Connect communicate collaborate DRAFT ON NETWORK MANAGEMENT ARCHITECTURE Esad Saitovic, Ivan Ivanovic AMRES Network monitoring workshop for GN3/NA3/T4.

Slides:



Advertisements
Similar presentations
Integrating Opengear console servers into Zenoss monitoring.
Advertisements

Integrating Opengear console servers into SolarWinds Orion NPM
Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Securing the Router Chris Cunningham.
Overview of network monitoring development at AMRES Slavko Gajin.
Implementing a Highly Available Network
Module 5: Configuring Access for Remote Clients and Networks.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
CSEE W4140 Networking Laboratory Lecture 11: SNMP Jong Yul Kim
SNMP auto LVS balancing Jason Liptak. Overview SNMP overview Network Setup Solution Lessons Learned Future 5/4/2011Jason Liptak 2.
1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.
Monitoring System Monitors Basics Monitor Types Alarms Actions RRD Charts Reports.
M2M Gateway Features Jari Lahti, CTO
SNMP Simple Network Management Protocol
COEN 252: Computer Forensics Router Investigation.
CISCO NETWORKING ACADEMY Chabot College ELEC Router Introduction.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
G4 Control and Management Solution for Data- Centers and Computer Rooms.
Network Protocols UNIT IV – NETWORK MANAGEMENT FUNDAMENTALS.
EAGLE EAGLE - Functionalities Modular Ports : WAN PortSecured Port Twisted PairTwiited PairFX Multi Mode FX Single Mode FX Long Haul 1 RS232 Serial Port.
LION GES - Overview  Fast Ethernet Switch For easy installation of medium to large sized networks For installation of high availability networks using.
Chapter 7: Using Windows Servers to Share Information.
COEN 252 Computer Forensics
Implementing VPN Solutions Laurel Boyer, CCIE 4918 Presented, June 2003.
Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.
– Chapter 5 – Secure LAN Switching
1 © 1999 BMC SOFTWARE, INC. 2/10/00 SNMP Simple Network Management Protocol.
Network Security1 – Chapter 5 – Secure LAN Switching Layer 2 security –Port security –IP permit lists –Protocol filtering –Controlling LAN floods (using.
COEN 252 Computer Forensics Collecting Network-based Evidence.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Lec 3: Infrastructure of Network Management Part2 Organized by: Nada Alhirabi NET 311.
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
EPipe 2344 Product Introduction. Protocols and Bandwidth Control Protocols TCP/IP, RIP, DHCP, TFTP, PPP, PPPoE, IPoE Bandwidth control (site-site) Multilink.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 7 – Secure Network Architecture and Management.
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir Part V: Monitoring Campus Networks.
A powerful network monitoring system
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
NMS Case Study-I NetScreen Global Manager CS720H.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.
CCNA4 v3 Module 6 v3 CCNA 4 Module 6 JEOPARDY K. Martin.
Configuring AAA requires four basic steps: 1.Enable AAA (new-model). 2.Configure security server network parameters. 3.Define one or more method lists.
Page 1 Printing & Terminal Services Lecture 8 Hassan Shuja 11/16/2004.
Organising of the NetIIS System Information System Monitoring System.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Text Overview of SNMP, FTP, Telnet. Text Overview of SNMP.
Model: DS-600 5x 10/100/1000Mbps Ethernet Port Centralized WLAN management and Access Point Discovery Manages up to 50 APs with access setting control.
Connect communicate collaborate Impact of undesirable HTTP traffic on electrical power consumption in the ICT rooms Ivan Ivanovic - BUCC/AMRES EUNIS 2012.
Networks and Security Great Demo
Chapter 7: Using Windows Servers
CompTIA Security+ Study Guide (SY0-401)
Instructor Materials Chapter 5: Network Security and Monitoring
100% Exam Passing Guarantee & Money Back Assurance
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It works.
Introduction to Networking
Chapter 5: Network Security and Monitoring
CompTIA Security+ Study Guide (SY0-401)
– Chapter 3 – Device Security (B)
Chapter 8: Monitoring the Network
– Chapter 3 – Device Security (B)
Cisco networking CNET-448
TELNET BY , S.AISHWARYA III-IT.
Chapter 10: Advanced Cisco Adaptive Security Appliance
Embedded XINU and WRT54GL
Presentation transcript:

connect communicate collaborate DRAFT ON NETWORK MANAGEMENT ARCHITECTURE Esad Saitovic, Ivan Ivanovic AMRES Network monitoring workshop for GN3/NA3/T4 Belgrade October 20-21, 2009

connect communicate collaborate Network management implementation - goals Define network topology Isolate management network (possibility for implementing out-of- band management) Approaches for non-isolated part of management network Implementing NMS Define management protocols and their usage SNMP v2c & v3 What to monitor?

