September 3, 2003 By Merrill Douglas
About four years ago, DoIT's network engineers added Sniffer Portable probes, from Network Associates Inc. (NAI), to their troubleshooting arsenal. When a problem arose, an engineer plugged a unit into the affected portion of the network to capture and analyze data packets as they passed through. But the devices offered only a snapshot. They could not define normal network conditions with which they could compare current behavior.
When DoIT started replacing its old fiber distributed data interface (FDDI) network, officials decided to install tools to watch over data traffic all the time and quickly pinpoint problems, instead of tapping in only when something went wrong.
"We tested some network management products that could suit us for troubleshooting the network and also monitoring and reporting on the network," Duke said. "After evaluating everybody through a rigorous process, we decided Network Associates had the best to offer."
Since last year, DoIT has installed about 25 of NAI's Sniffer Distributed data probes to continually monitor traffic on its new Cisco Enterprise campus-area network. DoIT also implemented two of NAI's centralized network protection tools ? Network Performance Orchestrator (nPO) Manager and nPO Visualizer. Duke said DoIT now solves network problems much faster. Often the technology helps DoIT find anomalies and fix them before they affect end-users.
DoIT's Gigabit Ethernet campus-area network serves approximately 20,000 state employees in Indianapolis and surrounding Marion County. Another 19,000 employees in about 200 state agencies in 800 offices throughout Indiana are connected with this infrastructure through a wide-area network (WAN). Duke and his staff administer the campus network. The Indiana Telecommunications Network (ITN), is responsible for the WAN.
Lug and Plug
In the past, with only the portable probes, troubleshooting was a time consuming process. "You'd lug a portable somewhere and plug it in, go back to your desk, wait a couple of days, go back, unplug it, and check out what you'd been capturing," Duke said.
With the new distributed data probes, it's easy to view data not only on current network behavior, but also on changes that occur over time. Instead of visiting the scene of a problem, an authorized technician can use a Web browser to view probe data from anywhere on the network.
"Instead of spending three business days, we're spending 30 minutes and figuring out the problem," Duke said.
NAI's Sniffer nPO technology allows DoIT to administer network probes from a central console and monitor activity on the entire network.
Sniffer nPO Manager allows managers to install updated software on all network probes at once, configure them remotely and set up different access levels for different users. Before DoIT implemented this tool, Duke configured and updated the probes manually. To avoid making the wrong changes on the wrong units, he said, he had to document every step in the process ? which was a lot of work.
Managers also use nPO Manager to establish alerts for various abnormal conditions, said Chris Thompson, vice president of product marketing at NAI. When a probe detects a security or performance problem, such as a series of invalid logon attempts or network congestion, an on-screen alarm appears.
Who's the Culprit?
Sniffer nPO Visualizer provides Web-based network analysis and trend reporting. "You'll see inconsistencies or discrepancies, and can drill down into that report and find out who the culprit is and what's going on before somebody actually calls about it," said Duke.
Using network probes and nPO Visualizer, network administrators can establish what normal network traffic looks like, Thompson said. "When
You may use or reference this story with attribution and a link to