Rules For Open-AudIT

Hi Everybody, 

With the release of Open-AudIT 3.2.0 comes a major new feature – Rules.

Rules are a collection of entries that essentially say “If the device has an attribute with X, then make the device’s other attribute Y”. That may seem abstract, so what about “If the device has an SNMP OID of 1.3.6.1.4.1.9.1.620, then it’s a Cisco 1851 router”.

Out of the box we have rules for MAC address prefixes, SNMP manufacturer IDs and all the aforementioned SNMP OIDs previously within Open-AudIT. We also ship various other rules that were previously hardcoded. All up, for our first release, we’re shipping almost 100,000 rules!

“So what?” you say “What does this mean for me?” Well, it means that you no longer need to send me your OIDs and device models, for a start. You can create custom Rules that will detect (almost) anything you like and set the appropriate device attribute.

The Rules are processed when a device’s details are processed – during discovery and/or upon processing an audit result (hence, they usually run multiple times). Rules conform to the usual priority system – they will override everything that’s not a user input via the GUI. Rules are considered to be YOUR rules. Not something derived from a device. Hence they mean more than (say) something retrieved via SSH or SNMP or WMI. This is because if they don’t do what you want YOU CAN CHANGE THEM.

Rules have two main sections – inputs and outputs.

Inputs are what is used to detect and match an attribute (or multiple attributes).

Outputs are what is to be set if the inputs match.

Inputs can use several operators to detect a match, not just equals. We can use the following operators:

equals
does not equal
greater than
greater than or equals
less than
less than or equals
like (which is case-insensitive)
not like (again, case insensitive)
in (a list)
not in (again, a list)
starts with

When we test multiple attributes in a single “input”, those attributes are ANDed together. You cannot OR them. Below is an example (from the database, stored as JSON).
[{"table":"system","attribute":"manufacturer","operator":"eq","value":"Ubiquiti Networks Inc."},
{"table":"system","attribute":"sysDescr","operator":"li","value":"UAP"}]

This translates to If system.manufacturer = Ubiquiti Networks Inc. AND system.sysDescr like UAP then we have a match.
The corresponding “output” section from this rules states (again, in JSON from the database):
[{"table":"system","attribute":"type","value":"wap","value_type":"string"},
{"table":"system","attribute":"model","value":"UniFi AP","value_type":"string"}]

Which means set the system.type to wap and the system.model to UniFi AP. Outputs can set an attribute using one of three ‘types’ a number, text or a timestamp. For a timestamp, you have the option of providing a date/time OR leaving it blank and having the system use the current date/time when the Rule is processed.

And don’t worry – we wouldn’t ask you to write the JSON. The web interface takes care of that for you. Of course, if you’re using the API, then the JSON creation is on you 🙂

One further item of note is the “weight” attribute we assign Rules. By default, it’s 100, but any Rules with a higher or lower weight will be run before or after those at weight 100. This provides a way to order the list in which Rules are applied. Mostly you won’t need to worry about this, but if required, it’s a life-saver.

Rule inputs also don’t need to apply only to the “system” table. You can have a Rule on the service table to say if we detect a service named “My Service” then set the device description to “My Service Server” (as a bad example).

At this stage, Rule outputs can only set an attribute (or multiple attributes) on the system table. Custom fields are not supported right now (stay tuned).

The Rules engine is used by Community and available for editing in Professional and Enterprise.

So, what’s the downside? Well running 100,000 rules several times does take its toll. I was however pleasantly surprised to see it takes less than 1 second each time all 100,000 Rules are processed. It does, however, mean more memory is consumed. In my testing, it uses about 500MB. You shouldn’t need to worry about increasing the PHP memory limit as we do this in code, but you will need to keep an eye on your server. Those users that process many devices AT ONCE may run into memory constraints. In general, most users shouldn’t notice any discernible difference. If you do, the first thing to try is giving the server a memory bump. It is a database application after-all, so more memory and a fast disk is always the answer 🙂

One final thing of note is the new GUI widget. Because we have almost 100,000 Rules, it’s just not feasible to display them all in a list in the GUI. So we don’t. We have built a new widget that sits on the panel header and is used to search the Rules. Input anything and the rules name, description, inputs and outputs will be searched and anything matching will be returned. That result-set will still be limited to the default page size (1,000 items), so don’t simply search for Cisco and expect to retrieve every Rule (there are 7,828 Cisco Rules by the way).

With this feature, we essentially remove the “Tell us your unknown devices” issue as well as provide a powerful tool for you to automatically set attributes of your liking to your devices. Easy.

And one more item – we now have the ability to export a Rule – or anything else for that matter. Exporting an item will provide a JSON object that you can then use for Import. The export button is on each items details page and the import button is on the list page for each collection. With this in place, feel free to send us or post to Questions any Rules or Queries you think others may benefit from.

Happy auditing.
Mark Unwin.

Open-AudIT Rules Image 1 - 700
Open-AudIT Rules Image 2 - 700
Uncategorized

Why Networks Are Essential For Real-time Healthcare

Many healthcare providers have begun to transition to a highly connected, patient-driven, real-time healthcare system (RTHS). Such systems typically combine digital and cloud technologies allowing healthcare professionals and patients to communicate, collaborate and streamline their workflows more effectively.

But as providers roll-out new data-intensive applications capable of connecting multiple sites and devices, more strain is placed on already congested networks. If left unchecked this can lead to many challenges which can undermine the reliability and effectiveness of real-time healthcare systems.

What challenges do today’s healthcare providers face?

Network reliability – Healthcare professionals need to access Electronic Health Records (EHRs) and critical real-time data wherever they are on site. Many legacy systems are simply not capable of providing reliable access to the volume of data today’s real-time healthcare systems demand.

Quality of Service (QoS) – Healthcare providers have unique requirements when it comes to implementing QoS. Different applications, data and services must be prioritised according to their importance. To do this effectively organisations need the ability to differentiate and prioritise data in real-time.

Security – The confidentiality and security of patient data is paramount, but with the accelerated adoption of public and private cloud technologies come increased network and data security risks. Healthcare providers need the ability to monitor users if they are to manage the risks effectively.

Scalability – As more medical devices and applications are connected to the network, the more data needs to be transmitted between them. This creates issues for legacy network equipment which is already struggling to cope with the volume of data being transmitted.

If the efficiency and productivity benefits of RTHS are to be realised, healthcare organisations need to ensure the above challenges are met without compromising patient confidentiality and the ability to effectively monitor healthcare systems.

Solving today’s healthcare system challenges

There are several measures healthcare providers can take to help overcome these challenges. The most important thing is to make sure the network is designed properly from the ground up. Secure private WANs should be created to connect major healthcare sites and hospitals, with smaller sites.

Larger sites should also look at implementing private/hybrid services leveraging the existing network infrastructure with new cloud networking technologies. This can help create a more agile and cost-effective solutions without compromising the control or security of the network.

Intelligent network management software

But network infrastructure is only part of the solution. Organisations should also look at implementing robust and integrated network management software to manage and monitor the network in real-time. Such systems should be capable of monitoring infrastructure at scale and providing active data management to prevent outages, reduce bottlenecks and maintain QoS.

By implementing a solution such as FirstWave’s Network Management Information System (NMIS), network admins get real-time information about the current state of the network infrastructure and the data transmitted on it. Information about the health of specific devices can then be relayed to engineers allowing them to see precisely what impact a single device failure is having on the wider network.

But NMIS goes much further than basic monitoring. With automated health live baselining, the software can monitor the availability and response time of devices and compare that with a previous baseline period. This gives network admins early warning of impending failures allowing them to fix issues before they impact network performance.

Distributed poling for easy scalability

As with the underlying network infrastructure, any network monitoring solution deployed should also be capable of scaling to meet the demands of an ever-expanding number of devices. With more on-demand services and internet of medical things, (IoMT) devices and the number of nodes on the network is  increasing. So, any network monitoring solution deployed must be capable of seamless scalability.

To prevent such issues FirstWave’s opHA with NMIS uses distributed polling, this allows for infinite scaling while also adhering to stricter security policies that may be in place. Using distributed polling allows network admins to move from monitoring single devices to gaining a full picture of the entire network infrastructure on a single pane of glass.

FirstWave software is also designed to be a plug-and-play solution, in normal networks no configuration changes are required after the initial setup. The software currently supports more than 30,000 vendors with new devices automatically identified and added to the system without the need for coding.

Harnessing network efficiency across hospitals, clinics, data-centers and offsite facilities is crucial for the healthcare system to transition into a real-time model. By leveraging network management solutions like FirstWave, your organisation gain agility and flexibility without having to glue together monitoring systems. In providing the opportunity for clinicians and healthcare administrators to gain greater visibility into their operations and resources, they will be better equipped to improve patient care quality – do more with your data.

Uncategorized

3 Factors Slowing Down Your Response times

Your network support staff in your Network Operations Centre (NOC) are the unsung heroes of your business. They support your business by keeping your network running smoothly and help resolve issues quickly. But to operate efficiently, these people need to have the right tools to help diagnose the problem, solve it themselves or direct it to the right team for a quick resolution.

In the early days of tech, this wasn’t much of a problem. Server and network issues were easily identified, the edge of the network was clearly defined and desktops were fixed assets which could be easily identified and secured.

But today’s network is a different beast. These staff have to contend with BYOD, guest networks, software-defined networking, WiFi and Internet of Things devices. And then there are evolving threats which need to be addressed. See my blog on Shadow IT.

If network support staff are to keep doing its job effectively in this environment, they need access to the right information at the right time. With the network evolving so quickly, many legacy applications simply can’t provide the data and insight needed to keep on top of the situation. They need a consolidated view.

If you are still using legacy software to manage and monitor your network, the following three scenarios will be familiar to you.

1. Poor situational awareness

In a fluid and constantly changing environment, your people need realtime information about the devices currently active on the network. Legacy software simply can’t provide this information quickly enough. This causes people to guess where the problem might be.

The solution is to implement a network management tool which offers real-time insight into the state of the network, maps dynamic changes automatically and highlights issues as they occur. To do this effectively it must provide a consolidated view of the infrastructure under management.

2. Poor escalations

The traditional method for escalating tickets in the NOC is to troubleshoot the issue until all possible solutions have been exhausted and then pass it on to another IT department or supplier. This is known as a functional escalation in ITIL and it is often the primary source of complaints from IT users and helpdesk employees alike.

Using the functional escalation method, key information is often missing, troubleshooting is not carried out effectively and the importance of the device in the network hierarchy is not considered. A better solution is to implement the Quality Assurance method which not only identifies the device and its user, it creates a clear path for resolution and escalation for helpdesk analysts to follow.

3. Unreliable data

Early iterations of network management software were very good at generating reams of data from every monitored device. But that data wasn’t displayed in context, deduplicated or linked to any single device or event. As a result, hundreds of alerts would be generated from a single point of failure which made it almost impossible to identify and solve the issue.

Our network management software works to solve the issue of information-overload by automatically triaging events and classifying them based on their impact on the business, not their technical nature. This rules-based approach makes it easy to identify issues which need to be fixed quickly, regardless of the size of the network.

Here at Opmantek, our next-generation network management software is designed to take the stress out of managing your network. Our software provides a real-time 360Âș view of your network, helps you identify issues quickly and creates a clear path for escalation, thereby lowering response times.

If you would like more information about how Opmantek can help you solve network issues more efficiently, get in touch with us today. Opmantek specialists are technically led and not sales-based, so you can be sure of knowledgeable answers to any questions you have about our products with no hard-sell.

Uncategorized

Harnessing The IoT Phenomenon

Over the last few years, the Internet of Things (IoT) has made a substantial progression into our everyday lives. With this comes an opportunity for Australia to grow exponentially in a variety of sectors; this is crucial as, if we truly do embrace the full extent of IoT and IT auditing, then as a country our companies will be some of the earliest beneficiaries of this new ICT and industry renaissance. At present, Australia is placed 11th in Accenture’s model of countries that are ready to embrace IoT potential; if we take full measures now, however, then we may well find ourselves in the top 10.

 

In the assessment “The Internet of Things: Mapping the Value Beyond the Hype” published by the McKinsey Global Institute (MGI), predictions suggest that harnessing the potential of IoT could result in an additional impact of up to $116 billion by 2025 – that’s a mere six years away. As Australian industries have undoubtedly plateaued in recent years in terms of economic growth, we’re at risk of a country-wide retrogression if something isn’t done soon. IoT auditing and data management is the perfect gateway to avoid such stagnation. http://bit.ly/2ZbnQMv

 

So how do we go about such measures?

Firstly, one has to step back and view the sheer scope of IoT versatility. By 2020 there will be tens of billions of new devices to be interconnected via the internet, and the potential of where these can each be located is limitless. Whether it’s a smart meter in your home or a distant weather sensor on a remote station, anything can be accessed. Thus, a stronger method of network management needs to be implemented. In order to fully comprehend what Australia’s next steps should be, a clear set of data should be gathered; this is where IoT auditing comes in.

 

But why should we?

The auditing of IoT information can allow companies to develop a coherent data strategy in order to maximise their usage of the rise of the Internet of Things. Not only will this allow businesses to boom and expand into new industrial and commercial horizons, but it also creates room for the fixing of potential problems that may arise with IoT, such as implementation time and asset control. As our own Opmantek CTO Keith Sinclair says, “business processes are dependent on the transient. You simply can’t fix what you can’t see.” So as you can see, IoT auditing is essential if you wish to receive accurate data location of your assets and more in seconds.

 

And how do we go about it?

Luckily, Opmantek’s Open-AudI allows users to gain unparalleled visibility and clarity of your assets with the IoT space, giving the chance for enterprise growth on a global level. While most organisations struggle with a day-to-day capturing and analysis of data, Open-AudIT makes it simple and effective. Open-AudIT has the ability to intelligently scan an organization and collect significant amounts of data from large and varying networks, that is catalogued and configured into meaningful reports. If your business is missing something as incredibly unequivocal as the Open-AudIT, then contact us today to get a quote and a demo.

Uncategorized

A Single Pane of Glass With opCharts And NMIS

What is a single pane of glass and why is it so important?

The phrase, Single-pane-of-glass is often used as a synonym for a dashboard, however, it is more than that. It is a dashboard that is able to summarise data from multiple sources and display it in a clear and coherent manner on a single screen (pane of glass).
There are a few benefits to using this type of dashboarding in your organization:
Increased visibility – Your operations team can ensure that the status of your network is always visible and issues are quickly noticed.

Reduced operational complexity – Your team will have the ability to see the complete operational environment in a logical display that will reduce any complexity within your infrastructure.

Reduced time to a root cause analysis – There are no silo’s within the organization, all technologies, vendors, operating systems are displayed in a single location.

A true single-pane-of-glass management system will support:

  • Multiple vendors
  • Multiple technologies
  • Multiple operating systems

This management system will also allow you to:

  • See the current state of all systems in one location.
  • See the full history of all systems in one location.
  • Provide operations teams with a single place to login and see live data.
  • Be flexible enough to incorporate new technologies.

An example of a well-designed dashboard is displayed below:

Note the clear layout of all the dashboards, all of the elements are clickable to retrieve live data and be further inspected.

This can be built for free today using NMIS and opCharts
First, install NMIS, there are two choices in going about doing this:1. Install NMIS from scratch. Here is a link to an NMIS installation guide available on the Opmantek Community WIKI.2. Install the Opmantek Virtual Appliance that has NMIS and opCharts already installed and configured, here is the Virtual Appliance Installation guide.

If you installed NMIS from scratch then you need to Install/upgrade opCharts
Install/upgrade opCharts – opCharts Installation Guide
Get a free trial license key for opCharts –  here

 

How much data is the right amount, and how much is too much?

Before getting into creating a dashboard you should understand what goes into designing a useful dashboard.
1. Limit each dashboard to 5-7 groups of data.
2. Group layout should be organized by data, time- period or visualization.
3. No group should have more than 5-7 data sets.
4. Each data set should be easily distinguishable from the other data sets in the group.
5. Similar data sets across groups should use similar colours/icons.
6. Colours and shapes should be used with purpose and definition.
7. The entire dashboard should be visible at one time, as should each group.

While looking at the image below, we can understand why the dashboard is poorly designed:

opCharts Bad Dashboard - 700

Creating your Single Pane of Glass Dashboard

Now that you understand what separates a well-designed and useful dashboard from a poorly designed one it’s time to create your own.

