IBM WebSphere Application Server: Best Monitoring Tools in 2020

Data is at the core of most organizations nowadays. This means that they need to be able to pull data from every available source and extract useful information from it. But this data can be from various sources and its format is not necessarily uniform. This is where you need a system such as the WebSphere Application Server from IBM.

IBM WebSphere Application Server Guide and Best Monitoring Tools

This platform will coordinate all the data accesses and provide users with whatever application they need to process the raw data into meaningful information. Today, we’re having a look at this powerful product from IBM and we’ll review some tools you can use to monitor and manage the product.

As we often do, we’ll first have a high-altitude look at the WebSphere Application Server. Our goal is to give you enough background information to better understand what the product is and how it can provide value to your business. This will lead us to our next topic, the typical uses for the product. Next, we’ll discuss the advantages of using a web application server in general before we review the pros and cons if the WebSphere Application Server. And last but not least, we’ll review five of the best tools you can use to manage and monitor your WebSphere installation.

The WebSphere Application Server In A Nutshell

The Application Server from IBM is both complex and simple. At its base—and you’ll probably have guessed that from the name—it is an application server. As such, its primary purpose is to serve applications. No real surprise here. The server sits between data sources and the users, allowing for easy and controlled access to corporate data.

That’s the simple way to put it. To be more precise, the WebSphere Application Server is a runtime environment whose primary purpose is to run and deploy Java EE (Enterprise Edition) applications. But even that description is somewhat minimalist as the server is more than that. Although it can act as a conduit between back end services such as databases and front end systems such as user applications, making it a typical middleware component, it also runs a Java Virtual Machine (JVM) as well as containers for Java-based web applications.

The consequence of the platform’s close ties to the Java ecosystem is that any application running on the platform or served by it needs to be Java-based. Some will see that as a major constraint but Java advocates will love it. And in fact, it really is not that much of a constraint anyways. The WebSphere Application Server can integrate applications with almost any other system or endpoint, not only those from IBM, making it a versatile product.

RELATED READING: Best Server Monitoring Software (Review)

Typical Uses For The WebSphere Application Server

While there are many reasons for using the WebSphere Application Server, some are more obvious than others. For instance, the platform would likely be an ideal choice for organizations with a number of Java-based applications that need to be able to interact with other apps running on otherwise incompatible platforms. The presence of the server’s Java Virtual Machine sitting in the middle and running Java-based applications could greatly facilitate the communication between systems as any data coming in and going out would be transformed on the fly into whatever format is required before being passed on.

You can install the WebSphere Application Server on several operating systems. Coming from IBM, you can expect it to run on Linux and IBM’s own i/OS and z/OS but it will also run on Solaris and Windows, making it a very versatile option.

Users of this powerful middleware system can use it to have their inputs processed and moved on to storage devices that are also connected to it. They can also extract data from the back end servers and applications lying beyond the WebSphere Application Server, import it to the middleware, have it processed, and then allow end-users to use it from their browsers. And though the process can seem to be a relatively complex, multi-stage end to end operation, the whole purpose of the server is to make it appear seamless to the end-user, providing an experience that is similar to what they’d get by directly accessing the back end. After all, the whole idea of middleware is to provide a transparent interface between the front and back ends.

RELATED READING: Best Windows Server Monitoring Tools (Review)

Why Use A Web Application Server?

A web application server, being from IBM or any other vendor, can provide several advantages to an organization. Here’s an overview of what you can expect.

  • The platform typically provides a seamless user experience that facilitates access to data regardless of its format.
  • It also allows for the integration of data from multiple, otherwise incompatible data sources and platforms.
  • It can also help compile information from various sources and then use the results to draw accurate conclusions on the current status of an organization’s affairs.
  • A web application server offers the ability to collaborate with external business partners without having to worry about the compatibility of their data formats. The middleware will provide the required format conversions as needed.

RELATED READING: Best Web Application Firewalls (WAF Vendors) Reviewed

Pros And Cons

In a perfect world, everything would be perfect. But we’re not in a perfect world and the WebSphere Application Server, just like any other platform, comes with its share of good and bad sides. Here’s an overview of the main pros and cons of the system.

Pros

  • First and foremost, the WebSphere Application Server is easy to use. Even some of its most complex configurations are relatively easy to accomplish, thanks in part to the product’s powerful administrative console.
  • The platform is also compatible with several versions of Java. This means that you won’t be forced to choose one over the others or that you won’t have to worry that the middleware might fail with some of your applications.
  • The platform allows for the easy addition and removal of resources. Even better, most of the actual work is done during the initial setup phase. Once installed and configured, the discovery of new nodes, servers, and applications requires little or even no effort at all.
  • Some of the platform’s features—actually, most of them—let an administrator become proactive in keeping applications and their servers running smoothly. Furthermore, plans and configuration let administrators forecast growth in hardware resources needs and software requirements by collecting and correlating trends over time.
  • Using a product such as the WebSphere Application Server means the end of fighting fires. It makes system administrators more proactive in keeping the servers they manage in their optimal state.

Cons

  • As much as we don’t like to evaluate products solely on price, we have to admit that like most offerings from IBM, the WebSphere Application Server is on the pricey side. In fact, it is so expensive that it could turn out to be a hard expense to justify, especially when trying to demonstrate the potential return on investment, no matter how good it is. Add to that the fact that IBM—being its usual self—doesn’t even offer a free trial version.
  • The financial costs are not the only costs associated with this product. It also comes with a significant overhead when compared with competing solutions. This takes the form of considerable requirements in CPU as well as memory usage. You will typically need a beefier machine to run the WebSphere Application Server.
  • Configuration is another area of the platform that leaves somewhat to be desired. Although the installation is relatively straightforward, most of the configuration is done through the command line or by editing arcane XML files. The consequence is that you’ll almost always need to have an expert on hand for the initial configuration.
  • Again, compared to other products in this category, we observed that the level of community support or even the online footprint of the product is rather low. It gives the impression that it is a relatively unknown product outside the big business world. Given its price, this is understandable yet IBM might be better off pushing its product to the “regular” users.

Best Monitoring Tools For WebSphere Applications Server

Now that we’ve covered a lot of what you need to know about the WebSphere Application Server and how it can help you and your organization, let’s have a look at what third party products are available to help in monitoring and managing the platform. While there are no products solely dedicated to that specific purpose, there are a great many tools that can help. We’ve scoured the market and came up with this list of the very best tools.

1. SolarWinds Server & Application Monitor (FREE TRIAL)

First on our list is a great tool from SolarWinds. The twenty-something old company is famous for making some of the very best network and system administration tools. For instance, its flagship product, the SolarWinds Network Performance Monitor, is considered by many to be the best network monitoring tool available. And to top it off, the company also makes a bunch of free tools, each addressing a specific need of network administrators. The Advanced Subnet Calculator and the Kiwi Free Syslog Server and two great examples of these free tools.

When it comes to monitoring the WebSphere Application Server, SolarWinds proposes its Server & Application Monitor. The tool is designed to help administrators monitor servers, their operational parameters, their processes, and the applications which are running on them. Any application, not just the WebSphere Application Server. It can easily scale from very small networks to large ones with hundreds of servers—both physical and virtual—spread over multiple sites. The tool can also monitor cloud-hosted services like those from Amazon Web Services and Microsoft Azure.

SolarWinds Server & Application Monitor - Dashboard

The SolarWinds Server & Application Monitor is very easy to set up and its initial configuration is just as easily done, thanks to its auto-discovery process which is a two-pass process. The first pass will discover servers, and the second one will find the applications running on them. While this can take time, it can be sped up by supplying the tool with a list of specific applications to look for. Once the tool is up and running, the user-friendly GUI makes using it a breeze. You can choose to display information in either a table or a graphic format.

The SolarWinds Server & Application Monitor provides out-of-the-box templates for WebSphere performance monitoring to track the key performance metrics of your application server. Using the JMX protocol, the tool will let you monitor JVM statistics such as classes loaded count/total loaded count/unloaded count, letting you track the health and availability of the application server. It will also monitor memory statistics such as memory heap used or garbage collections count to detect memory leaks and exceptions, as well as thread pool statistics such as total started count to prevent thread deadlocks and pool exhaustion.

Read our in-depth review of the SolarWinds Server and Application Monitor.

In summary, the SolarWinds Server & Application Monitor will provide a definite added value when dealing with a WebSphere installation of any complexity including:

  • Identifying and troubleshooting issues related to memory leaks and memory exceptions in your WebSphere servers.
  • Monitoring the overall health and performance of WebSphere servers and supporting hardware in a single console.
  • Receiving alerts about slow server response times and increases in database connection pools for faster troubleshooting.

The SolarWinds Server & Application Monitor is available in six capacity tiers of increasing cost. Functionality-wise, all tiers offer the exact same features. The main accounting unit of the tool is the “monitor”. A monitor can be one of several things.

First, there are Component Monitors. Any monitored server parameter counts as one monitor. For instance, a performance counter, a process, a URL, a service, or a script are all monitors. Next are nodes which are any device connected to the network. Nodes can include such things as a server, a power supply, a virtual machine, an ESX host, or a printer. The last type of monitor is the volume. This one corresponds to a logical disk on a monitored server.

The six available pricing tiers are suitable for 150, 300, 700, 1 100, 1 500, and unlimited monitors. Their prices, including the first year of support and maintenance, vary from $2 955 to $38 620. Should you want to try the product, a free 30-day trial is also available.

Official Download Link: https://www.solarwinds.com/server-application-monitor/

2. AppDynamics APM

AppDynamics, which is now a part of Cisco, has a great Application Performance Management tool available which is simply called AppDynamics APM. This excellent tool will automatically discover, map, and allow you to visualize your critical customer journeys through each application service and infrastructure component, including the WebSphere Application Server. It provides management teams with a single source of information to focus on end-to-end performance in the context of the customer experience, instead of monitoring individual services.

AppDynamics APM Screenshot

This tool uses machine learning to learn what normal performance is, automatically building its own baseline of application performance. It allows the tool to alert you whenever performance is not normal. There is direct integration with ServiceNow, PagerDuty, and Jira so that you can be immediately alerted and fix problems before users notice them. Another great feature is the tool’s immediate, automated, code-level diagnostics. Its deep diagnostic capabilities enable you to identify root-cause down to the individual line of code. Your team won’t have to go sifting through log files, saving valuable developer time.

When dealing with the WebSphere Application server, AppDynamics APM can be used to map your applications to key performance indicators and use the data to tweak your software and hardware in order to vastly improve their overall performance. Here’s an overview of the key WebSphere server metrics that the tool will monitor:

  • JVM Memory and Heap Usage
  • Average Response Time
  • EJB (Enterprise Java Bean)Pool Statistics
  • Disk I/O
  • Servlet Session Counts
  • Java Database Connectivity (JDBC) Connection Pool Statistics
  • Thread Pools
  • CPU Utilization
  • Session Statistics
  • Custom MBeans attributes via JMX

Another advantage of this powerful tool is how it can significantly reduce the time you’ll spend troubleshooting, isolating, and resolving issues in your WebShepere-based applications. This is, in part, due to its map feature that shows all the resources where you’ll quickly be able to pinpoint the location of an issue and perhaps even identify its probable cause. But that’s not all, the tool also has automatic remedial actions that you can use—such as stopping and starting servers—to resolve many of the most common issues with no human intervention.

If you ever get to a point where you realize that the time has come—for whatever reason—to move your WebSphere environment to the cloud, AppDynamics APM can help you make that a smooth process. It can be used to identify the apps that are ready to be moved to the cloud and those that do need a few optimization tweaks before they are ready to be moved. And once the applications have been moved, the tool will still be there to monitor your environment. In fact, it will even track applications that are located in multiple, separate clouds. This tool allows an organization to take complete control of all its WebSphere applications, and use them to potentially improve its overall competitiveness.

AppDynamics APM is available in several versions. The most basic is called APM Pro. APM Advanced adds server visibility and network visibility features. The top-level is called APM Peak and it includes all the features from APM Advanced plus business performance monitoring, transaction analytics, and business journeys. Pricing can be obtained by contacting AppDynamics and a 30-day trial version is available.

3. ManageEngine Applications Manager

ManageEngine is another name that enjoys an excellent reputation among network administrators. The company makes a handful of high-quality network and system administration tools such as the ManageEngine Application Manager. But don’t let the product’s name mislead you as it is as much a monitoring platform as it is a management tool.

This tool offers integrated application performance monitoring for all your server and application monitoring needs. It can also do that for the underlying infrastructure components such as application servers, databases, middleware and messaging components, web servers, web services, ERP packages, virtual systems and cloud resources. In a few words, this is an all-encompassing platform.

ManageEngine Applications Manager Screenshot

The ManageEngine Application Manager will give you in-depth visibility into the performance of your WebSphere Application Server as well as the applications deployed on it. It will detect performance issues quickly and reduce the time taken to troubleshoot problems. The tool monitors the overall availability, health and performance of the WebSphere Application Server. It ensures optimal resource allocation by measuring CPU/memory usage, JVM usage and response time. And it tracks the performance of applications using critical metrics such as Live Sessions, Enterprise Java Beans (EJBs), JDBC connection pools, JMS queues.

The platform will allow you to proactively detect WebSphere issues as they arise. It will also take action before the end-users are affected. Furthermore, it can automate corrective actions—such as increasing database connection pool size or restarting the WebSphere server when the memory usage increases—with the help of custom scripts.

There’s a lot more that can be done with this tool. For instance, you can track application response times with code-level information about your application performance monitoring environment. Its transaction tracing feature will let you detect slow transactions. It will monitor database query executions and track background transactions.

The ManageEngine Application Manager is available in several editions. There’s a feature-limited Free edition as well as a Professional and an Enterprise paid versions. Pricing starts at $945 and details can be obtained by contacting ManageEngine. A free 30-day trial version is also available.

4. Dynatrace

Dynatrace is a cloud-based Software as a Service (SaaS) that can detect, solve and optimize applications automatically. Discovering and mapping a complex application ecosystem is simply a matter of installing the Dynatrace OneAgent on the target servers. The tool can give you a high-fidelity view of your entire application stack, from the performance of applications, cloud infrastructure, and user experience. It will help you effortlessly detect problems along with their business impacts and root cause.

Dynatrace Screenshot

Dynatrace claims to have the broadest coverage of any monitoring solution in terms of languages supported, application architectures, cloud, on-premise or hybrid, enterprise apps, SaaS monitoring, and more. The tool automatically discovers and monitors dynamic microservices running inside containers. It shows you how they’re performing, how they communicate with each other and it helps you quickly detect poorly performing microservices.

When it comes to monitoring your WebSphere infrastructure, Dynatrace monitors and analyzes the database activities of your Java applications running on WebSphere and provides you with visibility all the way down to individual SQL and NoSQL statements. Here are just a few of the performance metrics you will see on your Dynatrace dashboard when monitoring WebSphere:

  • JVM metrics
  • Custom JMX metrics
  • Garbage collection metrics
  • All database statements
  • All requests
  • Suspension rate
  • All dependencies

Like it is often the case with products of this type, pricing for Dynatrace is not readily available and can only be obtained by first signing up for the free 15-day trial. Then, its only a matter of installing the agent on your servers and you could be monitoring within 5 minutes.

5. eG Enterprise

eG Innovations, the maker of EG Enterprise might not be the best-known company but the product still offers network administrators a complete monitoring solution. This is a full-stack application performance monitoring (APM) solution that provides in-depth performance visibility into the WebSphere Application Server as well as the Java applications running on it. It will provide WebSphere performance monitoring from a single pane of glass, and let you be the first to know when there are slow application transactions, high web service response time, problems in EJB invocation, hung threads, faults in JCA Connection Pools, JVM memory leaks, and more.

eG Enterprise can help administrators monitor WebSphere performance and understand and provide insights to troubleshoot problems before application users are affected. Developers can also benefit from the tool as they can get immediate access to problematic Java code or SQL queries that impact application performance.

eG Enterprise Screenshot

The eG Enterprise WebSphere monitoring tool will automatically correlate WebSphere performance with server-side issues, resource deficiency (CPU, memory, disk, etc.), hardware faults, network latency, etc. It can trace business transactions across distributed application architecture and multi-tiered JVMs. It will also identify which component of the server-side infrastructure is taking more processing time and slowing down transactions. Furthermore, it will track down the exact line of Java code or SQL query that is causing a performance problem and isolate high-CPU threads, waiting threads and root blocker threads in the JVM for code optimization.

eG Innovations offers both a free trial and a live demo of its eG Enterprise tool. There is, however, no pricing information on the company’s website so you’ll have to contact them to get a customized quote.

In Conclusion

The main question many people will be asking themselves after reading this post is “Should I get a WebSphere Application Server?”

Let’s try to answer this burning question. If your organization is one of those with numerous, independent Java-based applications and they need to talk to other external systems then the answer is a resounding yes.

Even more so if this is critical to your business process. That is, of course, if you can afford it. As we mentioned, these systems don’t come cheap.

And once you take the plunge, any of the tools we’ve just reviewed will provide much-appreciated assistance in ensuring that this complex environment is always kept in its utmost order and that all is running smoothly at all times.

