Você está na página 1de 87

FogLight NMS

5.2 Administrator Guide

Quest Corporation, 2010

Quest Corporation, 2010

Table of Contents
Introduction Key Features Copyright Notice Trademarks Contacting Us Getting Started System Requirements Adding a Customer / Organization Network Discovery - Add New Device(s) SNMP Agent SNMP Enablement Tool Enabling WMI on Windows Enabling SNMP on Windows Vista Enabling SNMP on Windows XP Enabling ptFlow Enabling sFlow Enabling JFlow Enabling NetFlow Upgrading Setting Up Your Network Dashboard Configure a Dashboard Configure a Gadget Devices Device Overview Add Device Groups Run Network Discovery Enable SNMP Enable Traffic Analysis Enable IP SLA Responder Enable IP SLA Call Path Device Details Network Maps Encrypted Credential Store Policies Monitors Devices Alerts Scheduled Actions Reports Run a Report Change Report Type Change Report Period Change Device for Report Email a Report Export a Report Scheduled Reports
p2

3 3 7 7 7 8 8 9 10 13 15 16 16 18 23 29 30 30 33 34 34 34 35 35 55 55 56 57 58 59 60 60 61 62 63 65 67 71 71 72 74 74 75 75 75 76 76 77

Quest Corporation, 2010

Patch Management Ticketing Administration Agent Migration Auto Patch Settings Baseline Configuration Branding Configuration Check for Updates Credential Store Flow Configuration License Update Port Management Retention Configuration SMTP Settings Studio Deployment User Management

78 79 79 80 80 80 81 81 81 84 84 84 84 84 85 85

Introduction
This section will give you a brief introduction to this software.

Key Features
This program provides a comprehensive and affordable network management and application monitoring solution for single and multi-site networks. It solves the problems associated with bandwidth, performance, and connectivity and allows you to take back control of your network. Panoramic View: Provides a 360 degree view of your network for local and remote locations Real Time Performance Monitoring: Monitors performance counters for routers, hubs, switches, applications, servers, and applications in real-time Multi-Site: Supports single and multi-site networks and thousands of devices Advanced Alerting: Provides advanced email and SMS alerts for devices, including servers, switches, hubs, routers, and other network infrastructure gear Traffic Analysis: Supports NetFlow, J-Flow and SFlow

Feature At a Glance Alerts and Notifications Automatically notifies you when network performance degrades, allowing you to fix problems before any impact on user and customer experience. Through a simple wizard, you can configure alerts for multiple conditions that meet the needs of your network. It monitors network events, traffic, and conditions to create a performance baseline which ensures that you dont get inundated with false-positive alerts from normal network activity. Additionally, you can automatically escalate critical alerts until the problem is resolved and can suppress alerts for scheduled network maintenance. Send alerts via email and SMS when network trouble arises Configure network alerts for interrelated events or conditions Escalate network alerts automatically for unresolved issues Ensure you dont receive unnecessary and false-positive notifications

Application Monitoring Provides in-depth visibility of running processes and performance counters for mission-critical applications, network services, and web applications. Application failures are usually the most common p3

Quest Corporation, 2010

problems that occur in IT infrastructure. These powerful monitors help IT Admins and network engineers prevent application failures and identify degradations early. Easily identify the root cause of application performance issues across Windows, UNIX, and Linux devices Deep support for MS Exchange, SQL, Active Directory specific counters Monitor Port availability, DNS, POP3, SMTP, HTML pages and much more Run historical reports and view in your dashboard

Automated Remediation Automatically take actions to restore services when a failure occurs, including restarting applications and windows services, or rebooting servers. Network administrators can focus more time on revenue-generating initiatives by automating remediation. Trigger self-healing scripts when specific network conditions exist Inventory of scripts for Windows and Linux devices Set scheduled actions for routine device and network maintenance

Load and Go Deployment Installs and more importantly configures in 15 minutes through a simple 3 step process. After installation, it performs a fast and comprehensive scan of the entire network to discover all devices. Leveraging various discovery techniques, it provides a complete set of attributes for each device that has been discovered. Each device is then assigned to a Smart Policy with recommended monitors to complete the deployment process. Simple 3 step process that loads the system and immediately begins monitoring the network in 15 minutes Leverage Smart Policies to assign recommended monitors and settings Intuitive, easy to use right out of the box

Log File Management Using log monitoring and management capabilities, it has the ability to collect, analyze, alert, report, and archive Event Log from Windows hosts, SysLog from distributed UNIX hosts, Routers, Switches, and other SysLog devices, and Application logs from IIS web server, IIS FTP server, and MS SQL server. It helps system administrators to troubleshoot, performance problems on hosts, select applications, and the network. Real-time display of log messages on your monitoring dashboard and in individual device details Send alert notifications when an event matching specific criteria is generated Archives all event logs and syslogs collected for forensic analysis and determining performance and usage statistics for a host Trend reports to analyze the performance of hosts over a period of time

Monitoring Dashboards Provides unparalleled visibility into network performance, fault management, and device availability across any size of network. The iGoogle like Dashboard is a network management dashboard with a summary display of key performance indicators (KPIs) like CPU load, network interface traffic, latency, packet loss and event logs, exposing troubled devices and areas of the network. With support for drag and drop, its easy to customize each dashboard by simply adding and removing gadgets. Now managers and operations staff can continuously monitor key assets of the company to ensure that your network is always running at peak performance. Monitor availability, CPU load, memory, disk space utilization, network interface traffic, network latency, and packet loss Perform advanced monitoring of running services, process availability, and performance counters for MS Exchange, SQL, Active Directory Inventory of gadgets include charts, gauges, lists, text, and web links p4

Quest Corporation, 2010

Drag and drop monitoring gadgets to create a custom view

Network Traffic Analysis Network Traffic Flow provides in-depth visibility into traffic network patterns and usage to determine how traffic impacts the overall health of the network. Drill down into applications, conversations, and devices to identify the exact sources of spikes and bursts to take proper actions. Flows are stored for historical reporting that proves invaluable for network capacity planning. Captures packets for any device on the network - routers, switches, servers, desktops See traffic from the perspective of each device for easier troubleshooting Supports flow data for Cisco NetFlow v1, 3, 5, 7 and 9, Juniper J-Flow, and sFlow View applications, conversations, devices, endpoints, and protocols in graphical charts Provides historical trends for all flows for network capacity planning

ptFlow Traffic Analysis Module ptFlow is a packet capture and filtering engine that allows users to gather traffic information from non-Flow support devices. ptFlow capture flows by sniffing network traffic on active network adapters on a device. User selects list of interface(s). Supports TCP, UDP & ICMP (IPv4) traffic. IPv6 coming soon. Supports 32bit and 64bit platforms. View applications, conversations, devices, endpoints, and protocols in graphical charts Provides historical trends for all flows for network capacity planning See traffic from the perspective of each device for easier troubleshooting

Performance Baseline Performance Baseline automatically analyzes collected data to identify changes in network behavior and establishes a baseline that represents the regular and expected activity of a device and network. The established baseline accurately reflects your organizations use of the IT infrastructure by taking into account patterns and variations in usage for example, increased processor utilization on Monday mornings at 9:00am. Performance Baseline continuously logs subsequent activity of a device and compares it to baseline. Once irregular behavior is detected, the program produces a qualified alert that contains details to be used as a starting point to help guide the troubleshooting and remediation process. Reports more accurately on the device monitors that vary during a business cycle Identifies abnormal increases and decreases in network utilization, performance, and quality to shorten mean time to repair Eliminates false positive alerts caused by normal behavior on the network Reduces manual configuration for administering setting and thresholds

Remote Office / Multi-Site Networks Designed for organizations with multi-site networks, this software provides secure connectivity between IT headquarters and any number of remote sites. The remote agent ensures that all key network performance data is collected and sent to the specified host server, providing visibility into the entire IT infrastructure. Taking commands from the host server, the remote agent can also enforce policies and execute actions. Optimize network monitoring configurations with best practice settings Eliminate typical bottlenecks that plague distributed networks Accommodate network growth and changing network performance management needs

Reports Generate reports for all collected network data. Any report can instantly be printed, emailed, and saved. You can drill down into specific time periods or events or change chart type with a single click a feature that is particularly useful when troubleshooting issues. Leveraging the report scheduler, email reports on a daily, weekly or monthly basis to colleagues and executive management.

p5

Quest Corporation, 2010

Delivers critical information on monitors devices in an easy to read format One click configuration of time periods and data type for any device Schedule automatic reports for staff and executive management Plan future resource requirements leveraging historical trends reports

Role-based User Access Gives you control over what users can and cannot do on the system. User accounts are configured for which type of information is displayed in the local and web studios for an individual user or group of people. In addition user accounts have email address for integration to alert notifications and scheduled reports. This layer of security ensures that the right people have access to the right information. Gives you complete control over what authorized users can and cannot do Allows users to have custom dashboards with information relevant to them Maintains level of security required by your company

Router Configuration Backup Ability to automatically backup configurations files for your Cisco, Juniper, and HP routers and switches. Configuration backups can be scheduled to run as needed and are stored in the database. Config files can be viewed and compared all in the same interface. In addition you can be immediately alerted when any configuration has been changed. You can customize the backup settings to meet your particular needs. Schedule configuration backups across multiple Cisco, Juniper, and HP routers and switches Easily view and compare configuration historical configuration backups Detect changes that occur to configurations files and receive an alert notification

Smart Policies Leveraging device profiling intelligence, this software recommends monitors and data gathering intervals for all devices discovered in your network. Smart Policies encompass devices, monitors, alerts and scheduled task, so any configuration changes occur from one central location. This intuitive design saves you time and dramatically improves ease of use. Out-of-the-box smart monitoring for the entire network Dramatic reduces time spent on configuring your NMS Lets IT departments focus on priorities items

SNMP Enablement Automatically enable and configure SNMP on devices for monitoring: Cisco HP ProCurve Windows Server 00, 03, 08 Windows XP, Vista Linux Debian 2.6 Fedora 9 Ubuntu 8, 9 SuSE 2.

VoIP and IP SLA Monitoring Collect and analyze VoIP performance statistics, including MOS, jitter, network latency, packet loss. Solve VoIP problems faster by isolating sources to specific locations, equipment, or transmission types. Automatically configure IP SLA on Cisco routers Monitor call manager settings, status, active calls Evaluate historical call activity and plan for future updates p6

Quest Corporation, 2010

Web Browser Support Use the web interface to view all your critical network data, traffic bottle necks, and alert warning about potential problems. In addition, see your system settings to ensure you are collecting the right information at the right time. Secure log in for each user of the system View dashboards, policies, and admin settings Supports IE, Firefox, and other popular

Wireless Infrastrcuture Monitoring Ability to monitor your wireless networks. As wireless become a more integrated in todays network, it is important that IT managers maintain visibility into wireless access points, clients and sessions. The wireless monitoring feature centralizes the management of distributed wireless networks with configuration in Smart Policies and monitoring in Dashboards. Understand how well your wireless network is performing and detect rogue users. Monitor key variables on access points, including signal strength and quality View client statistics for Cisco devices Run reports on key performance data across all wireless devices

Copyright Notice
2010 All rights reserved. Under the copyright laws, this manual or the software described within, can not be copied, in whole or part, without the written consent of the manufacturer, except in the normal use of the software to make a backup copy. The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original. This exception does not allow copies to be made for others, whether or not sold, but all of the material purchased (with all backup copies) can be sold, given, or loaned to another person. Under the law, copying includes translating into another language or format. Specifications and descriptions subject to change without notice.

Trademarks
The name Quest Software, the software, the product name Quest Software PT360 Tool Suite, and the Quest Software logo are registered trademarks of Quest Software. Quest Software is copyright 2010 by Quest Software. All rights are reserved. Microsoft Windows 98, Windows NT, Windows 2000, Windows XP, Windows Server 2003, Vista, Windows 7, Internet Explorer, and Active Directory are trademarks or registered trademarks of Microsoft Corporation. Adobe, Acrobat, and Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the U.S. and/or other countries. Firefox is a trademark of the Mozilla Foundation. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies and are the sole property of their respective manufacturers.

Contacting Us
You can contact PacketTrap Networks in multiple ways: Contact Information p7

Quest Corporation, 2010

Sales

800-306-9329 Sales@PacketTrap.com http://www.quest.com

Support

https://support.quest.com/ContactSupport.asp x

Getting Started
This section will help you install and more importantly configure your system in a matter of minutes. In addition there are useful resource guides of how to enable SNMP or WMI on your devices, configuring your encrypted credential store, and updating the software when required.

Learn more: System Requirements Installation and Registration Network Discovery

System Requirements
Server Sizing This software is a comprehensive device, application, and traffic monitoring and troubleshooting solution. It is capable of monitoring single and multi-site networks of all sizes, from small corporate LANs to large enterprises or highly distributed environments. Most installations perform well on Pentium-class 2GHz systems with 1GB of RAM using the default monitor settings within the Smart Policies. However, when monitoring larger networks or using the Traffic Network Flow module, you need to give additional consideration to the hardware and system configuration used. Scalability is affected in multiple ways. The first variable is the number of devices that you will be monitoring. Performance tuning may be required when there are more than 1,000 device monitors. The second variable is the amount of performance data you collect for each device. Adjusting the Smart filters could cause a large spike in the amount of data collected. The third variable to consider is the monitoring time intervals. For example, if you set your monitor time intervals to collect performance statistics every five minutes instead of the default time intervals, the system requirements will increase. Finally, the number of simultaneous Studios accessing the system will have a direct impact on the performance of the system. When planning your installation, keep in mind CPU, memory, data monitor setting, and Traffic Flow monitoring. In situations where traffic flow is being collected from multiple routers/switches, has a large amount of 'traffic conversations', or 1,000 or more devices are being monitored, it is recommended to use a dedicated, faster performance server. This solution offers several performance advantages, as the server does not have to share resources with other applications. Host Server Software / Hardware Operating System 100-250 devices 500 - 2000 devices Unlimited and MSP Version

32-bit or 64-bit operating system: 32-bit or 64-bit operating system: 64-bit operating system: o Windows 2003 SP1 o Windows 2003 SP1 o Windows 2003 SP1 or later or later or later o Windows XP SP2 or o Windows 2008 o Windows 2008 later o Windows Vista SP1 p8

Quest Corporation, 2010

(all versions) CPU Memory Hard Drive Space .Net Framework 2.0 GHz 2 GB or more 10 GB or more 2.0 or higher 2.4 GHz 4 GB or more 50 GB or more 3.0 GHz 8 GB or more 100 GB or more

Firewall Exceptions Automatically configured during installation: - Allowed Programs ptserverservice ptserverconfig ptagentservice ptagentconfig ptstudio Ports 5053 (TCP) = (Encrypted Host Server port) 5055 (TCP) = (Encrypted Remote Control Tunnel Host Server port) * Note: Pre-existing MSP installations may still be using 5054 (TCP) = (Host Server port) 69 (UDP) - TFTP Server 514 (UDP) - Syslog Server 2055 (UDP) - Netflow 6343 (UDP) - SFLOW 9555 (UDP) - Netflow Alternative port #2 9995 (UDP) - Netflow Alternative port #3 NOTE: The minimum server requirements listed above assume default configurations. Significantly increasing the monitoring intervals and traffic flow collections could result in additionl load on the server, which may require a larger CPU or additional memory.

Studio Software / Hardware Operating System Studio 32-bit or 64-bit operating system: o Windows 2003 SP1 or later o Windows XP SP2 or later o Windows Vista SP1 (all versions) 2.0 or higher

.Net Framework

Adding a Customer / Organization


Adding a new customer or a remote office for a distributed network is a simple process. Step 1: Select New Customer or New Organization button in the upper left hand corner of the Devices section. Step 2: Enter the information that is unique to the site or customer.

General Information How the customer or organization will be displayed Name Enter a name that will be displayed in the system. For example, ACME Corporation or London Office p9

Quest Corporation, 2010

Description Give a friendly description to the customer or organization.

