Networking

Using the Network Dashboard Views in SCOM 2012

John Joyner introduces the four new dashboards that are part of the network monitoring engine for Microsoft System Center Operations Manager 2012.

A useful technology that is bundled with a default installation of Microsoft System Center Operations Manager (SCOM) 2012 is the new Network Monitoring engine based on "Smarts" technology originally developed by EMC Corporation. SCOM 2012 will positively identify specific network devices, and can monitor hundreds of devices such as network switches and routers at the port level and correlate this information with server and application health models.

After SCOM 2012 has discovered the devices on your network(s), both the devices -- and the interfaces of previously discovered Windows computers and other devices to those devices -- are automatically monitored for performance, errors, and availability. This viewing of network device health, in the context of the computers being interconnected by the devices, is powerful and logical. The automatic nature by which only key interfaces are selected for monitoring is a clever approach to avoiding collecting too much interface performance data.

In addition to all the familiar SCOM view folders and reports, SCOM 2012 network monitoring introduces four new dashboard views to convey data. These are the Network Summary, Node, Interface, and Vicinity Dashboards.

Network Summary Dashboard View

The Network Summary Dashboard view is the only new dashboard view that is exposed in the view folder hierarchy (in the navigation pane of the SCOM console), so it's often the first place you'll look for a high-level overview of the health of your monitored network devices. The other network dashboards are invoked from the summary dashboard itself, or from the Tasks pane of any selected Windows computer or network device.

Figure A shows the several components in the summary dashboard. These tools help you identify the network devices and interfaces in your organization that are both slowest, the busiest, and those with the most errors. Use the summary dashboard to select nodes and interfaces for further analysis, then by right-clicking or using the Tasks pane, pivot to the network node or network interface dashboards.

Figure A - Network Summary Dashboard provides insight across all monitored network devices (click to enlarge all figures)

Network Node Dashboard View

A node is any device connected to a network. Switches and routers are among the most common kinds of nodes you will discover. The node dashboard provides details on the health of a particular device. The upper portion of the node dashboard consists of the network vicinity view for that node, as well as "speedometer" gauges for node availability today, yesterday, in the last week, and in the last month. (Periods of time that were not monitored are counted as "available" in the availability statistics, so newly discovered devices will not appear to have had outages in the gauges.) The lower portion of the node dashboard includes a list of all interfaces on the node that are being monitored. From this view, you can manually override the automatic selections of which interfaces are monitored by SCOM. Also, by right-clicking on specific interfaces, you can pivot to performance or reporting views that drill down into the near term or long term history of an interface. In Figure B, the Interface Packet Analysis report for "PORT 4" on "switch1" during the previous week appears in a second window.

Figure B - Pivoting to the Interface Packet Analysis report from the node dashboard view.

Network Interface Dashboard View

An interface is a physical entity with which network connections are made, such as a port. By default, SCOM 2012 only monitors ports that are connected to other Windows computers or devices that are being monitored. The interface dashboard is the most detailed view of a particular interface. This is where you can zero in on a very specific counter, for problem investigation and capacity planning. Figure C shows key counters (for the previous 24 hours history) on a particular interface. In this case, we are looking at PORT-1 on ‘switch4', the ‘Interface with most receive errors' seen at the bottom of the summary dashboard, Figure A. The scenario is that you are getting more details on the interface, specifically, to answer the question: How significant are the errors on this interface? The Send/Receive Error and Discards chart on the lower right in Figure C showed just one low spike, so it's probably not a serious issue.

Figure C - Network Interface Dashboard: the last 24 hours in the life of a particular interface.

Network Vicinity Dashboard

Perhaps the most compelling view in the new SCOM 2012 network monitoring feature is the Network Vicinity Dashboard. This view diagrams a node--and all Window agent computers and other nodes--that are connected to that node. You can toggle up to five (5) hops, and whether to view connected computers or not. Selecting a particular connection in the diagram allows you to identify which physical switch or router ports are involved; these appear in the details area of the dashboard as seen in Figure D.

Figure D - The Network Vicinity Dashboard retains full functionality using the SCOM 2012 Web Console.

Limitations in the first release of the Network Vicinity feature include that it only works with Windows computers (not Linux computers); it does not take into account Hyper-V host/guest relationships; and it does not show network interface teams as "teamed". The Vicinity View, like all the network dashboards described in this article, works in both the full SCOM 2012 console as well as the SCOM 2012 web console.

About

John Joyner, MCSE, CMSP, MVP Cloud and Datacenter Management, is senior architect at ClearPointe, a cloud provider of systems management services. He is co-author of the "System Center Operations Manager: Unleashed" book series from Sams Publishing, ...

3 comments
tim
tim

Does SCOM 2012 have any alerting output options so I don't have to watch the dashboards all day? Can it syslog to my SIEM service so I can correlate with malware etc.?

John Joyner
John Joyner

Other than the SCOM console and the SCOM web console, there are four ways to communicate alerts: SMTP emails, SMS text messages (with modem), Instant Messages (IM via OCS/Lync with outbound gateways to other messenger services), and command line. If you had a syslog utility, you could use the command line option possibly to retransmit SCOM alerts to a syslog server via the utility.

andy.poulos
andy.poulos

What does it show when it comes across a server that has NICs teamed? Also, does it recongnize Cisco's VSS connections?

Editor's Picks