The post IBM WebSphere Application Server: Best Monitoring Tools in 2020 appeared first on AddictiveTips.

The 8 Best IP Scanners for Mac in 2020

We briefly review some of the best tools to scan IP addresses from Mac computers. We’ll explore the major feature of each tool, insisting on what makes each one unique.

There’s only one way one can know for sure what IP addresses are actually in use on a network. You need to try to connect to each one and see if it responds. It is a long, boring, and tedious task that is often done using the ping command. Ping has been around for ages and it is one of the best ways to test for connectivity to a given IP address. But if you have to scan an entire network with potentially hundreds of IP addresses, you’ll quickly realize that you’d be better off using a tool that does it for you. If you’re a Mac user who’s looking for a tool which automates the scanning of IP addresses, you’re at the right place. We’ve done much of the searching for you and we’re about to review some of the best IP scanners for the Mac OS X operating system.

We’ll begin by discussing IP address scanning in general. In particular, we’ll describe the different reasons for scanning IP addresses because, as much as it’s nice to know which IP addresses are in use, there has to be a point to doing it, an underlying reason. We will then have a deeper look at the ping utility. Although ping is not a scanning tool, it is at the base of many IP address scanning tools. Knowing what it can do and how it works could then prove to be valuable as we start reviewing the different tools.

The Need For IP Address Scanners

Apart from the pure fun of knowing what IP addresses are in use—in as much as there can be fun to it, there are several reasons one might want to scan IP addresses. The first one is security. Scanning IP addresses on a network will quickly discover unauthorized or rogue devices. They could be devices connected by malicious users to spy on your organization.

But even well-intentioned users can sometimes wreak havoc by connecting their personal devices. I vividly recall this user who prevented many of his colleagues from accessing the corporate network when he connected his home Internet router to it. He just needed a couple of extra ports to connect an additional test computer and thought he could use the switch built into his router. The problem is that the router started issuing IP addresses on its home subnet from its built-in DHCP server.

Other than security reasons, scanning IP addresses is also the first step of many IP address management processes. Although most IP address management (IPAM) tools will include some form of IP address scanning, several people do their IP address management manually. This is where IP address scanning tools can come in handy. And for those who don’t have an IP address management process in place, scanning IP addresses is even more important. It will often be the only way to ensure that there are no IP address conflicts and it can be seen as a rather crude way of pseudo-managing IP addresses.

Ping Explained

No matter why you want to scan IP addresses, most tools are based on ping so let’s have a look at this antique utility. Ping was created out of necessity back in 1983. Its developer needed a tool to help in debugging an abnormal network behaviour he was observing. The origin of the name is simple, it refers to the sound of sonar echoes as heard in submarines. Although it is present on almost every operating system, its implementation varies somewhat between platforms. Some versions are offering multiple command-line options which can include parameters such as the size of each request’s payload, the total test count, the network hops limit, or the interval between requests. Some systems have a companion Ping6 utility that serves the exact same purpose for IPv6 addresses.

Here’s a typical use of the ping command (the -c 5 option tells the command to run five times and then report on the results):

$ ping -c 5 www.example.com

PING www.example.com (93.184.216.34): 56 data bytes

64 bytes from 93.184.216.34: icmp_seq=0 ttl=56 time=11.632 ms

64 bytes from 93.184.216.34: icmp_seq=1 ttl=56 time=11.726 ms

64 bytes from 93.184.216.34: icmp_seq=2 ttl=56 time=10.683 ms

64 bytes from 93.184.216.34: icmp_seq=3 ttl=56 time=9.674 ms

64 bytes from 93.184.216.34: icmp_seq=4 ttl=56 time=11.127 ms

--- www.example.com ping statistics ---

5 packets transmitted, 5 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 9.674/10.968/11.726/0.748 ms

How Ping Works

Ping is a pretty simple utility. It simply sends ICMP echo request packets to the target and waits for it to send back an ICMP echo reply packet for each received packet. This is repeated a certain number of times—five by default under windows and until it is manually stopped by default under most other implementations—and it then compiles response statistics. It calculates the average delay between the requests and their respective replies and displays it in its results. On most *nix variants as well as on the Mac, it will also display the value of the replies’ TTL field, giving an indication of the number of hops between source and destination.

For ping to work, the pinged host must abide by RFC 1122 which specifies that any host must process ICMP echo requests and issue echo replies in return. Most hosts do reply but some disable that functionality for security reasons. Firewalls often block ICMP traffic too. Pinging a host which does not respond to ICMP echo requests will provide no feedback, exactly like pinging a non-existent IP address. To circumvent this, many IP address scanning tools use a different type of packet to check if an IP address is responding.

The Best IP Scanners For the Mac

Our selection of IP address scanning tools for the Mac includes both commercial software and free and open-source tools. Most of the tools are GUI-based although some are command-line utilities. Some are rather complex and complete tools while others are just simple extensions of the ping command to include some way of scanning a range of IP addresses without having to issue multiple commands or to write a scanning script. All these tools have one thing in common: they can all return a list of all the IP addresses that are responding within the scanned range.

1. Angry IP Scanner

Despite being deceptively simple Angry IP Scanner does exactly what one would expect and it makes extensive use of multithreading. This makes it one of the fastest tools of its kind. It is a free multi-platform tool which is not only available for Mac OS X but also for Windows or Linux. The tool is written in Java so you’ll need to have the Java runtime module installed to use it but this is pretty much its only drawback. This tool will not only ping IP addresses, but it will also optionally run a port scan on discovered hosts. It can also resolve IP addresses to hostnames and MAC addresses to vendor names. Furthermore, this tool can provide NetBIOS information about each responding host that supports it.

Angry IP Scanner Mac Screenshot

 

The Angry IP Scanner can not only scan complete networks and subnets but also an IP addresses range or a list of IP addresses from a text file. Although this is a GUI-based tool, it also comes with a command-line version that you can use if, for instance, you want to include the tool’s functionality in your own scripts. As for the scan results, they are by default displayed on the screen in table format but they can easily be exported to several file formats such as CSV or XML.

2. LanScan

LanScan from Iwaxx is available from the Apple app store. It’s a simple application that does just what its name implies: scan a LAN. It is a free, simple and efficient IPv4-only network scanner. It can discover all active devices on any subnet. It could be the local one or any other subnet that you specify. In fact, it is quite flexible when it comes to specifying what to scan and it can be as small as a single IP address and as large as a whole network.

LacScan Mac Screenshot

One unique characteristic of this product is how it will use ARP to scan a local subnet and use ping, SMB, and mDNS packets to scan external and public networks.

This product has several advanced features. It will, for instance, auto detect configured interfaces. It will also display the IP address, MAC address, hostname and interface card vendor associated with each discovered IP address. It will also discover SMB domains if they are in use and will do hostname resolution using either DNS, mDNS for Apple devices or SMB for Windows devices.

In-app purchase will let you upgrade the app to the pro version which has only one extra feature: it will display the full hostname of each discovered host. The free version will only display four full hostnames and the first 3 characters of the remaining ones.

3. IP Scanner For Macintosh

IP Scanner for Macintosh will scan your LAN to identify what IP addresses are in use and identify all computer and other devices on the network. The product is free for use on small home networks of up to six devices and paid Home and Pro versions are available for larger networks. The tool yields powerful results yet it is easy and intuitive to use. Local networks are scanned automatically and custom IP address ranges can be added and scanned manually

IP Scanner for Macintosh Screenshot

IP Scanner for Macintosh is designed to allow you to customize your scan results. Once a device has been identified, you may assign it a custom icon and name to more easily recognize it at a glance. The tool will let you sort the results list by device name, IP address, MAC address or Last Seen time stamp. It can also give you an overview of the current network or show you changes over time.

The results display is highly customizable and you can adjust columns, text size, bezel transparency, and more. Double-clicking a device gives you more information and allows you to customize its appearance. Right-clicking a device will let you initiate a ping sequence or run a port scan of it.

4. Nmap/Zenmap

Almost as old as ping, Nmap has been around for ages and it’s commonly used for mapping network–hence the name–and accomplish several other tasks. For instance, Nmap can be used to scan a range of IP addresses for responding hosts and open IP ports. This is a command-line utility but, for those who prefer graphical user interfaces, its developers have published Zenmap, a GUI front-end to this powerful software. Both packages can be installed on Mac OS X, Windows, Linux, and Unix.

Zenmap Screenshot

Using Zenmap, all the detailed search parameters can be saved in a profile that you can recall at will. The tool also comes with several built-in profiles that you can use as a starting point and modify to suit your exact needs. This can be less intimidating than creating new profiles from scratch. Profiles also control how the results of the scan are displayed. The interface’s first tab shows the raw output from the underlying nmap command while other tabs show an easier to understand interpretation of the raw data.

