Past Issues of Government Technology

The Lay LAN

Networks make government business more virtual.

by / January 31, 1999 0
In the last 10 years, there has been a tremendous expansion of network deployment. Government agencies are realizing the benefit and productivity gains created by network technologies and are installing and expanding networks.

Networks have become dynamic entities. The combination of network hardware, software and the people using them is called network management, which keeps the LAN running smoothly and efficiently. Network administrators and managers need more control and security to improve communications, increase efficiency and manage critical data and documents.

The main problems associated with network expansion and deployment are day-to-day operations and growth planning.

The staffing requirements for managing large and heterogeneous networks have created a crisis for many organizations. Automated network management and capacity planning, integrated across diverse environments, have become a necessity.

Network management tools help bring order to network management, giving network managers information and capabilities they need to run their LANs efficiently. Management tools can help managers trouble-shoot cable breaks, find the causes of network slowdowns, track network usage, maintain security, help managers plan for expansion, and more. They have become an essential part of the network manager's operations.

Most network management architectures use the same basic structure and set of relationships. Computer systems and other network devices run software that sends an alert when problems arise. Automated systems are programmed to react by executing one or more actions, including operator notification, event logging, system shutdown and automatic attempts at system repair.

Well-known network management protocols include the Simple Network Management Protocol (SNMP) and Common Management Information Protocol (CMIP).

SNMP is a protocol that defines the communication between network management and a device or process to be managed. While SNMP is widely used, it has several limitations. Some consider it too simplistic to handle large and complex applications. Many foresee that CMIP, the network management standard for Open System Interconnection, may surpass TCP.

Stuff You Should Know

Five critical functions of network management systems are overseeing performance, configuration, accounts, faults and security.

Performance management entities provide immediate access to historical statistical information about network operations. They can analyze data to determine normal operational levels and appropriate performance thresholds for each important variable, so that alarms are tripped when thresholds are exceeded.

Performance management also permits proactive methods. A network simulation can be used to project how network growth will affect performance metrics. Such simulations can alert administrators to impending problems so that corrective measures can be taken.

The goal of configuration management is to monitor network and system configuration information so that the effects on network operation of various versions of hardware and software elements can be tracked and managed. Because all hardware and software elements have operational quirks or flaws that might affect network operation, such information is important to maintaining a smooth-running network.

The goal of account management is to measure network utilization parameters so that the individual or group uses of the network can be regulated appropriately. Such regulation reduces network problems, because network resources can be apportioned by resource capacity.

The first step toward appropriate account management is to measure utilization of all important network resources. Analysis of the results provides information on current usage patterns, and quotas can be set by administrators. Measurement of resource use can provide billing information as well as information used to assess optimal resource management.

Fault management detects, reports and automatically fixes network problems and errors to keep the network running effectively. Because faults can cause downtime or unacceptable network degradation, fault management is perhaps the most widely implemented system.

Fault management involves determining the problem's symptoms, isolating and fixing the problem, then testing the repair and documenting the entire process.

Security management restricts access to network resources according to agency guidelines so that the network cannot be sabotaged or inadvertently screwed up, and so that sensitive information cannot be accessed by those without appropriate authorization. It generally involves setting passwords that give users controlled access. A security management subsystem can monitor users logging on to a network resource, refusing access to those who enter inappropriate access codes.

For some users, access to any network resource is inappropriate. Such users are usually company outsiders. For internal network users, access to information originating from a particular department may be inappropriate. Access to personnel files, say, is generally inappropriate for users outside the human resources department.

While many network operating systems provide limited network management capability, they are designed to work with other product vendors that offer specific network management products for more detailed needs.

Stuff You Can Buy
ClickNet Professional

ClickNet Professional 4.0 provides powerful and comprehensive managing tools for PC LANs. It provides complete, automated documentation for all the PCs on the network and helps identify, diagnose and resolve network problems.

Users can automatically inventory PC desktops, diagram the network, initiate remote-control sessions and produce detailed network reports.

ClickNet Professional 4.0 is a 32-bit application and requires Windows 95, 98 or NT.

Additionally, ClickNet Y2K and VeriDate software packages can help administrators assess and evaluate hardware and software Y2K compliance.

Additional information is available by contacting ClickNet at 800/599-3200.

Computer Associates

Driven by the rising demand for automated network management solutions, Computer Associates' eight software programs -- AimIT, CryptIT, ShipIT, ProtectIT, NetworkIT Pro, GuardIT, DoubleIT and DirectIT -- are giving network administrators broader reach and greater flexibility in managing their enterprise network.

AimIT is an easy-to-use program for tracking and managing IT assets in a heterogeneous environment. It provides automated hardware and software inventory, configuration management, software metering and auditing, reporting and advanced scripting tools.

AimIT minimizes the need to visit individual desktops for routine management, provides detailed information about hardware and software configuration, and notifies the network manager when a problem is detected. It minimizes downtime by providing consistent system configuration. It requires Windows NT and agents: Windows 3.x, 95, 98 or NT, OS/2, Macintosh, UNIX, OpenVMS.

CryptIT is an advanced data-encryption solution that protects data against potential intrusion. It automatically encrypts data when sent over a TCP/IP network.

CryptIT provides encryption for all TCP/IP environments and allows administrators to manage network encryption policies for a large number of hosts from a central location.

It requires an Intel-based server, 8MB of disk space and 32MB of RAM, and requires Windows 98, 95 or NT.

ShipIt provides automated distribution, installation and upgrades of software applications, operating systems and files. Managers will avoid the cost of manually administering software, freeing skilled IT staff to perform other critical functions.

ShipIT provides distribution schedules, automates time-critical deliveries and conducts automated installation.

Supporting environments are Windows NT, UNIX, NetWare.

ProtectIt secures a distributed heterogeneous IT environment. It eliminates the need for multiproduct integration and can protect access to data from anywhere at any time.

It allows network managers to define security policies and implement them throughout the network. Data from all platforms can be combined into a single report, allowing easy audit and review of access patterns or user-specific action. It runs with Windows NT, HP-UX, Sun Solaris, IBM AIX and AVX (RACF, CA-TOP Secret, and CA-ACF2).

NetworkIT Pro efficiently and effectively manages the entire networked environment centrally from the enterprise level. It is protocol-independent, monitoring and managing network traffic while providing an integrated picture of network performance.

NetworkIT Pro automatically discovers and classifies all networked devices and assets and builds an intuitive topology map.

It runs on UNIX and Windows NT. Protocols: TCP/IP, IPX.DECnet and SNA.

GuardIT is a firewall solution that controls network access to protect the system. It secures the network based on criteria such as designated applications, network services, and source and target addresses. It defends the networks from IP Spoofing, TCP sequence number prediction, session hijacking, encapsulated IP attack, ICMP redirect and more. It provides a powerful directory for reporting and event management.

Since additional network hardware and increased wide-area link are costly, using DoubleIT can provide additional bandwidth and optimize performance by automatically compressing data across the entire network.

DoubleIT can maximize the capacity of the existing hardware, reduce the number of data packets sent over the network and shorten the time it takes to transmit and receive data.

It requires an Intel server, 8MB of disk space, 32MB of RAM and runs on Windows 95, 98 and NT.

DirectIT allows administration of users and other directory objects across multiple directory types. It simplifies the administration of complex environments by providing centralized or distributed management of geographically dispersed directories.

Users can administer network resources such as user accounts, user groups, trust relationships and network drives. It lets administrators make changes only once, then automatically distribute and apply these changes to all appropriate directories.

Supporting environments: Windows NT domains, NIS (AIX and HP-UX), NIS and Solaris SPARC and Intel, Microsoft Exchange.

Additional information is available by contacting Computer Associates at 888/864-2368.

E-mail Security

PrivaWall is a security system for cross-wall security that provides manageable, flexible and transparent e-mail authentication and encryption to handle e-mail security and protect corporate enterprise of any size.

It allows the network manager to enforce security policies, including encryption, authentication and filtering, as well as monitor e-mail and communication processes. It ensures the total privacy and authenticity of each user's messages and attachments.

PrivaWall is compatible with any firewall and offers "push" encryption technology that allows recipients without decryption software to read encrypted messages.

Additional information is available by contacting Aliroo Inc. at 703/917-0778.

No More Bottleneck

Those who have experienced high-speed broadband know how it transforms the experience of the network and Internet. Dynamic Traffic Control is a Web-enabled, Windows NT software bandwidth optimizer that allows network administrators to take control of their bandwidth using a standard Web browser from anywhere on the network.

Dynamic Traffic Control provides information about how bandwidth is being used, allows traffic prioritization -- by time of day, IP source or destination, traffic class, etc. Individuals or groups can also be given priority access.

It provides a reporting mechanism to measure the effectiveness of a bandwidth policy.

Dynamic Traffic Control is currently being used at the Israel Academic Network, a consortium of Israel's higher-education institutions, on 40,000 workstations.

Additional information is available by calling Elron Software at 800/406-5828.

Move Your Data Around

Real-Time Replicator is an NT software product that moves data reliably from a centralized server to remote locations while maintaining network availability.

Real-Time Replicator automatically distributes up-to-the minute data over WANs from any remote site and guarantees that the data will be immediately available for use at all participating sites.

According to the company, any type of NT enterprise data can be moved, enhanced, shared and continuously protected while ensuring high network availability.

Additional information is available by contacting Network Integrity at 800/638-5518.

Reduce the Cost of Storage

NetReady is a network-attached storage device that eliminates the high cost and complexity of maintaining jukebox storage on a network. It can easily attach more storage directly onto the local networks.

It can be plugged into Ethernet or Fast Ethernet via standard RJ45 network jack and configured in minutes by the administrator without disrupting ongoing network traffic.

NetReady automatically assigns an IP address, allowing users access to CD jukeboxes via Windows NT, Novell Netware or UNIX networks, independently or concurrently.

The device has a 9GB hard drive that caches up to 14 650MB CDs. When paired with Plasmon's 4-CD-ROM-drive, 120-slot D-Series jukebox, users have immediate access to 18 CDs.

According to the company, NetReady costs half what traditional storage management software options do.

Additional information is available by contacting Plasmon at 612/946-4100.

I Spy

Investigator 1.2 is a keystroke-by-keystroke Windows-based monitoring tool that logs all computer usage.

It watches the active area on the screen receiving instruction from the user via the mouse or keyboard. All keystrokes and mouse actions are captured by the program -- events such as file, save as, print, etc., plus Web use.

Investigator can be made invisible to the user and actively defeat attempts at turning off the program.

Replicator 1.2 is a 32-bit multithreaded program and runs on Windows 95, 98, and NT.

Additional information is available on the WinWhatWhere Web site.

Deliver it Over the Internet

E-Delivery is a content delivery and installation application over the Internet. It provides online distribution, installation and control of both software and content over the Internet/intranet and WAN.

According to Frederick Duguay, ATP chief executive officer, "E-Delivery will allow software developers and all other current providers to truly deliver and install their applications over the Net." The company said e-Delivery works over any platform.

Download time is reduced by compressing application files, resuming from the point of connection failure and, with upgrades, only delivering the necessary codes.

It will cut manufacturing costs by avoiding replicating CD-ROMs, printing manuals and packaging.

Additional information is available by contacting ATP Technology Partners Inc. at 800/501-5214.

Phoenix Domain Reconfiguration Tool 2.0 and Virtual Administration Tool 2.0

Phoenix Domain Reconfiguration allows enterprises to plan and fully automate Windows NT domain-consolidation projects. Administrator can perform a domain reconfiguration from a central location without visiting any workstation in the network domain. It provides a complete set of reconfiguration tools; it automates migration of users, global groups and computer accounts, updates of local groups, access control lists and user rights.

Virtual Administrator allows Windows NT administrators to delegate simple, repetitive tasks to non-NT administrators, or "virtual administrators," who can perform specific, authorized functions, allowing the real administrators to remain focused on the real problems.

Additional information is available by contacting FastLane Technologies Inc. at 613/271-2022.

Power-management Software

Solution-Pac 97 provides a user-friendly graphical interface, making management of critical systems and power supply very easy.

It monitors and displays information graphically on the status of the uninterrupted power supply system's battery, output voltage and frequency, as well as the status of devices protected by the system. In the event of a power interruption, Solution-Pac can automatically and safely shut down systems connected to MGE uninterrupted power supply. The software also can perform automatic pager or e-mail notification of power-related events. It also has configurable scheduling features for energy conservation and reduced administration.

It supports every major platform, including Windows 3.1, 95, 98 and NT, Novell, OS/2, UNIX, IBM AIX, HP/UX, DEC UNIX, Solaris and others.

Additional information is available by contacting MGE UPS Systems Inc. at 714/557-1636.

Remote Control

Banyan Intranet Connect, Version 1.6 by Banyan enhances Web-based remote-access software. It provides remote access to Banyan VINES and Microsoft Windows NT network resources.

It provides easy e-mail capabilities, efficient multifile and directory browsing and downloading with Zip compression.

Additional information is available by contacting Banyan Systems Inc. at 508/898-1000.

Network Health

Concord Communication's Network Health is a Web-based software application that provides open, enterprise-wide, automated analysis and reporting on network performance and utilization.

Network Health retrieves and analyzes data from router, hub and RMON and RMON II agents already installed in most customer networks. It then automatically analyzes data and provides concise informative reports that summarize critical issues of LAN, WAN, Router/Switch, Frame Relay and server performance patterns.

Users utilize Network Health's automated reports on a daily basis to optimize network performance, execute capacity planning and better manage service-level agreements.

It supports all major network protocols.

Additional information is available by contacting Concord Communication at 508/460-4646.

Virtual Private Web

Extranet is becoming a viable solution for tightly integrating partners and agencies, giving them access to the agencies' data and intranets.

ExtraLAN Beta version is a virtual private Web program that allows agencies to easily build a private and secure Web in which employees, customers and partners can share information.

Unlike existing Web security software that protects specific servers, ExtraLAN provides a true network boundary through multiple agencies. Therefore, an agency can send information directly into other partners' or clients' intranets.

ExtraLAN is 100 percent Java, and makes use of LDAP-based directory service to manage users and resources within its virtual private web. Its three-tiered architecture is tied together with XML-based RPC/MQ, making it easy to build a virtual private web across agency firewalls. Resources within ExtraLAN can be hierarchically organized and managed, and management responsibilities can be delegated.

Additional information is available by contacting Extravert Technologies at 408-278-0215.