Start by creating a new dashboard:

Navigate to menu -> Views -> Dashboards

opCharts Create New Dashboard - 700

On the following screen, click the blue “+” icon to create a new dashboard

From this screen you can add data in one of two ways:

1. Give your new dashboard a name, description, and assign it to a dashboard group if required. You can begin by adding components to the dashboard by clicking the add component button. A new component info box will open up and you can select the data you wish to display, change the size of the window and design the dashboard in a way you see fit.

opCharts Save Dashboard - 700

For example, you may want to add a Map you have created to your dashboard, you can do so by navigating to Menu -> Views -> Maps then selecting a previously created map. When the map has been loaded, click the drop-down menu on the top right of the map and select Add to Dashboard.

opCharts Add Map To Dashboard - 700

The add to dashboard menu will open up, select the dashboard name from the drop-down menu that you wish to add the nap to then click save. Once you navigate back to your saved dashboard this map will be displayed. You can follow this same process to add any components to your dashboards.

2. The second way to add data is from the new dashboard screen, click the add component button. This will open up the component info menu allowing you to adjust the width and the height of the component you are adding to your dashboard. After selecting the size, click the data source type drop-down menu to select the desired data for the Dashboard. Once the Data Source Type is selected, another drop-down menu will appear allowing you to choose the specific data point you want to display on the dashboard. You can repeat this process to organize and add as many Components to your Dashboard as you want.

opCharts Add Components - 700

Watch our webinar on dashboard design:

webinar-on-demand-1220X412-1
Uncategorized

ROI – Should You Invest in Network Monitoring Software?

As most IT managers and network professionals will be well aware, business leaders and employees have come to expect 24/7 network availability at work. Unfortunately, achieving this can be very difficult and many businesses lose countless hours to troubleshooting every year. This is where network monitoring comes in.

What is network monitoring?

Network monitoring ensures the smooth running of regular operations via the help of trained technicians, network management software and network support. The idea behind network monitoring is that it helps avoid productivity losses and, by extension, the cost of downtime. Indeed, businesses that calculate how much money network monitoring services could save them every year will discover that they offer a fantastic return on investment (ROI). Here are a few reasons why:

Overtime is reduced

If your staff regularly rack up overtime due to network outages, a monitoring service will save you a great deal of money in the long run. It may also lessen the need for extra staff on night shifts for certain sectors, again saving the company money.

Damage control

Network monitoring services are able to address IT issues before they turn into public relations disasters. Indeed, they can detect issues early on by analysing factors such as round trip times, network utilisation rates and error percentages. If there are any problems with the smooth running of the network, businesses can take action early on before operations slow down or servers cut out altogether.

Support calls are reduced

Investing in network monitoring can help keep end users productive and online, thereby lowering the pressure on network technicians to answer calls and deal with troubleshooting questions. Monitoring services do this by alerting companies to potential problems such as excessive bandwidth consumption early on and eliminating the need for end-user support. This lowers the number of calls to IT teams and, by extension, the number of team members needed to occupy the support desk. Businesses, therefore, save money on support team salaries.

Repair times are lowered

Finding the source of a network problem can be difficult even for the most skilled technicians. This is particularly true for networks that are spread across sites that are very far apart and can end up costing huge amounts of time and money thanks to the need for technicians to travel. Network monitoring can prevent such losses by offering live diagnostic data and maps that can tell technicians where problems lie.

Businesses can meet service level agreements

Service level agreements (SLAs) are drawn up to keep clients and end users happy and to let them know what to expect of their network providers. If SLAs are unmet, then, companies can end up in very hot water. Network monitoring is one of the best ways to ensure SLAs are met.

Downtime is reduced

Downtime is a major factor when it comes to company losses. This is because it can hugely impact employee productivity. As well as the time spent unable to undertake their everyday tasks, employees may become frustrated or angered by slow IT systems, which can impact their ability to get on with tasks. Network monitoring is a great way to reduce downtime.

Choosing the right software for you

Once you have made the decision to opt for network monitoring software, you will need to find a package that suits your needs. You may, for example, want to think about:

– Installation costs
– The cost of initial licenses and product options
– Whether the product offers affordable upgrades and support
– How many of your staff will need training, and how much this will cost
– Costs associated with setting up the system
– Whether you will need to hire anyone new to help manage the new system

Here at Opmantek, we’ve helped our customers use our products to design the solution they need. Our staff are knowledgeable and friendly and there’s no hard sell.

 

Uncategorized