5. Masscan

Masscan claims to be the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second. Although we haven’t validated that this is true, it is clear that this is a fast tool, albeit a text-based one.

The results that are produced by Masscan are somewhat similar to those of nmap that we’ve just reviewed. However, it operates internally more like scanrand, unicornscan, and ZMap, and it uses asynchronous transmission. The major difference between this tool and the others is that it is simply faster than most other scanners. But it’s not only fast, it’s also more flexible, allowing arbitrary address ranges and port ranges.

Masscan is so fast in part because it uses a custom TCP/IP stack. This can create some issues, though. For instance, anything other than a simple port scan will cause a conflict with the local TCP/IP stack. You can circumvent this by either using the -S option to use a separate IP address or by configuring your operating system to firewall the ports that the tool uses. Although this is primarily a Linux tool, it is also available for Mac OS X. Its main drawback is the lack of a graphical user interface but this is largely compensated by the tool’s blazing speed.

6. ZMap

ZMap is a fast single packet network scanner developed at the University of Michigan and designed for Internet-wide network surveys. Perhaps not as much as the previous selection, this is also a fast tool. On a typical desktop computer with a gigabit ethernet connection, it is capable of scanning the entire public IPv4 address space in under 45 minutes. With a 10 gigabit connection and PF_RING, it can scan the IPv4 address space in under 5 minutes. Zmap is available for Mac OS X but also for Linux and for BSD. On a Mac, installation is simple through Homebrew.

The tool does not solely rely on ping to scan networks. It currently has fully implemented probe modules for TCP SYN scans, ICMP, DNS queries, UPnP, and BACNET. It can also send a large number of UDP probes. If you are looking to do more involved scans such as banner grab or TLS handshake, you might want to have a look at ZGrab, another project from the University of Michigan. This Zmap sibling can perform stateful application-layer handshakes. Like the previous entry, ZMap is essentially a text-based tool.

7. Fping

Fping was created as an improvement over ping, then one of the only network troubleshooting tool. It is a similar command-line tool yet it is quite different. Like ping, Fping uses ICMP echo requests to determine if the target hosts are responding but this is pretty much where the similarity ends. Unlike ping, Fping can be called with many target IP addresses. The targets can be specified as a space-delimited list of IP addresses. The utility can also be provided with the name of a text file containing a list of addresses. Finally, an IP address range can be specified or a subnet can be entered in CIDR notation such as 192.168.0.0/24.

Fping is relatively fast as it does not wait for a response before sending the next echo request, that way, it doesn’t lose time waiting for unresponsive IP addresses. Fping also has lots of command-line options that you can use. Since this is a command-line tool, you can pipe its output to another command for further processing. This tool can easily be installed on Mac OS X using Homebrew.

8. Hping

Hping is another free command-line tool derived from ping. It is available on Mac OS X as well as most Unix-like operating systems and Windows. Although it is no longer in active development, it is still in widespread use, a testament to how good a tool it is. The tool closely resembles ping but with several differences. For starters, Hping won’t only send ICMP echo requests. It can also send TCP, UDP or RAW-IP packets. It also features a traceroute mode and it has the ability to send files.

Although Hping can be used as an IP address scanning tool, it can do quite a bit more than that. The tool has some advanced ports scanning features. Thanks to its use of multiple protocols, it can also be used to perform basic network testing. This tool also has some advanced traceroute capabilities using any of the available protocols. This can be useful as some devices treat ICMP traffic differently from other traffic. By mimicking other protocols, this tool can give you a better evaluation of your network’s true, real-time performance.

The post The 8 Best IP Scanners for Mac in 2020 appeared first on AddictiveTips.

Log Management Best Practices And Systems

Managing logs can be a complex endeavour. Not only does a typical organization generate a ton of them, but they do come from a variety of sources, each with a potentially different format and containing different information. To put a semblance of order into something that can quickly get chaotic, log management was invented. Today, we’re having a look at the log management best practices and systems. We hope that it will help you see clearly through this.

We’ll start off by a short description of log management. Then, we will dive right into the best practices of log management. We’ll explore whether you should use a ready-made system or do it yourself. We will also have a look at what—and what not—to monitor, followed by log security and retention as well as storage considerations. And before we review some of the best log management systems, we’ll have a look at the various management tasks, the review and maintenance of logs, the correlation of data sources, and some automation considerations.

About Log Management

Simply defined, a log is the automatically-produced and time-stamped documentation of an event relevant to a particular system. When an event takes place on a system, a log—or log entry—is generated. Different systems will generate logs for different events. As for log management, it generally refers to the processes and policies used to administer and facilitate the generation, transmission, analysis, and storage of log data. Log management typically implies a centralized system where logs from multiple sources are aggregated.

Log management is not just log collection, though. As the name implies, the management part is important. Once logs are received by the log management system, they are “translated” into a common format. It is necessary as different systems format logs differently and include different data in their logs. To make searching and event correlation easier, one of the purposes of log management systems is to ensure that all collected log entries are stored in a uniform format.

Talking about searching and even correlation, this is another major feature of most log management systems. The best log management systems feature a powerful search engine. It lets administrators zero-in on exactly what’s needed. Furthermore, event correlation will automatically group related events, even if they are from different sources.

Log Management Best Practices

Log management is a complex process, there’s not much we can do about it. With this complexity comes the risk of doing it wrong. To avoid that, we’ve compiled a list of some of the best practices of log management. Our goal is to give you as much information as possible in order to choose the best log management system for your needs but, more importantly, to get the most out of it.

Log Management System Or DIY?

For some reason, some people believe that they can manually implement a “log management system”. If you’re among these people, stop kidding yourself immediately. Although it is possible to implement some form of log management manually, the required efforts far outweigh what’s required to implement a true log management system. And with several free and open-source tools available, the argument of cost is not a valid one.

It almost always makes sense to use a managed logging solution that is built, supported, and scaled by a reputable vendor rather than building out a system on your own. With them, all you typically need to do is connect your sources and destinations and you’re ready to analyze system and application logs the easy way. You’ll be free to spend more time monitoring and logging rather than building out your logging infrastructure.

Knowing What To Monitor (And What Not)

Knowing what to log is important, but it is even more important to know what not to log. Just because you can log something doesn’t necessarily mean you should. Logging too much often does nothing more than making it harder to find data that actually matters. Furthermore, the extra volume of logs adds complexity and cost to your log storage and management processes. It is important to think ahead about what will and won’t be logged before starting to implement a log management platform. It will prevent costly mistakes and will allow you to better size your tool.

Consider carefully what you actually need to log. Production environments that are critical for compliance or for auditing purposes should most likely be logged. So should data that helps you troubleshoot performance problems, solve user-experience issues or monitor security-related events.

Conversely, there is stuff that you do not need to log like, for instance, test environments that are not an essential part of your business processes. There is also data that you will choose not log for compliance or security reasons. For example, if a user has enabled a do-not-track setting, you should not log data associated with that user.

Implementing A Log Security And Retention Policy

Logs may contain sensitive data. For that reason, you need to have a log security policy. It will be invaluable in, for instance, ensuring that sensitive data gets anonymized or encrypted. Also, the secure transport of log data to log management systems mandates the use of encrypted transport using TLS or HTTPS on the client and on the server side.

As for a retention policy, logs from different sources or systems might require different retention times. For instance, logs that are primarily used for troubleshooting may work with relatively short retention times such as a few days—or even a few hours. On the other hand, security-related logs or business transaction logs require longer retention times, often for regulatory compliance. Considering this, your retention policy should be flexible and adaptable, depending on the log source or type of log.

Log Storage Considerations

Keeping log data uses up valuable storage space. When planning the storage capacity for logs, you need to consider high load peaks. In most circumstance, the amount of log of data per day is relatively constant. It mainly depends on system utilization and/or the number of transactions per day. However, when something goes wrong, you can expect accelerated growth in the log volume. If your log storage has limits that you exceed, you could lose the latest logs. To mitigate this effect, the best log management systems use a cyclic buffer. It deletes the oldest data first before any storage limit is applied.

Also, log storage should have its own security policy. Most attackers will try to avoid or delete their traces in log files. To avoid that, you should ship logs in real-time to the central log storage—preferably off-site—and secure it. Thus, if an attacker has access to your infrastructure off-site logs will keep the evidence untampered.

Reviewing And Maintaining Logs

Log maintenance is an important part of log management, if not the most important part. Unmaintained logs can lead to longer troubleshooting, data exposure risks, and higher log storage costs. Review the logs generated by your systems and adjust the logging level to your needs. You should consider usability, operational and security aspects.