Agent Authorization Criteria Criteria that must be met for an agent to connect. While not required, it provides an extra layer of security to your system. Internet Gateway Enter the internet gateway for the organization / customer's site Windows Domain Enter the windows domain for the organization / customer's site

Agent Connection Host The host that the agent will connect to. Hostname We recommend using the DNS name of your host, but IP Address can also be used.

Step 3: Click Save Step 4: Select Add New Device(s) button in the upper left hand corner of the Devices section. Step 5: Select the new Organization / Customer in the drop down box. Step 6: Select Copy URL or Email URL and distribute the link to the machine where the ptagent will be installed at the customer's or remote site. Step 7: Once the agent is installed, it is time to discov er devices on the network. Check here for Network Discovery.

Network Discovery - Add New Device(s)


Network Discovery Overview After installation, the software performs a fast and comprehensive scan of the entire network to discover all devices. Leveraging various discovery techniques, it provides a complete set of attributes for each device that has been discovered. Each device is then assigned to a Smart Policy with recommended monitors to complete the deployment process.

Simple 3 step process that loads the system and immediately begins monitoring the network in 15 minutes Leverage Smart Policies to assign recommended monitors and settings Intuitive, easy to use right out of the box

Run Network Discovery Step 1: Select Add New Device(s) button in the upper left hand corner of the Devices section. Step 2: Choose an Agent to run device discovery with. Local and remote agents will appear for selection. p10

Quest Corporation, 2010

Step 3: Select to add devices via SNMP network discovery or by deploying Agents. Note: Agents runs on Windows XP, Vista, and Server 03 machines. Click to learn more about the SNMP Enablement Tool Step 4: Click Next. Step 5: Enter CIDR, DNS, IP/SubnetMask or Range of IP Addresses into the Target field. Step 6: Select Network Discovery Techniques Exclude Devices in Database Select if you want to not include previous discovered devices that are in the device database in your new search. This is speed up future discoveries on the same network. Ping Uses ICMP to get responding status of a device. See below for Advanced Settings. MAC Resolution Uses MAC Address to discover a device on the network.

Step 7: Choose Device Credentials you want to use to discover each device. SNMP V1/2c Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Encrypted Credential Store. SNMP V3 Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Encrypted Credential Store. WMI Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Encrypted Credential Store. Telnet Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Encrypted Credential Store.

Step 8: Click Next to discover the devices in your target field. Step 9: Select the devices you want to do a deep discovery on. Filters available for all, SNMP responding or WMI Responding nodes Step 10: Click Next. Step 11: Network Discovery Complete. Smart Policy Assignment Options. Apply Smart Policy Assignments (Recommended) Applies "Smart Policy" assignments to discovered devices based on the device type and details gathered during the discovery process. This process chooses the best fit policy for each device. Apply to Default Policy Applies the standard Default Policy to all the devices selected from the discovery process. The Default Policy attributes will be applies to all the devices selected. Pending Device Updates Lists the count of devices to be updated by the following criteria: Total devices selected, New p11

Quest Corporation, 2010

devices discovered, and Devices for agent reassignment.

Step 12: Click Finish to proceed to the Device Viewer. Devices will appear in the appropriate Customer / Organization. Configure Advanced Settings Ping settings allow you to turn on or off which resolutions are displayed. To configure click Settings button in the tool. Ping Ping Timeout (ms) Designates the maximum amount of time in milliseconds that Ping will wait for a response from the target. If the target does not respond within the number of milliseconds set, Ping will assume it is down. Ping Packet TTL (Time-To-Live) Designates the number of hops along the way to the specified address. With a setting of 32, your Ping Scan could pass through up to 32 different routers on the way to the remote address before being thrown away by the network. Pings Per Node Allows you to control the number of Ping attempts to send each address during a scan. When scanning networks containing Cisco routers, set this number above two (2). If the target IP address is not in the ARP cache of a Cisco router, the router discards the ICMP query (Ping) while it requests the MAC address of the target IP. The first Ping will never arrive at the subnet of the target IP address. In this situation, the Cisco router responds to the second Ping. Delay Between Pings Designates the time in milliseconds between each successive Ping to the target address. Setting this value very low will send a constant stream of Pings to the target IP address.

TCP Ports Timeout (ms) Designates the maximum amount of time in milliseconds that Port scan will wait for a response from the target. If the target does not respond within the number of milliseconds set, Port scan will assume it is down. Select Pre-loaded Ports Simply add or delete any listed port and click on ok. Add Custom Ports Simply enter the Port number in the field seperating the numbers with a comma.

View Device Detail Information The Device Viewer section provides the ability to drill into each discovered device. Show Details Overview p12

Quest Corporation, 2010

Displays a detailed overview of a device including status, DNS, and processor, disk, memory, and network interface usage. Processes Provides all the processes names and paths for a given device. Software Gathers all the software installed on each device.

Adding Devices via SNMP


Adding Devices using SNMP Network Discovery

Step 1: Select Add New Device(s) button in the upper left hand corner of the Devices section. Step 2: Choose an Agent to run device discovery with. Local and remote agents will appear for selection. Step 3: Select to add devices via SNMP network discovery. Note: Click to learn more about the SNMP Enablement Tool Step 4: Click Next. Step 5: Enter CIDR, DNS, IP/SubnetMask or Range of IP Addresses into the Target field. Step 6: Select Network Discovery Techniques Exclude Devices in Database Select if you want to not include previous discovered devices that are in the device database in your new search. This is speed up future discoveries on the same network. Ping Uses ICMP to get responding status of a device. See below for Advanced Settings. MAC Resolution Uses MAC Address to discover a device on the network.

Step 7: Choose Device Credentials you want to use to discover each device. SNMP V1/2c Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Encrypted Credential Store. SNMP V3 Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Encrypted Credential Store. WMI Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Encrypted Credential Store. Telnet Credential p13

Quest Corporation, 2010

Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Encrypted Credential Store. Step 8: Click Next to discover the devices in your target field. Step 9: Select the devices you want to do a deep discovery on. Filters available for all, SNMP responding or WMI Responding nodes Step 10: Click Next. Step 11: Network Discovery Complete. Smart Policy Assignment Options. Apply Smart Policy Assignments (Recommended) Applies "Smart Policy" assignments to discovered devices based on the device type and details gathered during the discovery process. This process chooses the best fit policy for each device. Apply to Default Policy Applies the standard Default Policy to all the devices selected from the discovery process. The Default Policy attributes will be applies to all the devices selected. Pending Device Updates Lists the count of devices to be updated by the following criteria: Total devices selected, New devices discovered, and Devices for agent reassignment.

Step 12: Click Finish to proceed to the Device Viewer. Devices will appear in the appropriate Customer / Organization. Configure Advanced Settings Ping settings allow you to turn on or off which resolutions are displayed. To configure click Settings button in the tool. Ping Ping Timeout (ms) Designates the maximum amount of time in milliseconds that Ping will wait for a response from the target. If the target does not respond within the number of milliseconds set, Ping will assume it is down. Ping Packet TTL (Time-To-Live) Designates the number of hops along the way to the specified address. With a setting of 32, your Ping Scan could pass through up to 32 different routers on the way to the remote address before being thrown away by the network. Pings Per Node Allows you to control the number of Ping attempts to send each address during a scan. When scanning networks containing Cisco routers, set this number above two (2). If the target IP address is not in the ARP cache of a Cisco router, the router discards the ICMP query (Ping) while it requests the MAC address of the target IP. The first Ping will never arrive at the subnet of the target IP address. In this situation, the Cisco router responds to the second Ping. Delay Between Pings Designates the time in milliseconds between each successive Ping to the target address. Setting this value very low will send a constant stream of Pings to the target IP address.

p14

Quest Corporation, 2010

TCP Ports Timeout (ms) Designates the maximum amount of time in milliseconds that Port scan will wait for a response from the target. If the target does not respond within the number of milliseconds set, Port scan will assume it is down. Select Pre-loaded Ports Simply add or delete any listed port and click on ok. Add Custom Ports Simply enter the Port number in the field seperating the numbers with a comma.

View Device Detail Information The Device Viewer section provides the ability to drill into each discovered device. Show Details Overview Displays a detailed overview of a device including status, DNS, and processor, disk, memory, and network interface usage. Processes Provides all the processes names and paths for a given device. Software Gathers all the software installed on each device.

Adding Devices via Agent(s)


Adding Devices via Agent(s)

Step 1: Select Add New Device(s) button in the upper left hand corner of the Devices section. Step 2: Choose an Agent to run device discovery with. Local and remote agents will appear for selection. Step 3: Select add devices via deploying Agents. Note: Agents runs on Windows XP, Vista, and Server 03 machines. Step 4: Click Next. Step 5: Enter CIDR, DNS, IP/SubnetMask or Range of IP Addresses into the Target field. Step 6: Click Next. Step 7: The software will assess if the device(s) are available for Agent installation and display a list of results. Step 8: Click Next. Step 9: Enter the Preferred Windows Domain Credential of the domains for agent deployment. To create a new credential, select (new credential) from the drop down box. p15

Quest Corporation, 2010

Step 10: Click Next. Step 11: Modify the preferred credential assigned to each device if needed. Highlight the device and you the 'Set Preferred' button at the bottom left corner. Step 12: Click Next. Step 13: The agent will now be deployed to the device(s). You can see the log in the agent deployment status. Step 14: Click Finish to complete the process.

SNMP Enablement Tool


Enabling SNMP on Devices for Monitoring

Step 1: Right click on a device or group of devices and select Enable SNMP from the menu options. Step 2: Confirm the device(s) you want to enable SNMP on. Add more devices by clicking the select targets button. Step 3: Click Next. Step 4: The software will Assess if the device(s) are available for SNMP Enablement and display a list of results. Step 5: Click Next. Step 6: Select the SNMP Credential you want to assign to the device(s). Enter new credentails with the Manage Credentials link. Step 7: Click Next. Step 8: Modify the preferred credential assigned to each device if needed. Highlight the device and you the 'Set Preferred' button at the bottom left corner. Step 9: Click Next. Step 10: SNMP will now be Enabled on the device(s). You can see the log in the enablement status window. Step 11: Click Finish to complete the process

Enabling WMI on Windows


WMI comes pre-installed on XP/Vista by default. To insure accessibility via WMI the user should check that the following service(s) are started: Windows Management Instrumentation Windows Management Instrumentation Driver Extensions Step 1: Go to the Control Panel and double click Administrative Tools.

p16

Quest Corporation, 2010

Step 2: Inside Administrative Tools double click Computer Management.

Step 3: Expand Services and Applications, right click on WMI Control and follow the Windows menus.

p17

Quest Corporation, 2010

Additional Resources Windows XP: http://support.microsoft.com/kb/875605 Vista: http://msdn2.microsoft.com/en-us/library/aa822854.aspx

Enabling SNMP on Windows Vista


Enabling SNMP on targeted devices is necessary if one wants to receive SNMP information from those devices. This information includes monitoring CPU, memory usage, and other critical performance details. Enable SNMP on Windows Vista Step 1: Navigate to the Control Panel and double click Programs and Features

p18

Quest Corporation, 2010

Step 2: Click Turn Windows features on or off.

Step 3: Scroll down to the SNMP feature check both boxes and click Ok. Wait for windows to enable the software.

p19

Quest Corporation, 2010

Step 4: Now go back to the Control Panel and double click Administrative Tools.

Step 5: Inside Administrative Tools double click Computer Management.

p20

Quest Corporation, 2010

Step 6: Under Services and Applications click Services

Step 7: Scroll down to the SNMP Service in the right hand pane.

p21

Quest Corporation, 2010

Step 8: Double click the SNMP Service and navigate to the Security tab. Make sure the Accept SNMP packets from any host is selected. For routine public enablement, under Accepted community names click Add. Leave Community rights as READ ONLY and enter Public for the Community Name. (A customized SNMP Community string can also be used.)

p22

Quest Corporation, 2010

Step 9: Click Ok twice until youre back at the above Services screen. Right click the SNMP Service and select Start. Done!

Additional Resources An article containing useful information on SNMP can be found on the CISCO site at: http://www.cisco.com/warp/public/535/3.html Configuring SNMP Support for Cisco Devices: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/fcfprt3/fcf014.htm

Enabling SNMP on Windows XP


Enabling SNMP on targeted devices is necessary if one wants to receive SNMP information from those devices. This information includes monitoring CPU and memory usage from the devices.

p23

Quest Corporation, 2010

Enable SNMP on Windows XP Step 1: Navigate to the Control Panel and double click Programs and Features.

Step 2: Click Add/Remove Windows Components.

Step 3: Select and double-click on Management and Monitoring Tools. p24

Quest Corporation, 2010

Step 4: Make sure both boxes are selected and click OK.

Step 5: You are returned to the previous dialogue. Click on Next

p25

Quest Corporation, 2010

Step 6: When that configuration is completed, click finish. Return to the Control Panel and double- click Administrative Tools.

p26

Quest Corporation, 2010

Step 7: Inside Administrative Tools double click Computer Management.

Step 8: Under Services and Applications click Services and then scroll down to the SNMP Service in the right hand pane. p27

Quest Corporation, 2010

Step 9: Double click the SNMP Service and navigate to the Security tab. Make sure the Accept SNMP packets from any host is selected. For routine public enablement, under Accepted community names click Add. Leave Community rights as READ ONLY and enter Public for the Community Name. ( A customized SNMP Community string can also be used.)

Step 10: Click Ok twice until youre back at the above Services screen. Right click the SNMP Service and select Start. Done!

p28

Quest Corporation, 2010

Enabling ptFlow
Traffic Analyzer supports ptFlow technology and industry standards NetFlow, sFlow, and J-Flow. ptFlow is a packet capture and filtering engine that allows users to gather traffic information from non-Flow supported devices such as computers, routers and switches. The results appear just as they would with any traditional flow technology. Enable ptFlow to display traffic on devices The following are steps to configure ptFlow successfully. Step 1: Establish port mirroring on the router or switch. Port mirroring is used on a network device to send a copy of all network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port. Port mirroring on a Cisco Systems switch is generally referred to as Switched Port Analyzer (SPAN); some other vendors have other names for it, such as Roving Analysis Port (RAP) on 3Com switches. Please consult your device's manual to see if it supports port mirroring and instructions on how to enable it. Step 2: Click on the Enable Traffic Analysis Button, select Enable ptFlow and click the Next. The host serv er IP will appear automatically. Select the Ingress (traffic in) and Egress (traffic out) on all your desired interfaces. Click Save, Next and Finish. Step 3: Click on Devices, select the machine running this software and click View Details. ptFlow will appear under Network Traffic Flow. Note: In order to maintain network connectivity, two NICs should be installed and active on the server. Deployment scenarios Case #1: After enabling port mirroring on the Swtich or Router, connect the mirrored port to the computer running host server. Case #2: Insert a hub into your desired location. For example, to capture traffic from a firewall, install the hub just downstream from the firewall. Next, connect the hub to the network and also to the host server.

p29

Quest Corporation, 2010

Enabling sFlow on devices is necessary if one wants it collected. Enable sFlow on Extreme, Foundry, and HP Devices Extreme sFlow Configuration To support Extreme devices, you must configure the device using the following configuration template. enable sflow configure sflow config agent 10.199.5.10 configure sflow collector 192.168.72.67 port 6343 configure sflow sample-rate 128 configure sflow poll-interval 30 configure sflow backoff-threshold 50 enable sflow backoff-threshold enable sflow ports all The sFlow collector value must reflect the IP address where this software is installed. Foundry sFlow Configuration To support Foundry devices, you must configure the device using the following configuration template. Note: Ensure your Foundry device supports sFlow version 5. config> int e 1/1 to 4/48 interface> sflow forwarding config> sflow destination 10.199.1.199 6343 config> sflow sample 128 config> sflow polling-interval 30 config> sflow enable The sFlow destination value must be the IP where this software is installed. HP sFlow Configuration To support HP devices, you must configure the device using the following configuration template. Note: This will not show up in the command line interface. Because of this it will not return if the switch is reset. setmib sFlowRcvrAddress.1 -o 0AC70199 setmib sFlowRcvrPort.1 -i 6343 setmib sFlowRcvrOwner.1 -D net sFlowRcvrTimeout.1 -i 100000000 setmib 1.3.6.1.4.1.14706.1.1.5.1.4.11.1.3.6.1.2.1.2.2.1.1.1.1 -i 37 setmib 1.3.6.1.4.1.14706.1.1.5.1.3.11.1.3.6.1.2.1.2.2.1.1.1.1 -i 1 setmib 1.3.6.1.4.1.14706.1.1.6.1.4.11.1.3.6.1.2.1.2.2.1.1.53.1 -i 8 setmib 1.3.6.1.4.1.14706.1.1.6.1.3.11.1.3.6.1.2.1.2.2.1.1.53.1 -i 1 Where 0AC70199 is the IP address of the computer (in hexidecimal) where this software is installed. Line 4 sets the sample rate. Line 5 enables sFlow. Line 6 sets the polling interval, and line 7 enables polling.

Enabling JFlow
Enabling JFlow on a Juniper networking device is necessary to collect this data. Enable JFlow on Juniper Devices Enable J-flow on your device Enable J-Flow statistics. Enable J-Flow statistics on the desired interfaces. (Optional) Define the sampling interval at which you want to collect statistics. (Optional) Customize the size of the main flow cache. (Optional) Define flow cache aging timers. (Optional) Specify to where you want to export J-Flow statistics. p30

Quest Corporation, 2010

Enabling Flow-Based Statistics Use the ip flow statistics command to explicitly enable J-Flow. NOTE: Issuing any configuration level commands implicitly enables J-Flow. ip flow statistics * Use to enable J-Flow. * Example host1(config)#ip flow statistics * Use the no version to disable J-Flow on the virtual router. Enabling Flow-Based Statistics on an Interface Use the ip route-cache flow sampled command to enable J-Flow on an interface. NOTE: Issuing an interface-level flow command does not enable J-Flow on the virtual router. To enable J-Flow, issue the ip flow statistics command. ip route-cache flow sampled * Use to enable J-Flow on an interface. * Example host1(config-if)#ip route-cache flow sampled * Use the no version to disable J-Flow statistics on the interface. Defining a Sampling Interval Use the ip flow-sampling-mode command to define the packet-sampling interval for the virtual router. The sampling interval specifies the rate at which the virtual router samples J-Flow information. This rate is used for all interfaces that have J-Flow enabled. Once you enable an interface, the virtual router samples 1 packet at the specified packet interval. The possible interval range is from 10 packets to 4 billion packets (the default). NOTE: Packet sampling occurs individually for each processor. Because the router distributes packets over multiple processors, sampling occurs when each processor reaches the specified packet interval. ip flow-sampling-mode packet-interval * Use to define the J-Flow packet-sampling interval. * Example host1(config)#ip flow-sampling-mode packet-interval 50 * Use the no version to return the sampling interval to its default value. Setting Cache Size Use the ip flow-cache entries command to limit the number of main flow cache entries for the virtual router (as collected across all line modules that are running J-Flow). Once the cache size exceeds the flow-cache entry limit, the least recently used flow is removed. p31

Quest Corporation, 2010

The possible flow-cache range is 1,024 to 524,288 entries. The default is 65,536 entries. ip flow-cache entries * Use to limit J-Flow main flow cache entries. * Example host1(config)#ip flow-cache entries 80000 * Use the no version to return the cache size to its default value, 65535. Defining Aging Timers Once the virtual router creates a flow in the cache, the flow can be removed at the expiration of either the active or the inactive timer. Specifying the Activity Timer Use the ip flow-cache timeout active command to specify a value for the activity timer. The activity timer measures the amount of time that the virtual router has been recording a datagram for a given flow. When this timer expires, the virtual router exports the flow cache entry from the cache and removes the entry. This process prevents active flows from remaining in the flow cache and allows collected data to appear in a timely manner. The possible range for the activity timer is 1 to 60 minutes. The default value is 30 minutes. ip flow-cache timeout active * Use to define the activity timer. * Example host1(config)#ip flow-cache timeout active 50 * Use the no version to return the activity timer to its default value. Specifying the Inactivity Timer Use the ip flow-cache timeout inactive command to specify a value for the inactivity timer. The inactivity timer measures the length of time expired since the virtual router recorded the last datagram for a given flow. When this timer expires, the virtual router exports the flow cache entry from the cache and removes it. When, at a later time, another datagram begins that uses the same flow characteristics, the virtual router allocates a new flow cache entry, and the inactivity timer begins again. The possible range for the inactivity timer is from 10 to 600 seconds. The default value is 15 seconds. ip flow-cache timeout inactive * Use to define the inactivity timer. * Example host1(config)#ip flow-cache timeout inactive 80 * Use the no version to return the inactivity timer to its default value. Specifying Flow Export Use the ip flow-export command to specify the location to which you want to export the J-Flow datagrams. ip flow-export * Use to specify the location to which you want to export J-Flow datagrams or specify an alternate source address for outbound export J-Flow datagrams. * Example 1Specifies the destination address for J-Flow datagrams host1(config)#ip flow-export 192.168.2.73 2055 version 5 peer-as

p32

Quest Corporation, 2010

* Example 2Specifies the source address for outbound export J-Flow datagrams host1(config)#ip flow-export source fastEthernet 5/0 * Use the no version to remove the export setting.

Enabling NetFlow
Enable NetFlow for Cisco IOS Devices Enable Cisco Express Forwarding: router(config)# ip cef In the configuration terminal on the router, issue the following to start NetFlow Export. It is necessary to enable NetFlow on all interfaces through which traffic you are interested in will flow. Now, verify that the router is generating flow stats - try 'show ip cache flow'. Note that for routers with distributed switching (GSR's, 75XX's) the Rendezvous Point CLI will only show flows that made it up to the RP. To see flows on the individual linecards use the 'attach' or 'if-con' command and issue the 'show ip cache flow' on each LC. Enable export of these flows with the global commands. 'ip flow-export source' can be set to any interface, but one which is the least likely to enter a 'down' state is preferable. Netflow will not be exported if the specified source is down. For this reason, we suggest the Loopback interface, or a stable Ethernet interface: router(config)# ip flow-export version 5 router(config)# ip flow-export destination <ip-address> <port> router(config)# ip flow-export source FastEthernet0 Use the IP address of your NetFlow Collector and configured listening port. If your router uses BGP protocol, you can configure AS to be included in exports with command: router(config)# ip flow-export version 5 [peer-as | origin-as] The following commands break up flows into shorter segments. router(config)# ip flow-cache timeout active 1 router(config)# ip flow-cache timeout inactive 15 Use the commands below to enable NetFlow on each physical interface (i.e. not VLANs and Tunnels, as they are auto included) you are interested in collecting a flow from. This will normally be an Ethernet or WAN interface. You may also need to set the speed of the interface in kilobits per second. It is especially important to set the speed for frame relay or ATM virtual circuits. interface <interface> ip route-cache flow bandwidth Now write your configuration with the 'write' or 'copy run start' commands. When in enabled mode, you can see current NetFlow configuration and state with the following commands: router# show ip flow export router# show ip cache flow router# show ip cache verbose flow

Upgrading
p33

Quest Corporation, 2010

There are two ways this software will update. One approach is manual update and the other approach is auto update.

Manual Update Step 1: Select Admin from the main Menu Bar. Step 2: Select Check for Software Updates button to see if an update is available. Step 3: Select Update Now to pull down the software updates and apply them. The software will close and open automatically . * Note: Pre-existing MSP installations may still use 5054 (TCP) for agent communication. Once the PacketTrap server has been updated, the existing agent installations will continue to use port 5054 until the agent software updates. As soon as the agent software has update, the agent will connect using the new port 5053 and will continue to use only port 5053 for agent communication.

Auto Update Upon launch, the software will check for any updates available at the patch server. The software will automatically pull the updates and store in cache. They will be applied the next time the software is launched.

Setting Up Your Network Dashboard


Dashboard Overview The dashboard provides unparalleled visibility into network performance, fault management, and device availability across any size of network. The iGoogle like Dashboard is a network management dashboard with a summary display of key performance indicators (KPIs) like CPU load, network interface traffic, latency, packet loss and event logs, exposing troubled devices and areas of the network. With support for drag and drop, its easy to customize each dashboard tab by simply adding and removing gadgets. Now managers and operations staff can continuously monitor key assets of the company to ensure that your network is always running at peak performance. Monitor availability, CPU load, memory, disk space utilization, network interface traffic, network latency, and packet loss Perform advanced monitoring of running services, process availability, and performance counters for MS Exchange, SQL, Active Directory Inventory of gadgets include charts, gauges, lists, text, and web links Drag and drop monitoring gadgets to create a custom view

Learn more: Configure a Dashboard Configure a Gadget

Configure a Dashboard
p34

Quest Corporation, 2010

Configure a Dashboard The Dashboard can be customized to meet your needs. In addition to the settings below, you can drag and drop gadgets from column to column and adjust the size of each column by moving the divider bar to the left or right. Add Tab Create multiple dashboards full of key gadgets. For example, create a dashboard for routers, create one for servers, and even create one for your web properties to make sure they are up and running. Add Gadgets Provides a list of gadgets to use on the dashboard. They encompass a broad suite of mission critical data like device application, networking, devices, availability, and web-based tools. Please see Configure a Gadget for more details.

These dashboard functions can be found by selecting the down arrow on each tab. Configure Columns Set the number of columns for your dashboard page. Gadgets will resize automatically based on the number of columns. Rename Tab Give every dashboard tab a friendly name for easy navigation across your multiple dashboards. Clear Gadgets Will clear the dashboard of any gadgets and allow you to start fresh in configuring the dashboard. Close Tab Will permanently remove the dashboard tab and all its associated gadgets.

Configure a Gadget
Configure a Gadget The Dashboard offers a wide range of gadgets to present any data being collected about your network. Every gadget takes you through a similar and intuitive configuration wizard that makes setup quick and easy. Active Directory Monitors the performance counters for Active Directory server. o o o o o Name enter a friendly name Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name Target - enter the host name or IP Address WMI Timeout (ms) - Designate the maximum amount of time in milliseconds that WMI will wait for a response from the target. If the target does not respond within the number of milliseconds set, it is assumed down WMI Credential Set the proper credential store for the network of the device you are going to monitor. To configure the credential store, please see the section titled Credential Settings. Performance Counters Configuration select the Active Directory performance counters that you would like to monitor in the gadget p35

Quest Corporation, 2010

DRA Inbound Bytes Total / Sec - This counter displays the number of bytes received through inbound Active Directory related replication. If this number is consistently equal to zero, it means that replication is not occurring. Low numbers may indicate that there is a network bottleneck or that the server's NIC is too busy with other traffic to receive the requests in a timely manner. DRA Inbound Object Updates Remaining in Packet - This counter displays the number of Active Directory objects that have been received through replication, but that have not yet been applied. This number may start high, but should diminish very quickly. If this value takes a while to diminish, it is a clue that the server's hardware might not be fast enough to keep up with the demand. DRA Outbound Bytes Total / Sec - This counter displays the total number of bytes (compressed and uncompressed) that are being transmitted each second as a result of the replication process. A lack of activity often indicates insufficient hardware. DRA Pending Replication Synchronization - This number indicates the number of objects which must be synchronized. Like the DRA Inbound Object Updated Remaining in Packet counter, this value may start high, but should quickly dissipate. If this counter's value remains high, it usually means that the hardware is having trouble keeping pace with the demands being made of it. DS Threads in Use - This counter indicates the number of threads that are currently servicing client API calls. You can use this v alue to determine whether or not the domain controller could benefit from additional processors. Kerberos Authentications - The value from this counter indicates the number of times each second that clients use a ticket to authenticate to the domain controller. A lack of activity sometimes indicates that network problems are preventing requests from reaching the domain controller. LDAP Bind Time - This counter indicates the number of milliseconds that the last successful LDAP bind took to complete. This value should remain consistently low. Longer bind times can be an indication of network problems or of hardware that needs to be upgraded. LDAP Client Sessions - This number indicates the number of LDAP sessions that are connected to the domain controller at the moment. The appropriate value depends on your network, but if this value remains at zero, it means that you probably have some network problems that are preventing client sessions from connecting with the server. LDAP Searches / Sec - The LDAP Searches / Sec counter indicates the number of LDAP queries made by clients each second. I recommend viewing this counter along with the LDAP Successful Binds / Sec counter, which shows the number of successful LDAP binds each second. The biggest thing that you are looking for in these two counters is activity. A lack of activity would almost always indicate that network problems are disrupting the client's ability to interact with the domain controller.

Alerts in Process A detailed display of alerts that have been triggered. o Date and time the alert was triggered. o The name of the alert. o The policy name for the alert. o IP address of the device that the alert was triggered for. o The status of any automated remediation actions that occurred.

Average Latency Chart Indicates the average latency of a node(s) by charting the ping results. o o o o o Name enter a friendly name Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name Target - type the host name(s) or IP Address(es) Ping Timeout (ms) - Designate the maximum amount of time in milliseconds that Ping will wait for a response from the target. If the target does not respond within the number of milliseconds set, Ping Scan will assume it is down. p36

Quest Corporation, 2010

o o

o o

Ping Packet TTL (Time-To-Live) Designate the number of hops along the way to the specified address. With a setting of 32, your Ping Scan could pass through up to 32 different routers on the way to the remote address before being thrown away by the network. Pings Per Node - Set the number of Ping attempts to send each address during a scan. Delay Between Pings - Designate the time in milliseconds between each successive Ping to the target address. Setting this value very low will send a constant stream of Pings to the target IP address. Chart Type - Select the type from Spline or Area. Chart Zoom - Select the zoom level interval: 15 minutes, 30 minutes, 45 minutes, and 1 hour.

Average Latency Gauge Indicates the average latency of a node based on response time and average packet loss. o o o o o Name enter a friendly name Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name Target - type the host name or IP Address Ping Timeout (ms) - Designate the maximum amount of time in milliseconds that Ping will wait for a response from the target. If the target does not respond within the number of milliseconds set, Ping Scan will assume it is down. Ping Packet TTL (Time-To-Live) Designate the number of hops along the way to the specified address. With a setting of 32, your Ping Scan could pass through up to 32 different routers on the way to the remote address before being thrown away by the network. Pings Per Node - Set the number of Ping attempts to send each address during a scan. Delay Between Pings - Designate the time in milliseconds between each successive Ping to the target address. Setting this value very low will send a constant stream of Pings to the target IP address. Percent Thresholds Set the warning and critical percent levels for your gauges. When the warning threshold is met, the gauge will turn yellow; and when the critical threshold is met, the gauge will turn red. Response Time Thresholds - Set the warning and critical percent levels for your gauges. When the warning threshold is met, the gauge will turn yellow; and when the critical threshold is met, the gauge will turn red.

o o

Average Latency List Indicates the average latency of a list of node(s) by showing the response time and a color indicator bar. o o o o o Name enter a friendly name Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name Target - type the host name or IP Address Ping Timeout (ms) - Designate the maximum amount of time in milliseconds that Ping will wait for a response from the target. If the target does not respond within the number of milliseconds set, Ping Scan will assume it is down. Ping Packet TTL (Time-To-Live) Designate the number of hops along the way to the specified address. With a setting of 32, your Ping Scan could pass through up to 32 different routers on the way to the remote address before being thrown away by the network. Pings Per Node - Set the number of Ping attempts to send each address during a scan. Delay Between Pings - Designate the time in milliseconds between each successive Ping to the target address. Setting this value very low will send a constant stream of Pings to the target IP address.

o o

Average Latency Text

p37

Quest Corporation, 2010

Indicates the average latency of a node by changing the color of the text. Green indicates the ping was successful and red indicates the ping failed to reach the target. o o o o o Name enter a friendly name Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name Target - type the host name or IP Address Ping Timeout (ms) - Designate the maximum amount of time in milliseconds that Ping will wait for a response from the target. If the target does not respond within the number of milliseconds set, Ping Scan will assume it is down. Ping Packet TTL (Time-To-Live) Designate the number of hops along the way to the specified address. With a setting of 32, your Ping Scan could pass through up to 32 different routers on the way to the remote address before being thrown away by the network. Pings Per Node - Set the number of Ping attempts to send each address during a scan. Delay Between Pings - Designate the time in milliseconds between each successive Ping to the target address. Setting this value very low will send a constant stream of Pings to the target IP address.

o o

Configuration Backup Displays the current device configuration file and allows you to compare it to a historical version. o File the current startup or running config from the device o Refresh Interval Note: HP and Juniper devices require telnet credentials to backup the configuration file.

