SmartDraw Cloud could prove especially useful to networking professionals tasked with troubleshooting or locate devices while in motion. A virtual representation of the physical layout of the network, building and infrastructure, illustrated on an iPad and edited as needed on the fly, goes a long way towards simplifying the troubleshooting process.

Hands-on with SmartDraw Cloud

The use cases for SmartDraw are practically infinite. After all, the product offers 70 different categories of drawings, with some 4500 templates to modify the drawings and 34,000 symbols to populate the drawings. In other words, the product allows most anyone to draw most anything. With that in mind, here I’ll focus on the product’s core capabilities for a networked business environment, using some specific use cases for testing, such as a network diagram, IoT map, a flow chart, and a decision tree. All of which are used extensively by the majority of tech-savvy businesses.

Getting started with SmartDraw Cloud

Before diving into SmartDraw, users must choose what iteration of the product to use. The $297 Windows version of SmartDraw 2016 Business edition comes with a full year of the cloud service included. With that in mind, it may make the most sense to start out with the cloud based offering and then decide if a desktop version is warranted. Either way, SmartDraw does offer a 7-day free trial of the product for those investigating its capabilities.

Using the cloud iteration of SmartDraw proves to be a very simple process, it just takes logging into the cloud app. From there, the GUI is almost indistinguishable from the desktop version of the product. All of the menus, icons, templates and other elements are virtually identical between the cloud and desktop iterations of the product.

Creating a network/IoT diagram with SmartDraw Cloud

The GUI makes creating any diagram amazingly simple. For example, creating a network diagram means navigating down to the Network Design document menu and then choosing the type of network diagram desired (Network or Rack). 15 example network diagrams are offered, giving a neophyte user a head start on building a new network diagram.

For this example, I chose the Enterprise Network template, which then launched another browser window with the diagram editing screen and a sample network design, fully populated with symbols and connections. The design GUI provides a variety of tools to change any element on the screen, add effects, create text and so forth. A tabbed interface on the left allows users to choose device images from a “SmartPanel,” which supports full drag and drop capabilities.

Drag-and-drop is something not normally found in a browser based application. Thousands of symbols are available, including all different types of PCs, routers, switches, firewalls, servers and so forth. The GUI also includes a handy tool to search for symbols, making it easier to add normally unrelated symbols to a diagram, such as a landscape element like a lamppost or a tree to a diagram for IoT networking equipment to indicate where a sensor, IP/WiFi security camera or other device is located. The drag and drop capabilities and libraries of symbols allow an informative network diagram to be completed in just minutes.

All symbols contained within the diagram can be linked, grouped, have text added to, resized, and even have hyperlinks to other diagrams associated with them. Line drawing proves very easy using the line tool.

Once the diagram is ready, it can be shared with others as either a view-only element, which does not require the recipients to have SmartDraw, or as an editable file. Sharing is accomplished using an emailed link to the diagram.

Creating a flowchart with SmartDraw Cloud

Flowcharts are often the primary fodder behind any type of business process, especially those that involve IT operations. Here, SmartDraw excels in its ability to quickly create flowcharts that have logical progressions and incorporate Boolean logic. The product comes prepopulated with flowchart templates and design examples, allowing users to focus on critical logic rather than the mechanics of graphical design. That said, users can still create attractive, professional looking flowcharts that are easy to modify and expand.

Starting a flowchart based upon the flowcharting template consists of little more than selecting the appropriate visual objects and then adding instructions or text. The product’s “SmartPanel” provides numerous visual examples, along with relevant descriptions, which are easy to select, use and understand. Flowcharts can be built in a matter of minutes. SmartDraw’s real strengths here are ease of use and speed in comparison to flowchart creation using other tools.

Data visualization with SmartDraw Cloud

SmartDraw can also quickly create infographics for most any situation. Population, process/cycle, World Data Map, and dozens of other infographic templates are readily available, allowing users to quickly plug in collected data and create a professional-looking graphical representation of that data.

The product also bundles in several charts, which can be inserted into diagrams. Those charts include the basics, such as bar charts, pie charts and so forth, as well as more advanced 3D charts, which give a little more life to the pedestrian data that network managers may be reporting on. Most notable for the IT management realm is the “Relative Value Chart,” which simplifies visualization of cost comparisons when calculating critical IT budget elements, such as ROI and TCO. Timeline, Spheres, and Venn infographics are also well represented by the GUI.

