Build 7101. The whole bunch of bugs....
I am currently in a process of evaluating and purchasing different network monitoring and management tools for the medium sized network (3 different locations, around 30 local networks, 500+ hosts, around 20 servers, several L2 and L2/L3 Cisco switches, VPN concentrators, PIX/ASA firewalls, Cisco routers of different series).
Recently we deployed evaluation versions of Firewall Analyzer and OpManager in our network to understand how suitable these tools for monitoring of our network.
We were mostly satisfied with Firewall Analyzer user interface; abilities parse and interpret syslog messages from our firewalls and even VPN concentrators. So we expected similar performance from OpManager and seriously considered buying the whole monitoring suite from AdventNet, including NetFlow Analyzer and DeviceExpert as our primary goal was to monitor Cisco based network infrastructure.
At first sight OpManager looked pretty good (and nice looking), packed with a lot of useful features.
However the more we used it the more problems, bugs and inconveniences we faced. We even started wondering whether (build 7101) was alpha or beta version of software and we should try previous one.
Here is SHORT list of most frustrating things we faced so far. Note, that we have used and tested only around one half of all the features so far.
I. Discovery
1) Neither Discovery by Range nor CIDR were able to determine and exclude from the discovery process network and broadcast addresses although both demanded to indicate proper subnet mask. As a result 2 "ghost" hosts per each subnet were discovered.
2) CIDR simply failed to process /16 network and suggested using Network range.
3) Credential windows do not have Cancel button. Only Apply and [X] to close window. Not too user friendly.
4) As a result, initial discovering in network with 10 - 20 subnets is laborious and not too convenient process. No option to set a list of subnets for discovery.
II. Devices recognition / Templates management
1) No profiles for currently selling Cisco devices absolutely. No 2960 switches, latest 800, 1800, 2800 series routers, no ASA etc. 3750 L3 were not recognized either. It is not a big deal to create your own profile, but all these devices are very popular.
2) Creating new profile is a one way process. Once created, profile name cannot be changed. Nor it is possible to delete the profile.
3) It is not possible to duplicate existing profile and create new one by modifying a copy. All the monitors should be created from scratch.
4) Moreover, newly created profiles simply do not work well in detail window. For example Device Details window with Custom profile for ASA, created with exactly the same monitors as Cisco PIX Firewall profile refuses to show CPU Utilization and Connection Count on the right dashboard, while showing graphs if you click on monitors. But as soon as you switch over to Cisco PIX firewall profile it starts showing everything. Similar problem with C2960 switch profiles.
5) All ASA firewalls constantly generate Authentication failure alarms, although devices are 100% accessible, online and all the SNMP information is available. No errors in ASA logs exist either. PIX 515 firewalls work OK.
6) Deleting all the error messages actually just hides the alarms. As soon as new alarm for the device has arrived you can see long list of all the previous alarms.
III Maps and Business View
1) Maps pull down menu displays incorrectly in Firefox browser - right side is truncated in the middle of Show word.
2) Business view. Not too bad, but very limited set of Icons.
IV Network View. �Diamond� of my collection.
1) It is absolutely not clear how OpManager picks up networks to display in Maps pulldown menu. I performed search and added devices from around 20 networks I was interested in. However OpManager showed me only 2 networks in pull-down menu. One directly connected to the monitoring server network and another one - network behind outside interface of firewall. What is worse, OpManager showed me this network as X.X.X.0/24, whereas I specified this network as X.X.X.16/28 during the discovery process. And there is no way to add or edit list of networks manually. Discovery is the only option. And it is not working well.
2) But the most astonishing view I got when I clicked on Networks Map menu item. OpManager did really a great job and discovered around 60 different subnets, including several remote clients' subnets, loopback interfaces, /30 subnets for point-to point devices connectivity.
OpManager displayed all these networks (only 2 of which were marked as manageable) together with routers and firewalls in a grid 12x5 devices and heavily crisscrossed all this grid with green lines representing links. Real mess. And absolutely useless.
I just can imagine what would I see in this window if OpManager managed to retrieve subnet numbers from VPN concentrators where about 600 clients were connected and put all that subnets in that grid. LOL
And again, no way to choose which networks to display and no way to manually rearrange them on display like in Business view.
V. Infrastructure snapshot and group views
1) Ridiculous limitation on 16 characters for the group name with only letters and digits allowed. Even MSDOS 3.3 was more flexible in file naming.
2) No way do rearrange groups the way I want and hide currently unused ones. However custom groups are almost useless anyway...
3) Firewalls group window does not indicate which devices have generated alarm states. Besides Name table cell is not wrappable and very short, so you have only a fragment of the actual name.
VI. Device snapshot window.
1) Orange colored caption with Device Name is misleading, as the color is the same as Alarm Status. No matter which state the device is actually in.
2) Sometimes device is displayed in alarm or error state with no errors present. The only way to reset this status is to Unmanage -> Manage device. Or to delete and re-create it.