Call Path Jitter Chart Monitors Call Path Jitter via IP SLA on Cisco Routers o Name enter a friendly name o Display Mode IP Address or DNS Name o Select Call Path Source - Select the IP of the Call Path Source o Select Call Path Destination - Select the IP of the Call Path Destination o Chart Display Type - Select Area, Bar, or Line chart o Chart Display Intervals - Select Last Hour, Last Day, Last Week, Last Month, and / or Last Year

Call Path Latency Chart Monitors Call Path Latency via IP SLA on Cisco Routers o Name enter a friendly name o Display Mode IP Address or DNS Name o Select Call Path Source - Select the IP of the Call Path Source o Select Call Path Destination - Select the IP of the Call Path Destination o Chart Display Type - Select Area, Bar, or Line chart o Chart Display Intervals - Select Last Hour, Last Day, Last Week, Last Month, and / or Last Year

Call Path MOS Chart Monitors Call Path MOS via IP SLA on Cisco Routers o Name enter a friendly name o Display Mode IP Address or DNS Name o Select Call Path Source - Select the IP of the Call Path Source o Select Call Path Destination - Select the IP of the Call Path Destination o Chart Display Type - Select Area, Bar, or Line chart p38

Quest Corporation, 2010

Chart Display Intervals - Select Last Hour, Last Day, Last Week, Last Month, and / or Last Year

Call Path Packet Loss Chart Monitors Call Path Packet Loss via IP SLA on Cisco Routers o Name enter a friendly name o Display Mode IP Address or DNS Name o Select Call Path Source - Select the IP of the Call Path Source o Select Call Path Destination - Select the IP of the Call Path Destination o Chart Display Type - Select Area, Bar, or Line chart o Chart Display Intervals - Select Last Hour, Last Day, Last Week, Last Month, and / or Last Year

Call Path Statistics Monitors Call Path MOS via IP SLA on Cisco Routers o Name enter a friendly name o Display Mode IP Address or DNS Name o Monitor Scope - Select Latest, Last Hour, Last Day, Last Week, Last Month, or Last Year o Select Call Path Source - Select the IP of the Call Path Source o Select Call Path Destination - Select the IP of the Call Path Destination

Configuration Backup

Displays and backs up configuration files for Cisco, HP and Juniper devices. (Note: HP and Juniper devices require read/write Telnet credential. o Name enter a friendly name o Display Mode IP Address or DNS Name o Select Networking device Target - Select the IP of the device where backup is to occur. CPU Chart Monitors the CPU usage percentage of a device. o o o o o Name enter a friendly name Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name Target - type the host name or IP Address SNMP Timeout (ms) - Designate the maximum amount of time in milliseconds that SNMP will wait for a response from the target. If the target does not respond within the number of milliseconds set, SNMP will assume it is down SNMP V1/2c Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. SNMP V3 Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. Percent Thresholds Set the warning and critical percent levels for your gauges. When the warning threshold is met, the gauge will turn yellow; and when the critical threshold is met, the gauge will turn red. Chart Type - Select the type from Spline or Area. Chart Zoom - Select the zoom level interval: 15 minutes, 30 minutes, 45 minutes, and 1 hour.

o o

CPU Gauge p39

Quest Corporation, 2010

Monitors the CPU usage percentage and average usage percentage of a device. o o o o o Name enter a friendly name Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name Target - type the host name or IP Address SNMP Timeout (ms) - Designate the maximum amount of time in milliseconds that SNMP will wait for a response from the target. If the target does not respond within the number of milliseconds set, SNMP will assume it is down SNMP V1/2c Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. SNMP V3 Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. Percent Thresholds Set the warning and critical percent levels for your gauges. When the warning threshold is met, the gauge will turn yellow; and when the critical threshold is met, the gauge will turn red.

CPU List Monitors the CPU usage percentage of device(s) within in network. o o o o o Name enter a friendly name Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name Target - type the host name(s) or IP Address(es) SNMP Timeout (ms) - Designate the maximum amount of time in milliseconds that SNMP will wait for a response from the target. If the target does not respond within the number of milliseconds set, SNMP will assume it is down SNMP V1/2c Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. SNMP V3 Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings.

CPU/Memory Chart Monitors the CPU and memory usage percentage of a device. o o o o o Name enter a friendly name Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name Target - type the host name or IP Address SNMP Timeout (ms) - Designate the maximum amount of time in milliseconds that SNMP will wait for a response from the target. If the target does not respond within the number of milliseconds set, SNMP will assume it is down SNMP V1/2c Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. SNMP V3 Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. Percent Thresholds Set the warning and critical percent levels for your gauges. When the warning threshold is met, the gauge will turn yellow; and when the critical threshold is met, the gauge will turn red. Chart Type - Select the type from Spline or Area. Chart Zoom - Select the zoom level interval: 15 minutes, 30 minutes, 45 minutes, and 1 p40

o o

Quest Corporation, 2010

hour. CPU/Memory Gauge Monitors the CPU and memory usage percentage of a device. o o o o o Name enter a friendly name Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name Target - type the host name or IP Address SNMP Timeout (ms) - Designate the maximum amount of time in milliseconds that SNMP will wait for a response from the target. If the target does not respond within the number of milliseconds set, SNMP will assume it is down SNMP V1/2c Credential Set the proper credential store for the network of the device you are going to monitor with the Memory Gauge. To configure the credential store, please see the section titled Credential Settings. SNMP V3 Credential Set the proper credential store for the network of the device you are going to monitor with the Memory Gauge. To configure the credential store, please see the section titled Credential Settings. Percent Thresholds Set the warning and critical percent levels for your gauges. When the warning threshold is met, the gauge will turn yellow; and when the critical threshold is met, the gauge will turn red.

CPU/Memory List Monitors the CPU and memory usage percentage of a device(s). o o o o o Name enter a friendly name. This step is optional. Display Mode show IP Address or DNS Name Monitor Scope - Select time period to be displayed. Target enter IP Address ranges or device groups Percent Thresholds Set the warning and critical percent levels for your gauges. When the warning threshold is met, the gauge will turn yellow; and when the critical threshold is met, the gauge will turn red.

CPU/Memory Status Monitors processor and memory usage o Name Enter a friendly name o Display Mode IP Address or DNS Name o Monitor Scope - Determine the time scope of the gadget o Select Target - Select a single target device o CPU Response Time Warning - Set the warning threshold. When the threshold is met, the display will change to yellow. o CPU Response Time Critical - Set the warning threshold. When the threshold is met, the display will change to red. o Memory Response Time Warning - Set the warning threshold. When the threshold is met, the display will change to yellow. o Memory Response Time Critical - Set the critical threshold. When the threshold is met, the display will change to red.

Device Alerts Displays the alerts triggered for a given device. o o Date and time the alert was triggered The name of the alert p41

Quest Corporation, 2010

o o o o o

The policy name for the alert The status of any automated remediation actions that occurred Description of the conditions that caused the alert to trigger Reset - ability to manually reset a single alert triggered for a device Reset All - ability to manually reset all triggered alerts for a device

Device Logs Displays logs files triggered for a given device. o Name enter a friendly name o Display Mode IP Address or DNS Name o Target - type the host name or IP Address o Type - display logs for alerts, scheduled actions, or patcher o Severity - display logs based on critical, warning, or informational

Dial Manager Configuration Displays Dial Manager Configuration via IP SLA on Cisco Routers o Name enter a friendly name o Display Mode IP Address or DNS Name o Select Dial Manager Target - Select the IP of the Call Manager.

Dial Manager Phone Chart Displays Dial Manager phones via IP SLA on Cisco Routers o Name enter a friendly name o Display Mode IP Address or DNS Name o Select Dial Manager Target - Select the IP of the Call Manager o Chart Display Type - Select Area, Bar, or Line chart o Chart Display Intervals - Select Last Hour, Last Day, Last Week, Last Month, and / or Last Year

Dial Manager Registration Status Displays Dial Manager Registration Status via IP SLA on Cisco Routers o Name enter a friendly name o Display Mode IP Address or DNS Name o Monitor Scope - Select Latest, Last Hour, Last Day, Last Week, Last Month, and / or Last Year o Select Dial Manager Target - Select the IP of the Call Manager

Disk Volume Chart Monitors the disk utilization on a hard drive of a specific device. o Name enter a friendly name o Refresh Interval determine how often the gadget executes o Display Mode IP Address or DNS Name o Target - type the host name or IP Address o SNMP Timeout (ms) - Designate the maximum amount of time in milliseconds that SNMP will wait for a response from the target. If the target does not respond within the number of milliseconds set, SNMP will assume it is down o SNMP V1/2c Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. o SNMP V3 Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. p42

Quest Corporation, 2010

o o o

Storage Filters Display storage capacity greater than a number of megabytes, gigabytes, or terabytes. Chart Type - Select the type from Spline or Area. Chart Zoom - Select the zoom level interval: 15 minutes, 30 minutes, 45 minutes, and 1 hour.

Disk Volumes Monitors the disk utilization of each drive as a percent of capacity for a device. o Name enter a friendly name o Refresh Interval determine how often the gadget executes o Display Mode IP Address or DNS Name o Target - type the host name or IP Address o SNMP Timeout (ms) - Designate the maximum amount of time in milliseconds that SNMP will wait for a response from the target. If the target does not respond within the number of milliseconds set, SNMP will assume it is down o SNMP V1/2c Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. o SNMP V3 Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. o Percent Thresholds Set the warning and critical percent levels for your list. When the warning threshold is met, the value will turn yellow; and when the critical threshold is met, the value will turn red. o Storage Filters Display storage capacity greater than a number of megabytes, gigabytes, or terabytes.

Installed Applications Displays installed applications via SNMP (some devices require Telnet or SSH) o Name enter a friendly name o Display Mode IP Address or DNS Name o Target - enter the host name or IP Address

IP Configuration Displays the IP Configuration information for a device. o Name enter a friendly name o Display Mode IP Address or DNS Name o Monitor Scope - the time resolution that is displayed on the gadget o Target - enter the host name or IP Address o IP - the IP address assigned to the device o Subnet - the subnet on which the device lies o Interface - provides the active interfaces of the device

IP SLA Overview Displays Dial Manager Registration Status via IP SLA on Cisco Routers o Select Device(s) Select All or some devices. o Monitor Scope - Select Latest, Last Hour, Last Day, Last Week, Last Month, and / or Last Year. o Group By Call Sites - Check or uncheck this feature for organization purposes o Sort By - Select by Jitter, MOS, ICPIF, Latency or Packet Loss o Max Call Path - Select the maximum you wish to display

Memory Chart p43

Quest Corporation, 2010

Monitors the memory usage percentage of a device. o o o o o Name enter a friendly name Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name Target - type the host name or IP Address SNMP Timeout (ms) - Designate the maximum amount of time in milliseconds that SNMP will wait for a response from the target. If the target does not respond within the number of milliseconds set, SNMP will assume it is down SNMP V1/2c Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. SNMP V3 Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. Percent Thresholds Set the warning and critical percent levels for your gauges. When the warning threshold is met, the gauge will turn yellow; and when the critical threshold is met, the gauge will turn red. Chart Type - Select the type from Spline or Area. Chart Zoom - Select the zoom level interval: 15 minutes, 30 minutes, 45 minutes, and 1 hour.

o o

Memory Gauge Monitors the memory usage percentage and average usage percentage of a device. o o o o o Name enter a friendly name Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name Target - type the host name or IP Address SNMP Timeout (ms) - Designate the maximum amount of time in milliseconds that SNMP will wait for a response from the target. If the target does not respond within the number of milliseconds set, SNMP will assume it is down SNMP V1/2c Credential Set the proper credential store for the network of the device you are going to monitor with the Memory Gauge. To configure the credential store, please see the section titled Credential Settings. SNMP V3 Credential Set the proper credential store for the network of the device you are going to monitor with the Memory Gauge. To configure the credential store, please see the section titled Credential Settings. Percent Thresholds Set the warning and critical percent levels for your gauges. When the warning threshold is met, the gauge will turn yellow; and when the critical threshold is met, the gauge will turn red.

Memory List Monitors the memory usage percentage of device(s) within in network. o o o o o Name enter a friendly name Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name Target - type the host name(s) or IP Address(es) SNMP Timeout (ms) - Designate the maximum amount of time in milliseconds that SNMP will wait for a response from the target. If the target does not respond within the number of milliseconds set, SNMP will assume it is down SNMP V1/2c Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. SNMP V3 Credential Set the proper credential store for the network of the device you are p44

Quest Corporation, 2010

going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. MS Exchange Monitors the performance counters for MS Exchange server. o o o o o Name enter a friendly name Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name Target - enter the host name or IP Address WMI Timeout (ms) - Designate the maximum amount of time in milliseconds that WMI will wait for a response from the target. If the target does not respond within the number of milliseconds set, it is assumed down WMI Credential Set the proper credential store for the network of the device you are going to monitor. To configure the credential store, please see the section titled Credential Settings. Performance Counters Configuration select the MS Exchange performance counters that you would like to monitor in the gadget Exchange 2007 MSExchangeAD Topology - Provides Active Directory topology information to Exchange services. If this service is stopped, most Exchanges services are unable to start. MSExchangeAntiSpamUpdate - The Microsoft Forefront Security for Exchange Server anti-spam update service. MSExchangeEdgeSync - The Microsoft Exchange EdgeSync Service. MSExchangeFDS - Microsoft Exchange File Distribution Service. MSExchangeImap4 Provides Internet Message Access Protocol (IMAP4) Services to client. If this service is stopped, clients are unable to connect to this computer using the IMAP4 protocol. MSExchangeIS - Manages the Microsoft Exchange Information Store. This includes mailbox stores and public folder stores. If this service is stopped, mailbox stores and public folder stores on this computer are unavailable. MSExchangeMailboxAssistants - Performs background processing of mailboxes in the Exchange store. MSExchangeMail Submission - Submits messages from the Mailbox server to the Hub Transport servers. MSExchangeMonitoring - Allows applications to call the Exchange diagnostic cmdlets. MSExchangePop3 - Provides Post Office Protocol version (POP3) Services to clients. If this service is stopped, clients are unable to connect to this computer using the POP3 protocol. MSExchangeRepl - The Microsoft Exchange Replication Service provides replication functionality for Mailbox server role databases and is used by local continuous replication and cluster continuous replication. MSExchangeSA - Forwards directly lookups to a global catalog server for legacy Outlook clients, generates email addresses and offline address books, updates free/busy information for legacy clients, and maintains permissions and group memberships for the server. MSExchangeSearch - Quickly creates full-text indexes on content and properties of structured and semi-structured data to allow fast linguistic searches on this data. MSExchangeServiceHost - Provides a host for several Microsoft Exchange services. MSExchangeTransport - The Microsoft Exchange Transport Service. MSExchangeTransportLogSearch - Provides remote search capability for Microsoft Exchange Transport log files. Msftesql-Exchange - Microsoft Full-Text Engine for SQL Server. System Processor Time - Amount of processor being used by the System Resources. Store Processor Time - Amount of processor being used by the Information Store. p45

