1. Discuss the main network management tasks and how they are carried out?

Fault management
problem identification
Troubleshooting
Problem resolution
fault logging

Configuration management

Change Control
Change Management
Inventory Hardware
Inventory Software
Software
Configuration Information

Accounting management

Asset Management
Cost Control
Charge-back.

Performance management

Network-Capacity Planning
Availability
Response time
Accuracy
Throughput
Utilization

Security management

Policy
Authority
Access Level
Exceptions
Logging
Authentication failure
Fault

The goal of fault management is to recognize, isolate, correct and log faults that occur in the
network.

Errors primarily occur in the areas of fault management and configuration management.

Fault management is concerned with detecting network faults, logging this information,
contacting the appropriate person, and ultimately fixing a problem. A common fault management
technique is to implement an SNMP-based network management system - such as HP OpenView
or Sun Solstice (formerly Net Manager) - to collect information about network devices. In turn,
the management station can be configured to make a network administrator aware of problems
(by email, paging, or on-screen messages), allowing appropriate action to be taken.

[edit] Configuration

The goals of configuration management are to gather/set/track configurations of the devices.

Configuration management is concerned with monitoring system configuration information, and
any changes that take place. This area is especially important, since many network issues arise as
a direct result of changes made to configuration files, updated software versions, or changes to
system hardware. A proper configuration management strategy involves tracking all changes
made to network hardware and software. Examples include altering the running configuration of
a device, updating the IOS version of a router or switch, or adding a new modular interface card.
While it is possible to track these changes manually, a more common approach is to gather this
information using configuration management software, such as CiscoWorks 2000.

[edit] Accounting

The goal is to gather usage statistics for users. Accounting management is concerned with
tracking network utilization information, such that individual users, departments, or business
units can be appropriately billed or charged for accounting purposes. While this may not be
applicable to all companies, in many larger organizations the IT department is considered a cost
center that accrues revenues according to resource utilization by individual departments or
business units.

[edit] Performance

The goal is to both prepare the network for the future, as well as to determine the efficiency of
the current network. Performance management is focused on ensuring that network performance
remains at acceptable levels. This area is concerned with gathering regular network performance
data such as network response times, packet loss rates, link utilization, and so forth. This
information is usually gathered through the implementation of an SNMP management system,
either actively monitored, or configured to alert administrators when performance move above or
below predefined thresholds. Actively monitoring current network performance is an important
step in identifying problems before they occur, as part of a proactive network management
strategy.....

[edit] Security

The goal of security management is to control access to assets in the network. It uses firewalls to
monitor and control external access points to one's network.Security management is not only
concerned with ensuring that a network environment is secure, but also that gathered security-
related information is analyzed regularly. Security management functions include managing
network authentication, authorization, and auditing, such that both internal and external users
only have access to appropriate network resources. Other common tasks include the
configuration and management of network firewalls, intrusion detection systems, and security
policies such as access lists.

Effective planning for a network management system requires that a

number of network management tasks be performed. The network
management system should discover the network inventory, monitor the
health and status of devices and provide alerts to conditions that impact
system performance.

Network Management Tasks

Protecting the network (e.g. intrusion
detection)
Detecting failed components (interfaces,
links, hosts, routers)
Monitoring traffic patterns (recommend
needed upgrades, cap certain types of
traffic)
Detect abnormal traffic (rapid changes in
routing tables, huge spikes in BW usage)

A network monitoring system monitors the network for problems caused by

overloaded and/or crashed servers, network connections or other devices. For
example, to determine the status of a webserver, monitoring software may
periodically send an HTTP request to fetch a page. For email servers, a test
message might be sent through SMTP and retrieved by IMAP or POP3.
Commonly measured metrics are response time, availability and uptime, although
both consistency and reliability metrics are starting to gain popularity
Status request failures - such as when a connection cannot be established, it times-
out, or the document or message cannot be retrieved - usually produce an action
from the monitoring system. These actions vary -- an alarm may be sent (via SMS,
email, etc.) to the resident sysadmin, automatic failover systems may be activated
to remove the troubled server from duty until it can be repaired, etc.

Security Management is a broad field of management related to asset management, physical

security and human resource safety functions. It entails the identification of an organization's
information assets and the development, documentation and implementation of policies,
standards, procedures and guidelines.

In network management it is the set of functions that protects telecommunications networks and
systems from unauthorized access by persons, acts, or influences and that includes many
subfunctions, such as creating, deleting, and controlling security services and mechanisms;
distributing security-relevant information; reporting security-relevant events; controlling the
distribution of cryptographic keying material; and authorizing subscriber access, rights, and
privileges.

An intrusion detection system (IDS) is a device or software application that

monitors network and/or system activities for malicious activities or policy violations
and produces reports to a Management Station

For the purpose of dealing with IT, there are two main types of IDS:

Network intrusion detection system (NIDS)

It is an independent platform that identifies intrusions by examining network traffic and
monitors multiple hosts. Network intrusion detection systems gain access to network
traffic by connecting to a network hub, network switch configured for port mirroring, or
network tap. In a NIDS, sensors are located at choke points in the network to be
monitored, often in the demilitarized zone (DMZ) or at network borders. Sensors captures
all network traffic and analyzes the content of individual packets for malicious traffic. An
example of a NIDS is Snort.
Host-based intrusion detection system (HIDS)
It consists of an agent on a host that identifies intrusions by analyzing system calls,
application logs, file-system modifications (binaries, password files, capability databases,
Access control lists, etc.) and other host activities and state. In a HIDS, sensors usually
consist of a software agent. Some application-based IDS are also part of this category. An
example of a HIDS is OSSEC.

Fault management is the set of functions that detect, isolate, and correct
malfunctions in a telecommunications network, compensate for
environmental changes, and include maintaining and examining error logs,
accepting and acting on error detection notifications, tracing and identifying
faults, carrying out sequences of diagnostics tests, correcting faults,
reporting error conditions, and localizing and tracing faults by examining and
manipulating database information.
When a fault or event occurs, a network component will often send a
notification to the network operator using a protocol such as SNMP. An alarm
 is a persistent indication of a fault that clears only when the triggering
condition has been resolved. A current list of problems occurring on the
network component is often kept in the form of an active alarm list such as is
defined in RFC 3877,the Alarm MIB. A list of cleared faults is also maintained
by most network management systems. Fault management systems may use
complex filtering systems to assign alarms to severity levels. These can
range in severity from debug to emergency, as in the syslog protocol.
A fault management console allows a network administrator or system
operator to monitor events from multiple systems and perform actions based
on this information. Ideally, a fault management system should be able to
correctly identify events and automatically take action, either launching a
program or script to take corrective action, or activating notification software
that allows a human to take proper intervention (i.e. send e-mail or SMS text
to a mobile phone). Some notification systems also have escalation rules that
will notify a chain of individuals based on availability and severity of alarm.

Performance management (PM) includes activities that ensure that goals

are consistently being met in an effective and efficient manner. Performance
management can focus on the performance of an organization, a
department, employee, or even the processes to build a product or service,
as well as many other areas.

Configuration management (CM) is a field of management that focuses on

establishing and maintaining consistency of a system or product's
performance and its functional and physical attributes with its requirements,
design, and operational information throughout its life

Computer hardware configuration management is the process of creating and maintaining an up-
to-date record of all the components of the infrastructure, including related documentation. Its
purpose is to show what makes up the infrastructure and illustrate the physical locations and
links between each item, which are known as configuration items.

Computer hardware configuration goes beyond the recording of computer hardware for the
purpose of asset management, although it can be used to maintain asset information. The extra
value provided is the rich source of support information that it provides to all interested parties.
This information is typically stored together in a configuration management database (CMDB)

All components of the IT infrastructure should be registered in the CMDB. The responsibilities
of configuration management with regard to the CMDB are:

• identification
• control
• status accounting
• verification

Maintenance systems
Configuration management is used to maintain an understanding of the status of complex assets
with a view to maintaining the highest level of serviceability for the lowest cost. Specifically, it
aims to ensure that operations are not disrupted due to the asset (or parts of the asset)
overrunning limits of planned lifespan or below quality levels.