3) No way to return back to previous window (infrastructure snapshot or some other) after inspecting or editing the device.
4) No way to choose what to display on dashboard in the right part of screen. As a result half of devices show empty instruments with absolutely useless "Troubleshoot.." link. No way to hide it either.
5) No custom links to launch third party telnet or ssh client to go directly to the device CLI.
6) A lot of unused space and too short description field in interfaces list view. And no way to edit interface descriptions either. As a result Description field is absolutely useless, while much more important Display Name is placed in the middle of the table.
7) No way to update interface descriptions from devices. I tried to rediscover switch after updating interface descriptions in it from CLI, but with no success. Only manual editing. One more confusion. What is called in cisco IOS �interface description� becomes �Interface Name� in OpManager and CAN be edited. Interface TYPE/NUMBER in IOS becomes �Interface Description� in OpManager and CAN NOT be edited.
8) If you decide to create a separate category in Infrastructure snapshot for your, let's say switches or routers and move them there, you are in a big trouble.
Firstly, you lose any ability to edit interfaces - menu item simply disappears from Action pull down menu.
Secondly, no information is displayed on dashboard anymore.
Thirdly, only L3 interfaces are shown.
Finally, when you move the device back to default group to regain access to interfaces....all the carefully tuned interface settings are gone!!!
So even if you have 30 switches from 3 different sites to monitor you should keep them in one group. Very Inconvenient.
9) No option to view devices (desktops, printers etc.) as a detailed list and perform group functions like select delete them by group. Just imagine that you have autodiscovered 100 workstations you do not care about and you want to delete them. The only option is to do it one by one. And that is a multistep and really painful process, taking in consideration web interface.
VII. User Access
1) Ability to limit user access to read-only and to only certain Business Views is a good thing. However there is no ability to limit the user how deep it can drill down into information regarding each device. For example Level 1 monitoring staff normally does not need to see interface load statistics, errors and so on. Basic device availability and alarms are quite enough for them to make a decision whether to escalate the issue to level 2 tech support.
I could continue this list, but I believe that is has already enough to make my mind regarding this tool.
Resume. Generally this is a pretty useful and promising tool with a lot of great features, especially in a bunch with other tools like FirewallAnalyzer. However current version is suitable for monitoring of small networks with few devices and 2-3 subnets. Especially taking into consideration that free version support up to 10 hosts.
However as a serious and expensive monitoring tool for medium or large networks with a lot of devices and numerous subnets current version (7101) of OpManager7 has too many flaws, limitations and bugs to be considered for implementation.
Recently we deployed evaluation versions of Firewall Analyzer and OpManager in our network to understand how suitable these tools for monitoring of our network.
We were mostly satisfied with Firewall Analyzer user interface; abilities parse and interpret syslog messages from our firewalls and even VPN concentrators. So we expected similar performance from OpManager and seriously considered buying the whole monitoring suite from AdventNet, including NetFlow Analyzer and DeviceExpert as our primary goal was to monitor Cisco based network infrastructure.
At first sight OpManager looked pretty good (and nice looking), packed with a lot of useful features.
However the more we used it the more problems, bugs and inconveniences we faced. We even started wondering whether (build 7101) was alpha or beta version of software and we should try previous one.
Here is SHORT list of most frustrating things we faced so far. Note, that we have used and tested only around one half of all the features so far.
I. Discovery
1) Neither Discovery by Range nor CIDR were able to determine and exclude from the discovery process network and broadcast addresses although both demanded to indicate proper subnet mask. As a result 2 "ghost" hosts per each subnet were discovered.
2) CIDR simply failed to process /16 network and suggested using Network range.
3) Credential windows do not have Cancel button. Only Apply and [X] to close window. Not too user friendly.
4) As a result, initial discovering in network with 10 - 20 subnets is laborious and not too convenient process. No option to set a list of subnets for discovery.
II. Devices recognition / Templates management
1) No profiles for currently selling Cisco devices absolutely. No 2960 switches, latest 800, 1800, 2800 series routers, no ASA etc. 3750 L3 were not recognized either. It is not a big deal to create your own profile, but all these devices are very popular.
2) Creating new profile is a one way process. Once created, profile name cannot be changed. Nor it is possible to delete the profile.
3) It is not possible to duplicate existing profile and create new one by modifying a copy. All the monitors should be created from scratch.
4) Moreover, newly created profiles simply do not work well in detail window. For example Device Details window with Custom profile for ASA, created with exactly the same monitors as Cisco PIX Firewall profile refuses to show CPU Utilization and Connection Count on the right dashboard, while showing graphs if you click on monitors. But as soon as you switch over to Cisco PIX firewall profile it starts showing everything. Similar problem with C2960 switch profiles.