o o

Quest Corporation, 2010

Inetinfo Processor Time - Amount of processor being used by the Microsoft Internet Information Services. Transport Queues - This counter displays the number of bytes received through inbound Active Directory related replication. If this number is consistently equal to zero, it means that replication is not occurring. Low numbers may indicate that there is a network bottleneck or that the server's NIC is too busy with other traffic to receive the requests in a timely manner. RPC Packets/sec - The rate of Remote Procedure Call (RPC) packets RPC Average Latency - This indicates the Remote Procedure Call (RPC) averaged latency in milliseconds for the past 1024 packets. Disk Transfers/sec - The average sum of all random read/write input/output (I/O) operations to the Microsoft Exchange Database disk volumes (both .edb and .stm files). Exchange 2003 IMAP4Svc - Provides Microsoft Exchange IMAP4 Services. MSExchangeES - Monitors folders and fires events, for Exchange 5.5-compatible server applications. MSExchangeIS - Manages Microsoft Exchange Information Storage. MSExchangeMGMT - Provides Microsoft Exchange management information through WMI. MSExchangeMTA - Provides Microsoft Exchange X.400 services MSExchangeSA - Provides system related services for Microsoft Exchange MSExchangeSRS - No entry POP3Svc - Provides Microsoft Exchange POP3 Services RESvc - Processes Microsoft Exchange routing information System Processor Time - Amount of processor being used by the System Resources. Store Processor Time - Amount of processor being used by the Information Store. Inetinfo Processor Time - Amount of processor being used by the Microsoft Internet Information Services. RPC Packets/sec - The rate of Remote Procedure Call (RPC) packets Averaged Latency - This indicates the Remote Procedure Call (RPC) averaged latency. Disk Transfers/sec - The average sum of all random read/write input/output (I/O) operations to the Microsoft Exchange Database disk volumes (both .edb and .stm files). Local Queue Length - The number of messages in the local queue waiting delivery to local users. Exchange 2000 IMAP4Svc - Provides Microsoft Exchange IMAP4 Services. MSExchangeES - Monitors folders and fires events, for Exchange 5.5-compatible server applications. MSExchangeIS - Manages Microsoft Exchange Information Storage. MSExchangeMGMT - Provides Microsoft Exchange management information through WMI. MSExchangeMTA - Provides Microsoft Exchange X.400 services MSExchangeSA - Provides system related services for Microsoft Exchange MSExchangeSRS - No entry POP3Svc - Provides Microsoft Exchange POP3 Services RESvc - Processes Microsoft Exchange routing information SMTPSVC - Transports electronic mail across the network Inetinfo Processor Time -Amount of processor being used by the Microsoft Internet Information Services. MAD Processor Time - Amount of processor being used by the Exchange System Attendant Service. The process called mad.exe is a core part of Microsoft Exchange. It performs a number of key functions, for example, it will manage the loading of additional dlls when you make config changes to Exchange. It also performs the message tracking logging. You should leave this process running if you use Microsoft Exchange. If you find that it is using a large amount of resources (e.g. 90% CPU) you should check to see if there are any updates available for Exchange, from Microsoft. p46

Quest Corporation, 2010

Store Processor Time - Amount of processor being used by the Information Store. Local Queue Length - Local Queue Length indicates the number of messages in the local SMTP queue. Messages Delivered/sec - Messages Delivered/sec indicates the rate that messages are being delivered to local mailboxes. Messages Received/sec - Messages Received/sec indicates the rate that messages are being received. Messages Sent/sec - Messages Sent/sec indicates the rate that messages are being sent. Messages Open/Sec - Message Opens/sec indicates the rate that requests to open messages are submitted to the Exchange store. Folder Opens/sec - Folder Opens/sec indicates the rate that requests to open folders are submitted to the Exchange store. Local Delivery Rate - Local Delivery Rate indicates the rate at which messages are being delivered locally. RPC Operations/sec - RPC Operations/sec indicates the rate that RPC operations occur. This counter tells you how many RPC requests are outstanding. If Outlook is notifying users that it cannot contact their Exchange server, it is likely that this counter will show significant spikes. RPC Requests - RPC Requests indicates the number of client requests that are currently being processed by the Exchange store. This counter should not exceed 100. You should also use this counter to establish a baseline of normal server performance.

Network Interface Chart Monitors the network interface performance for a device by showing the percent of capacity or throughput. o o o o o Name enter a friendly name Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name Target - type the host name or IP Address SNMP Timeout (ms) - Designate the maximum amount of time in milliseconds that SNMP will wait for a response from the target. If the target does not respond within the number of milliseconds set, SNMP will assume it is down SNMP V1/2c Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. SNMP V3 Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. Traffic Display Mode Percent of capacity or throughput Select the network interface to display Chart Type - Select the type from Spline or Area. Chart Zoom - Select the zoom level interval: 15 minutes, 30 minutes, 45 minutes, and 1 hour.

o o o o

Network Interface List Monitors the network interface performance for a device by showing the percent of capacity or throughput. o o o o o Name enter a friendly name Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name Target - type the host name or IP Address SNMP Timeout (ms) - Designate the maximum amount of time in milliseconds that SNMP will wait for a response from the target. If the target does not respond within the number of milliseconds set, SNMP will assume it is down SNMP V1/2c Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see p47

Quest Corporation, 2010

o o o o

the section titled Credential Settings. SNMP V3 Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. Traffic Display Mode Percent of capacity or throughput Hide inactive interface will not be displayed in results Include all network interfaces or select specific network interfaces to display Customize the view for your gadget. Percent Thresholds Set the warning and critical percent levels for your gauges. When the warning threshold is met, the gauge will turn yellow; and when the critical threshold is met, the gauge will turn red.

Network Statistics Summary Displays Network Statistics via SNMP o Name enter a friendly name o Display Mode IP Address or DNS Name o Select Target device - Select the IP of the device

Network Traffic Flow Displays the NetFlow / sFlow / JFlow / ptFlow for a switch or router. o Name enter a friendly name o Display Mode IP Address or DNS Name o Target - type the host name or IP Address o Period - filter the time range for data display o Show Top - filter the number of traffic flows that show in the display

Open Source Web Viewer Monitors the CPU performance of a list of node(s) by showing the usage percentage and a color indicator bar. o o o o Name enter a friendly name. URL enter the URL for the browser-based open source network management tool or website. Enable Refresh allow the gadget to refresh. Note that many websites have auto refresh so you might consider disabling the refresh option. Enable Scroll Bar allow for a scroll bar on the gadget to move up and down

Log Information Displays all the log files generated in a single view. o o Type - Display alerts, scheduled actions, or patcher Severity - display critical, warning, or information messages

Policy Scheduled Actions Displays all the scheduled actions in a single view. o o o o o Policy - name of the policy that contains the scheduled action Run Time - the actual time that the action will / has run Count - the number of actions to be taken Action Group - the friendly name assigned to the scheduled action Actions - the actions that will be triggered p48

Quest Corporation, 2010

Running Processes Displays IP Address, device type and roles, operating system, domain, and other detailed system information for a device. o o o Name enter a friendly name Display Mode IP Address or DNS Name Target - type the host name or IP Address

Software Inventory Displays all the software installed for a device. o o o Name enter a friendly name Display Mode IP Address or DNS Name Target - type the host name or IP Address

SQL Server Monitors the performance counters for SQL Server. o o o o o Name enter a friendly name Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name Target - enter the host name or IP Address WMI Timeout (ms) - Designate the maximum amount of time in milliseconds that WMI will wait for a response from the target. If the target does not respond within the number of milliseconds set, it is assumed down WMI Credential Set the proper credential store for the network of the device you are going to monitor. To configure the credential store, please see the section titled Credential Settings. Select Instance Select the specific SQL Instance that you want to monitor SQL Server Version Displays the version of SQL Server Select Database(s) Select the SQL Database(s) that you want to monitor. Use SHIFT, CTRL keys to select multiple items. Performance Counters Configuration select the SQL Server performance counters that you would like to monitor in the gadget Databases-Transactions/Sec - This counter measures the number of transactions started per second. Transactions are the basis of everything in SQL Server, and most queries are implicit transactions. This measurement is extremely handy for determining if the load has substantially increased over time. This also gives you an indicator to how the workload is on your system. Access Methods-Full Scan/Sec - This counter should always be captured. It shows how often a table index is not being used and results in sequential I/O. This is defined as the number of unrestricted full scans. These can be either base table or full index scans. Missing or incorrect indexes can result in reduced performance because of too high disk access. Buffer Manager - This counter shows the percentage of pages that are found in SQL Servers buffer pool without having to incur a read from disk. A well-balanced system will have hit ratio values greater than 80%. The hit ratio ought to be 90% or better for OLTP-type databases. Latches-Latch Waits/sec - This counter measures the average amount of time, in milliseconds, that a latch request had to wait before it was serviced. Over time it is a good indicator for a general performance problem or if a performance issue is specific to one user. Locks Average Wait Time - This counter measures the average amount of time, in milliseconds, that a user is waiting for a lock. Over time it is a good indicator for a general performance problem or if a performance issue is specific to one user. Locks are inevitable but a sometimes a blocking or a deadlock can skew the values. Having p49

o o o o

Quest Corporation, 2010

Syslog

said that, less this wait the better it is. Wait Stats - The SQLServer:Wait Statistics performance object contains performance counters that report information about wait status. Lock waits - Statistics for processes waiting on a lock. Log write waits - Statistics for processes waiting for log buffer to be written. Network IO waits - Statistics relevant to wait on network I/O. Wait for the worker - Statistics relevant to processes waiting for worker to become available. Page IO latch waits - Statistics relevant to page I/O latches.

Displays all the collected syslog messages for a specific device. o o o o Name enter a friendly name Display Mode IP Address or DNS Name Target - type the host name or IP Address Change Filters - ability to filter messages based on facility, severity, date, host, and text

System Information Displays detailed system information on a device. o o o Name enter a friendly name Display Mode IP Address or DNS Name Target - type the host name or IP Address

Top 10 Average CPU Usage (%) Monitors the CPU performance of a list of node(s) by showing the usage percentage and a color indicator bar. o o o o o Name enter a friendly name Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name Target - type the host name(s) or IP Address(es) SNMP Timeout (ms) - Designate the maximum amount of time in milliseconds that SNMP will wait for a response from the target. If the target does not respond within the number of milliseconds set, SNMP will assume it is down SNMP V1/2c Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. SNMP V3 Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings.

Top 10 Average Memory Usage (%) Monitors the memory performance of a list of node(s) by showing the usage percentage and a color indicator bar. o o o o o Name enter a friendly name Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name Target - type the host name(s) or IP Address(es) SNMP Timeout (ms) - Designate the maximum amount of time in milliseconds that SNMP will wait for a response from the target. If the target does not respond within the number of milliseconds set, SNMP will assume it is down p50

Quest Corporation, 2010

SNMP V1/2c Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. SNMP V3 Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings.

Top 10 Average Packet Loss (%) Indicates the average packet loss of a list of node(s) by showing the response time and a color indicator bar. o o o o o Name enter a friendly name Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name Target - type the host name or IP Address Ping Timeout (ms) - Designate the maximum amount of time in milliseconds that Ping will wait for a response from the target. If the target does not respond within the number of milliseconds set, Ping Scan will assume it is down. Ping Packet TTL (Time-To-Live) Designate the number of hops along the way to the specified address. With a setting of 32, your Ping Scan could pass through up to 32 different routers on the way to the remote address before being thrown away by the network. Pings Per Node - Set the number of Ping attempts to send each address during a scan. Delay Between Pings - Designate the time in milliseconds between each successive Ping to the target address. Setting this value very low will send a constant stream of Pings to the target IP address.

o o

Top 10 Disk Volume Usage (%) Indicates the highest average disk volume usage as a percentage of drive capacity for a list of devices by showing capacity used and a color indicator bar. o o o o Name enter a friendly name Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name SNMP Timeout (ms) - Designate the maximum amount of time in milliseconds that SNMP will wait for a response from the target. If the target does not respond within the number of milliseconds set, SNMP will assume it is down SNMP V1/2c Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. SNMP V3 Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. Target enter the IP Addresses or Device Groups Percent Thresholds Set the warning and critical percent levels for your list. When the warning threshold is met, the value will turn yellow; and when the critical threshold is met, the value will turn red. Storage Filters Display storage capacity greater than a number of megabytes, gigabytes, or terabytes.

o o

Top 10 Highest Average Latency (ms) Indicates the highest average latency of a list of node(s) by showing the response time and a color indicator bar. o Name enter a friendly name p51

Quest Corporation, 2010

o o o o

o o

Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name Target - type the host name or IP Address Ping Timeout (ms) - Designate the maximum amount of time in milliseconds that Ping will wait for a response from the target. If the target does not respond within the number of milliseconds set, Ping Scan will assume it is down. Ping Packet TTL (Time-To-Live) Designate the number of hops along the way to the specified address. With a setting of 32, your Ping Scan could pass through up to 32 different routers on the way to the remote address before being thrown away by the network. Pings Per Node - Set the number of Ping attempts to send each address during a scan. Delay Between Pings - Designate the time in milliseconds between each successive Ping to the target address. Setting this value very low will send a constant stream of Pings to the target IP address.

Top 10 Network Interface Usage Indicates the highest network interface usage for a list of nodes by showing the percent of capacity or throughput of a specific interface. o o o o Name enter a friendly name Refresh Interval determine how often the gadget executes Display Mode IP Address or DNS Name SNMP Timeout (ms) - Designate the maximum amount of time in milliseconds that SNMP will wait for a response from the target. If the target does not respond within the number of milliseconds set, SNMP will assume it is down SNMP V1/2c Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. SNMP V3 Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Credential Settings. Top 10 Traffic Criteria Transmit + Receive, Transmit only, or Receive only Traffic Display Mode Percent of capacity or throughput Hide inactive interface will not be displayed in results Target enter IP Addresses, Host Names, or Device Groups Percent Thresholds Set the warning and critical percent levels for your gauges. When the warning threshold is met, the gauge will turn yellow; and when the critical threshold is met, the gauge will turn red.

o o o o o

Top 10 Network Traffic: Applications Displays network traffic data by applications for the last hour. o o o Name enter a friendly name Display Mode IP Address or DNS Name Target enter device IP address or DNS

Top 10 Network Traffic: Conversation Displays network traffic data by conversations for the last hour. o o o Name enter a friendly name Display Mode IP Address or DNS Name Target enter device IP address or DNS

Top 10 Network Traffic: Domains p52

Quest Corporation, 2010

Displays network traffic data by domains for the last hour. o o o Name enter a friendly name Display Mode IP Address or DNS Name Target enter device IP address or DNS

Top 10 Network Traffic: Endpoints Displays network traffic data by endpoints for the last hour. o o o Name enter a friendly name Display Mode IP Address or DNS Name Target enter device IP address or DNS

Virtual Machines Displays VMware ESX Server virtual machines o Name enter a friendly name o Display Mode IP Address or DNS Name o Target enter device IP address or DNS

VMware Host Summary Displays VMWare ESX Server host summary o Name enter a friendly name o Display Mode IP Address or DNS Name o Target enter device IP address or DNS

VoIP Active Calls Displays Active Calls via IP SLA on Cisco Call Manager o Name enter a friendly name o Display Mode IP Address or DNS Name o Target enter device IP address or DNS

VoIP Call History Displays Call History via IP SLA on Cisco Call Manager o Name enter a friendly name o Display Mode IP Address or DNS Name o Target enter device IP address or DNS

VoIP Phone Status Displays VoIP Phone Statusvia IP SLA on Cisco Call Manager o Name enter a friendly name o Display Mode IP Address or DNS Name o Target enter device IP address or DNS

Welcome Displays hyperlinked checklist including Run network discovery, Configure SNMP settings, Customize device policies, alerts and actions, Setup additional system users, Distribute Studio to IT team, and Customize Dashboard p53

Quest Corporation, 2010

Windows Event Logs Displays all the event logs collected for a device. Log files include application, security, and system event logs. o o o Name enter a friendly name Display Mode IP Address or DNS Name Target enter device IP address or DNS

Windows Services Displays critical windows services for up, down, disabled status and detailed information. o o o Name enter a friendly name Display Mode IP Address or DNS Name Target enter device IP address or DNS

Wireless Access Point Display visibility into a wireless access point, clients and sessions. Key variables include signal strength and quality. o o o Name enter a friendly name Display Mode IP Address or DNS Name Target enter device IP address or DNS

Wireless Access Point List Display granular information of all wireless access points on the network. o Select all or specific devices in the gadget configuration wizard

Wireless Clients Chart Display a chart graph for the number of wireless clients connected to a wireless access point. o o o o o Name enter a friendly name Display Mode IP Address or DNS Name Target enter device IP address or DNS Chart Display Type - Bar, area, or line Chart Display Intervals - select the chart(s) to be displayed on the dashboard

Wireless Clients List Display key variables of each client connected to the wireless access point. o o o o Name enter a friendly name Display Mode IP Address or DNS Name Monitor Scope - select the time range of date to be displayed on the dashboard Target enter device IP address or DNS

Wireless Traffic Chart Display the amount of receive and transmit network traffic generated by a wireless device. o Name enter a friendly name p54

Quest Corporation, 2010

o o o o

Display Mode IP Address or DNS Name Target enter device IP address or DNS Chart Display Type - Bar, area, or line Chart Display Intervals - select the chart(s) to be displayed on the dashboard

Devices
Device Inventory Overview The Device Viewer creates a detailed repository of all devices on your network. It provides operating system, interface and port details, IP addresses, installed Windows software and many other details.

