Product Reviews

Follow the Rules

This strong, rules-based system will keep a close watch over your network's population.

ELM Enterprise Manager 4.0
Documentation 20%
Installation 20%
Feature Set 20%
Performance 20%
Management 20%
Overall Rating:

1: Virtually inoperable or nonexistent
5: Average, performs adequately
10: Exceptional

Keeping tabs on the health of your systems and servers is a fundamental and essential task. ELM Enterprise Manager 4.0 uses filtered alert monitoring and rules-based notification to let you know exactly what's happening throughout your network.

ELM 4.0 is actually a combination of three of TNT's tools:

  • ELM Log Manager collects event information and creates central aggregated views
  • ELM Performance Manager tracks performance in real time
  • ELM Event Log Monitor creates a central repository for Windows Event Log data.

ELM monitors Windows networks, including Windows NT, 2000 and 2003 servers and Windows NT, 2000 and XP workstations. It also works with Active Directory, IIS, Exchange and ISA. Through syslog events and SNMP traps, it supports non-Windows platforms and IP devices like printers or routers as well.

TNT has made a number of improvements since Redmond reviewed an earlier version in January 2004. Most are aimed at delivering more concise information. TNT redesigned the console to create categories around the major functions. ELM Advisor now provides pop-up style messages when specific alerts are triggered. The At-A-Glance views create specific groupings of alerts, which make it easier to analyze a particular segment of your infrastructure. ELM also added a tighter integration for ASP.NET and souped-up the Web components.

Architecturally, ELM Enterprise Manager operates in much the same way as other utilities of its class. ELM has a central administration utility as an MMC snap-in, a Web-based interface, a database that collects the messages for ELM and a series of agents that communicate with the central system.

Figure 1
[Click on image for larger view.]
Figure 1. ELM gives you full details on every alert.

On the other end of the wire, ELM uses three different types of agents. Service Agents install directly to the system and have the most functionality. If you don't want to install something on your server, you can use a Virtual Agent. This is what TNT used to call a Remote Agent. These monitor almost as well as the Service Agents, but they do so from afar. ELM also comes with IP Virtual Agents that monitor non-Windows platform devices, which is good for capturing the status of routers or Unix-based systems.

Agent management is quite simple with ELM. You just go into the console and add an agent for the node you want to monitor. If you no longer want to monitor that node, simply delete the agent from the list. If you've installed the Service Agent to the system, it will automatically roll off the system.

Installation was a bit of a challenge when dealing with requisites. While the tool does install quite easily, on improvement would be to have it sweep to make sure everything required is in place and operating. The requisites are in the documentation (for those of you who actually read the directions before installation), so you should be OK. If you run into trouble, Tech Support is ready to help, and they are quite a responsive group. The installation routines won't tell you if you're missing something, though. It will just error out or freeze.

Installing to SQL Express 2005 was a showstopper. I ended up installing MSDE 2000 so I could continue with the installation. Once all the requisites were sorted, the software installed in around 10 minutes, very clean and neat. All the databases were created and configured, and the principle services were added and started -- all that without a reboot.

The System Information function

To Monitor and To Protect
ELM centers around three major functional areas: monitoring, notification and reporting. Monitoring is ELM's shining attribute. There are a number of preconfigured monitoring items, and you can create your own based on a list of 23 different categories. You can also place a polling frequency on each monitor item, such as "ping XYZ server every five minutes and report if there is no reply."

The System Information function is one of the most comprehensive snapshots I've ever seen in a tool like this. There's data on hardware specifics, software, drivers, modules and DLLs, service status, status on the IP stack, modules in use by the Browser -- the list goes on. This level of information is a huge benefit in a trouble-shooting capacity. Similar functions on other tools are so bland that their usefulness is questionable after the first pass.

ELM's primary function is to monitor and report events as they occur, but such a tool would be remiss without a solid notification utility, and the one within ELM Enterprise does not disappoint. ELM's powerful filtering ability is connected to targeted scripts. That means ELM can run certain scripts or notifications based on specifics within the logged event. This gives you the information that you need to see without overwhelming you with data you don't need. Speaking of filtering, you can set up each Windows event, syslog event or SNMP trap to include it or exclude it from interest, depending on what you need.

ELM handles notification through a number of different approaches, such as an e-mail or a page. The system can beep or even talk if you're using the Microsoft TTS engine. You can set up pop-up messages to appear on a desktop console, similar to an IM notification. Heck, ELM can even send you an IM if you're using MSN Instant Messenger (or Yahoo! now that the two are more conjoined).

One of the more quaint notification methods was the Marquee Device. ELM can send notifications to an LED Reader Board. At first, I was thinking that server errors aren't something I'd like to see in lights. If you have a large data center with a lot of activity, though, using a reader board to announce issues with your server network might be a good idea. Still, I would be willing to bet that most ELM shops aren't going to be using this notification method.

Robust Reporting
Reporting -- the last major functional area -- is of critical importance for any tool that will be used for compliance issues, whether HIPAA or Sarbanes-Oxley. ELM comes with a strong reporting capability, bundled with a good range of report formats. You can also quickly create your own report formats to cover a range of time or role-based activities, such as a view for your DBA, exchange admin or sys admin. You can also capture reports for trending analysis and export them out of the system for long-term storage. Reporting was the main reason behind the console redesign.

The one thing I would've liked to see in the report scheduler is a "Run Report Now" option. The Scheduler lets you run reports on a 15 minute granularity. In order to execute a run report order, you have to wait for the next quarter hour before doing so. I do like the fact that you can set up reports to automatically run based on a specific time period. This helps keep the information current and covers the range of times you need to monitor.

Performance Monitoring is also part of the Results area. You can configure ELM to watch the server for specific performance events. While you can log those and chart them out with Windows Performance Monitor, ELM can notify you of specific performance-related events: for example, if a specific process spikes the processor to 100 percent or uses a certain amount of RAM.

The updates TNT has made to ELM Enterprise Edition 4.0 have made it easier to use, but haven't given up one iota of power or functionality. If you're scouting for something to monitor and manage your growing network population, make sure ELM is on your list of contenders. It's well-designed and well-suited for whatever monitoring tasks you have in mind.

About the Author

Rick A. Butler, MCSE+I, is the Director of Information Services for the United States Hang Gliding Association.


comments powered by Disqus

Subscribe on YouTube