SmartDraw Cloud Engineering and CAD capabilities

While SmartDraw makes no boisterous claims of replacing multi-thousand-dollar design packages, the product does go a long way towards covering the basics by providing several engineering templates that can be used to create electrical wiring diagrams, industrial automation designs, and even architectural blueprints. Users can quickly lay out floor plans, office buildings, circuit panels and several other CAD/CAM type diagrams with relative ease. The included tools and wizards take a lot of the guesswork out of normally complex designs and can expand IT’s role in the design process. What’s more, a short learning curve and ample integrated help makes what may seem at first impossible, an achievable goal for individuals without any prior CAD/CAM experience.

SmartDraw Cloud vs. Visio

At the risk of sounding like a late night infomercial, there is still much more to SmartDraw than the above examples. The product includes templates and examples to build cause & effect diagrams, decision trees, emergency & disaster planning diagrams, flyers & certificates, forms, project management charts, mind maps, org charts, process documentation, schedules, strategic plans and much more. But the product’s real strength comes from the ease of use associated with created those complicated visual representations. SmartDraw Cloud dramatically simplifies the creation of graphics that once required professional graphic artists, complex and expensive software, and days or even weeks of time.

I would be remiss if I did not mention SmartDraw’s primary competitor, Visio. SmartDraw offers several advantages over Visio, starting with the availability of SmartDraw Cloud and ending with ease of use. In between those two comparative bookends lie features such as the ability to share diagrams and the automation that SmartDraw offers in the form of intelligently connected objects. For those comparison shopping, SmartDraw offers the Visio Filter, which imports native Visio drawings into SmartDraw without losing any content, making it easy to play around with SmartDraw’s feature set without having to recreate Visio drawings from scratch.

When it comes to visualizing most anything you can imagine, SmartDraw Cloud is a clear winner.

The post Review: SmartDraw Cloud Makes Network Diagramming Easy appeared first on Enterprise Networking Planet.

ERA v6 is the management half of ESET’s endpoint security solution, and is used to provision, control and policy-enable ESET’s complete anti-malware and security suite on enterprise endpoints, including mobile devices and most anything else that connects to the network. In short, ERA v6 aims to ease the management of dozens, hundreds, or thousands of endpoints using ESET’s endpoint security products.

A Closer Look at ERA v6

The ERA agent, a small application that runs on endpoints and enables endpoints to be fully managed and protected by ERA v6, tightly integrates ERA v6 with endpoints.  This tight integration is critical, as ERA v6 wears multiple hats so that a network security administrator doesn’t have to. Case in point: ERA v6 combines everything from client software deployment (agent and AV), endpoint updates, policy enforcement, and security control management into a single management console, which also acts as fully instrumented dashboard.

Other advantages offered by ERA V6 include:

• ERA Web Console: The ESET Remote Administrator Console is now web/browser based, allowing administrators to manage the network from virtually anywhere. The Web Console is the primary interface used to administer clients; it can be used to execute any of the product’s functions. The browser-based console uses AJAX technology to offer a robust application experience. Most all chores are guided by a wizard, and integrated query and reporting tools allow administrators to customize views, reports, and other administrator-centric intelligence to further ease the security management burden.
• ESET License Administrator: The ESET License Administrator portal allows administrators to manage credentials for their software, convert older username and password-based credentials into license keys for use with ERA 6, and grant license management privileges to co-workers or partners.
• ERA Agent: The ERA Agent facilitates all communication from the server to the endpoints and stores information about policies locally to enable the fastest response to emerging threats. All communications between the server and the endpoint are encrypted using SSL certificate-based security.
• Rogue Detection Sensor (RD Sensor): The RD Sensor works with the ERA Server to detect any unprotected client computers connected to the network. That eases adding new systems to the protection policy and also identifies potential threats due to noncompliant systems.
• ERA Proxy Server: The ERA Proxy Server can be used on larger networks to help distribute load from client computers to the ERA Server.
• ERA HTTP Proxy: The ERA HTTP Proxy serves as a central location where computers on the network can locate updates or other assets (for example, installer files for ESET products).

Installing and Configuring ERA v6

ERA v6 supports multiple installation scenarios, leverages browser-based consoles, and offers unified endpoint security management. Embracing the growing demand for enterprise-level virtual appliances is a good move, as evidenced by the ease of installation associated with the company-provided OVA (Open Virtualization Appliance) file, which can be imported directly into a virtual server environment such as VMware (vSphere, Player, Workstation), Oracle Virtual Box, ESXi, or Microsoft Hyper-V.

