we will dive into probe-based monitoring options for SNMP-enabled devices in Operations Manager and Essentials.

————————————————————————————————————-

Get System Center Operations Manager and Essentials 2007 training from the system center experts. We now offer classroom training for System Center Essentials 2007.

This entry was posted on Tuesday, September 23rd, 2008 at 12:01 pm and is filed under Essentials 2007, News, Operations Manager 2007, Tips -n- Tricks, Training. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.