Gather complete device information without the need of an agent Store all inventory information locally for quick access Search for granular information across all devices for additional analysis Generate reports for each or all devices and export to HTML or .CSV

Learn more: Create Device Groups Add a Device(s) Device Details

Device Overview
The device overview provides a clear summary of key information for all devices being monitored.

A color indicator if ping requests to a device are successful The IP address of the device The Host name identified by DNS or Netbios CPU performance Memory performance Ping response time The policy the device is under Additional IP addresses associated with the device

Right Click Functionality This software provides robust functionality in the right click context menu. roles. Add to New Device Group Ability to create a new device group and add the selected device(s) to it. Add to Device Group p55 Set Name and Roles Add friendly names to your devices for ease of use. Override system-determined roles and select

Quest Corporation, 2010

Ability to add the selected device(s) to an existing device group. Remove from Device Group Ability to remove the selected device(s) from a device group. Add to New Policy Ability to create a new policy and add the selected device(s) to it. Change Policy Ability to change the policy assignment for the selected device(s). Remove from Policy Ability to remove the selected device(s) from a policy. Delete Device Ability to delete a device from the database. Set Credentials Ability to assign or change credentials for a device. Select Managed Credentials to create a new credential and assign it to a device. Learn more about Managed Credentials. Enable Traffic Analysis Enable Netflow, sFlow, J-flow or ptFlow on a device.

Enable IP SLA Responder Configure a Cisco device as an IP SLA Responder to capture and measure connections. Enter the Device IP, SNMP credentials, get settings and save settings. Enable IP SLA Call Path Configure a Cisco device to establish an IP SLA Call Path. Enter the Device IP, SNMP credentials, get settings and save settings. Run Report Ability to run any one of the many reports. Learn more about Reports. RDP Ability to RDP directly to the selected machine. Telnet Ability to Telnet directly to the selected machine. Web Browser Ability to web browser directly to the selected machine.

Add Device Groups


Add Device Group Allows the user to create new Device Groups. These groups can be used in any Target field in the Viewer. Edit Devices Ability to add or remove devices from the Device Group. Edit Name p56

Quest Corporation, 2010

Ability to edit the name of the Device Group. Remove Ability to remove the Device Group from the system.

Add Device(s)
Run Network Discovery to add Device(s) Step 1: Choose an agent to run device discovery with. The Server agent is automatically selected by default. Remote agents (other locations)will be added when installed and configured. Step 2: Enter CIDR, DNS, IP/SubnetMask or Range of IP Addresses into the Target field. Step 3: Select Network Discovery Techniques Exclude Devices in Database Select if you want to not include previous discovered devices that are in the device database in your new search. This is speed up future discoveries on the same network. Ping Uses ICMP to get responding status of a device. See below for Advanced Settings. MAC Resolution Uses MAC Address to discover a device on the network.

Step 4: Choose Device Credentials you want to use to discover each device. SNMP V1/2c Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Encrypted Credential Store. SNMP V3 Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Encrypted Credential Store. WMI Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Encrypted Credential Store. Telnet Credential Set the proper credential store for the network of the device you are going to monitor with the CPU Gauge. To configure the credential store, please see the section titled Encrypted Credential Store.

Step 5: Click Next to discover the devices in your target field. Step 6: Select the devices you want to do a deep discovery on. Filters available for all, SNMP responding or WMI Responding nodes Step 7: Click Next. Step 8: Network Discovery Complete. Smart Policy Assignment Options. p57

Quest Corporation, 2010

Apply Smart Policy Assignments (Recommended) Applies "Smart Policy" assignments to discovered devices based on the device type and details gathered during the discovery process. This process chooses the best fit policy for each device. Apply to Default Policy Applies the standard Default Policy to all the devices selected from the discovery process. The Default Policy attributes will be applies to all the devices selected. Pending Device Updates Lists the count of devices to be updated by the following criteria: Total devices selected, New devices discovered, and Devices for agent reassignment.

Step 9: Click Finish to proceed to the Device Viewer. Configure Advanced Settings Ping settings allow you to turn on or off which resolutions are displayed. To configure click Settings button in the tool. Ping Ping Timeout (ms) Designates the maximum amount of time in milliseconds that Ping will wait for a response from the target. If the target does not respond within the number of milliseconds set, Ping will assume it is down. Ping Packet TTL (Time-To-Live) Designates the number of hops along the way to the specified address. With a setting of 32, your Ping Scan could pass through up to 32 different routers on the way to the remote address before being thrown away by the network. Pings Per Node Allows you to control the number of Ping attempts to send each address during a scan. When scanning networks containing Cisco routers, set this number above two (2). If the target IP address is not in the ARP cache of a Cisco router, the router discards the ICMP query (Ping) while it requests the MAC address of the target IP. The first Ping will never arrive at the subnet of the target IP address. In this situation, the Cisco router responds to the second Ping. Delay Between Pings Designates the time in milliseconds between each successive Ping to the target address. Setting this value very low will send a constant stream of Pings to the target IP address.

Enable SNMP
Enabling SNMP on Devices for Monitoring The easiest way to enable SNMP on a device is to leverage the SNMP Enablement Tool. Step 1: Right click on a device or group of devices and select Enable SNMP from the menu options. Step 2: Confirm the device(s) you want to enable SNMP on. Add more devices by clicking the select targets button. p58

Quest Corporation, 2010

Step 3: Click Next. Step 4: The software will Assess if the device(s) are available for SNMP Enablement and display a list of results. Step 5: Click Next. Step 6: Select the SNMP Credential you want to assign to the device(s). Enter new credentails with the Manage Credentials link. Step 7: Click Next. Step 8: Modify the preferred credential assigned to each device if needed. Highlight the device and you the 'Set Preferred' button at the bottom left corner. Step 9: Click Next. Step 10: SNMP will now be Enabled on the device(s). You can see the log in the enablement status window. Step 11: Click Finish to complete the process

Enable Traffic Analysis


The enable traffic analysis tool offers a GUI interface which makes enabling flow traffic on Netflow, Sflow, J-flow and ptFlow devices simple. The following are the prerequisites for the Enable Flow tool.

A read / write credential for the router must be supplied for either SNMP or Telnet UDP port 69 must be open on the machine running this software. The router must have an open route on UDP port 69 from the router to the machine running the host server

Enable Traffic Analysis Flow dialogue window Start Traffic Analysis Enablement - Enable a device Determine whether your device supports flow natively Click on the link to see of list of all devices that support Netflow, sFlow, J-flow Select Flow Type Choose the flow type; Netflow or Sflow. Or, click the J-flow link for separate instructions. If your device does not support any of the preceding flow types, select Enable ptFlow. See Enabling ptFlow. Flow Enablement Method Select the method to enable. Select Autodetect, Netflow via config file, Netflow via Cisco Netflow-MIB, or sFlow via sFlow-MIB SNMP or Telnet Credentials Read / write credentials for the router must be supplied for either SNMP, SSH or Telnet. Manage credentials A link is provided to the Encrypted Credential Store. This is a protected store of SNMP, WMI, SSH and FTP credentials shared by all tools and gadgets which require them. It uses standard p59

Quest Corporation, 2010

AES 256-bit encryption. . Get Settings Click this button to reveal Flow Configuration Settings. Flow Configuration Settings Select Export To checkboxes. Supply the address(es) where flow packets will be sent (This will be the Server IP). Adjust the port for the flow traffic. Finally, select the interface(s) ingress or egress for which flow traffic will be displayed. Save Settings Saves the flow settings to the selected startup or running config.

Configure ptFlow settings Select the physical interface(s) ingress or egress for which you wish to monitor flows. See Enabling ptFlow. Save Settings Saves the flow settings to the selected startup or running config.

Enable IP SLA Responder


Enable IP SLA Responder In order to test the performance from one Cisco device to another, you must set up the destination device to be a Responder. Step 1: Right click on the call path destination device and select Enable IP SLA Responder. Step 2: Verify the IP Address and SNMP credential of the device. Step 3: Click Get Settings to set the settings dialogue for configuration. Step 4: Select Responder Enabled at the bottom of the configuration window. Step 5: Click Save Settings to complete the set up process.

Enable IP SLA Call Path


Enable IP SLA Call Path In order to test the performance from one Cisco device to another, you must set up an IP SLA Call Path. Step 1: Right click on the call path initiating device and select Enable IP SLA Call Path. Step 2: Verify the IP Address and SNMP credential of the device. Step 3: Click Get Settings to set the settings dialogue for configuration. Step 4: Configure the Call Path: Remote IP The destination device for the call path test. p60

Quest Corporation, 2010

Frequency Time between each ping (test) in seconds. Codec Type Determined by the type of traffic your system uses. Packets Number of packets sent with each ping (test). Payload Size Number of bytes that is sent with each packet. Interval Time between each packet in milliseconds.

Repeat the Configure Call Path process for additional devices as needed. Step 5: Click Save Settings to complete the process.

Device Details
Device Details The device details section is a central view for all the devices in the database. In this view, you can see detailed information about the peformance of each device and begin the troubleshooting process if needed. View Details Overview Displays a detailed overview of a device including status, DNS, processor, disk, memory, network interface usage, and a link to the Credentials assigned to the selected device. Processes Provides all the processes names and paths for a given device. Software Gathers all the software installed on each device Applications Gathers important information related to the specific application being monitored. Logs Displays all the log files for a devie, including Windows Event logs, Syslogs, and Flow traffic. Settings Displays which policy and credentials have been assigned to a device. Configuration Backups Displays the most current configuration file backup which can also be compared to historical configuration file backups.

p61

Quest Corporation, 2010

Run Tools Quick Launch Launches selected tool against selected device if the Tool Suite is also installed on the machine. WHOIS Quickly accesses multiple public domain databases and performs a search by IP address or domain name. Enhanced Ping Continuously logs running response times and exports data on demand to HTML, XML and CSV files. Wake on LAN Boot any networked machine with previously enabled capability in the BIOS by means of a magic packet from a remote location.

. TraceRoute Finds the route from one IP host to another by sending specially configured packets in a series of hops from node to node. MAC Scan Scans the subnet of its host and builds a table comprised of a pertinent MAC Address, ping response-time, DNS, network card manufacturer and manufacturer address information for each IP Address. Port Scan Tests for open TCP ports on specified individual machines and ports as well as within targeted ranges of IP addresses and ports. DNS Audit Matches each IP Address in a specified range of IP Addresses to its domain name, and then checks back from the domain name to the IP Address to see if the resolution is the same forward and in reverse. Graphical Ping A versatile graphing tool which offers graphing functions (spline chart, bar chart, and area chart) and variable ICMP parameters to optimize data collection for differing situations and purposes. Ping Scan Sends ICMP packets to a range of IP addresses; displays which are in use, measures the response time, and provides DNS name.

Network Maps
Device Details Leveraging robust network discovery techniques, PacketTraps network mapping produces a multi-level, comprehensive, easy-to-view network map for each of your customers. Drill into devices and links for granular statics on performance and other key metrics. Maps are updated as new devices are added to the customers network.

Auto-creation of topology maps Changes to maps as devices are added p62

Quest Corporation, 2010

Drag and drop of devices to create customized views

Using Network Map 1. Create a new map by Right Click on network maps in the tree menu. 2. Enter friendly name of the map. 3. Select Add Devices from the top menu. A list of discovered devices will appear and highlight the devices to be included in the maps. 4. The software will auto link the selected devices and display them on the screen. 5. Select Set Background to insert an image behind the devices to create a topolgy view. Other mapping features unclude different device layouts, groups of maps for layered drill down, and auto rebuild of device relationships when new devices are added to the system.

Encrypted Credential Store


The Encrypted Credential Store is a convenient, protected store of SNMP, WMI, SSH and FTP credentials shared by all tools and gadgets which require them. It uses standard AES 256-bit encryption. Configuring Encrypted Credential Store Step 1: Click Credentials from tree options in Devices. Step 2: In the opened Credential Store dialogue box, click on New. Step 3: From the dropdown menu next to Type select the type of credential protocol you wish to configure and save. The configuration of each of the three choices displayed is described in the following three sections. Note: See below for instructions on each type of credential. Step 4: Click the Assign button to assign the credential to one or many devices. In addition there is an Unassign button to remove credentials from device(s). Step 5: Click Close to Finish.

Configuring SNMP V1 and SNMP V2c Step 1: From the dropdown menu next to Type select SNMP V1/2c Step 2: Enter a friendly Name. Step 3: Enter the appropriate Community string. Step 4: Check Show if you wish the community string characters to be displayed in the dialogue box. Leave it unchecked if you wish the characters to be obfuscated. Step 5: Click Save. Your friendly name and related community string will appear in the dropdown menu of the dialogue box for any relevant tool or gadget. Configuring SNMP V3 p63

Quest Corporation, 2010

Step 1: From the dropdown menu next to Type, select SNMP V3 Step 2: Enter a friendly Name. Step 3: If a Context is necessary for the protocol being defined, check the enable box next to Context and enter the context name in the text box. Step 4: In User name enter the name of the user with access to the device. Step 5: In the Authentication section in the dropdown next to Type, select the appropriate hash function type for the protocol being defined. Step 6: Enter the Password and renter to verify. Step 7: In the Encryption section in the dropdown next to Type, select the appropriate encryption type for the protocol being defined. Step 8: Enter the Password and renter to verify. Step 9: Click Save to complete the process. Configuring WMI Step 1: From the dropdown menu next to Type, select WMI Step 2: Enter a friendly Name. Step 3: Enter the Domain name and the User Name and enter the Password (renter to verify). Step 4: Click Save to complete the process.

Configuring Telnet/SSH Step 1: From the dropdown menu next to Type, select Telnet/SSH Step 2: Enter a friendly Name. Step 3: Enter the User Name and enter the Password (renter to verify). Step 4: Enter the Cisco Enable Password (renter to verify). If left blank, your Telnet password will be left blank. Step 5: Select the Protocol to be used - SSH or Telnet Step 6: Click Save to complete the process.