5) All ASA firewalls constantly generate Authentication failure alarms, although devices are 100% accessible, online and all the SNMP information is available. No errors in ASA logs exist either. PIX 515 firewalls work OK.
6) Deleting all the error messages actually just hides the alarms. As soon as new alarm for the device has arrived you can see long list of all the previous alarms.
III Maps and Business View
1) Maps pull down menu displays incorrectly in Firefox browser - right side is truncated in the middle of Show word.
2) Business view. Not too bad, but very limited set of Icons.
IV Network View. �Diamond� of my collection.
1) It is absolutely not clear how OpManager picks up networks to display in Maps pulldown menu. I performed search and added devices from around 20 networks I was interested in. However OpManager showed me only 2 networks in pull-down menu. One directly connected to the monitoring server network and another one - network behind outside interface of firewall. What is worse, OpManager showed me this network as X.X.X.0/24, whereas I specified this network as X.X.X.16/28 during the discovery process. And there is no way to add or edit list of networks manually. Discovery is the only option. And it is not working well.
2) But the most astonishing view I got when I clicked on Networks Map menu item. OpManager did really a great job and discovered around 60 different subnets, including several remote clients' subnets, loopback interfaces, /30 subnets for point-to point devices connectivity.
OpManager displayed all these networks (only 2 of which were marked as manageable) together with routers and firewalls in a grid 12x5 devices and heavily crisscrossed all this grid with green lines representing links. Real mess. And absolutely useless.
I just can imagine what would I see in this window if OpManager managed to retrieve subnet numbers from VPN concentrators where about 600 clients were connected and put all that subnets in that grid. LOL
And again, no way to choose which networks to display and no way to manually rearrange them on display like in Business view.
V. Infrastructure snapshot and group views
1) Ridiculous limitation on 16 characters for the group name with only letters and digits allowed. Even MSDOS 3.3 was more flexible in file naming.
2) No way do rearrange groups the way I want and hide currently unused ones. However custom groups are almost useless anyway...
3) Firewalls group window does not indicate which devices have generated alarm states. Besides Name table cell is not wrappable and very short, so you have only a fragment of the actual name.
VI. Device snapshot window.
1) Orange colored caption with Device Name is misleading, as the color is the same as Alarm Status. No matter which state the device is actually in.
2) Sometimes device is displayed in alarm or error state with no errors present. The only way to reset this status is to Unmanage -> Manage device. Or to delete and re-create it.
3) No way to return back to previous window (infrastructure snapshot or some other) after inspecting or editing the device.
4) No way to choose what to display on dashboard in the right part of screen. As a result half of devices show empty instruments with absolutely useless "Troubleshoot.." link. No way to hide it either.
5) No custom links to launch third party telnet or ssh client to go directly to the device CLI.
6) A lot of unused space and too short description field in interfaces list view. And no way to edit interface descriptions either. As a result Description field is absolutely useless, while much more important Display Name is placed in the middle of the table.
7) No way to update interface descriptions from devices. I tried to rediscover switch after updating interface descriptions in it from CLI, but with no success. Only manual editing. One more confusion. What is called in cisco IOS �interface description� becomes �Interface Name� in OpManager and CAN be edited. Interface TYPE/NUMBER in IOS becomes �Interface Description� in OpManager and CAN NOT be edited.
8) If you decide to create a separate category in Infrastructure snapshot for your, let's say switches or routers and move them there, you are in a big trouble.
Firstly, you lose any ability to edit interfaces - menu item simply disappears from Action pull down menu.
Secondly, no information is displayed on dashboard anymore.
Thirdly, only L3 interfaces are shown.
Finally, when you move the device back to default group to regain access to interfaces....all the carefully tuned interface settings are gone!!!
So even if you have 30 switches from 3 different sites to monitor you should keep them in one group. Very Inconvenient.
9) No option to view devices (desktops, printers etc.) as a detailed list and perform group functions like select delete them by group. Just imagine that you have autodiscovered 100 workstations you do not care about and you want to delete them. The only option is to do it one by one. And that is a multistep and really painful process, taking in consideration web interface.
VII. User Access
1) Ability to limit user access to read-only and to only certain Business Views is a good thing. However there is no ability to limit the user how deep it can drill down into information regarding each device. For example Level 1 monitoring staff normally does not need to see interface load statistics, errors and so on. Basic device availability and alarms are quite enough for them to make a decision whether to escalate the issue to level 2 tech support.
I could continue this list, but I believe that is has already enough to make my mind regarding this tool.
Resume. Generally this is a pretty useful and promising tool with a lot of great features, especially in a bunch with other tools like FirewallAnalyzer. However current version is suitable for monitoring of small networks with few devices and 2-3 subnets. Especially taking into consideration that free version support up to 10 hosts.
However as a serious and expensive monitoring tool for medium or large networks with a lot of devices and numerous subnets current version (7101) of OpManager7 has too many flaws, limitations and bugs to be considered for implementation.