Perle Systems Technical Note
Managing Large-Scale Deployments of Perle Products
As information networks grow in size and businesses expect greater uptime and performance from their network backbone, there is an increased need to proactively monitor activity, notify when or before problems occur and provide alerting to administrators. To ensure this, it is imperative that the network administrator move from a reactive approach to network management to one that is proactive.
Most networks begin small. And in those small networks, it is often the work of a small group of trusting individuals to complete the network build and administration tasks. Formalized mechanisms of change control often don’t exist in the smallest of networks as the cost of administrative overhead required to support them does not outweigh their benefits.
As most companies grow their business and correspondingly grow their networks, the number of configuration items grows geometrically with the size of the networks. Businesses must retreat from ad-hoc management to some mechanism of configuration control to ensure network stability. The FCAPS standards model can outline the necessary management tasks.
PerleVIEW Device Management System is an Enterprise-grade, multi-user, Windows server-based centralized management package that simplifies the configuration, administration, monitoring, and troubleshooting of Perle products in medium to large-scale deployments. PerleVIEW follows the ISO Telecommunications Management Network model and framework (FCAPS) for managing a network. This framework is identified by the following elements.
- Fault management
- Performance management
- Security management
Network and Element Management Systems provide fault management through its interaction with the managed devices. When a fault or event occurs, the managed device will send an event-alert via a standard protocol-based SNMP trap. This trap is logged by the management system and depending on the severity, triggers an event notification which may generate a manual or automatic activity. This may require an operator to respond to the alarm and acknowledge it or have this notification automatically sent out to individuals. This is generally done via pre-stored email or SMS addresses.
As Twitter has become an important staple for mobile communications, some systems such as PerleVIEW enable administrators to set-up Twitter feeds for these notifications. After creating a Twitter user account for this purpose, PerleVIEW can, through its Twitter API, issue tweets to followers of this account on behalf of the Twitter account. This offers additional flexibility to the enterprise and assurance that the notification will be received.
Interaction with other SNMP systems
The benefit of the SNMP protocol is in its extensibility. As the protocol and framework are device-independent as well as NMS-independent, this allows for the interconnection of all SNMP-capable devices of any vendor into a single domain of management. Some organizations with already established SNMP based systems may have the need to receive copies of the alerts received from the network. PerleVIEW can be configured so that these same alerts are relayed to the enterprise’s core SNMP NMS system. This way the NMS may continue to manage the entire network and at the same time take advantage of the specific features and functions that are best served by PerleVIEW.
Relying solely on receiving alerts from the remote entities to monitor device health is not full-proof, as the network device could in fact be powered off and never be able to send an alert. To recognizing this type of failure, the network management system issues pro-active SNMP probes on a periodic basis. These probes interrogate the health of the target system, acquiring all of the latest status and information. If the managed device is down or inaccessible, the management system will know immediately.
Effective configuration management ensures that devices contain the right configuration based on policy. It also provides a mechanism for rapid return to operations of faulted devices, as an effective configuration management tool will store each device’s configuration in a separate searchable repository. In today’s environment of stringent compliance regulations, only through effective configuration compliance will a network pass an auditor’s review.
As with all managed network components, various parameters can be set. By managing these elements individually in a large-scale deployment scenario, errors can occur where some devices have a parameter set incorrectly. This can lead to inconsistencies in the performance of Ethernet to fiber links.
By incorporating a centralized management system, where all of the network administrators and operators can access, these variations are virtually limited.
