Network Management System NMS – Statseeker

Network Management System NMS – Statseeker

Power Lines 729 620x349


Network Management NMS – Statseeker Not a Swiss Army Knife, but a Sharp Blade:

At Network Field Day #4 we had a a company named Statseeker who is in the Network Management business. Stewart Reed from Statseeker, an Australian presented and demoed the product.  We were almost outnumbered something friends, John Harrington an Irishman, Anythony Burke an Australian and me a native Kentuckian with a funny accent had some fun with (*cough 3xC*). Network Management (NMS) has been a fairly major pain point in the networking industry. The history of NMS is paved with failed products and product deployments.

Network Engineers are guilty until proven innocent. If you cant pull data as close as possible to an event and prove it was not the network then it was the network. Network architects must be able to do or set capacity planning policy, that is impossible to do efficiently without long term trends and realtime data. While Staseeker is not the proverbial swiss army knife approach to network management systems. It doesn’t have a crappy set of tweezers and a lame magnifying glass but it is a pretty sharp knife that “appears” to do link capacity monitoring quite well.

Statseeker also has NetFlow and Sflow capabilities. NetFlow organizational policy is a mess in most shops. Security wants it for security things, network wants it for capacity planning, all human problems working with very large data sets and terse technologies. Very few solutions open or proprietary out there that focus solely on NetFlow and correlation unfortunately. Until I hear how that works under the hood, I am maintaining healthy skepticism that on very little hardware tens of thousands of physical ports flows now 500k-1mil+ can be ingested and stored. I also thought that going into the demo on SNMP polling data but what Statseekers bread and butter is only pulling specific SNMP data rather than send it all to store and process even if you do not need it.

On the backend is their DB that is optimized for these particular data sets to produce very fast results instead of the normal hourglass waiting time for database queries other products can have. Well defined set of functions in order to optimize their efficiency is the market separator here. To get straight to the video on the Tech Field Day site check here.

 Things to Look for in Network Management in Products

1. Ease of use. If someone can’t operate it, I can’t use it:
Most shops an amazing tendency to take NMS and give it to anyone willing to do it. The IQ needs to be high in order to effectively operate and extract network state and performance from our extremely complicated and distributed networks. Statseeker has a very fixed set of functions and focuses on those. Statseeker could likely be maintained by entry level tiered operations and more importantly operated properly.
2. Features.
 If this product falls short anywhere it is in the feature category. They are very upfront this is what it is and this is what it isn’t. Example, this is not a configuration management NMS. I Tweeted on ze Twitterz” @networkstatic #NFD4 @statseeker presentation. I am always a fan of a product that does a handful of well defined functions well then all of them poorly”.
3. Clearly defined scale:
Statseeker polls every 1 minute. That was pretty outrageous and I like it. I have had to back other NMS over the years as low as 10-15 minute polling intervals. Those gaps in visibility are pretty huge when it comes down to events not being captured.
4. Delivering on what it claims to do.
Having never used the product in production I can’t comment here. If someone asked me a list of what NMS products to evaluate Statseeker would be on it.

ROI Required

In today’s economic climate, we know as many business acronyms as technical anymore. A feature in Statseeker that scrapes port counters and looks for unused ports in whatever time range you defined is handy. The average medium to large 50,000+ port network has a lot more unused ports than you might realize. Often capacity planning means someone goes into a closet sees 4 open (ports without cables patched in) and says its time to buy a new $2,000-$12,000 48-port switch. What many do not do is check port counters to see what ports are down and if that port is down do the counters show any traffic. I liked that feature so much I will do two things in the next couple of weeks, see if the NMS I currently use for capacity planning in my job has this feature and if it doesn’t program something to pull those stats. My problem rolling it myself is I can either capture the port counters and correlate to the uptime of the switch or push into a backend to trend those numbers which gets out of the time allocation reality. That makes this product a business tool and the ability to hit your return on investment (ROI) and likelihood of receiving funding much more realistic.
access-idf-port-audit
Figure 1. Empty ports in the IDF means you bought more gear than the business needed and wasted money. Even if it was See the Amazon AWS capacity vs. consumption needle wide gap for perfect just in time IT about halfway down the page in this post.
As we see exponential growth in wireless and more migrations from the wired to wireless networks this will become increasingly important.

In Summary

There is some pretty cool optimization under the hood that separates Statseeker from it’s peers. It is an engineers tool. From all NMS vendors I would like to see more focus on executive reporting. Drop some pretty graphs and charts into an executive summary of a solution or a root cause analysis and it’s like spike the vein of middle managers all the way to C-level. We live in the land of complexity, abstracting that to pretty pictures works 90% of the time. The buck stops at the network engineer, who does he blame? The power company? We have to use and provide proper tools to even come close to managing today’s networks. Those tools need to work quickly and properly, what I saw from Statseekers demo looked good on the surface.If currently shopping for an NMS, I would take a look at this video from NFD to get a baseline and check out there site statseeker.com.

Other Network Field Day #4 Delegates Thoughts

  • My good friend and fellow native Kentuckian Paul Stewart @packetu CCIE #26009 (works a few blocks away, bizarre, never knew him before NFD, thanks for that NFD team) had a nice writeup on his thoughts of the presentation on his site packetu.com.
  • From the man himself, John Herbert CCIE#6727 @mrtugs Pretty sure he has forgotten more than I know at lamejournal.com shares his thoughts from the network field day presentation.
  • The gentleman that was about a decade younger than all of us and still teaching us not too mention a fantastic presenter/storyteller, Anthony Burke @pandom_ . Brilliant each and every one.
As a Tech Field Day Delegate Statseeker was a sponsor but anyone that has ever watched the videos or even funnier the Twitter feeds during an event will realize this is furthest from softball shills ever. If your product has problems you hear about it really quickly and even viciously at times depending on receptiveness of the vendor to critical feedback. Thanks to my fellow delegates and lifelong friends and the original folks organizing network field day like  Steven FoskettGreg Ferro, Tom Hollingsworth and Claire Chaplais for the overwhelming opportunity. Over the next couple of weeks there will be some more posts on the other sponsors. Some are requiring more research than others due to breadth of product lines. More information at http://techfieldday.com Thanks for stopping by!

About the Author

Brent SalisburyBrent Salisbury works as a Network Architect, CCIE #11972. He blogs at NetworkStatic.net with a focus on disruptive technologies, that have a focus on operational efficiencies. Brent can be reached on Twitter @NetworkStatic.View all posts by Brent Salisbury →

  1. Steve BSteve B10-14-2012


    ” If someone asked me a list of what NMS products to evaluate Statseeker would be on it.” I’m about to do this so would be all ears! The shortlist to evaluate off the top of my head includes Cisco Prime, HP IMC or NMMi and Solarwinds Orion? Would favour something with config management rolled in with the monitoring and trends analysis via the usual list of possible inputs. Is anything close to the famed ‘single pane of glass’yet?
    Thanks

  2. Paul StewartPaul Stewart10-14-2012


    I think Statseeker definitely should be looked at for any NMS deployment. However, your very last question might take you into a different direction. I think everyone needs to think about how important a “single plane of glass” is to their environment. Statseeker sort of goes in the opposite direction, provide a very good solution for the things it does. But if you need a single plane of glass, you might need a less focused (and possibly more clunky) solution.

  3. JasonJason10-14-2012


    I prefer OpenNMS with RANCID. Its free, they work together. It’s awesome and it scales. I won’t operate a network w/out them.

    Jasper reports makes managers happy. Drools has event correlation (both, part of ONMS).

    Add a flow collector if you need (I like netflow tracker, even though it is a commercial product).

    If you’re not comfortable with open source software, editing XML files, and creating SQL queries, you may not like this stack. After its customized, its smooth sailing.

    Personally I prefer having fine granular control over my tools, instead of paying for something that limits flexibility.

    Commercial software is meant to be sold, but opens source is meant to be used!

  4. Steve BSteve B10-14-2012


    Yeh the single plane of glass thing was more of a utopian wish than any actual requirement. As long as you don’t end up with an unmanageable list of tools in use I’d agree having tools that are excellent for a specific job rather than one that is ok at all is best.

    “If you’re not comfortable with open source software, editing XML files, and creating SQL queries, you may not like this stack” Unfortunately that’s pretty much me (Plus no realistic time/wish to get up to speed in those non core skill areas) hence the focus on commercial offerings. Perhaps incorrectly on the basis they willl be aimed at people looking for something to do the work for them rather than the possibly more granular but more labour intensive open source options?

  5. Brent SalisburyBrent Salisbury10-14-2012


    Killer insights guys, got my wheels
    Steve B, most of my commercial experience has been with the all in ones that you mentioned. I like Orion quite a bit for the flexibility of modular growth with things like IPSLA, Config management, would like to see their NetFlow product mature much more as that correlation is pretty vital. I am not interested in programmatic change from NMS vendors atm. I think the Cisco Works years took away any faith in that approach, we need much more mature frameworks and primitives imo. Though look at Quantum today, most of that is NETCONF writes to TOR gear. My problem with the all in one is scaling it as one big behemoth and shear number of transactional DB interactions it is typically not suited for virtualization.

    Paul, totally agree. Sometimes it might be the lowest common denominator with the all in one but that may help keep TCO down. The care and feeding of these boxes can be brutal. Seems like network management is one of those eh, yeah give it to the new guy he will do it when in reality you need people that understand networks intimately to extract meaningful data to the business.

    Jason, totally agree the customized route is the way if you can afford the devops. Sounds like a pretty tight setup. I would be surprised if any hyper scale shop is doing anything other than a framework like you described. Great collection of packages you posted. I had not seen NetFlow Tracker before. I need to take a peek. Having exports to capture north of Layer 4 into Layer 7 payload is pretty nice but monstrous data sets to work with result. “QFlow” from S1 was acquired by IBM earlier in the year is one. I keep meaning to see what others are doing that will grab the first 100-200k of payload past the header. Any of you guys doing anything with L7 payload + 2-4 Flows either correlating with an IDS or rolled in a package?

    Interesting stuff thanks for taking the time. Steve, feel free to bounce ideas, I can dump pro/cons of Orion from my involvement if interested.

    Thanks!
    -Brent

    • JasonJason10-15-2012


      Sflow only takes samples of the flows. Its relatively efficient and still accurate. I haven’t kept up with the latest changes to netflow or ipfix but they might have a sampling feature now.

      Sounds like you’re talking security though so sampling might not cut it. :)

      BTW you could totally do a port audit with RANCID. I’ll admit, expect scripts are old school especially with emerging SDN trends but RANCID is for config backups so its an added bonus that it can be used for audits and configuration pushes – rancid/nanog26.

      But for something more cool and fun, check out aol/trigger!

  6. Brent SalisburyBrent Salisbury10-28-2012


    Thanks Jason, I need to look at Rancid. There is a good thread over on the new PacketPushers forum that is right up your alley if interested in reading or contributing.

    http://forum.packetpushers.net/showthread.php/197-Network-Management-Platforms-in-the-SMB-Environment

    Thanks for sharing the info, good stuff.