Make log level configurable

Some system logs are too verbose while others don’t provide enough information. Unfortunately, there isn’t always something you can do about it. Most systems provide adjustable log levels. They are the key to configure the verbosity of logs and ensuring that what has to be logged is and what is not important isn’t.

Inspect audit logs frequently

Acting on security issues is crucial. This is why one should always have an eye on logs. If your log management system doesn’t have that feature—many of them do, use external security tools such as auditd or OSSEC. They implement real-time log analysis and generate alert logs pointing to potential security issues. And in addition to that, you should define alerts on critical events in order to be notified quickly on any suspicious activity.

Correlate Data Sources

Logging is only one element of a global monitoring strategy. For truly effective monitoring, you need to complement log management with other types of monitoring like monitoring based on events, alerts and tracing. Doing that is the best way to get the whole picture of what’s going on at any point in time. While logs are good for providing high-definition detail on issues, this is most useful when you take some distance to look at the forest before zooming into the trees.

Log management doesn’t work well in a silo. Nothing does. You should most definitely complement it with other types of monitoring such as network monitoring, infrastructure monitoring, and more. And in an ideal world, your monitoring solution should be comprehensive enough to provide all your monitoring information in one place. Alternatively, it could integrate with other tools that provide this information. The goal here is to have, as much as possible, a single-pane view of the entire environment.

Log Management And Automation

Log management can help you catch issues early on thereby saving you and your team valuable time and energy. It can also help you find opportunities for automation. Most log management tools will let you set up custom alerts that trigger when something happens. Some will even let you set up automated actions to be initiated when these alerts are triggered. You should use as much automation as your management tool will allow. Despite the time you’ll spend setting up this automation, you’ll find that it was well worth it the first time you encounter an incident.

The Top 6 Log Management Tools

We’ve scoured the market trying to find the best log management tool. We’ve tried to put together a list which includes various types of tools. After all, everyone’s needs are different and the best tool for one is not necessarily the best for someone else.

1. SolarWinds Security Event Manager (FREE TRIAL)

SolarWinds is a common name in the field of network administration tools. It’s been around for about two decades and it has brought us some of the best bandwidth monitoring tools and NetFlow analyzers and collectors. The company is also well-known for publishing several free tools that address some specific needs of network administrators such as subnet calculator or a syslog server.

When it comes to log management, The company’s offering is now called the SolarWinds Security Event Manager. It was recently renamed from Log & Event Manager, probably to better reflect the fact that this is actually much more than just a log management system. Many of its advanced features put it in the Security Information and Event Management (SIEM) range. It has, for instance, real-time event correlation and real-time remediation, two SIEM-like features.

SolarWinds Security Event Manager Screenshot

Let’s have a look at some of the SolarWinds Security Event Manager’s main features. The tool can eliminate threats quickly using instantaneous detection of suspicious activity and automated responses. It can also perform security event investigation and forensics for mitigation and compliance. And talking about compliance, the product will allow you to demonstrate it, thanks to its audit-proven reporting for HIPAA, PCI DSS, and SOX, among others. This tool also has file integrity monitoring and USB device monitoring, two features that are way above what we commonly see in log management systems.

Prices for the SolarWinds Security Event Manager start at $4,585 for up to 30 monitored nodes. Licenses for up to 2500 nodes can be purchased making the product highly scalable. And if you want to verify hands-on that the product is right for you, a free, full-featured 30-day trial is available.

2. SolarWinds Papertrail (FREE PLAN AVAILABLE)

In second place, we have another great product called Papertrail, a recent acquisition by SolarWinds. Papertrail is a popular cloud-based log management system. It aggregates log files from a wide variety of popular products like Apache or MySQL as well as Ruby on Rails apps, different cloud hosting services and other standard text log files. Papertrail users can then use the web-based search interface or the command-line tools to search through these files to help diagnose bugs and performance issues. The tool also integrates with other SolarWinds products such as Librato and Geckoboard for graphing results.

SolarWinds Papertrail Dashboard

Papertrail is a cloud-based, software as a service (SaaS) offering from SolarWinds. It is easy to implement, use, and understand. And it will give you instant visibility across all systems in minutes. The tool has a very effective search engine that can search both stored and streaming logs. And it is lightning fast.

Papertrail is available under several plans including a free plan. It is somewhat limited, though, and only allows 100 MB of logs each month. It will, however, allow 16 GB of logs in the first month which is equivalent to giving you a free 30-day trial. Paid plans start at $7/month for 1GB/month of logs, 1 year of archive and 1 week of index. Noise filtering allows the tool to preserve data by not saving useless logs.

3. ManageEngine EventLog Analyzer

ManageEngine, another common name with network administrators, makes an excellent log management system called the ManageEngine EventLog Analyzer. The product will collect, manage, analyze, correlate, and search through the log data of over 700 sources using a combination of agentless and agent-based log collection as well as log import.

ManageEngine EventLog Analyzer

Speed is one of the ManageEngine EventLog Analyzer’s strength. It can processes log data at an impressive 25,000 logs/second and detect attacks in real-time. It can also perform fast forensic analysis to reduce the impact of a breach. The system’s auditing capabilities extend to the network perimeter devices’ logs, user activities, server account changes, user accesses, and more, helping you meet security auditing needs.

The ManageEngine EventLog Analyzer is available in a feature-reduced free edition which only supports 5 log sources or in a premium edition which starts at $595 and varies according to the number of devices and applications. A free, full-featured 30-day trial version is also available.

4. Ipswitch Log Management Suite

The Log Management Suite is a product from Ipswitch, the same company that brought us WhatsUp Gold, an immensely popular network monitoring tool. This is an automated tool which collects, stores, archives and saves system logs, Windows events, and W3C/IIC logs. Furthermore, its continuous log surveillance will alert you of any suspicious activity.

Ipswitch Log Management Suite

Frequently audited events such as access rights and file, folder and object privileges can be followed, generating alerts as needed and used to build compliance reports for HIPAA, SOX, FISMA, PCI, MiFID, or Basel II compliance. The tool can also help you transform your raw log data into meaningful data for managers or IT security teams, thanks to its automated filtering, correlating, reporting, and converting features.

Pricing information for the Log Management Suite is not readily available from Ipswitch. The product can be purchased either directly from the publisher or through Ipswitch’s reseller network. A free trial version is also available.

5. Alert Logic Log Manager

Alert Logic’s primary focus is on security and compliance. And since log management is closely related to both, it’s no surprise that the company offers the Alert Logic Log Manager. This cloud-based tool offers automated and unified log management across all your environments. It will collect, aggregate, and search log data from the cloud, server, application, security, and network assets.

Alert Logic Log Manage

The Alert Logic Log Manager includes log monitoring and analysis as well as log review which is done live by human analyzers. Alert Logic’s experts will alert you of possible threat activity 365 days a year. The service will also help meet the log review requirements of SOC 2, HIPAA, and SOX and offload the burden of reviewing logs and following up on events, to comply with PCI/DSS 10.6, 10.6.1, 10.6.3

Pricing information for the Alert Logic Log Manager is not readily available from the web and you’ll need to contact Alert Logic sales to get a formal quote. A free trial is also not available but a free demo can be arranged by contacting Alert Logic.

6. Nagios Log Server

You might already know Nagios as an excellent network monitoring package. Offered it a free and open-source as well as in a commercial version, the product has a solid reputation. For log management, Nagios‘ offering is called the Nagios Log Server. It is a complete package with centralized log management, monitoring, and analysis. This tool can simplify the process of searching your log data. It also lets you set alerts to be notified of potential threats Furthermore, the software has high availability and fail-over built right into it. Its easy source setup wizards can help you with configuring your servers and other devices to send their log data to the platform, allowing you to start monitoring your logs within minutes.

Nagios Log Server Real-Time Data

The Nagios Log Server provides easy correlation of log events across all logging sources in just a few clicks. The system will let you view log data in real-time, letting analyze and solve problems in real-time, as they occur. Another strength of the product is its impressive scalability. This tool keeps meeting your needs as your organization grows. If need be, additional Nagios Log Server instances can be added to a monitoring cluster, allowing you to quickly add more power, speed, storage, and reliability.

With all these features, one would expect a hefty price tag. It is not the case and the single-instance price for the Nagios Log Server is a very reasonable $3 995. Despite not offering a free trial, a free online demo is available, should you prefer to have a first-hand look at the product before making a purchase decision.

Read Log Management Best Practices And Systems by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

Network Monitoring Best Practices And Tools to Use

Network monitoring is an essential part of any respectable corporate network. It is the best way to ensure that a watchful eye is kept on every element of the network, that usage trends are followed and that prompt response can be achieved whenever something goes wrong. However, setting up and maintaining a network monitoring system can be quite a challenge. This is why we’ve put together this post in which we discuss the network monitoring best practices. Our hope is to provide some guidance in your endeavour.