PerleVIEW provides a number of capabilities that enable the network administrators to have control over their fiber links;
|Easy Navigation||Easily find your target device in the navigation pane. Navigate the entire device collection by name, IP subnet, device type, hardware type, health status or even your own custom group|
|Configuration Management||Configuration backup, firmware and change management is provided to maintain and control the configuration and software levels of the devices that are deployed|
|Automatic Device Discovery||PerleVIEW can automatically discover and identify devices attached to the network. Discovery filters enable you to limit discovery to specific network segments, domain name, specific IP address or IP address ranges. Discover devices on the local network as well as those located across routed networks.|
|Customizable pro-active monitoring||Periodic SNMP probes interrogate the health of all your Perle devices on the network ensuring that you have the most update information on your network devices|
|Device grouping||Set up your own groups of devices that make sense for your own organizational needs. These group names can then be used for user authorization, views and device tasks|
|Device CLI Scripting||Powerful tool for advanced users. Create CLI scripts that can be used for various device activities such as large scale configuration changes.|
|Backup and Restore||The configuration database can be backed up ensuring that configurations can be rapidly restored in the case of a disaster event.|
|Device Firmware Version Control||PerleVIEW can do periodic checks for the latest device firmware and PerleVIEW software levels directly from Perle’s web site. Devices that are not at the latest level are easily identified.|
|Deploy Device firmware||Easily perform firmware updates to a large number of devices through simple deploy device firmware tasks. These can be set up as on-demand or scheduled|
|Audit Trail Log||PerleVIEW logs all tasks performed by all PerleVIEW users. This log can be viewed on-line or exported as a .csv file|
|Reports||All device activity, status and information are kept by PerleVIEW in an SQL database. Users can create their own customized reports using standard SQL database tools such as Crystal Report|
|In-band Connection Tool||Specific devices can be managed directly using Telnet, SSH, http or https. PerleVIEW provides the option of a browser-based GUI or a browser-based command line interface (CLI). Unlike other network management platforms, the connection to the device is made through PerleVIEW and not a redirected client. This enables the client and the managed devices to exist on separate unconnected or firewalled networks.|
|Single sign-on for in-band connections||With pre-configuration, an authenticated user connected to PerleVIEW can connect to any of the devices without re-authenticating again to the device.|
|Device PING tool||Device administrators can initiate standard ICMP PINGs from PerleVIEW to a targeted device. This provides a powerful troubleshooting tool right from your browser without having to know the device’s specific IP address|
Administration (Accounting) Management
For large enterprises, a number of groups of individuals with varying responsibilities are involved in the management of the network. PerleVIEW enables effective delegation of management responsibilities by giving administrators granular control over which users can perform specific management operations on specific systems. Roles include:
- The PerleVIEW Administrator has the responsibility of managing the entire operation of PerleVIEW, the roles of operators that manage specific device groups and what level of control that these users have over the network.
- A Device Administrator can manage devices as an administrator type user with full read/write configuration capabilities.
- Device Operators can perform basic functions on the device such as viewing status and the resetting ports and links.
- A Device Viewer is limited to viewing functions on information that is stored in the PerleVIEW database.
PerleVIEW as an application designed specifically for Windows Servers, integrating with Windows security and authentication mechanisms. Only those users authenticated through Windows security are permitted access to PerleVIEW.
Administrators can also take advantage of utilizing established Microsoft Groups to profile PerleVIEW users and what roles they can have within the system. As an example an enterprise may want to limit the existing “Fiber engineering” Microsoft Group to have a specific role for specific devices. When an authenticated user from that group accesses PerleVIEW, the rights associated with that Windows Group will be assigned to that user.
Any process for configuration management needs to include a process whereby that environment can be audited against its baseline.
Depending on the industry in which you do business, there may be one or more compliance regulations that require auditing to occur. Your ability to show successful compliance to network security regulations and prove your configuration can prevent you from expensive and damaging litigation.
|Sarbanes-Oxley Act (SOX)||Publicly-traded institutions|
|Gramm-Leach-Bliley Act (GLBA)||Financial institutions and those that handle personal financial information|
|Payment Card Industry Data Security
Standard (PCI or PCI DSS)
|Institutions that accept payment cards|
|Health Insurance Portability and
Accountability Act (HIPAA)
All tasks performed on PerleVIEW are stored in an audit trail log which can be viewed on-line or exported as a .csv file for an audit review.
Performance management expands upon simply answering the question, “Why is the network so slow?” It involves pro-actively analyzing a network’s activity and making informed business decisions about expansion before performance becomes critical.
PerleVIEW offers an information collecting task that is used to gather comprehensive details such as port statistics from the target device. The results from these tasks can be reviewed or used in the generation of custom reports from SQL database used by PerleVIEW.
Enabling successful security management means segregating the roles and responsibilities of administrators and users, logging their activity, and ensuring the privacy of data on the network.
By relying on the already established Windows Server security infrastructure that has been adopted by the enterprise, PerleVIEW is automatically protected and can capitalize on the change management, Active Directory policy management and strong authentication schemes that already exist.
In addition, data to and from your internet browser can be encrypted via standard SSL and SSH protocols, ensuring complete protection of your online information.
PerleVIEW is the most complete centralized management package for a managed device installation. This enterprise-grade solution is is based on standardized Windows Server and SQL functionality to ensure security and reliability. Enable your IT organization to focus less on daily maintenance and more on meeting future business needs by choosing Perle for your device networking hardware.
Perle Products Managable by PerleVIEW
Secure Enterprise-Class Edge Routers & Gateways with Dual SIM Fail-over. 600Mbps downlink and 150Mbps uplink.
IOLAN SCR Console Servers
Secure data center management of any device with an RS232 RJ45 or Ethernet console management port. Integrated firewall, two-factor authentication, Zero Touch Provisioning (ZTP), advanced failover to multiple networks, and full routing capabilities with support for RIP, OSPF, and BGP.
Compact Ethernet Switches designed for harsh temperature, vibration and shock environments
Fiber Media Converters
Link Fiber to Copper, Multimode to Single Mode, or extend Data Transmission Distances. 10/100/1000/2.5G/10G