SCUOLA SUPERIORE SANT ANNA 2007/2008

(1)

Master degree report

Implementation of System and Network Monitoring Solution –

Netx2.0

By

Kanchanna RAMASAMY BALRAJ

In fulfillment of

I

NTERNATIONAL

M

ASTER ON INFORMATION TECHNOLOGY

S

CUOLA

S

UPERIORE

S

ANT

’A

NNA

2007/2008

Academic tutor

Prof.Giuseppe Lipari

Engiweb tutors

Sig.Riccardo caffola

Sig. Fracesco Iadanza

Sig. Antonello Schiavella

(2)

Acknowledgment

I am motivated to express my gratitude to all those that let me do this internship in the best

conditions. To people from Scuola Superiore Sant Anna, ENGIWEB and especially:

‟

- Prof.Giuseppe Lipari: director of the master IMIT – Scuola Superiore Sant Anna

‟

- Sig.Claudio Manfroni: tutor of the master IMIT – Scuola Superiore Sant Anna

‟

- Sig. Riccardo Cafola – Engiweb, Roma

(3)

Indice delle tabelle

Thesis Abstract

Introduction

Technical Approach

Related Work

Implementation and results

Evolution

Conclusions

References

(4)

1. Abstract – Application and Network Monitoring on Windows and Linux

Platforms exploiting characteristics of WMI and WBEM Technology and

using various protocols

A comprehensive solution for monitoring System and Application, with a centralized interface of events, for the network administrator is inevitable.

Netx 2.0 serves the purpose with a Fat Client Java Interface which communicates via http with Netx server on the network that is being monitored. The Netx solution is platform independent, thanks to JVM. Various protocols are used for monitoring systems of different platforms, application servers and Databases. Also, remote socket connections are used for retrieving information on nodes being monitored.

SSH - Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel

between two networked devices.

WMI - Windows Management Instrumentation (WMI) is a set of extensions to the Windows Driver Model

that provides an operating system interface through which instrumented components provide information and notification.

WBEM - Web-Based Enterprise Management (WBEM) is a set of systems management technologies developed to unify the management of distributed computing environments.

JDBC - Java Database Connectivity (JDBC) is an API for the Java programming language that defines how a client may access a database

2. Introduction

Netx – General Overview of the Product and WMI Architecture

NetX Server

This software component uses the HTTP/HTTPS protocol and Java Web start to enable centralized management and configuration of sensor communication.

The NetX server governs all the sub-systems, enabling centralization of events and their translation into email messages, which are sent to distribution groups according to set configurations.

The server also centrally archives summarized data within any JDBC/ODBC compliant database.

NetX Sensor

The NetX Sensor represents the agent management infrastructure and is likened to a “software mother board.” Modules (agents) specialized in tracing characteristic parameters of monitored devices can be inserted into the “slots” of the “mother board.”

The sensor enables agent functionalities only after running attainability tests on nodes to be monitored. This optimizes the process of data tracing and event production.

The agents are non-invasive as they are installed only on the sensor and not on the controlled systems.

(5)

NetX Agent

NetX Agent is a software component specialized in tracing configuration parameters and node functionality of Windows and UNIX-like networks

Fig 1: Netx with all components - Basic model

WMI – Technology and Architecture

Windows Management Instrumentation (WMI) is the Microsoft implementation of Web-based Enterprise Management (WBEM), which is an industry initiative to develop a standard technology for accessing management information in an enterprise environment. WMI uses the Common Information Model (CIM) industry standard to represent systems, applications, networks, devices, and other managed components. WMI Objects can be queried using VB, DCOM, Activex. In this implementation we have chosen to query the WMI objects using VBScripts as for simplicity in programming scripts.

(6)

Fig 2: WMI Architecture

3. Related Work – Open Source

Kiwi Syslog Daemon- Kiwi Syslog Daemon is a freeware Syslog Daemon for Windows. It receives, logs, displays and forwards Syslog messages from hosts such as routers, switches, Unix hosts and any other syslog enabled device.

Kiwi works only for Windows platform, whereas Netx is a multiplatform implementation on Java and monitors Unix as well as Windows Nodes.

4. Technical Approach

Application Server Monitoring:

JMX framework is adapted for realizing distributed architecture and remote JMX connection is established with the Listening Mbeans registered with Mbean Application server. Thus application Monitoring like class loading, application performance data can be obtained and analyzed.

The performance-calculating agents interface with the Application Server through JMX technology.

Thus, the type and number of parameters monitored depend on implementation of the JMX server component provided by the AS vendor. Monitoring is done via TCP/IP through RMI Connection on user-definable ports.

Any new monitorable feature can be readily added as a new Mbean and registered with the Mbean server and hence easily extensible.

This type of monitor checks the following main parameters:

(7)



RAM heap percentage use



RAM non-heap percentage use



Number of active threads



Number of active web applications



Connection pool statistics



EJB cache statistics

Fig 3: Asset Information retrieved from WMI Objects using VBScript

RDBMS Performance:

This type of monitor checks database functional performance.

The RDBMS agents that calculate performance centralize the information contained in system views. Such information can be used to produce statistical performance reports of the monitored database.

The main RDBMS performance information consists of:



Active instances



Active sessions per instance



CPU usage per session



RAM usage per session



Number of transactions per session

(8)



Association of data files to table spaces



Table space fill level



Individual data file fill level

(9)

Network Monitoring:

This type of agent is capable of querying an SNMP device (typically a network device) and registering all relevant information contained in the Management Information Base (MIB), centralizing it in a relational database in flat format.

SNMP devices read the following parameter types: device type



Status of individual interfaces



IN/OUT IP traffic in total and for individual interfaces



TCP port status for each IP Address



UDP port status for each IP Address

(10)

Windows/Linux Performance Remote SSH Connection:

Remote ssh connection is established on the system to be monitored and various Linux monitoring scripts(eg: disk space usage, Filesystem details, TCP sockets, CPU Load average etc) are executed and the results obtained are evaluated.

This agent class monitors parameters to calculate performance relating to:  % RAM used

 % disk partition used

 % Mount Point used (for LINUX);

 IP-input traffic overall and per individual card;  Asset configuration

Fig 6: Results of Script execution on Linux machines for asset information, general system information etc.,

(11)

5. Implementation and results

Scripts were successfully written and executed using ssh protocol connection for Linux flavors – Redhat, Ubuntu, Suse, Fedora, centos. The results were parsed and presented on Netx client and updated in database. The functionalities implemented include 1) dmidecode scripts for cache, chassis, RAM, Motherboard, Port connector, Processor, Sound card, Video Card information, 2) Network Statistics of TCP socktes, their states, Unix sockets and their states, 3) Kernel allocator statistics, kernel Memory utilization/Distribution, 4) IP Route Tables etc., to name a few.

(12)

6. Evolution

OO concept implementation in a real time product, Usage of Regular expressions for parsing Linux script results, Linux Monitoring techniques, Dmidecode package etc

7. Conclusions

A complete monitoring solution for Windows, Linux platforms is realized with a centralized

proprietary database for logging the events. Network administrator is able to monitor the network remotely in a non intrusive mode and thus adhering to the security constraints.