Configuring SMTP Step 1: From the dropdown menu next to Type, select SMTP Step 2: Enter a friendly Name. Step 3: Enter the Hostname or IP Address of your SNMP server. Step 4: Enter the designated SMTP Port. By default, it is port 25.

p64

Quest Corporation, 2010

Step 5: Select box for SSL Enabled or Disabled for your SNMP Server. Step 6: Enter the name of your Domain. Step 7: Enter your User Name for the Domain. Step 8: Enter the Domain Password twice to Verify Password Step 9: Select Save to complete the process. Configuring POP3 Step 1: From the dropdown menu next to Type, select POP3 Step 2: Enter a friendly Name. Step 3: Enter the Hostname or IP Address of your POP3 server. Step 4: Enter the designated POP3 Port. By default, it is port 110. Step 5: Enter your User Name for the POP3 Server. Step 6: Enter the POP3 Server Password twice to Verify Password Step 7: Select Save to complete the process

Policies
Policies Overview Policies allows the user to create, name and save permanent policies that are assigned to designated target IPs, IP ranges and Device Groups. Policies include email / SMS alerts and actions which automatically respond to configured conditions. Add New Policy Step 1: Click on Add a New Policy. Step 2: Select Enabled or Disabled, enter a name for the policy and a description (optional). Step 3: Add, Remove selected, or Remove all Members. Configure the devices associated with the policy. Click Add to Select Device Members for Policy Search Allows the user to search for specific device. Show Filter the entire database by the following criteria: All, Devices, Device Groups, and Policies. Add Adds selected element (All, Devices, Device Groups, and Policies) members to Selected Targets field at the bottom of the dialogue. Ctrl + click and Shift + click allow multiple selection. Double p65

Quest Corporation, 2010

clicking on an element also adds the element to Selected Targets. . Add All Adds the entire database to the Selected Targets field. Selected Targets Lists the pending elements which will be added to the policy. Double clicking on an element Removes the element from Selected Targets.

. Remove Removes selected element (All, Devices, Device Groups, and Policies) members from Selected Targets field at the bottom of the dialogue. Ctrl + click and Shift + click allow multiple selection. Remove All Removes all pending elements from the Selected Targets field.

Step 4: Click Next. Step 5: Configure the data to be monitored for policy members by marking the monitor checkboxes. The interval for each monitor is selected by a drop down (combo box) menu and is tailored to the best fit interval choices.

Basic Group This group of monitors includes Ping, CPU, Memory, Disk Volumes, Programs Installed, Running Processes, System Information, and Network Interface Configuration. Application Group This group of monitors includes Web Server, Active Directory, Exchange Server, SQL Server, Windows Services, DNS, POP3 and SMTP

. Log Group The log group of monitors contains Syslog Listener, Application Event Logs, Security Event Logs and System Event Logs Networking Group Includes Network Interface Configuration, Network Interface Traffic, Network Statistics and IP Configuration. Ports Group Tests for open TCP ports. Cisco Group This group includes Configuration Backup, Wireless, and the Netflow Collector.

Step 6: Click Next. Step 7: Set Alerts. Alerts are covered in another help topic. Step 8: Configure Scheduled Actions. Scheduled Actions are covered in another help topic. p66

Quest Corporation, 2010

Step 9: Click Finish.

Monitors
Monitors Overview This software comes will a robust inventory of montiors: Availability, CPU load, memory, disk space utilization, network interface traffic, network latency, and packet loss Running services, process availability, and performance counters for MS Exchange, SQL, Active Directory Easily identify the root cause of application performance issues across Windows, UNIX, and Linux devices Port availability, DNS, POP3, SMTP, HTML pages and much more

Basic Group Ping Sends an ICMP (ping) command to a device. If the device does not respond to the request, the Ping monitor is considered down. Settings: Ping Timeout (ms) - Designates the maximum amount of time in milliseconds that Ping will wait for a response from the target. Ping Packet TTL (Time-To-Live) - Designates the number of hops along the way to the specified address. With a setting of 100, your Ping Scan could pass through up to 100 different relay points on the way to the remote address before being discarded by the network. Pings Per Node - Allows you to control the number of Ping attempts to send to each address during a scan. When scanning networks containing Cisco routers, set this number above two (2). If the target IP address is not in the ARP cache of a Cisco router, the router discards the ICMP query (Ping) while it requests the MAC address of the target IP. The first Ping will never arrive at the subnet of the target IP address. In this situation, the Cisco router responds to the second Ping. Delay Between Pings (ms) - Designates the time in milliseconds between each successive Ping to the target address. Setting this value very low will send a constant stream of Pings to the target IP address. CPU Monitors the number of processors, current usage, and average usage over time. Memory Monitors the memory currently used, available free memory and total memory capacity of a system. Disk Volumes Provides disk usage and total capacity per volume for a device. Results are available in raw numbers and as percentages. Programs Installed Provides a detailed list of all software programs installed on a device. Running Processes p67

Quest Corporation, 2010

Provides name, path, CPU and memory consumption for all processes running on a device. System Information Provides device IP Address, device type and roles, operating system, domain, and other detailed system information for a device. Network Inferface Configuration Provides interface name, MAC Address and other network interface information for a device.

Application Group Web Server Sends a HTTP or HTTPs request to a device. If the device doesn't respond or responds with the wrong string, the web server monitor is considered down. Settings: Timeout (ms) - Designates the maximum amount of time in milliseconds that Ping will wait for a response from the target. Port - Designate the port of the web server HTTP or HTTPS - Designate the type of traffic for the monitor Active Directory Monitors the status and performance of application specific counters for Active Directory server. Exchange Server Monitors the status and performance of application specific counters for MS Exchange server. Settings: Services - Capture data like Imap4, POP3, and Transport. Specific Processes - Capture data like system processor and store Counters - Capture data like transport queues and logical disk SQL Server Monitors the performance counters for SQL Server. Settings: Services - Capture data like SQL Browser and writer. Specific Processes - Capture data like processor and privileged time. Counters - Capture data like database transactions, buffer manager, latches and locks Windows Services Monitors critical windows services for up, down, disabled status and detailed information. DNS, NETBIOS DNS monitor sends a DNS lookup request and ensures a value is returned. Settings: Resolve NetBIOS Name - Will resolve the NetBIOS name during the monitoring process.

p68

Quest Corporation, 2010

Resolve LMHost - Will resolve the LMHost during the monitoring process. Resolve Host - Will resolve the Host during the monitoring process. Resolve Forward DNS - Will resolve the Forward DNS during the monitoring process. POP3 Connects to a POP3 enabled server using the POP3 server and port information provided. Once connected, an attempt is made to retrieve the number of messages on the server and also to read the 1st message in the list. If any of these attempts fails, the pop3 server is considered as non-responding. SMTP Connects to a SMTP server using the SMTP and port information provided. Once connected, an attempt is made to send a test message to the recipient selected using the SMTP server. If these attempts fail, then we consider the smtp server to be non-responding. Settings: Mail Recipient - Enter the email address for the test message Log Group Syslog Listener Receives, logs and displays syslog messages from routers, switches, and any other syslog enabled device. Filter by facility, severity, date, host name, and key word. Settings: Filters - Select the types of messages by facility and sev erity to be collected. NetFlow/sFlow/JFlow/ptFlow Collector Provides in-depth visibility into traffic network patterns and usage to determine how traffic impacts the overall health of the network. Drill down into applications, conversations, devices will identify the exact sources of spikes and burst to take proper actions. Learn how to enable NetFlow, sFlow , JFlow, and ptFlow. Settings: Uncheck TCP, UDP or ICMP if you do not wish to view that type of traffic. Discard IP Traffic: Allows the user to disregard all traffic from the entereed IPs. Configuration Backup - Cisco, HP, and Juniper Automatically backup configurations files for your Cisco, HP and Juniper routers and switches (note:HP and Juniper require Telnet read write credentials. Config files can be viewed and compared all in the same interface. Settings: Timeout (ms) - Designates the maximum amount of time in milliseconds that the connection will wait for a response from the target. Backup - Select running config and startup config Application Event Logs Receives and displays complete information for application event logs from Windows devices for you to detect occurrences or problems. Ability to set filters by event type. Settings: p69

Quest Corporation, 2010

Event Type - Collect errors, warnings and/or information logs. Use Ctrl to select more than one log file type. Security Event Logs Receives and displays complete information for security event logs from Windows devices for you to detect occurrences or problems. Ability to set filters by event type.. System Event Logs Receives and displays complete information for system event logs from Windows devices for you to detect occurrences or problems. Ability to set filters by event type. Settings: Event Type - Collect errors, warnings and/or information logs. Use Ctrl to select more than one log file type. Networking Group Network Interface Traffic Monitors network interface performance for a device by showing the percent of capacity or throughput. Tracks the inbound and outbound traffic for each network interface in the device. Network Statistics Provides Netstat information of active connections and their state for a device. IP Configuration Provides IP configuration details like IP Address, Subnet Mask, and Default gateway for a device

Network Statistics Summary Provides Network Statistics including, Last Boot Time, Snmp In Packets, Snmp Out Packets, Icmp In Messages, In Errors, In Destinations Unreached, In Time Exceeds, In Parm Probes, In Source Quenches, In Redirects, In Echoes, TCP Max Connections, Current Established, Active Opens, Passive Opens, Failed Attempts, Established Resets, In Errors Out Resets, UDP In Datagrams, Out Datagrams, No Ports, In Errors Ports Group TCP Ports Creates a TCP client and attempts to connect to the defined port to determine if port is opened or closed. Settings: Timeout (ms) - Designates the maximum amount of time in milliseconds that the connection will wait for a response from the target. Selected Ports - Enter the ports to be monitored. Seperate ports by a comma. Wireless Group Cisco Wireless Ability to monitor wireless networks and gain visibility into wireless access points, clients and sessions. Monitors key variables on access points, including signal strength and quality.

Voip Group Voip Manager Settings Displays the Dial Manager Configuration Voip Manager Status Lists the Voip Phone Status p70

Quest Corporation, 2010

Voip Active Calls Lists the Active Voip calls. Voip Call History Displays Call History.

IP SLA Displays IP SLA Overview, Call Path Statistics, Call Path Jitter Chart, Call Path MOS Chart, Call Path Latency Chart, and Call Path Packet Loss Chart. Call Manager Registration Status

Devices
Devices Overview Devices is an easy way for you to add or remove devices from a policy with a simple click. Add Device(s) Provides a catalog of devices for you to add one or many of them to a policy. Remove Device(s) Allows you to remove a device(s) from a policy. Highlight the device and select the remove button. Remove All Members Allows you to remove all devices in a policy. A helpful utility when there are many devices.

Alerts
Alerts Overview This software automatically notifies you when network performance degrades, allowing you to fix problems before any impact on user and customer experience. Through a simple wizard, you can configure alerts for multiple conditions that meet the needs of your network. It monitors network events, traffic, and conditions to create a performance baseline which ensures that you dont get inundated with false-positive alerts from normal network activity. Additionally, it can automatically escalate critical alerts until the problem is resolved and can suppress alerts for scheduled network maintenance. Send alerts via email and SMS when network trouble arises Configure network alerts for interrelated events or conditions Escalate network alerts automatically for unresolved issues Ensure you dont receive unnecessary and false-positive notifications

Add New Alert Step 1: Click on New. Step 2: Enter a Name for the policy and select enabled or disabled. Step 3: Select a Notification if desired: Conditions met, Actions complete, and Alert reset. Set the email addresses that you wish to send the email alert to in the To and CC fields. Step 4: Configure Alert Reset Options by checking desired boxes and adjusting time condition. Step 5: Configure the Conditions, Actions and Escalations options. p71

Quest Corporation, 2010

New Condition Allows you to set the performance thresholds for monitors at which alerts are triggered. Conditions can be set for all the monitors. Note: A condition will only work if the associated monitor is enabled for a device. For example, the CPU montitor must be enabled for an alert to work on CPU over 90%. Conditions include: Active Directory Counters Processor, Application Event Log, Configuration Fled, Disk %, Disk Free Size, Exchange 2000 Counters, Exchange 2003 Counters, Exchange 2007 Counters, HTTP, Memory, Network Adapter Status, Network Adapter Traffic, Network Adapter Traffic %, Ping Average Latency, Ping Average Packet Loss, Ping Response, POP3, Processor, Program Found / Not Found, Process Status, Security Event Log, SMTP, SQL Server Counters, Syslog, System Event Log, TCP Ports, Windows Service Status, Software Inventory Changes, Windows Service Status, VoIP Average Latency, VoIP Average Packet Loss, VoIP Average Jitter, VoIP Average MOS and VoIP Average MOS Range.

New Action Persepctive can take actions on a device for you if the conditions are met. The inventory of actions includes for Windows: Start Service, Stop Service, Pause Service, List Services, Creat Process, Kill Process, List Process, List Process Top Cpu Usage, List Process Top Memory Usage, List Process Top Read from Disk, List Process Write to Disk, List Network Statistics, Shutdown Restart, IP Config Info for Host, Route Table Info for Host Linux: Start Linux Process, Kill, Linux process, List Active Connections, List Daemon Processes, List Directory Details, List File System Details, List Installed Packages, List IP Config Details, List Memory Status, List Network Statistics, List Routing Table, List Running Processes, List Top Cpu Details, Shutdown Linux Networking: Send a Syslog message

New Escalation Allows for notification to be sent when an alert has not been reset or addressed for a specific period of time. For example, if an alert is not reset after 30 minutes, send another notification to the entire IT Department. New Reset Condition Allows you to set the performance thresholds that need to be met in order for an alert to be reset. This helps you ensure that the device is back to optimal performance.

Step 6: Click Ok to complete the process.

Scheduled Actions
Scheduled Actions Overview This software can execute scheduled actions automatically to restore services when a failure occurs, including restarting applications and windows services, or rebooting servers. Network administrators can focus more time on revenue-generating initiatives by automating remediation. Trigger self-healing scripts when specific network conditions exist Inventory of scripts for Windows and Linux devices p72

Quest Corporation, 2010

Set scheduled actions for routine device and network maintenance

Add a New Scheduled Action Step 1: Click on Add Description Add details regarding the action. Settings Select checkboxes for Enabled will enable or disable the action. Notify on Start - Checking this box will send a notification to inform that the action has started and the condition has been met. Stop on Failure - Checking this box will send a notification to inform that the action will be stopped due to reset conditions being satisfied. Notify On Finish - Selecting this option will send email to inform when the action has been completed. Notifications Configure the To and CC addresses that will receive the action notifications. Recurrence Set the desired interval for the notification emails.

Step 2: Click Add

Windows Start Service, Stop Service, Pause Service, List Services, Creat Process, Kill Process, List Process, List Process Top Cpu Usage, List Process Top Memory Usage, List Process Top Read from Disk, List Process Write to Disk, List Network Statistics, Shutdown Restart, IP Config Info for Host, Route Table Info for Host Linux Start Linux Process, Kill, Linux process, List Active Connections, List Daemon Processes, List Directory Details, List File System Details, List Installed Packages, List IP Config Details, List Memory Status, List Network Statistics, List Routing Table, List Running Processes, List Top Cpu Details, Shutdown Linux . Edit Allows the user to configure created actions. Remove Remove selected action. Remove All Remove all actions for the current policy.

p73

Quest Corporation, 2010

Step 3: Click OK.