connect communicate collaborate Out-of-band environment Create separate network with links to each monitored device Management access ports Network devices – Out-of-band management port – Console port (via terminal server) – Dedicated Ethernet interface Servers – Vendor specific out-of-band management port – Dedicated Ethernet interface UPS, printers, A/C etc… – Dedicated management interface Management servers should have an interface in out-of-band network.

connect communicate collaborate Out-of-band environment

connect communicate collaborate Management access to devices Host connected only to out-of-band network Access from user/administrator network (VLAN) through L3 device Access from public network via VPN connection which assumes one interface of VPN server inside of out-of-band network

connect communicate collaborate Management access to devices

connect communicate collaborate Access to devices in non-isolated network Common situation in campuses is lack of redundant links which could be used only for management purposes Possible solution VLAN for management purposes Network devices with interface (logical, physical) in management VLAN Server management interface in management VLAN

connect communicate collaborate Access to devices in non-isolated network

connect communicate collaborate NMS server access to devices In out-of-band network Dedicated interface inside of out-of-band network is used to access devices Access to NMS servers should be done through this interface (ssh, web access) VLAN environment Dedicated interface in management VLAN Access to management VLAN through NAT (static NAT)

connect communicate collaborate SNMP Protocol V3 vs. V2c SNMP V2c is more often used than V3, why? Administrators do not have experience in configuration of SNMP V3 protocol. V2c is much more easy to configure (snmpd, snmptrapd). A lot of devices use V2c as default mode of work. Network device must support data encryption in order to use stronger SNMP V3 security model. SNMP V3 with enabled encryption can be processor demanding. V2c in read-only mode is considered as safe solution?!

connect communicate collaborate SNMP Protocol V3 vs. V2c SNMP V3 user-based security models AuthPriv (Authentication is based on MD5 or SHA algorithm and DES or AES is used for data encryption) AuthNoPriv ( Authentication is based on MD5 or SHA algorithm, but SNMP data is sent in plain text) NoAuthNoPriv (User name is used like community string in V2c and SNMP data is sent in plain text)

connect communicate collaborate SNMP Protocol V3 - Guidelines SNMP V3 security in Read-Only and Read/Write mode Select best security model (SNMPv3 provides three important services: authentication, privacy and access control). Define security model for Read-Only mode. Define security model for Read/Write mode. Restrict MIB tree information on the remote device for the particular user. Restirct SNMP traffic trough the network (ACL, Firewall….)

connect communicate collaborate Commonly used SNMP variables Network Devices CPU Load – Example: cpmCPUTotalTable ( ) Available memory – I/O memory – CPU memory – Example: ciscoMemoryPoolTable ( ) Interface – Traffic throughput (bytes/sec, packets/sec) – Interface Status (L2 Up/Down, L3 Up/Down) – Example: ifXTable ( )

connect communicate collaborate Commonly used SNMP variables Servers CPU Load – Linux Example: systemStats ( ) – Windows Example: hrProcessorTable ( ) Memory status – RAM memory – Storage memory – Example: hrStorageTable ( ) Interface – Traffic throughput (bytes/sec, packets/sec) – Interface status (L2 Up/Down, L3 Up/Down) – Example: ifXTable ( )

connect communicate collaborate Commonly used SNMP variables Servers Number of established TCP connections – Example: tcpCurrEstab ( ) List of running process – Example: hrSWRunTable ( ) Number of currently logged system users – Example: hrSystemNumUsers ( )

connect communicate collaborate Commonly used SNMP variables UPS UPS Status – Example: upsBasicOutputStatus ( ) UPS Battery Capacity – Example: upsAdvBattertyCapacity ( ) UPS Battery remaining runtime – Example: upsAdvBattertyRuntimeRemaining ( ) UPS Battery temperature – Example: upsAdvBatteryTemperature ( ) UPS Output load – Example: upsAdvOutputLoad ( )

connect communicate collaborate Commonly used SNMP variables Other Network Devices Air Conditioner (Temperature, Humidity, Compressor status….) Sensors Appliance (Noise, Temperature, Humidity, Vibration, Motion, Smoke, Leak…) Printer (Cartridge status, Paper status, Number of printed pages….)

connect communicate collaborate DRAFT ON NETWORK MANAGEMENT ARCHITECTURE Esad Saitovic, Ivan Ivanovic AMRES Network monitoring workshop for GN3/NA3/T4 Belgrade October 20-21, 2009

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.