Let’s begin by introducing network monitoring. We can then jump right in and start discussing the best practices. From knowing your network, what to monitor, how, and why to the reasons for monitoring the network and how to choose the best platform, I think we have it covered from most angles. And to conclude, we’ll briefly review three of the very best network monitoring tools. It will give you an idea of what’s available and how the multiple available platforms differ.

About Network Monitoring

There’s a very simple reason why anyone would want to use network monitoring tools. More than anything, it has to do with the fact that we normally can’t see what’s going on inside the network. We’ve all seen networks compared to highways and data packets compared to cars using those highways. But there’s a big difference. The traffic on a highway is visible. You just have to look and you’ll see whether or not there’s congestion.

It’s not so simple with networks. Everything happens at the molecular level inside copper wires or optical fibers. And even if we could see the traffic going by, it is so fast that we wouldn’t be able to make any sense of it. Monitoring tools allow us to visualize the traffic and load levels of wired and wireless networks. Some of them are intended as surveillance tools while others are troubleshooting tools or even forensic investigation tools.

Network Monitoring Best Practices

Implementing Network Monitoring can be a complex and overwhelming endeavour. There are so many things to consider. We’ve put together a list of best practices you may want to follow when planning and deploying a network monitoring infrastructure. It will, hopefully, help you make sure you don’t overlook anything important or waste time on not so important tasks.

Knowing Your Network

Today’s networks tend to be very complex. Routers, switches, and other components connect user workstations to critical applications on local servers and even on the Internet. In addition, security and communications systems including firewalls, virtual private networks (VPNs), and spam and virus filters complicate things.

Before you begin, it is important to understand the composition and complexity of your network. With thousands of data points to monitor on a network, being able to access meaningful, accurate, and current information at any given time is critical. You need to feel confident that you know how your network operates from end to end. It is critical to know your network at all times.

A typical network includes the Internet, local area networks (LANs), wide area networks (WANs), virtual LANs (VLANs), wireless networks, and all the devices, and systems running on them. A network has internal and external users, including employees, customers, and partners. Modern networks are so complex that something WILL eventually go wrong. And with every component representing a potential point of failure, there’s a lot to monitor.

By monitoring network performance proactively and in real-time, you can spot problems and potential issues before they become emergencies. For instance, an overloaded server can be replaced or beefed up before it crashes if you’re notified in advance that its load is rapidly increasing and that a crash is all but imminent. Network monitoring will allow you to know the status of everything on your network without having to keep an eye on everything and to be able to take corrective action to minimize and, when necessary, quickly fix issues.

What You Should Monitor, Why, and How

A network is a mission-critical system. As such, it’s important to constantly have access to timely information about its health. Most importantly, you need to capture status information about network devices (routers, switches, etc.) and critical networked servers. As a network administrator, you also need to know that essential services (email, website, file transfer services, etc.) are available.

Let’s have a look as some elements of the network that we recommend you monitor and why. First and foremost, you want to monitor the availability of network devices. The reason is simple, they constitute the “plumbing” of the network and are essential to keep it running.

The next thing you need to monitor is the availability of all critical services on your network. Even small outages can have a huge negative impact. Loss of email, web server, or FTP server for even just an hour can shut a business down.

The amount of disk space in use on your critical servers is another important metric to monitor. After all, most applications require data storage. Furthermore, any suspicious behaviour in disk capacity could be a tell-tale sign of an issue with an application or system.

Bandwidth utilization is another very important metric to monitor. Just like storage space, network utilization has a tendency to always increase. Closely monitoring it will give you time to react if it ever approaches a critical level and, just like disk space usage, an unexpected and sudden increase could be an indication of an abnormal situation.

Another important metric to monitor is the average memory and processor utilization of your key devices and servers. It is a known fact that overutilization or memory saturation can have disastrous effects on the operation of most devices. For that reason, you’d rather see it coming.

It’s one thing to monitor a ton of metrics but it won’t help much is you have to sit and stare at a screen to ensure that none exceeds normal thresholds. When there are issues, you need to be alerted immediately. It could be done through audible alerts, on-screen displays, or emails and text messages automatically generated by your network monitoring solution. Alerts should be triggered when a problem occurs (such as threshold being approached) but ideally also when a new application or piece of equipment is brought online. Alerts should include information about the device, the issue, and the event that triggered it.

It is, however, important to generate only meaningful alerts and to minimize multiple alerts originating from the same event. For instance, you want to be able to configure your monitoring platform so that it doesn’t alert when scheduled maintenance downtime is initiated. And if access to many devices is lost because of a problem with an upstream router or switch, eliminating the dependent alerts lets you more efficiently diagnose the actual problem.

The Top Nine Reasons For Network Monitoring

1. Knowing what is happening

Network monitoring solutions keep you constantly aware of the operation and connectivity of the elements of your network. Without monitoring, you have to wait until someone tells you something is down before you can fix it.

2. Planning for upgrades or changes

If a device frequently goes down or if the bandwidth utilization of a specific segment is constantly nearing its limit, it may be time to for a replacement or an upgrade. Network monitoring lets you track this type of situation and plan required changes before the impact is felt by users.

3. Diagnosing problems

Suppose one of your servers is unreachable from the intranet. Network monitoring may help you determine if the problem is the server, the switch the server is connected to, or the router. Knowing exactly where the problem is saves you time.

4. Showing others what is going on

Reports—especially graphical ones—go a long way in demonstrating the health and activity levels of your network. They are the perfect tools in proving an SLA conformance or showing that a troublesome device needs attention.

5. Making sure your security systems are operating

Organizations spend a lot of resources on security software and hardware. A network monitoring solution will let you be sure that your security devices are up and running as configured at all times.

6. Keeping track of your customer-facing resources

Many devices on your network are actually nothing more than applications running on a server (HTTP, FTP, email, etc.). Network monitoring lets you watch these applications and make sure your customers can connect to the services that they need.

7. Ensuring customer satisfaction

When customers are depending on your network services for their business, you need to ensure they’re up and running at all times. You’d most likely rather know the moment a problem occurs and fix it before a customer finds out and gives you that angry phone call we all dread.

8. Keeping informed of your network status from anywhere

The best network monitoring platforms applications provide remote viewing and management from anywhere with an Internet connection using different types of devices. That way, if you’re away from the office and a problem crops up, you can still see what’s wrong.

9. Saving money

Although we’re listing this one last, some may think it should have been first. Network monitoring helps you cut down on the total amount of downtime and time it takes to investigate problems. This translates to fewer man-hours spent fixing issues and less lost revenue from downtime.

Choosing a Network Monitoring Solution

First and foremost, a good network monitoring solution should tell you what you need to know in real-time and from anywhere, anytime. Your monitoring solution should also be easy to use, quick to deploy, and offer a low total cost of ownership while still delivering all the features you need. You need a solution with comprehensive capabilities and second to none reliability.

Using network monitoring tools implies the monitoring of tons of network components and collecting tons of information. To make all this data easier to comprehend, a good monitoring solution should display it on some form of an administrator-friendly dashboard that could include a network map, report data, alerts, historical information, problem areas, and other useful information. This will not only make troubleshooting easier, but it will help leverage historical network data to understand trends in device usage, network usage, and overall network capacity.

As discussed earlier, alerts are important. However, just as you don’t want your alarm to go off on Saturday morning, you don’t want your network monitoring tool to alert you during a planned service period. The best systems will let you program your weekly maintenance schedule into the system so it can distinguish between planned and unplanned downtime, thereby reducing the number of false alarms.

Networks need to run 24/7 no matter what hours your employees work. Furthermore, your network generally stays put but your employees sometimes travel. No matter what, you should be able to access your network monitoring solution anywhere, anytime. Also, different users will need to access the system for different reasons. Not everyone should have access to the same level of information. Your monitoring solution should feature role-based views, letting you assign levels of permissions based on each user’s function in the organization.

Finally, a good network monitoring solution should support multiple methods of monitoring devices. SNMP (Simple Network Management Protocol) is a time-proven flexible technology that lets you manage and monitor the performance and usage of devices, troubleshoot problems, and better prepare for future network growth. Most network devices support SNMP, making it easy to monitor them using a solution that supports SNMP.

In the Windows world, WMI (Windows Management Instrumentation) is the standard for retrieving information from applications. WMI comes installed by default on SQL Server, Exchange, and Windows 2000, 2003, Vista, and XP systems. It is an important tool for monitoring network environments running Windows yet only a few network monitoring solutions currently include WMI monitoring among their capabilities.

The Top Three Network Monitoring Tools

There are literally dozens of network monitoring tools available. The short list we’ve assembled here is what we consider to be the best ones. Their features will give you a pretty good idea of what is available among the various tools. Each tool has a slightly different feature set so the best one for your specific purpose is a matter of personal preference.

1. SolarWinds Network Performance Monitor (Free Trial)

Many network administrators already know SolarWinds. After all, the company has been famous for a while for its excellent network administration tools and for publishing many free tools to accomplish specific tasks. SolarWinds’ flagship product is called the Network Performance Monitor, or NPM. It is a complete network monitoring solution that comes packed with a broad array of features.

The SolarWinds Network Performance Monitor polls network devices using the SNMP protocol and reads their interfaces’ counters and other meaningful metrics. It then stores the results in an SQL database and uses the polled data to build graphs showing each interface’s usage.

SolarWinds NPM Enterprise Dashboard

The software boasts a user-friendly GUI where adding a device is as simple as specifying its IP address or hostname and SNMP connection parameters–known as community strings. Once that is done, the tool queries the device to list all the SNMP parameters that are available. It is up to you to pick those you want to include on your graphs. A typical network switch or router, for example, will have traffic and error counters for each interface as well as CPU and memory utilization counters.

The Network Performance Monitor’s scalability is one of its best features. It will adapt to any network from the smallest of them up to large networks consisting of tens of thousands of devices and spread over multiple locations. And to make it even easier, upgrading licenses is a seamless process.

Another great feature of NPM is its ability to automatically build network maps and to display a visual representation of the critical path between two devices or services. This feature is invaluable when troubleshooting application access issues.

Price-wise, the SolarWinds Network Performance Monitor starts at just under $3 000 and goes up depending on the number of devices to monitor. Ideally, you should contact the SolarWinds sales team for a detailed quote. Should you want to try the product before buying it, a free 30-day trial is available, as it is for most non-free SolarWinds products.

2. PRTG Network Monitor

PRTG or, more precisely, the PRTG Network Monitor is another excellent monitoring platform from Paessler A.G. It is an enterprise-grade product which Paessler claims to be the easiest and fastest to set up. According to the company, PRTG can be set up and you can start monitoring within a couple of minutes. Your experience may vary and we certainly spent a bit more than that but it’s still very easy and very quick to set up, thanks in part to its auto-discovery feature that will find your networking equipment and automatically add it to the system.

PRTG Screenshot

PRTG is not only easy to install. The product is also feature-rich. For instance, it comes with a few different user interfaces. You have the choice between a Windows enterprise console, an Ajax-based web interface, and mobile apps for Android and iOS. Furthermore, the mobile apps fully exploit their respective platform’s capabilities and can, for instance, scan QR codes affixed to equipment to quickly access their graphs.

The PRTG Network Monitor can be obtained directly from its website. You’ll need to choose between two download options. There’s the free version which is full-featured but will limit your monitoring ability to 100 sensors or the free 30-day trial version which is unlimited but will revert to the free version once the trial period ends. Each monitored parameter counts as one sensor. For example, monitoring bandwidth on each port of a 48-port switch uses up 48 sensors.

3. ManageEngine OpManager

OpManager from ManageEngine—yet another top-of-the-line maker of network management tools—is our next selection. The tool runs on either Windows or Linux and boasts many great features, Among them, there is an auto-discovery feature that can map your network and display it on its dashboard. The miniature, colour-coded graphs shown at the top of each page are also a great feature of the product.

ManageEngine OpManager Dashboard

Back to the ManageEngine OpManager’s dashboard, it is super easy to use and navigate and it has drill-down functionality. If you are so inclined, there are also apps for tablets and smartphones that will let you access the system from anywhere. This is an overall very polished and professional product.

A free version of the ManageEngine OpManager is available should you want to try it before purchasing. This a truly free version and not a free trial. It is, however, limited and will let you monitor no more than ten devices. If you manage a tiny network, perhaps you can get by with the free version. As for paid versions, you can choose the Essential or the Enterprise plans. The first will let you monitor up to 1,000 nodes while the other goes up to 10,000.

Read Network Monitoring Best Practices And Tools to Use by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

Best SFTP Server Software For Secure File Transfers

Transferring files from one system to another is something that has to be done on a regular basis. On a local network, it is often accomplished using network shares but between networks, when the transfer is done through the Internet, we normally use some form of file transfer protocol. Many different protocols have seen the light with each successive one addressing one or many shortcomings of its ancestors.

Today, we’re having a look at SFTP server software. Why SFTP, you might ask? Well, mostly because of security concerns. SFTP encapsulates a file transfer within a secure SSH connection, making it ideal for use on public networks, such as the Internet.

Before we have a look at the actual SFTP servers themselves, we’ll start off by discussing the various file transfer protocols available today and how they differ. Next, we’ll introduce the best SFTP server software for Windows including a couple of portable options. Finally, we’ll have a look at what’s available on Linux. As you’ll see, almost every Linux system comes with an SFTP server built right into it.

About File Transfer Protocols

FTP (which stands for File Transfer Protocol—how original) is the granddaddy of all file transfer protocols. It was invented in the early 70s as one of the primary ways of transferring files between systems. It has become so commonplace that nowadays, most operating systems including Windows, Mac OS, and Linux have some form of FTP client. FTP is an unencrypted protocol, though. It didn’t originally matter much as public networks didn’t exist but it is less than ideal for use on the Internet, especially when you consider that not only the transferred files but also the login credential are sent over the network unencrypted. Anyone intercepting traffic would be able to capture usernames and password. This is why secure protocols such as SFTP and FTPS were invented.

Although, at first sight, it may look like SFTP and FTPS vary only by the placement of the “S” within the acronym, they are completely different in how they operate. They were both created to add security to FTP file transfers but the similarity ends there. Let’s see how they operate.

The FTPS–which stands for File Transfer Protocol Secure–is a secure version of the FTP protocol which adds an encryption layer using either the SSL (Secure Sockets Layer) or TLS (Transport Layer Security) protocols. It’s really nothing more than the FTP protocol that’s been improved to allow data encryption negotiation and its operation is similar to that of HTTPS for web sites. The protocol was introduced in the mid-90s, shortly after Netscape released their Secure Sockets Layer extension and it is now widely used. It was later improved to allow TLS in addition to SSL encryption, providing even better security.

SFTP–which stands for Secure File Transfer Protocol (notice the subtle difference?)–is another secure way of transferring files in an encrypted fashion but it is not based on the FTP protocol. Instead, it relies on Secure SHell, or SSH. In fact, SFTP is an extension of the SSH protocol to include an FTP-like file transfer functionality and which supports FTP-like commands. As such, the level of security of an SFTP file transfer is the same as that of an SSH session.

It is important not to confuse the Secure File Transfer Protocol and the Simple File Transfer Protocol, both referred to as SFTP. The latter is a no-longer-in-use protocol that was developed to be a compromise between the elementary TFTP protocol and the full-featured FTP protocol.

Our description of SFTP might remind you of yet another similar protocol called SCP or Secure Copy. SCP is yet another file transfer protocol that operates within an SSH connection. This is where the similarity ends, though, as SCP only provides file transfer but has none of the advanced file management and browsing capabilities of the SFTP protocol.

The Top SFTP servers for Windows

As we’ve seen, SFTP is more similar to SSH that it is to FTP. For that reason, not many FTP servers include SFTP capability while many SSH servers do. We’ve rounded up some of the best SFTP servers we could find. Let’s have a look at their main features.

1. SolarWinds SFTP/SCP Server (FREE DOWNLOAD)

You might already know SolarWinds. The company makes some of the best network management and monitoring software. It is also famous for making several free software utilities. Those include our number one pick, the SolarWinds Free SFTP/SCP server.

As its name implies, the server will handle both SFTP and SCP, two SSH-based file transfer protocols. Running as a Windows service, operating the server should be an easy task for any system admin. And if you’re new to this, its easy user interface will make you feel comfortable very quickly.

SolarWinds Free SFTP-SCP server

The SolarWinds Free SFTP/SCP server does not use system accounts for user authentication. Instead, it uses virtual users that you create within the application for the purpose of transferring files. These virtual users offer heightened security. If, for instance, an account was compromised, it couldn’t be used to log into the system directly. Another feature that can improve the server’s security is that it can be configured to only allow incoming connections from specific IP addresses or ranges.

The SolarWinds Free SFTP/SCP server can be used to securely transfer files up to 4 GB in size. It can also handle concurrent transfers from multiple devices. It downloads as a zip file that extracts into a Windows MSI installer. Once installed, configuration as simple as can be. You just start its control panel application and specify a few options such as permitted protocols and transfer options.

