Credit Unions Network Goes Under the Scope

Case Study: The NIH-FCU keeps on top of things with an open-source monitoring tool from Nagios.

Its never fun being the last one to know ... anything. But when what you dont know can literally shut down your business while you remain in the dark, its downright infuriating.

That was the situation Kirk Drake routinely found himself in, always learning about network problems hours after they started.

"A branch office could be down for a day, and we wouldnt find out until 4 in the afternoon," recalled Drake, vice president of IT at the National Institutes of Health Federal Credit Union.

Without a system in place to monitor network performance, the NIHFCU had to rely on human intelligence to report problems. And sometimes humans wouldnt think to notify IT for hours.

That kind of situation just didnt befit a proactive IT shop, especially one that supports a busy credit union. The NIHFCU was founded by a handful of members who pooled together $75 in 1940. Today, the Rockville, Md., credit union has 150 employees and 10 branches in the Washington area and operates 25 ATMs; its 50,000 members have roughly $400 million in deposits with the credit union.

Clearly, with the network required by such a business, Drake needed to deploy a monitoring system that would enable IT to be on top of any situation as it occurred. So he began to look for affordable network monitoring technology.

Drake said, ideally, he wanted to find a solution that used open-source technology but without the "headaches" associated with open source—that is, he didnt want to pay a hefty fee for a software license, but he also didnt want to forgo the support and maintenance services that a contract provides.

As a credit union, the NIHFCU is also required to conduct annual network security audits. Thats a tall task for a small department, so Drake works with solutions companies to provide integration, consulting and other related services. It was in the course of looking for a new vendor for security audit services that led Drake to work with RedZone Technologies LLC, an Annapolis, Md., security consulting and integration company.

Drake said he was looking for a solution that would enable the NIHFCU to keep tabs on its network as it never could before. He evaluated well-known commercial network monitoring products including Hewlett-Packard Co.s HP OpenView, IBMs IBM Tivoli NetView and WhatsUp Gold from Ipswitch Inc. Through the NIHFCUs association with RedZone, Drake also evaluated an open-source monitoring tool called Nagios. (Nagios is available for download at www.nagios. org.)

The system offers an affordable alternative to other technologies, Drake said. At the high end, Drake estimated a commercial product would have cost the NIHFCU $75,000 to $100,000. So, he said, he opted to implement Nagios with the help of RedZone, for a cost of approximately $20,000 with services and support.

While Drake conceded that the network performance charts generated by Nagios are basic, he said the tool suits the NIHFCUs needs by automatically giving IT a heads-up of network problems. The tool monitors power outages and connectivity on frame relay circuits, servers, switches and routers.

"Instead of spending 8 hours in the dark like before, we spend 5 minutes in the dark and then start solving the problem," Drake said.

The Nagios deployment isnt the first time Drake has opted for open-source technology.

A six-year veteran of the NIHFCU, Drake implemented an open-source product in 2001, an intrusion detection tool called Sourcefire, from Sourcefire Inc., of Columbia, Md. Satisfied with that experience, Drake looked to implement additional open-source technology when the NIHFCU opted to change its central database and repository systems.

"We were restrained by our core vendors abilities, so we wanted to move to a more open environment," Drake said. He immediately opted for a platform from Summit Information Systems, a Corvallis, Ore., solutions provider that is a business unit of Fiserv Inc., a consultancy specializing in the financial services industry. (Drake said the Summit platform is built on Linux at the application server layer.)

/zimages/3/28571.gifClick here to read about an open-source monitoring offering from GroundWork.

Drake then implemented an RNA (real-time network assessment) product, again from Sourcefire. (The Sourcefire products are built on top of an open-source tool called Snort.) To implement the RNA tool, Drake worked with Infosys Networks Inc., a local solutions company also in Annapolis.

Sold on the idea of open-source technology, Drake found himself receptive to a cold call he received early last year from RedZone.

As a credit union, the NIHFCU is bound to conduct annual network security audits. At the time, the NIHFCU was working with consulting company Xacta Corp., based in Ashburn, Va., to conduct those audits. While Drake said he was satisfied with the association, he also said he likes to entertain pitches from other security audit vendors and even switch vendors periodically.

Drake met with RedZone President Bill Murphy, and he said he liked what he heard. Specifically, Drake said he liked RedZones proposal that included a network audit with a business continuity plan thrown in, both at "a really competitive price." Another factor influencing Drakes decision: RedZone had no qualms about providing technologies that relied on open source.

In the spring of last year, RedZone conducted its first security audit for the NIHFCU, and the two organizations have been working together on security systems ever since. Drake said RedZone fills a specific need that a midsize credit union such as the NIHFCU has. The company provides Drake with an affordable and rapidly adaptable system, characteristics that are inherent in open-source technologies; and yet RedZone is there to provide support, documentation and maintenance services as the NIHFCU needs.

"We get the benefits of open source yet still can rely on an outside party who is responsible for supporting and maintaining the technology," Drake said.

As for Drakes use of open-source technology, Murphy said hes really on the cutting edge, at least in terms of midsize enterprises.

By working with companies such as Summit and RedZone, Drake said he is also able to combine the best of open source with the need for ongoing support. Its a model he said other IT directors would do well to embrace.

"When looking at all the different solutions out there, you should make a concerted effort to find an open-source option," Drake said. While such technologies may not be right for all organizations, there are plenty of tools that are, Drake said.

Megan Santosus is a free-lance writer in Natick, Mass. Contact her at

/zimages/3/28571.gifCheck out eWEEK.coms for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.