Reports
Reports Overview Reports enables you to generate reports for all collected network data. Any report can instantly be printed, emailed, and saved. You can drill down into specific time periods or events or change chart type with a single click a feature that is particularly useful when troubleshooting issues. Leveraging the report scheduler, email reports on a daily, weekly or monthly basis to colleagues and executive management. Delivers critical information on monitors devices in an easy to read format One click configuration of time periods and data type for any device Schedule automatic reports for staff and executive management Plan future resource requirements leveraging historical trends reports

Learn more: Run a Report Change Report Type Change Report Period Change Device for Report Email a Report Export a Report

Run a Report
Run A Report Step 1: Select the Type of Report you would like to run from the list on the left hand menu pane. Step 2: Select the Device(s) to be displayed in the report. Step 3: The Results will be displayed in both graph and /or list form in the right window pane. Learn more: Change Report Type Change Report Period Change Device for Report Email a Report Export a Report Scheduled Reports p74

Quest Corporation, 2010

Change Report Type


Change Report Type Step 1: Change Report Type via the drop down menu to quickly view other monitors associated with the device(s). or Step 1: Select the Type of Report you would like to run from the list on the left hand menu pane. Step 2: Select the Device(s) to be displayed in the report. Learn more: Run a Report Change Report Period Change Device for Report Email a Report Export a Report Scheduled Reports

Change Report Period


Change Report Period Step 1: Change Report Period via the drop down menu to view data over different periods of time for the device(s). Learn more: Run a Report Change Report Type Change Device for Report Email a Report Export a Report Scheduled Reports

Change Device for Report


Change Device For Report

p75

Quest Corporation, 2010

Step 1: Select the Select Device for Report button on the left side of the report window. Step 2: Select the Device(s) to be displayed in the report. Step 3: The Results for the new device(s) will be displayed in both graph and /or list form in the right window pane. Learn more: Run a Report Change Report Type Change Report Period Email a Report Export a Report Scheduled Reports

Email a Report
Email A Report Step 1: Select Email button in the upper right corner of the window. Step 2: Select HTML or PDF for the type of report that will be emailed. Step 3: Enter the Email Address to where the report will be emailed. Step 4: Enter the Subject for the report that will be emailed. Step 5: Select OK to email the report and complete the process. Learn more: Run a Report Change Report Type Change Report Period Change Device for Report Export a Report Scheduled Reports

Export a Report
Export A Report Step 1: Select Export button in the upper right corner of the window. Step 2: Select the Location of where the report will be saved. p76

Quest Corporation, 2010

Step 3: Enter the Name for the report that will be saved. Step 4: Select the Save As Type as HTML or PDF for the report that will be saved. Step 5: Select Save to save the report and complete the process.

Learn more: Run a Report Change Report Type Change Report Period Change Device for Report Email a Report Scheduled Reports

Scheduled Reports
Create a Scheduled Report Step 1: Select Scheduled Reports button at the bottom of the left window pane. Step 2: Select Add to select the type of report you would like to send on a schedule. Step 3: Enter a Description for the scheduled report. Step 4: Select the checkbox to Enable (or Disable) the report. Step 5: Select Notifications and enter the email address(es) of where you want the report sent. Step 6: Set the Recurrence for the scheduled report. Adjust the recurrence pattern based on Date, Time, and Active Period. Step 7: Select the Report Period you want displayed in the report. Options include Last Hour, Day, Week, Month and Year. Step 8: Select the Device(s) for the scheduled report. Step 9: Select the Email Format, either HTML or PDF, for the scheduled report. Step 10: Click OK to schedule the report and complete the process. Edit a Scheduled Report Step 1: Highlight the report to edit and select Edit from the menu bar. Step 2: Modify the settings as needed. Step 3: Click OK to save the schedule the report and complete the process.

p77

Quest Corporation, 2010

Remove a Scheduled Report Step 1: Highlight the scheduled report you want to remove. Step 2: Select Remove or Remove All in the top menu bar. Step 3: Click OK to save the schedule the report and complete the process. Learn more: Run a Report Change Report Type Change Report Period Change Device for Report Email a Report Scheduled Reports

Patch Management
PacketTrap Patch Management for Windows PacketTrap Patch Management allows administrators to automatically manage and control critical Windows updates. Create multiple patch groups to accomodate your customer's needs.

Add / Remove Device Members Configure the type of update scans desired Set the schedule to check for updates and set installation date and time Configure Windows Automatic Update Configuration Granular control of each individual update

Patch Management Settings Preliminary Notes:

Under the device view, click on agent view under the customer location. On the right hand side you will see whether or not patch management settings are enabled/disabled under "agent services." Patch management is only available for Windows agents.

Patch Management Overview Creating a New Group: Under the "Patch Management" view tab, you can create a new patch management group by selecting "New Patch Management Group" directly underneath your branding logo on the upper left hand side. Option 1: Under the Patch Management tab, select "edit" for the dedicated Patch Management Group. The first listed option under "group details" is to control Windows updates using Patch Management. You can configure how often to scan and install in the options below for any day of the week and what time (on the hour). Step 1a: All updates are listed below. Select the listed action under each title to edit the patch. The number of patches available for that title are listed below for which you can select "approve," "pending approval" or "reject."

p78

Quest Corporation, 2010

Option 2: Configure Windows Automation Settings by selecting the second option under "Group Details." Schedule the settings for scanning and installing automatic patches with the options listed below. You can also select options to turn on/off automatic Windows updates per the options listed below. Option 3: Select "Monitor Windows Updates" for a read only list of patch updates. Note:

Ticketing
Ticketing Overview Our Ticketing feature allows you to generate tickets and assign them to an administrator for the issue to be solved. How To Preliminary Note: There are three ways to generate a ticket, each described below. Method 1: Once under the Ticketing tab feature, select on "New Ticket" in the upper left hand screen window. Method 2: Under the devices view for the dedicated customer in the left hand side of the screen, click on "edit policy" in the upper right hand side or right click on the dedicated policy and select "edit policy." Double click or click "edit" on any of the alerts. Under "alert reset options" check mark "require manual reset." You can now generate a ticket by checkmarking "generate service ticket when alert is triggered. Edit the severity and priority of the alert as necessary. Method 3: In the dashboard view, click on "alerts and logs" on the left hand side. Click on any of the alerts and select "create ticket." Note: Under the ticketing tab, choose the customer whom the trouble ticket belongs to as well as the appropriated device. Then add the status of the ticket and priority level. You can choose the administrator whom you want the ticket to belong to. Add any notes to be added detailing the description of the problem. Click "save." Note: The system will create a ticket number for the issue and it will appear in the ticketing mainpage once the ticket is saved. Additional Notes

Filter by ticket number, customer, date, description, status, sev erity level, priority, user, source of hours worked. Click on "edit" to edit any of the ticket information.

Administration
Administration Administration provides you with many of the configurations options. The right pane offers the Platform Information including the Server IP, the DNS of the server, the server software version, the number of interfaces being monitored, the number of devices, and finally the number of users. Learn more: Baseline Configuration Check for Updates p79

Quest Corporation, 2010

Credential Store SMTP Settings User Management

Agent Migration
Agent Migration Overview 1. Select the Customer to migrate agents from and to. 2. Choose the devices listed for migration and select migrate. 3. Agent migration complete. The agent will now show under the new customer in the devices section.

Auto Patch Settings


Auto Patch Settings Overview

Check the "Automatically Patch" box to automatically receive patch updates. If you disable auto patch settings, you will need to manually use the check for updates in the administration section to update your software.

Baseline Configuration
Baseline Overview Performance Baseline automatically analyzes collected data to identify changes in network behavior and establishes a baseline that represents the regular and expected activity of a device and network. The established baseline accurately reflects your organizations use of the IT infrastructure by taking into account patterns and variations in usage for example, increased processor utilization on Monday mornings at 9:00am. Performance Baseline continuously logs subsequent activity of a device and compares it to baseline. Once irregular behavior is detected, it produces a qualified alert that contains details to be used as a starting point to help guide the troubleshooting and remediation process. Reports more accurately on the device monitors that vary during a business cycle Identifies abnormal increases and decreases in network utilization, performance, and quality to shorten mean time to repair Eliminates false positive alerts caused by normal behavior on the network Reduces manual configuration for administering setting and thresholds

Baseline Configuration Step 1: Determine the number of weeks you would like to calculate baseline from. This setting can range from 1 to 4 weeks. Any alerts based on performance baseline will start enacting after one week of data collection and analysis, even if your performance baseline is set for 4 weeks. Step 2: Determine the week day groupings. You can group the days of the week to make baselines more accurate and reflect how the network is utilized in your company. To group any set of days, simply give those days the same number. For example, if your network load is the same Monday to Friday but lower on the weekends, then set Monday to Friday to the same number (e.g.1) and set Saturday and Sunday to a different number (e.g 2). To have each day be its own baseline, set each day to a different number (e.g. 1 - 7). p80

Quest Corporation, 2010

Note: All settings take effect immediately, and can be changed at any time.

Branding Configuration
Branding Overview Branding configuration allows the administrator to upload icon and background images. These images will rebrand the software for all users that login to the Studio or Web studio.

Branding Configuration The Branding configuration dialogue allows the administrator to implement the look and feel of the software for his / her particular brand. The applied changes take effect the next time the user logs into the studio or web studio Enable branding: Check the box to enable this feature Company name: This name will appear in all dialogues in the Studio Contact email: Set the email address that will appear Copyright text: The entered text will appear to the right of the copyright logo Logo Image: Click the Set button to browse for a logo image Background Image: Click the Set button to browse for a background image Logo/Background preview: Displays a preview of the changes

Note: Branding will take effect the next time you launch a studio or browser.

Check for Updates


Check for Updates This software comes with a robust software updating system that ensures the product is always running the latest and greatest software release. Manual Update Step 1: Select Admin from the main Menu Bar. Step 2: Select Check for Software Updates button to see if an update is available. Step 3: Select Update Now to pull down the software updates and apply them. The software will close and open automatically . * Note: Pre-existing MSP installations may still use 5054 (TCP) for agent communication. Once the PacketTrap server has been updated, the existing agent installations will continue to use port 5054 until the agent software updates. As soon as the agent software has update, the agent will connect using the new port 5053 and will continue to use only port 5053 for agent communication.

Auto Update Upon launch, the software will check for any updates available at the patch server. The software will automatically pull the updates and store in cache. They will be applied the next time the software is launched.

p81

Quest Corporation, 2010

Credential Store
The Encrypted Credential Store is a convenient, protected store of SNMP, WMI, SSH and FTP credentials shared by all tools and gadgets which require them. It uses standard AES 256-bit encryption. Configuring Encrypted Credential Store Step 1: Click Admin on the Main menu. Select Encrypted Credential Store. Step 2: In the opened Credential Store dialogue box, click on New. Step 3: From the dropdown menu next to Type select the type of credential protocol you wish to configure and save. The configuration of each of the three choices displayed is described in the following three sections.

Configuring SNMP V1 and SNMP V2c Step 1: From the dropdown menu next to Type select SNMP V1/2c Step 2: Enter a friendly Name. Step 3: Enter the appropriate Community string. Step 4: Check Show if you wish the community string characters to be displayed in the dialogue box. Leave it unchecked if you wish the characters to be obfuscated. Step 5: Click Save. Your friendly name and related community string will appear in the dropdown menu of the dialogue box for any relevant tool or gadget. Configuring SNMP V3 Step 1: From the dropdown menu next to Type, select SNMP V3 Step 2: Enter a friendly Name. Step 3: If a Context is necessary for the protocol being defined, check the enable box next to Context and enter the context name in the text box. Step 4: In User name enter the name of the user with access to the device. Step 5: In the Authentication section in the dropdown next to Type, select the appropriate hash function type for the protocol being defined. Step 6: Enter the Password and renter to verify. Step 7: In the Encryption section in the dropdown next to Type, select the appropriate encryption type for the protocol being defined. Step 8: Enter the Password and renter to verify. Step 9: Click Save to complete the process. Configuring WMI Step 1: From the dropdown menu next to Type, select WMI p82

Quest Corporation, 2010

Step 2: Enter a friendly Name. Step 3: Enter the Domain name and the User Name and enter the Password (renter to verify). Step 4: Click Save to complete the process.

Configuring Telnet/SSH Step 1: From the dropdown menu next to Type, select Telnet/SSH Step 2: Enter a friendly Name. Step 3: Enter the User Name and enter the Password (renter to verify). Step 4: Enter the Cisco Enable Password (renter to verify). If left blank, your Telnet password will be left blank. Step 5: Select the Protocol to be used - SSH or Telnet Step 6: Click Save to complete the process.

Configuring SMTP Step 1: From the dropdown menu next to Type, select SMTP Step 2: Enter a friendly Name. Step 3: Enter the Hostname or IP Address of your SNMP server. Step 4: Enter the designated SMTP Port. By default, it is port 25. Step 5: Select box for SSL Enabled or Disabled for your SNMP Server. Step 6: Enter the name of your Domain. Step 7: Enter your User Name for the Domain. Step 8: Enter the Domain Password twice to Verify Password Step 9: Select Save to complete the process. Configuring POP3 Step 1: From the dropdown menu next to Type, select POP3 Step 2: Enter a friendly Name. Step 3: Enter the Hostname or IP Address of your POP3 server. Step 4: Enter the designated POP3 Port. By default, it is port 110. Step 5: Enter your User Name for the POP3 Server. Step 6: Enter the POP3 Server Password twice to Verify Password Step 7: Select Save to complete the process

p83

Quest Corporation, 2010

Flow Confguration
Flow noise filter threshold This software has the ability to filter out network flow data (NetFlow, sFlow, and J-flow) based on size of conversation. Set the "noise threshold" for individual conversations (source IP, destination IP, source port, destination port and protocol) for each interval. Conversations that fall below the threshold for each time period will be discarded. Filter thresholds: 1-minute-data noise threshold, 5-minute-data noise threshold, 30-minute-data noise threshold, 2-hour-data noise threshold, 1-day-data noise threshold.

License Update
License Update Wizard The License Update Wizard will download updates for the following components: Network Flow Analyzer Module, Remote Agent Module, VoIP Monitoring Module, Wireless Monitoring Module. Licenses may also be entered manually by entering into the 'Product key' field. A Configure proxy link is also provided if needed.

Port Management Overview Port Management configuration allows the administrator to change the display of certain tcp ports. For example, tcp port 5054 can be configured to display login in the Tcp Monitor configuration screen. The Port Management settings also appear in Netflow / Ptflow Application results as well. Configuration Step1: Select Port Management icon from the list of utilities in the administrrations section. Step 2: Scroll down the list to re-name a specific port. Or, scroll to the bottom of the list to add a new port and description. Step 3: Click OK to complete the process.

Retention Configuration
The data retention settings can be adjusted to monitor certain data types. These include DNS, MAC, Ports, Network adapter configuration, Hardware inventory, Software inventory, Process, Windows services, Exchange, SQL Server, Active directory, Base device information, System event log, Application event log, Security event log, Syslog, Cisco config, HTTP, SMTP, POP3, Network services, and Network addresses. The number of days retained can be adjusted by any administrator.

SMTP Settings
SMTP Settings p84

Quest Corporation, 2010

This software has the capability to email alert notifications and scheduled reports. These are critical components for any IT department to make sure they are aware of any issues immediately. Thus it is important that you configure your SMTP settings as soon as possible. Step 1: Assign a Configuration Name. Step 2: Assign the From Email Address. If email will only be sent to internal email addresses, then the From email address can be fake. (e.g. x@yourcompany.com) If email will also be sent to external email addresss like Gmail, then the From email must be a valid email address. Step 3: Configure the SMTP Server and Port. The default is Port 25. Step 4: Enter your Logon User Name and Password. Step 5: If your email server requires secure socket layer (SSL) encryption, then enable by selecting the checkbox. Step 6: Save your SMTP Settings. Step 7: Select Test Account Settings. Enter an email address to verify that you have configured it properly. A test email will be delivered to the email account.

Studio Deployment
Studio Deployment Overview You can choose a customer to deploy the thin client studio to install on a customer's machine.

Studio Deployment Steps Step 1: Select your customer to deploy the studio to. Step 2: Click "Copy URL" or "Email URL" to choose the location. Paste the URL into a web browser and the Studio is ready to launch.

User Management
User Management Overview User Management allows the administrator to create, edit, manage and delete additional users. User Management provides for three types of users: System Administrator, Site/Customer administrator, and Read-only. User Configurations Create a new user. Assign the user to desired site/customer. System administrator can view and make changes to all sites/customers. Also, the system administrator can create/manage users of all levels. The organization/customer administrator can view/manage particular site(s) as determined by a system administrator. The organization/customer administrator cannot create/manage additional users. Each new user requires the following fields: Username: login name Email: The associated email address Authority: Set the users privileges. The three levels are Read-only, Customer/organization administrator, System administrator Password / Verify password: Set the users password p85

Quest Corporation, 2010

Invite user to connect via Hostname/IP: sends an email invitation for the user to connect with the selected Hostname/IP Customers/organizations: Select the Customer(s)/organization(s) that the user will have access to Preferences: Set the Auto-run go live settings when device details is selected

p86

Quest Corporation, 2010


w w w .quest.com