2. FreeFTPd

A close cousin of FreeSSHd, FreeFTPd is a full-featured FTP server for Windows. It is one of the rare servers that will support FTP and also both SFTP and FTPS, thanks to its SSH ancestry. As its name implies, This is a free FTP server. It claims to run on any version of Windows from NT 4.0 and the tool supports the creation of local users–rather than using Windows domain accounts.

FreeFTPd Screenshot

FreeFTPd can be configured during installation to run as-needed as an application or to run as a system service. Running it as a service means that it will always be available to your SFTP users. Note that a vulnerability discovered in version 1.0.11 of the product. It was, however, quickly fixed in version 1.0.12. Make sure the version you install is at least 1.0.12. The latest one you can download from the developer’s website is 10.0.13.

3. Syncplify.me Server!

The Syncplify.me Server!, a full-featured SFTP and FTPS server from Syncplify.me, is really a server on steroids. It will do much more than just transfer files and it was created with security in mind. One of its main features, called Syncplify.me Protector™ uses artificial intelligence to automatically identify attacks. Even unknown ones.

Syncplify.me Server! Screenshot

The Syncplify.me Server! can be installed in a high-availability mode where two servers will act as one and provide automatic failover, eliminating downtime. It boasts several advanced configuration options and can be expanded using scripts in JavaScript, C++, Pascal or Basic (yes, Pascal or Basic, this is not a typo) to automate your document management and workflow.

This powerful file transfer server will run on Windows Server 2008 and up, in both 32- and 64-bit versions. Although this is a paid piece of software, there’s a free/evaluation edition which has all the features of the Ultimate edition. It will, however, only accept a single connection and it can’t be used in a production environment.

4. Bitvise SSH/SFTP Server

You may know Bitvise. The company specializes in secure remote access software for Windows. Some of its best-known products are the Bitvise SSH Server and SSH Client. Since SFTP is just an extension of SSH, their SSH server will also support SFTP. The Bitvise SSH Server is rumoured to be one of the fastest available. Files will transfer as quickly as the client and the network connection will allow. Furthermore, an unlimited number of simultaneous connections are supported. The only real limitation you’ll encounter when using it will be that of the hardware on which it runs.

Bitvise Server Screenshot

As for security, the Bitvise SSH Server leaves nothing to be desired as it uses Crypto++ 5.3, one of the best encryption libraries, to secure connections. The server also supports virtual accounts to ensure your system accounts are never exposed and compromised. The only drawback of this product is that it is not free. It is for personal and non-commercial use but any other use requires purchasing a license after a thirty-day evaluation period. However, at less than $100 dollars per server, the price is more than reasonable. The company also offers site licenses and worldwide limited licenses for larger organizations.

5. SYSAX Multi Server

To no surprise, the SYSAX Multi Server supports multiple protocols. It will allow connections using both SFTP and FTPS but it will also handle FTP and HTTPS-based file transfers. And to make it even better, it’s also a telnet and SSH server. The server supports the use of both Windows accounts and locally-created virtual accounts, giving you the best of both worlds. It is easy to manage and configure, thanks to its user-friendly web-based interface.

SYSAX Multi Server Screenshot

The server is available in several versions. The Personal edition is free but it is restricted to one connection at a time and it won’t do HTTPS file transfers. It is also restricted to personal and non-commercial use. There are also Standard, Professional, and Enterprise editions each supporting increasingly more features at prices ranging from $197 to $697.

6. XLight FTP server

The Xlight FTP server is a simple Windows FTP, SFTP, and FTPS server. It is a powerful software with low memory and CPU usage. Designed for high performance, it can easily handle thousands of simultaneous FTP connections. The server supports Active Directory users, LDAP users, or local users, making it a great fit in any kind of situation.

Xlight FTP Server Screenshot

The Xlight FTP Server has many useful features and including the availability of a free edition for personal use. It is limited to 5 concurrent connections whereas the Standard edition at $40 allows 50 and the Professional edition at $130 is unlimited. Note that an additional license is required for SSH and therefore SFTP. The software will run on Windows 2000, XP, Vista, 7, 10, 2003, 2008 and 2012.

Some Portable SFTP Servers

The next entries on our list are interesting mainly because they are portable solutions. That is solutions that require no installation on the computer where they run. They can come in very handy for ad-hoc situations when you quickly need am SFTP server. You can carry them with you on a USB flash drive and always have one ready to use by simply copying it to your computer.

1. Syncplify.me Micro SFTP Server

Syncplify.me, who brought us their full-featured SFTP and FTPS Server reviewed above, also offers the Micro SFTP Server for Windows. It is a self-contained and completely portable SFTP server which can be run from a USB stick without requiring any installation. And unlike its big brother, the Syncplify.me SFTP and FTPS Server, the Micro SFTP Server software is absolutely free and can be used in any situation including production or commercial uses.

Syncplify.me Micro Server Screenshot

Of course, the software has some limitations. For starters, it only supports one user profile, one root folder, and incoming connections from one client at a time. For that reason, it is more commonly used as a test platform for SFTP client software or to test in-software file transfer features than as a true SFTP server. However, despite its limitations, it might be all that you need. Another typical use of the software is as a personal secure file transfer server for a home network.

2. Core Mini SFTP Server

Like the previous selection, the Core Mini FTP Server is a free FTP and  SFTP server that doesn’t require any installation. Just go to the Core FTP Server’s web page to download it. Once you’ve downloaded the executable file which is available in 23- or 64-bit versions and is less than 2 Mb in size, you simply run it. You’ll need to specify the FTP username and password to be used as well as the port and root directory and you’re good to go. We could hardly think of a simpler tool.

Core Mini FTP Server Screenshot

It has some drawbacks, though. For instance, the server will run with your user account and will have access to all of your files. Make sure you specify a root directory where damage by users is of little or no consequence. Other than that, the Core Mini FTP Server is a great little server that’s easy to use albeit somewhat limited.

The Top SFTP servers for Linux

Linux is a popular operating system for servers so it doesn’t come as much of a surprise that users would want to run an SFTP server on that platform. Fortunately, there are plenty of options available. In fact, our third selection below is probably already present on most Linux installations.

1. ProFTPd

It is clear, when you look at its configuration file, that ProFTPd’s developers were big fans of the Apache webserver. The format of the configuration file is almost identical to Apache’s. And just like Apache, it uses modules to provide additional functionality. And there is, of course, a module that can be added to the basic FTP server to add SFTP capabilities.

proFTPd Screen Sample

To ease the pain of configuring the server, the ProFTPd website has several sample configuration files. That will help you get started quickly. In addition to a basic configuration file, there’s one for anonymous FTP, two for using virtual hosts, and one which makes use of MySQL user authentication. The software can be downloaded as a tarball from the developer’s website. Alternatively, many distributions include it as part of their optional packages. Search for it in your package manager. Chances are it is there.

2. PureFTPD

Another great open-source FTP and SFTP server, PureFTPD not only work on Linux but also on most Unix-like operating systems such as BSD or Solaris. The project’s goal is to provide a standards-compliant FTP server. All the messages have been translated into multiple languages, making this an ideal choice for multi-lingual environments.

PureFTPd User Manager Screenshot

PureFTPD is free and comes with absolutely no limitations. All of its features are available to any user. Talking about features, they include the server’s ability to limit connections bandwidth, to run sessions in a virtual file system, to set upload and or download limits, and several more great features. Pre-built packages are available for several Linux distributions including Mandriva, Debian, Ubuntu, and Slackware. It’s also available as source code that can be compiled with no modification and run on any other supported OS.

3. Another Option: OpenSSH

SFTP runs on top of SSH and since OpenSSH is built into most—if not all—Linux systems, SFTP is also there are ready to be used. On a typical Linux system, most users—as long as they have SSH access—should be able to use an SFTP client and connect to the server. That would allow them to transfer files to and from their home directory. Keep in mind that port 22—used by SFTP—could be blocked by default. You might need to dig a little to figure how to open it but, in essence, that’s all you need for a crude SFTP server. If your needs are anything more than an occasional transfer, though, we’d strongly suggest you go with a more potent SFTP server software.

In Conclusion

Although FTP is still a very popular way of transferring files, its lack of security gave birth to SFTP which addresses most security concerns. We have all reasons to think that this improved protocol will still be used for years to come. All the top software reviewed here will do an excellent job, yet we can’t help but prefer our number one pick: the SolarWinds SFTP/SCP server. Not only is it an excellent product but also comes from a company that has a solid reputation for providing some of the best network admin software including some amazing free tools.

Read Best SFTP Server Software For Secure File Transfers by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter