By Cameron Sturdevant  |  Posted 2005-08-15 Print this article Print

We installed Insightix DID Collector on an IBM dual-processor eServer 325 system with 1GB of RAM and two NICs. This is close to the minimum hardware configuration requirements and shouldnt be much of a burden on the midsize and large enterprises for which the product is intended.

We dont usually consider the security of a monitoring system to be of paramount concern; nonetheless, we were impressed with the care taken to build Insightix DID Collector on a secure platform. The software installs a hardened version of the Debian GNU/Linux system. We recommend that Insightix DID Collector be installed by itself to ensure that the network connection to the monitoring port on the switch is clear of additional traffic.

We tested Insightix DID Collector using one passive-monitoring NIC. The product can monitor additional physical connections as long as the total traffic of all monitored networks does not exceed 1GB per second.

Insightix DID collector discovered all our test servers and PC systems running a variety of Windows versions and Linux distributions, along with network protocols that were running in the network. All this information was displayed in a simple-to-navigate Web-based dashboard. In the current version, the dashboard is in HTTP. A release of the product scheduled for next quarter will provide an S-HTTP (Secure HTTP) connection to the console, company officials said.

We got all this information without scheduling a scan or installing agents on any equipment. Insightix DID Collector analyzed all the network traffic that was mirrored to the monitor port on the switch.

During tests, the Insightix software generated a Web-based report that included a detailed infrastructure list that showed all of our network switches, routers, firewalls and other devices—along with all the servers and client systems.

The chief contrast we can draw is with established network and system management tools. These products—including Hewlett-Packard Co.s OpenView Network Node Manager, BMC Corp.s Patrol line of management tools and Computer Associates International Inc.s Unicenter—poll systems from a central console to see if they are present and available.

There are two chief drawbacks to this approach. First, polling tools almost always require an agent on the monitored system. Agents mean installation and maintenance costs. Second, management tools always consume some amount of network bandwidth. Most of the time, these tools use very little bandwidth, but they can on occasion demand a large amount—which, in our experience, tends to coincide with other major network connectivity problems.

The trade-off is that agent-based systems generally have the handy ability to monitor activities on the system and send proactive alerts when, for example, memory utilization goes above an acceptable threshold. Most management tools have matured significantly during the last five years and have agents and console settings that keep bandwidth usage at acceptable levels.

By the end of our testing, we had concluded that Insightix DID Collector is a good complement to agent-based tools. The software discovered all sorts of devices we didnt have documented on our infrastructure map—from our Avocent DSR 2161 KVM (keyboard, video and mouse) switch to another hardware device being tested in the network (Trusted Network Technology Inc.s Identity 2.0, which will be reviewed in an upcoming issue).

Insightix DID Collectors correct identification of these devices, along with its accurate assessment of the operating system, made it easy for us to force a discovery of these devices by other management tools we use to monitor our test network.

In fact, Insightix DID Collector will likely be as beneficial to network and systems operations as it is to the security department. In our tests, the software showed an uncanny ability to find unauthorized network access points—one of the most common scourges of networks.

Next page: Evaluation Shortlist: Related Products.

Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at csturdevant@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel