SolarWinds Thwack Community

Screen Shot 2014-09-02 at 10.13.49 PMAugust has come and gone, and with it my Thwack Ambassador status. You might be wondering what that means. Perhaps you thought @amyengineer with her sparkly bat was the ambassador of thwack. This is not the thwack you are looking for. This thwack is the SolarWinds Thwack Community. SolarWinds, as you likely already know, is a software company that provides a variety of network and system management/monitoring tools. Their tools are good, easy to use, and reasonably priced. Their marketing is amusing and occasionally inspired (see The Joy of Whiteboarding with Rob Boss). The Thwack Community is an open forum for discussion of network management topics. Forums exist for the SolarWinds tools as well as general discussion. A Thwack Ambassador is given the job to spur conversation in their assigned topic areas in order to encourage participation in the forums. This is done through weekly blog posts on Thwack and my assigned area was network management. I’ve included the intro to each week below, but if you want to read more, you’ll have to follow the link to the thwack website. :)

The Discussions

For week one I asked, “What is a well managed network?

What is network management and what constitutes a well managed network? Is it monitoring devices and links to ensure they are “up?” Is it backing up your device configurations? Is it tracking bandwidth utilization? Network management is all this and more. We often seem to confuse network monitoring with network management, but monitoring is really just the start.

This post generated the most discussion and it was interesting to see the variety of views expressed from different perspectives. One user even created a nice outline of what we decided made up a well managed network.

On week two we discussed “Thinking in terms of availability.

Network monitoring tracks the state of the network and is primarily looking for faults. At the most basic level, we want to know if devices and interfaces are “up.” This is a simple binary reachability test. Your device is either reachable or not, it’s either “up” or “down.” However, just because a device is reachable does not mean there are no faults in the network. If a circuit is dropping packets, performance may be impacted and can make the circuit unusable even though it is “up.” Time to stop thinking in terms of reachability and start thinking in terms of availability.

The comments to this post were mostly people nodding in agreement, though one reader brought up the idea of acceptability, as well.

During week three I reminded everyone that “Useful alerts help you be proactive.

You may need to have an alert sent if an interface goes down in the data center, but you almost certainly don’t want an alert if an interface goes down for a user’s desktop. You don’t need (or want) an alert for every event in the network. If you receive alerts for everything, it becomes difficult to find the ones that really matter in the noise. Unnecessary alerts train people to ignore all alerts, since those that represent real issues are (hopefully) few. Remember the story of the boy who cried wolf? Keep your alerts useful.

This post had a nice little discussion talking about ways to make the alerts useful, like including severity in the subject of the alert.

Finally, in week four I asked, “What’s on your network?

There is a credit card commercial that asks, “What’s in your wallet?” I’m going to ask, “What’s in your network?” Sure, you might be able to tell me what’s in your network right now, but can you still tell me about a device when it’s down? Its model and serial number? The modules or line cards installed? Which interfaces are in use and how much bandwidth they use?

This question focused more on documentation, which received the obligatory head nodding and a little snark. There was also a side thread that brought up the lack of communications between teams (silos).

Closing Thought

I hope you found these discussions of interest, and maybe got you thinking a little more or a little differently about something. I can’t help but think of a rant posted by @etherealmind titled, “You Are Not A Precious Snowflake. IT Infrastructure Is The Same Everywhere.

Vendors keep telling me that every business is different and customer have different needs. We all buy the same products from the same companies, use the same deployment methodologies and best practices, have the same problems and deliver the same results to the business. You aren’t a precious snowflake.

I was looking at the discussions and thinking that we are all talking about the same sets of problems and appreciating the same sets of solutions, yet I’m sure the organizations we all work for are wildly different. I’m sure you’ve noticed this when talking with other IT professionals, too. In reality, our infrastructures are not all that dissimilar. I think that’s actually a good thing, but it is something to ponder…

FIN

VMware VCA (x3) and SolarWinds SCP

One week last December, I picked up four certifications. It’s not as impressive as it may initially sound. The certifications were the three VMware Certified Associate certifications (that were available at the time) and the other was the SolarWinds Certified Professional.

VMware Certified Associate

VCA DCV LogoLast year VMware (re-)introduced a new entry level certification called the VMware Certified Associate. There are three flavors of this certification available and one planned. The current specializations are Data Center Virtualization (DCV), Workforce Mobility (WM, apparently the new name for desktop virtualization), and Cloud. The planned certification is Network Virtualization (NV), which will cover VMware NSX.

Now, you may be wondering how this new cert fits into the hierarchy of VMware certifications. This is the best description I’ve seen:

At least as far as the VCA goes, I’d say this is accurate. These certifications do not test your technical hands on skills with the products, but it does test if you understand what components are available and what they do at a high level. For example, do you understand the difference between VMware Fault Tolerance and VMware High Availability? Do you know anything about what VMware Horizon View does, beyond “it does VDI?” Can you describe what the vCloud Connector does?

Unlike the VCP certification, there is no requirement to take a class to achieve this certification. However, VMware does provide free online training for these certs. The courses are about 3 hours long and are exactly what you need to know to pass the exams. I didn’t have to pay a lot of attention for the DCV course, but I did find it useful for filling in some gaps. The WM and Cloud exams did require more attention to be paid to them, since I didn’t have any experience with either. By the way, if you are playing CloudCred, you can also pick up a bunch of points while you study by completing tasks for the VCA badge.

The exams are delivered as online tests through Pearson Vue. You will need to create a new profile for VMware at http://www.pearsonvue.com/vmware/ and then you will need to get each exam authorized through https://mylearn.vmware.com/portals/certification/. If you’ve taken any other Cisco or VMware exams, the web interface should be familiar and it’s like taking any other exam, except you can do it anywhere and there is no proctor.

That said, I’m not sure how valuable these certifications really are. They may be useful for those involved in sales, or maybe for those who are just getting started. I don’t expect to see employers looking for engineers with these certifications. They just don’t say anything about someone’s technical prowess. So, you might wonder why I took them? I took them because VMware was offering a promotion to take the exam at no charge to promote the certification. Currently these exams are $120 each.

SolarWinds Certified Professional

SCP LogoThe Solarwinds Certified Professional (SCP) is a certification that I had considered for a while. While I was working on the VCA exams, I looked into the SCP and decided to register for the exam. I was pleasantly surprised to find that Solarwinds is working to integrate the certification into their thwack community site, but while they are working to integrate it, they are allowing the exam to be taken for free. Another free cert! (As far as I know, it is still free as of this writing.) This is exam is also delivered online and is not a proctored exam.

Solarwinds also provides some study materials in the form of a study guide and some videos. If you have experience with network monitoring, this exam shouldn’t be a problem, especially since I believe you get three attempts. The exam is mostly about network monitoring, so you should expect questions about ping, SNMP, OIDs, and topics along those lines. The exam isn’t focussed on Solarwinds products, but it does expect you to know something of Solarwinds Orion.

I started to read the study guide, but quickly realized that maybe I should just take the exam, which I did, and I passed on the first attempt. The only thing that I found surprising was that some of the questions were pretty dated. For example, asking questions related to Windows Server 2003. There were a few questions that I didn’t care for their wording, but overall, I thought the exam content was fair. It doesn’t have an emphasis on Solarwinds products and seems to have a pretty reasonable coverage of network monitoring topics.

I would say that this exam is worthwhile for the cost, and if you are experienced, should be a breeze. If you aren’t experienced, then studying for it will give you some useful knowledge.

FIN

Solarwinds, HTTPS, and FQDN

When you first configure a Solarwinds Orion-based server the default website it configures is on port 80 only. You might want to go into IIS and add server bindings for port 443. I prefer to ensure all traffic is encrypted and disable remote access to port 80, but that is subject to your local policy. Don’t disable port 80 completely because sometimes you need to access it from the server console.

Adding HTTPS Support

To add HTTPS support, open IIS Manager on your Solarwinds host, right click on the SolarWinds site and select Edit Bindings.

Edit Bindings

To add HTTPS support, right click on the SolarWinds site in IIS Manager and select Edit Bindings…

Now click the Add… button. Change the type dropdown to https, make sure your port changes to 443, and select the appropriate SSL certificate for your server. I usually use the certificate that the machine already has from Active Directory, but your needs may vary. SSL certificate details are outside the scope of this article. :)

Adding an https binding

Choose add, select https from the type dropdown, and select the approriate SSL certificate.

Click OK and you should now have https available.

I Like FQDN, I Cannot Lie

Something that bugs me about Solarwinds is that out of the box it only uses the hostname for the URL. This isn’t the hostname configured in IIS (which normally doesn’t matter, since most Solarwinds installations won’t be using virtual hosts) but it is the hostname used internally for notifications. If you add the URL to a notification, it’ll only include the hostname. Something like this:

From: [email protected]
To: [email protected]
Subject: router.example.com rebooted at 3/18/2014 6:43 AM

Lastboot: Tuesday, March 18, 2014 6:38 AM
Device:   Catalyst 37xx Stack
IOS:      15.0(1)SE3, RELEASE SOFTWARE (fc1)
Image:  C3750E-UNIVERSALK9-MAcknowledge: http://solarwinds:80/Orion/Netperfmon/AckAlert.aspx

Note the URL at the end there with “solarwinds” as the hostname. Now, that might be acceptable if you are in your office. However, that can cause problems for VPN users and for people who it just plain bugs when they don’t see an FQDN. Fortunately, we can correct this URL problem pretty easily. This is also important if you want to use https, because it allows you to change the URL used in notifications to a secure one.

Change to FQDN

WARNING! Beware that you are editing the database live. You should know what you are doing here and be careful. If you break stuff, it’s not my fault. You have been warned.

To change this behavior you need to launch Database Manager and switch to the Websites table. To edit the fields, you’ll need to click Enable table editing. Now you can change the ServerName field to the FQDN. You also need to set the Port to “443” and SSLEnabled to “1” if you want the system to create proper https URLs. Here’s what mine looks like:

Solarwinds Database Manager

My opinion of a properly configured Solarwinds installation.

 

Enjoy your secure FQDN URLs in your notifications!

FIN