Follow the Rules
This strong, rules-based system will keep a close watch over your network's population.
Enterprise Manager 4.0
1: Virtually inoperable or nonexistent
5: Average, performs adequately
Keeping tabs on the health of your systems and servers is a fundamental and
essential task. ELM Enterprise Manager 4.0 uses filtered alert monitoring and
rules-based notification to let you know exactly what's happening throughout
ELM 4.0 is actually a combination of three of TNT's tools:
- ELM Log Manager collects event information and creates central aggregated
- ELM Performance Manager tracks performance in real time
- ELM Event Log Monitor creates a central repository for Windows Event
ELM monitors Windows networks, including Windows NT, 2000 and 2003 servers
and Windows NT, 2000 and XP workstations. It also works with Active Directory,
IIS, Exchange and ISA. Through syslog events and SNMP traps, it supports non-Windows
platforms and IP devices like printers or routers as well.
TNT has made a number of improvements since Redmond reviewed an earlier
version in January 2004. Most are aimed at delivering more concise information.
TNT redesigned the console to create categories around the major functions.
ELM Advisor now provides pop-up style messages when specific alerts are triggered.
The At-A-Glance views create specific groupings of alerts, which make it easier
to analyze a particular segment of your infrastructure. ELM also added a tighter
integration for ASP.NET and souped-up the Web components.
Architecturally, ELM Enterprise Manager operates in much the same way as other
utilities of its class. ELM has a central administration utility as an MMC snap-in,
a Web-based interface, a database that collects the messages for ELM and a series
of agents that communicate with the central system.
[Click on image for larger view.]
|Figure 1. ELM
gives you full details on every alert.
On the other end of the wire, ELM uses three different types of agents. Service
Agents install directly to the system and have the most functionality. If you
don't want to install something on your server, you can use a Virtual Agent.
This is what TNT used to call a Remote Agent. These monitor almost as well as
the Service Agents, but they do so from afar. ELM also comes with IP Virtual
Agents that monitor non-Windows platform devices, which is good for capturing
the status of routers or Unix-based systems.
Agent management is quite simple with ELM. You just go into the console and
add an agent for the node you want to monitor. If you no longer want to monitor
that node, simply delete the agent from the list. If you've installed the Service
Agent to the system, it will automatically roll off the system.
Installation was a bit of a challenge when dealing with requisites. While the
tool does install quite easily, on improvement would be to have it sweep to
make sure everything required is in place and operating. The requisites are
in the documentation (for those of you who actually read the directions before
installation), so you should be OK. If you run into trouble, Tech Support is
ready to help, and they are quite a responsive group. The installation routines
won't tell you if you're missing something, though. It will just error out or
Installing to SQL Express 2005 was a showstopper. I ended up installing MSDE
2000 so I could continue with the installation. Once all the requisites were
sorted, the software installed in around 10 minutes, very clean and neat. All
the databases were created and configured, and the principle services were added
and started -- all that without a reboot.
To Monitor and To Protect
ELM centers around three major functional areas: monitoring, notification and
reporting. Monitoring is ELM's shining attribute. There are a number of preconfigured
monitoring items, and you can create your own based on a list of 23 different
categories. You can also place a polling frequency on each monitor item, such
as "ping XYZ server every five minutes and report if there is no reply."
The System Information function is one of the most comprehensive snapshots
I've ever seen in a tool like this. There's data on hardware specifics, software,
drivers, modules and DLLs, service status, status on the IP stack, modules in
use by the Browser -- the list goes on. This level of information is a huge
benefit in a trouble-shooting capacity. Similar functions on other tools are
so bland that their usefulness is questionable after the first pass.
ELM's primary function is to monitor and report events as they occur, but such
a tool would be remiss without a solid notification utility, and the one within
ELM Enterprise does not disappoint. ELM's powerful filtering ability is connected
to targeted scripts. That means ELM can run certain scripts or notifications
based on specifics within the logged event. This gives you the information that
you need to see without overwhelming you with data you don't need. Speaking
of filtering, you can set up each Windows event, syslog event or SNMP trap to
include it or exclude it from interest, depending on what you need.
ELM handles notification through a number of different approaches, such as
an e-mail or a page. The system can beep or even talk if you're using the Microsoft
TTS engine. You can set up pop-up messages to appear on a desktop console, similar
to an IM notification. Heck, ELM can even send you an IM if you're using MSN
Instant Messenger (or Yahoo! now that the two are more conjoined).
One of the more quaint notification methods was the Marquee Device. ELM can
send notifications to an LED Reader Board. At first, I was thinking that server
errors aren't something I'd like to see in lights. If you have a large data
center with a lot of activity, though, using a reader board to announce issues
with your server network might be a good idea. Still, I would be willing to
bet that most ELM shops aren't going to be using this notification method.
Reporting -- the last major functional area -- is of critical importance for
any tool that will be used for compliance issues, whether HIPAA or Sarbanes-Oxley.
ELM comes with a strong reporting capability, bundled with a good range of report
formats. You can also quickly create your own report formats to cover a range
of time or role-based activities, such as a view for your DBA, exchange admin
or sys admin. You can also capture reports for trending analysis and export
them out of the system for long-term storage. Reporting was the main reason
behind the console redesign.
The one thing I would've liked to see in the report scheduler is a "Run
Report Now" option. The Scheduler lets you run reports on a 15 minute granularity.
In order to execute a run report order, you have to wait for the next quarter
hour before doing so. I do like the fact that you can set up reports to automatically
run based on a specific time period. This helps keep the information current
and covers the range of times you need to monitor.
Performance Monitoring is also part of the Results area. You can configure
ELM to watch the server for specific performance events. While you can log those
and chart them out with Windows Performance Monitor, ELM can notify you of specific
performance-related events: for example, if a specific process spikes the processor
to 100 percent or uses a certain amount of RAM.
The updates TNT has made to ELM Enterprise Edition 4.0 have made it easier
to use, but haven't given up one iota of power or functionality. If you're scouting
for something to monitor and manage your growing network population, make sure
ELM is on your list of contenders. It's well-designed and well-suited for whatever
monitoring tasks you have in mind.
About the Author
Rick A. Butler, MCSE+I, is the Director of Information Services for the United States Hang Gliding Association.