CiscoWorks Service Management Solution (SMS)

The CiscoWorks Service Management Solution (SMS) is a suite of applications used to manage network-wide service level agreements (SLAs). The key application within this suite is the CiscoWorks Service Level Manager (SLM), which allows an administrator to define SLAs thresholds, and then monitor collected data to be sure that service levels are in fact being met.

In the remainder of this section I’ll explain the key components of an SLA, the network management capabilities that much be included in order to effectively monitor SLAs, and provide an overview of how CiscoWorks Service Level Manager implements the monitoring of SLAs.

As the name suggests, a service level agreement (SLA) is effectively a contract between two parties – in this case, a company (the client) and a service provider such as an ISP. In most cases, contracts for service will be valued at anywhere from a few thousand to many hundreds of thousands of dollars per year. As such, the exact expectations as to what the customer is getting for their money needs to be clearly defined. While a home user might be willing to accept occasional service disruptions or network performance issues, these same issues can have a profound financial impact on larger businesses.

As a contract, an SLA will almost always define very specific and quantifiable data about the service that a client should expect to receive. For example, an SLA might state that a WAN connection between two offices should provide a ping response time of less than 100 ms at least 99% of the time. If this requirement was agreed upon and not met, then typically the service provider would be assessed a financial penalty under the contract. In some cases providers use very standardized SLAs that apply to all clients. In many others, SLAs become sticking points that require very detailed negotiations between the parties. Regardless, it is important to remember that an SLA defines explicit performance metrics that the service provider is agreeing to provide to the client.

While an SLA defines the key metrics associated with an agreement between the client and service provider, a method is still needed for both to test and be certain that the metrics defined are actually being met. This is where applications like CiscoWorks Service Level Manager come into play. This application allows you to define what are known as service level contracts (SLCs) meant to be consistent with the language used and metrics defined in the actual contract. Each SLC is typically made up of many individual SLAs that define thresholds and the endpoints in the communication process. Each SLA covers one specific performance metric only. For example, one SLA might be defined to measure FTP performance between two devices, and another to measure HTTP performance between the same two devices. It’s easy to see how a single SLC could be made up of many different SLAs. Returning to the previous example, an SLA might state that the ICMP response time of a WAN connection between two distinct devices (known as the source device and target device) must be less than 100 ms 99% of the time. Notice that this time, the definition of where the 100 ms comes into play is clearly defined, and is not subject to interpretation.

It is very important to be clear about the main network management capabilities that must exist in order to effectively determine whether service level agreement performance metrics are being met. These include:

  • Ensuring conformance. The primary goal of a network management solution that monitors SLAs is to ensure that the actual performance of a network conforms to the specific requirements agreed upon by both parties.
  • Isolating and identifying problem areas. Outline of ensuring conformance, the network management system should be capable of isolating and identifying any specific problems areas that exist with respect to the defined SLAs. For example, a network management solution should be able to accurately identify devices or connections that are not meeting the criteria outlined in an SLA.
  • Reporting. The network management solution should also be capable of providing detailed reporting capabilities for analysis purposes.

CiscoWorks Service Level Manager (SLM) uses a distributed architecture made up of the components listed below.

  • SLM Server. The server-based component is ultimately responsible for defining, monitoring, and documenting service between a customer and a service provider.
  • Service Level Contract (SLC). The contract between the client and the service provider defined in the SLM server software. An SLC is made up of at least one SLA, but can contain an unlimited number of SLAs (1500 different SLA metrics are supported). There is no hard limit as to the number of SLCs the application can support.
  • Service Level Agreements (SLAs). A specific metric that defines a traffic type, threshold value, and endpoints between which services will be monitored for conformance. In SLM Server, each SLA measures performance for a specific metric between a pair of devices. When SLAs are created, sampling intervals can also be defined to reduce resource utilization associated with the data collection process.
  • Collection Managers (CMs). Software agents designed to collect and aggregate the data used by the SLM server. Many CMs can be installed on a network in a distributed manner, helping to reduce potential bottlenecks that might result from a single collection point.

CiscoWorks VPN/Security Management Solution (VMS)

The CiscoWorks VPN/Security Management Solution (VMS) is a suite of applications used to configure, monitor, and troubleshoot Cisco virtual private networks (VPNs), firewalls, and intrusion detection systems (IDS). This suite is considered to be a key component of Cisco’s SAFE architectural blueprint for network security. Beyond the applications listed below, this suite also includes CiscoWorks Resource Manager Essentials, which was outlined in the CiscoWorks LAN Management Solution section.

  • CiscoWorks VPN Monitor. This application is used to gather, store, and view data about remote access and site-to-site VPN connections to and between Cisco devices. VPN Monitor is capable of working with Cisco 3000 VPN concentrators as well as routers in the 1700, 2600, 3600, and 7200 families.
  • CiscoWorks IDS Host Sensor. This application is used to identify and protect servers from potential threats by analyzing connection attempts. For example, this tool could be used to prevent connections from an incoming host that appears to be attempting a denial-of-service attack.
  • CiscoWorks Auto Update Server Software. This application is used to remotely manage the configuration and updating of Cisco software using a pull model. For example, this software could be used to handle the configuration and management of Cisco PIX firewalls in place at remote locations.
  • CiscoWorks Management Center for IDS Sensors. This application is used to simplify and centralize the management of network and switch IDS sensors.
  • CiscoWorks Management Center for PIX Firewalls. This application provides a management facility for up to 1000 PIX firewalls, including the centralized configuration of access rules, network address translation (NAT) settings, and so forth.
  • CiscoWorks Management Center for VPN Routers. This application provides a centralized management facility for the configuration and deployment of VPN settings on different Cisco equipment.
  • CiscoWorks Monitoring Center for Security. This application is effectively a reporting tool that brings together information from IDS, PIX, and IOS devices for the purpose of viewing and analyzing security-related events.

CiscoWorks Small Network Management Solution (SNMS)

The CiscoWorks Small Network Management Solution (SNMS) is a suite of applications used to manage Cisco networks made up of 20 or fewer Cisco devices. Beyond simply managing and monitoring Cisco devices, this suite also provides the ability to monitor non-Cisco resources such as servers, applications, and network printers. The core component of SNMS is CiscoWorks Resource Manager Essentials, which was outlined in the CiscoWorks LAN Management Solution section.

CiscoWorks Routed WAN Management Solution (RWAN)

The CiscoWorks Routed WAN Management Solution (RWAN) is a suite of applications meant to help administrators configure, manage, and troubleshoot routed WANs. The suite is used for functions like identifying performance bottlenecks, utilization on WAN links, and so forth. Beside the two core applications listed below, this suite also includes CiscoWorks Resource Manager Essentials, which was looked at in the CiscoWorks LAN Management Solution section.

  • CiscoWorks Access Control List Manager. This application works in conjunction with Resource Manager Essentials and provides a web-based graphical interface to manage access lists on Cisco routers.
  • CiscoWorks Internetwork Performance Monitor. This application provides network response time and availability information, allowing engineers to diagnose network performance issues using a combination of real-time and historical data.

CiscoWorks LAN Management Solution (LMS)

The CiscoWorks LAN Management Solution (LMS) is a suite of applications aimed at maintaining, monitoring, and troubleshooting LAN environments, especially those based on Cisco’s AVVID architecture. The suite is made up of the core applications listed below, along with Device Fault Manager, which was looked at in the previous section.

  • Cisco nGenius Real Time Monitor. This application provides a multi-user web-accessible interface to network RMON data collected by switches in Cisco’s Catalyst line.
  • CiscoWorks Campus Manager. This application is used to administer, monitor, and configure Cisco Catalyst Layer 2 switching on campus networks. The tool provides information about both the logical and physical layouts of the network, which can become unwieldy in large, complex environments.
  • CiscoWorks Resource Manager Essentials. This is a suite of applications used to manage the configuration of Cisco switches, routers, and access servers, as well as handle inventory management of Cisco devices. For example, this suite includes utilities to manage software images, audit changes, and device configurations.

The CiscoWorks Product Line

The CiscoWorks product line is just that – not a single product, but rather a suite of many different network management products based on Internet standards. These products are bundled into common network management “solutions”, typically targeted at enterprise organizations. While the current version runs from a web-based platform, past versions have been provided as applications for both Windows NT and UNIX. Products in the line can be installed in a stand-alone fashion, or integrated with other third-party NMSs. Some of the more popular CiscoWorks bundles are described below. All of the CiscoWorks “bundles” also include CiscoView, which was described in the previous section. It’s worth noting that besides being integrated with CiscoWorks, CiscoView can also be integrated into other NMS platforms such as HP OpenView.

CiscoWorks for Windows

CiscoWorks for Windows is also part of the CiscoWorks product line, but is specifically a suite of applications designed to help simplify the administration and maintenance of small to medium sized networks using Cisco equipment. The suite includes a variety of applications that provide the ability to configure, manage, and monitor Cisco network devices, while providing extensive reporting capabilities.

CiscoWorks for Windows is SNMP-based, and was recently released in a new, web-based version. The current version is made up of 4 main applications, each with different network management capabilities.

  • CiscoView. CiscoView is an SNMP-based device management tool that provides a graphical view of the front and rear of Cisco devices. It provides a consistent graphical display of Cisco devices, providing dynamic on-screen monitoring, statistics, and configuration capabilities.
  • WhatsUp Gold. This NMS product by Ipswitch provides SNMP-based monitoring, mapping, alert, and network discovery capabilities for all network devices.
  • Threshold Manager. This tool allows you to define alert thresholds on Cisco RMON-enabled devices, such as the Catalyst line of switches.
  • Show Commands. This tool provides a graphical interface to the show commands available on Cisco devices. This gives users who may not be familiar with IOS syntax the ability to view detailed system configuration and performance information.

CiscoWorks Blue

CiscoWorks Blue is a product line aimed at companies managing networks that include consolidated Systems Network Architecture (SNA) and IP traffic. As such, the product is really only relevant to companies whose environments include IBM mainframes or AS/400s running the SNA protocol. The CiscoWorks Blue suite is made up of three main applications that provide the ability to map network resources, activate and deactivate devices, measure performance, and more. Internetwork Status Monitor allows router monitoring, configuration, and reporting to be managed from a mainframe console. SNA View provides the ability to troubleshoot SNA connectivity problems by provided visual representations of all active and inactive SNA connections. CiscoWorks Blue Maps provides graphical view of how SNA traffic relates to a routed TCP/IP network.

Remote Monitoring (RMON)

Remote Monitoring (RMON) is an extension to the SNMP MIB, and includes two versions – RMON and RMON 2. While SNMP relies on a regular polling and response mechanism between an NMS and individual managed devices to gather and collect information in real-time, the RMON protocol implements its monitoring capabilities using a batch-type method.

A typical RMON implementation consists of two major elements – a Network Management Station (NMS) and RMON probes. An RMON probe is a network device that collects information according to the traffic that passes through it, providing information about the health of the network itself, rather than a particular device. Unlike a traditional SNMP implementation, an RMON probe collects and stores this information, passing it to the NMS (via SNMP) when requested. As such, using RMON helps to avoid some of the network traffic issues associated with regular SNMP management. A typical RMON-enabled network will have one configured probe per segment.

RMON’s primary goal is to provide information relating to network errors and utilization. RMON data is gathered as part of nine different monitoring groups. Each of these provides information relevant to a different area of network monitoring such as gathering statistics, capturing packets, generating alerts, historical trend analysis, and so forth. While the original version of RMON was only capable of providing information up to the MAC level, RMON 2 is capable of monitoring traffic up to the application level. This allows information flows relating to particular applications to be assessed and analyzed.

RMON relies on being able to “see” all network traffic, which presents an issue in switched environments. As such, many network vendors now implement RMON probes as a feature within their switch products. For example, Cisco provides RMON probe capabilities within its Catalyst workgroup switches.