ERA v6 Main Console

The OVA file contains a fully functional CentOS 6.5 operating system and all of the ERA v6 software, allowing administrators to quickly create a virtual server instance of ERA v6. This eliminates the need for a dedicated server or enterprise-level ESXi implementation, provides the ability to use a desktop OS to host the hypervisor, and allows administrators to deploy ERA v6 on a non-server OS.

For those not wanting to venture down the virtual appliance route, ESET also offers wizard-based installation for Windows and Linux, which proves even simpler than OVA-based installation, auto-installing perquisite elements, such as SQL server. However, it is still a good idea to have .Net and JAVA pre-installed on the target management server system.

Once installed, administrators can launch the ERA v6 management console using a browser and the IP address provided during the installation process. The console offers users guided configuration steps and wizard-driven capabilities to further ease initial setup. Wizards, interactive help, and guided processes are offered throughout the product and are available for most any process.

ERA v6 Agent

As stated earlier, ERA v6 requires that the ERA agent be installed on endpoints to enable manageable security. In the past, pushing agent software out to an endpoint required several manual steps, and sometimes interaction with the end user, with the worst-case scenario involving  need to send a technician out to physically install the agent on the endpoint.

ESET attempts to eschew some of the manual steps of agent installation by offering a feature called “Server Assisted Agent Installation,” which provides the local installer with the needed certificates from the ERA server. Beyond that, the help file offers several different scenarios and options to ease the installation of the agent. Administrators can also use a feature called the ERA Agent Live Installer, which pushes out a preconfigured Live Installer package from the ERA server in the form of a batch file, which can be run as part of a login script or using other automation technologies. It can even be emailed as a link to the end user. Finally, administrators can conduct a remote installation, which can be a major time saver on enterprise networks.

Remote installation is executed via the ERA management console’s Server Task menu as a function of the Agent Deployment wizard, which is then used to identify target systems. The administrator will need to provide the suitable credentials for the target endpoints, which should not be a problem on a managed network, especially a Windows network using Active Directory.

Speaking of Active Directory, it is important to note that ERA v6 offers full integration with AD, allowing the product to query critical information. AD integration further simplifies deployment as well as management of security settings on various PCs throughout the enterprise.

ERA v6 Critical Features

Beyond the basics outlined above, ERA v6 offers several critical features to secure enterprise networks. First and foremost is the product’s ability to administer ESET Endpoint v6 security products. ERA v6 offers full control of the settings, policies, updates and deployment of security on the endpoint, while also providing the tools to monitor and report on those endpoints.

As security management tools go, ERA v6 brings to the table several other features that are quickly becoming necessities for security administrators today. Of particular note is the rogue system detection capability, which looks for and reports on unprotected systems connecting to the network. That proves critical on today’s networks, where spyware and malware can infect complete networks when a compromised system connects.

ERA v6 Notifications

Advanced reporting features are also readily apparent in the product. Administrators can use the integrated report writer to build custom reports if the hundreds provided do not meet their specific needs. Reports can include graphical elements, such as charts and diagrams. Numerous filters and sort options are also part of the reporting engine.

Arguably one of the most important features is the ability to create custom policies and define dynamic groups. Administrators can use the product’s wizard based tools to create and enforce policies that include everything from security settings to software deployment to most anything one can imagine. Furthermore, policies can be applied to specific machines, groups, and domains, or even executed based upon Boolean logic.

While full automation is nice to have in a network security product, nothing beats staying informed. Here, ERA v6 offers a notification system that uses a wizard to define what events should be reported to administrators and how those notifications are delivered.  For example, a SIEM (Security Incident Event Management) system can be used to send notifications can sent via email, or other methods.

Conclusion

ERA v6 brings together all of the needed management components in an easy-to-use Web console that allows administrators to focus on the issues that matter and not waste precious time configuring desktops, while still ensuring that endpoints are fully protected from the ills of malware.

The post ESET Remote Administrator: ERA 6.0 Features & Review appeared first on Enterprise Networking Planet.

While not suitable for production environments thanks to the lack of high availability, update manager, vCenter management APIs, and other add-ons and features that come with the purchase of a license, the free version of vSphere is an ideal platform for experimentation, testing and learning about bare metal hypervisors. What’s more, the free version proves suitable for running the occasional virtual appliance or testing new operating systems. Get started with these tips.

Prepare your vSphere test environment

VMware vSphere Hypervisor 5.5, which is built upon VMware’s ESXi 5.5 virtual server software, is a bare metal hypervisor that includes support for a variety of hardware combinations and includes management via the VMware vSphere Client application, which can be installed on most any Windows-based system. Nevertheless, there are some pre-requisites that must be met before an administrator can experience all that VMware’s free bare metal hypervisor can offer.

• Choose your hardware carefully. Although ESXi supports a wide array of hardware, that hardware still needs to be sized for the task at hand. The more processing power and memory you can put through at a virtual machine, the better the VM’s performance and capability. Also, administrators need to make sure that the resources available meet the needed resources for the virtual server or virtual appliance that will be running on the bare metal hypervisor. It is always a good idea to check VMware’s knowledge base for hardware compatibility. 
• Identify software to be tested. Having an inkling of what operating systems, virtual appliances and the level of integration needed is critical to devising a test environment. Not only is it necessary to make sure that the software will run under the hypervisor, it is also necessary to determine whether the virtual hardware provided offers the performance and capabilities needed by the software to be tested.
• Create a robust network backbone. It almost goes without saying that gigabit Ethernet connectivity is a must, especially for situations where a client system running the vSphere Client will be used to create virtual machines on the host.
• Always download the latest version of VMware vSphere and associated software before creating a new virtual host. Download the software as ISO images so bootable DVDs can be created, easing the installation process.
• Update hardware BIOS. Odds are, older systems that are being removed from service will become the hardware platform for hypervisor experimentation. Reduce the occurrence of problems, or bugs by upgrading the BIOS to the latest available version to ensure compatibility.
• Plan the network infrastructure. Select IP addresses to be assigned and know DNS, DHCP, Subnet Masks and other pertinent information to deploy the system. Prepare notes for keeping track of assignments, accounts and passwords.

Get vSphere up and running and bring a virtual Windows server online

Following the above guidelines should help reduce the occurrence of problems and speed the creation of a bare metal hypervisor for experimentation and validation purposes. Setting up a vSphere platform is not a plug-and-play procedure. There are some specific steps that must be taken to garner a successful, operational deployment of vSphere. VMware does offer quick start guides and other documentation, however that documentation proves to be overly comprehensive and can be difficult to navigate. Most administrators would prefer to start off with a simple set of steps to get started. Outlined below are the steps to get vSphere up and running and to bring a virtual Windows Server online.

ESXi 5.5:

1. Create a bootable DVD from the downloaded ESXi image file (.ISO) that was downloaded. Windows 8 and above provide the capability to burn a bootable ISO disk natively. Older versions of Windows may require getting a hold of a utility, such as Bootable Windows 7 ISO Maker.
2. Make sure the system that will serve as the host system has an empty hard drive, connected monitor and keyboard, and a network connection. Set the BIOS to boot from optical media.
3. Load the bootable DVD/CD and start the system.
4. Follow the ESXi installer wizard, which will prompt for where to install ESXi. Once the interactive wizard completes, the system will reboot and load ESXi, which will be ready for configuration.
5. Once the system is up and running, press F2 to configure basic information on the ESXi host, such as such as IP address, netmask, gateways, enabled NICs and so forth. Document all of the settings, including IP addresses assigned, as well as account information and passwords.
6. Once pertinent information has been inputted, make sure the host is reachable from other systems on the network by using the ping command.

If more than one physical server is being deployed (the free version of vSphere 5.5 includes support for 2 physical servers), repeat steps 2-5. Once completed, ESXi management will take place using a remote computer running a client application.

VMware vSphere Client:

1. From a connected Windows system, launch a browser and connect to the ESXi server using the assigned IP address.
2. The ESXi server will present a web page with some basic information about the physical host, including a link to download the vSphere Client Application.
3. Click on the link, download vSphere Client to the local windows system.
4. Launch the installer and follow the wizard-based prompts to install the vSphere Client application.
5. Launch vSphere Client and input the IP address of the ESXi server. Authenticate to the host using the account credentials created during setup.
6. Navigate to the configuration tab for the selected host, click on license features and follow the prompts to install the license.

Creating a Virtual Machine:

1. Create a new virtual machine from the vSphere Client inventory view.
2. Right-click on the host and select Create New Virtual Machine.
3. A configuration wizard is launched, which offers either a typical configuration or custom configuration.Using the custom configuration provides access to the multitude of options available. It’s a better way for setting up assigned memory, virtual hard drives, available processor cores and so forth.
4. Give the virtual machine a descriptive name to avoid confusion later on.
5. Choose a data store (hard drive) to create the virtual machine on. There can be multiple data stores defined on a host, so picking the correct one to provide enough disk space is critical.
6. Choose the type of virtual machine (version 4, 7, or 8). The latest version is usually the best choice.
7. Choose the operating system to install from the pull-down menu.
8. Choose the number of virtual sockets and virtual cores for the operating system to use. Be careful to not under- or overallocate CPU resources to the virtual machine. Luckily, the setting can be changed at a later date if needed.
9. Set the amount of memory required for the VM.
10. Choose the number of network cards to assign to the VM and the type of Networking to use.
11. Select the SCSI controller type to be used for the virtual machine. If the virtual machine is being imported from a VHD, the controller type must match the original selection.
12. Create a Virtual Disk, making sure the size is adequate for the virtual machine.
13. Click Finish to create the blank virtual machine.

Installing a Guest OS

1. Navigate to Edit Virtual Machine Settings and click on the CD drive setting.
2. Map the CD Drive to either a client device or local device, depending upon where the OS install media is located. Be sure to click the Connect at Power On option box.
3. Insert the guest OS DVD/CD into the appropriate drive.
4. Select Power on the Virtual Machine.
5. OS installation should start as soon as the VM boots and starts the boot loader process.
6. Configure the guest OS using vSphere Client’s ability to access the host console using the console tab on the interface.

The operating system installation should automatically begin and all configuration options, settings and so forth can be accessed via the console.

While there are many steps involved, getting up and running with VMware vSphere 5.5 isn’t all that difficult. It’s a good exercise for those looking to learn about hypervisors and/or test operating systems and software.

Photo courtesy of Shutterstock.

The post Get Started with ESXi with VMware vSphere 5.5 Hypervisor appeared first on Enterprise Networking Planet.

Boston-based LogMeIn offers a new and improved take on help desk ideology with the company’s LogMeIn Rescue, a service that has evolved over the years from a desktop support solution to a full-fledged help desk system. LogMeIn Rescue provides remote control over the web to a multitude of devices while incorporating advanced support features, technician management, and reporting in a slick, affordable service.

Where legacy help desks fall short

Before services such as LogMeIn Rescue arrived on the scene, enterprise help desks were built using on-premises hardware and software products integrated into a rigid support mechanism. Those help desks of yesterday were often limited to supporting systems registered on the LAN and required extensive configuration on the client side to enable remote support and control. What’s more, many of those systems included features that were simply duplicates of other network management products, such as inventory, patch management and security controls. That, in turn, created duplicate management processes and issues with syncing up the information across management platforms.

Fast forward to today and it is clear that enterprises small and large have evolved into multi-site organizations that must support mobile knowledge workers using a variety of different devices. What’s more, many enterprises are now supporting partners, contractors and other external entities, creating a situation where IT has to support devices not managed by IT. Add to that the burgeoning BYOD (Bring Your Own Device) market, which often forces IT departments to support consumer-level devices like tablets and smartphones, and it becomes easy to see how traditional, centralized help desk solutions come up short.

Cloud to the rescue

Solving distributed support issues takes technology that reaches beyond the premises. That’s where cloud-based services come into play. By untethering support from an on-premises solution, help desks can now reach out to any connected device with a secure and resilient platform. As a cloud-based service support platform, LogMeIn Rescue creates a virtual environment where support can be provided from most anywhere to most any connected device. All that is needed is a reliable internet connection to enable a technician to initiate a support session and gain control of a remote device. The end user simply visits a technician-provided URL to enable remote control. No client software has to be pre-installed on the endpoint to offer remote control capabilities.

Hands-on with LogMeIn Rescue

The latest iteration of LogMeIn Rescue is chock-full of features geared towards allowing help desk staffers to focus on end user support, as opposed to managing a complex help desk system.

LogMeIn Rescue accomplishes that lofty goal by providing a subscription-based service where enterprises need only pay a subscription fee to access the LogMeIn Rescue support platform. The management system, along with all of the associated control tools, can be run as SaaS (Software as a Service), eliminating the typical support borders enforced by solutions housed within the corporate perimeter.

That said, LogMeIn Rescue does also offer a desktop application for both Windows and Macintosh PCs, which allows support staffers to access the features of LogMeIn Rescue without needing to use a local web browser. The LogMeIn Rescue Desktop Application provides improved performance and technician experience. For example, navigation of the menus is enhanced and mouse right clicks for contextual menu elements are supported. 

The LogMeIn Rescue technician console offers a GUI-based interface to control remote systems, execute scripts and chat with remote users. Navigation is straightforward and technicians can readily solve a plethora of problems directly from the console.

From the technician console, support personnel can accomplish many tasks. The console enables technicians to:

• Control multiple simultaneous active sessions.
• Connect to remote PCs (Mac, Android and IOS) via a code or emailed link.
• Have complete remote control, as well as view desktops and provide access to a whiteboard system for collaborative support.
• Access detailed session history and notes
• Launch chat sessions and leverage predefined responses, as well as push URLs and initiate file transfers via chat.
• Execute scripts and transfer files
• Take screenshots and record sessions
• Access detailed system diagnostics, execute reboots and then reconnect
• Monitor a shared global queue and collaborate with other technicians.

Support personnel will find both the browser-based console and Windows application easy to navigate and use. However, at least when it comes to speed and functionality, the Windows application offers a better overall experience.

One very impressive feature is how easy it is to start a support session. A wizard-guided help system clearly points out what a technician needs to do to start supporting a remote user and offers several different options for the remote user to connect. 

Starting a support session takes little more than filling out a simple form and providing the remote user with a link, email or SMS message with instructions on how to accept remote support.

For example, clicking on the “Create PIN Code” button generates a PIN that the remote customer can use when visiting the LogMeIn website. All the customer has to do is enter the PIN. They are automatically placed into the support queue for the technician to start working on the remote system.

Once the user launches the link or initiates the session, the support technician will gain access to the remote system, but only if the end user authorizes the connection. That helps eliminate any confusion as to who is accessing the system and when.

Technicians can only access a remote system if the remote user first approves their access.

Technicians are able to fully interact with customers, ask questions, and give suggestions via a chat system incorporated into the product. Chats are logged and archived and become a handy tool for reference or even creating support service bills.

A fully integrated chat system provides one-on-one communications between the technician and the end user.

Once connected, technicians can perform a variety of functions, one of the most important being finding out how the system is configured and if there are any immediate problems, errors or other oddities.

Technicians can query the remote system and find out most anything about it before even attempting to remote control the system.

One of the most important capabilities comes in the form of a seamless file manager, which allows technicians to move files between the remote system and the support system. That allows technicians to quickly back up important files, transfer over applications or even upload patches to the remote system. 

A fully integrated file manager makes it easy for technicians to move files and patches over to the remote system.

Since some repairs may require multiple reboots or take several hours to complete, LogMeIn Rescue offers the unique ability to maintain authorization for remote control sessions over a scheduled time frame. In other words, the technician can set up future sessions to connect to without the need of end user interaction, allowing the tech to service the system even after the user has left for the day.

The ability to access systems without end user intervention is a critical capability for those supporting remote systems in the off hours. LogMeIn Rescue supports that capability by incorporating a support scheduler.

With LogMeIn Rescue, technicians can perform most any task and give full support to remote users on a variety of devices. Save for hardware errors, LogMeIn Rescue provides the power and capabilities for technicians to solve problems on end user devices without ever having to physically touch the device.

LogMeIn Rescue Help desk management

For those running help desks, LogMeIn Rescue provides capabilities that allow the product to integrate with several help desk management platforms. Out of the box, LogMeIn Rescue will integrate with:

• Salesforce
• Zendesk
• ServiceNow
• BMC Software
• Autotask
• Connectwise
• Spiceworks
• Freshdesk
• BOLDCHAT 

With that in mind, LogMeIn Rescue can become a primary tool for a fully integrated help desk solution for service businesses of any size.

Beyond the integration capabilities, LogMeIn Rescue also offers technician and administration management, which allows managers to create administrators and technicians or technician groups, assign people to specific groups, and assign permissions at a granular level.

Managers can also create support channels that allow specific issues to be assigned to specific groups and follow through escalation levels to improve customer service. Advantages offered to managers include technician monitoring, customer surveys and customer satisfaction reporting.

Conclusions

LogMeIn Rescue proves to be a capable service for improving support and allowing organizations to leverage cloud-based customer service solutions. The service is quick and easy to set up and offers ample options for remote control and technician management, as well as ease of use for end customers.

What’s more, the product records sessions and tracks technicians, services and support session results, making it a powerful tool for support managers looking to improve customer support and service a mobile workforce across multiple platforms.

The post Review: LogMeIn Rescue Empowers the Help Desk in the Cloud appeared first on Enterprise Networking Planet.

What’s more, the product supports a broad family of plugins, add-ons and integrations (some free, some for a price), supported by a vast array of third-party vendors. Those add-ons and options turn SpiceWorks Network Monitor into an extensible network management platform.

Spiceworks Network Monitor offers network inventory, network monitoring, help desk software, and mobile device management (MDM), all integrated into a browser-based console that sports a direct connection to community-based support and cloud services detection via the Spiceworks forums. Spiceworks Network Monitor helps you manage everything about your IT workday from one easy place, for free.

One may ask how Spiceworks Network Monitor can be free. The answer is simple: The company relies on embedded advertising from vendors that participate in the Spiceworks community.

Hands-on with SpiceWorks Network Monitor

All it takes to get a hold of Spiceworks Network Monitor is to join the Spiceworks community and then download the application. Once downloaded, installation is a simple matter of running the downloaded file on a Windows system. Installation is automated for the most part and only requires some very basic information.

SpiceWorks Network Monitor offers three primary features:

1. Network Inventory and Management: A module that queries the network and discovers all of the attached devices, organizes them by type and further drills down into the particulars of each device, offering critical information. Administrators can then manage those devices from a central, browser-based console.
2. Centralized Help Desk: A module that supports the creation of help desk (service) tickets and tracks their progress, as well as the status of each help desk request, bringing organization to the service-related functions of an IT department.
3. Mobile Device Management (MDM): A newer capability built on a subset of Fiberlink’s MaaS360 commercial management product, the MDM built into Spiceworks Network Monitor enables administrators to manage devices in the field, as well as inventory those devices and keep better track of them.

For this review, we will focus on the primary feature, Network Inventory and Device Management, a key component that must be deployed before considering the usability of those additional features.

A Closer Look at Spiceworks Network Monitor’s Inventory and Network Management

In its latest iteration, Spiceworks Network Monitor has vastly improved its network inventory and network management module. First up are improved inventory and activity scanning functions, which now can be scheduled or delayed, as opposed to running a full scan every time the product is launched. The ability to schedule scans improves the product’s performance, while still giving insight into what is happening on the network.

For example, an administrator may want to check a server’s connectivity or free disk space every few minutes, but check for newly installed software every few hours and then leave all other scanning for the off hours. That is possible, since administrators can modify the default scanning schedules as needed.

The device inventory scan sports significant improvements as well. In the past, Spiceworks considered a device fully inventoried even if it could only detect an IP address. Now, Spiceworks will flag devices that lack descriptive information, allowing administrators to manually identify the device or at the very least be made aware of devices that lack any meaningful descriptive elements.

For those hard-to-identify devices, Spiceworks provides additional information, such as ports in use, nslookup, traceroute and other utilities to help the administrator figure out what the device is. Once devices are inventoried and identified, administrators can use Spiceworks Network Monitor to manage those devices. That is where Spiceworks offers its true potential.

The management portion of the product provides administrators with an inventory-centric view of all devices on the network. Those devices can be grouped, filtered and organized in multiple formats, giving administrators a decent logical representation of the network.

From the management console, administrators have access to a multitude of controls and tools. Not only can they drill down into additional information about each device, they can also execute scripts, install or uninstall applications, and start or shut down services, as well as reboot or shut down systems. With a few simple steps, administrators can also execute remote control of systems, though that does require the addition of other software or services.

Other notable capabilities include detection of cloud services, such as Dropbox, LastPass, LogMein, Skype and numerous others. That ability is an important consideration for those trying to track down shadow IT, identify potential security problems or gain better control over network services.

Beyond detection and control, Spiceworks offers several other features that should make any network manager’s life a little easier. For example, the product includes extensive reporting, allowing administrators to create customizable reports. Some use cases include inventory reports to help identify assets. Other reports, such as installed software reports, help with version control and patching chores.

Those software reports also can include critical information, such as license codes and usage. Administrators can also report on logs, history and several other elements allowing them to create comprehensive reports for budget or management purposes.

For those new to network management or those trying to deal with a thorny network issue, the integrated help is a welcome feature. Not only does the integrated help system offer an extensive knowledge base, it also offers seamless connectivity to the Spiceworks community, where other network managers can offer advice, help solve problems or act as a sounding board.

Simply put, if you can’t find an answer to your dilemma in the knowledge base, more than likely there is someone in the Spiceworks community who can help.

Conclusions

Spiceworks Network Monitor may not be the perfect solution for everyone. But if you can tolerate advertising and are looking to get a start with network management, you will be hard-pressed to find any other product that can offer everything Spiceworks does, especially when you consider the cost: Free!

The post Review: Spiceworks Brings Free Network Management to the Enterprise appeared first on Enterprise Networking Planet.

Enter Vectra Networks, a San Jose, CA-based startup that came out of stealth mode earlier this year. Vectra’s X-Series security appliances combine advanced security analytics with machine learning to identify data security threats in real time.

To truly appreciate the technology that Vectra has developed, one has to first understand how attacks and intrusions happen on today’s networks. While it would take a thick tome to explain the attack process fully, the basics amount to a few critical steps. These are the most commonly used by hackers and data thieves today.

• Initial Exploit: Often defined as the first attempt to break in to a network, the initial exploit is an attacker’s first attempt to leverage a weakness in a given entry point. The initial exploit is usually predicated by a software implementation flaw on a not-completely-patched system. Internal attackers may not need to leverage this type of attack vector, but initial exploits are common in attacks that begin outside the network perimeter.
• Internal Recon: Once through the network perimeter protection schemes, attackers start a process called reconnaissance. During this stage, they can employ a number of techniques to discover the assets on the network. Internal recon delivers information on systems, applications and so forth, helping attackers build a sense of the network landscape.
• Lateral Movement: Here, the attack spreads across internal network resources, using a variety of automated and manual techniques to attack the identified assets and attempt to infiltrate those systems.
• Data Acquisition: After infiltrating internal systems, techniques are used to gather data deemed desirable. That data could be intellectual property, customer information, or anything else of tangible value.
• Data Exfiltration: Here, the data that has been identified and collected is then processed in such a fashion to deliver it to an external resource using techniques that hide the activity, such as tunnels hidden in regular HTTP traffic that deliver data files to external storage services.

Obviously, much more activity and many additional subtasks can be incorporated into an intentional data breach, but the process almost always involves the basics of infiltrate, reconnoiter, identify, acquire and exflitrate.

While one may assume that it should be easy to uncover any of the abovementioned actions, the ease or difficulty of the task comes down to how those actions are hidden within the typical noise of network traffic and how each action is separated by time, method and activity. In practice, these variables often make it incredibly challenging to identify an attack in progress and proactively defend against it.

Here’s where Vectra Network’s automated threat detection comes onto the scene. It defends against hacks and prevents data breaches by intelligently correlating seemingly unrelated events into actionable notifications, helping security analysts battle insider and outsider threats, botnets and much more.

On page 2: How Vectra’s X-Series security appliances can prevent data breaches

Header photo courtesy of Shutterstock. All other images provided by the author.

Hands-on with the Vectra Networks X-Series security appliance

The Vectra X-Series security appliances monitor all internal network traffic by connecting to a span port on the core switch. Multiple connections to multiple span ports on different switches allow the appliances to analyze all possible network data, east-west and north-south traffic, even if that data is travelling across physically isolated subnets.

Initial setup of an X-Series appliance requires little more than using a console connection to set the initial IP address for management. After a known IP address is assigned to the unit, further management takes place using an AJAX-based web/browser management console. The management console allows administrators to further configure the unit with additional settings, such as DNS server IP address, syslog server IP address, email alerts settings, and any public IP subnets (on the internal network) for inclusion in traffic analysis.

For the majority of adopters, the default settings will prove adequate for detection and reporting purposes. Fine-tuning, such as ignoring specific detections, can be done at a later date if needed.

Vectra takes a somewhat unusual approach to identifying assets on the network. The company nomenclature refers to assets as hosts. A host is nothing more than any device assigned an IP address at a given point in time. Vectra also “fingerprints” each host using a variety of artifacts, ranging from MAC addresses to DNS host names. The idea here is that every network-attached element on the network can be identified, classified and associated with its traffic.

Fingerprinting hosts further enables Vectra’s machine learning and automated heuristics to identify the relationships between network traffic, normal usage and the device in question. Ultimately, Vectra is able to create a relationship equation that defines normalized behavior and differentiates it from minor and significant anomalies. This then provides the appliance with the information to score the relevance of possible intrusions, attacks and data theft in real time.

Of course, identifying and rating anomalies provides little value if that information cannot be conceptualized, contextualized, and delivered in an easy-to-understand fashion. This is an area in which Vectra’s X-series security appliances excel. The underlying security event analytics are presented using visual representations that might be the high-water mark for security event data visualization achievements.

Instead of presenting administrators with static lists of alerts and associated grades, Vectra creates real-time, intuitive reporting that emphasizes activities that must be attended to immediately. Reports and visualizations clearly indicate what hosts are outliers of the normal range of expected activities, determined by a pair of host scores referred as Vectra’s Threat Certainty Index.

Administrators can readily drill down into the details of any given host and further investigate why that host has been identified as an outlier. The impressive drill-down capability gives administrators a visual representation of the host’s activity and how that activity may fit into an attack’s progression. For example, the console provides a graphical element to illustrate an attack in progress. Administrators can quickly judge the severity and the level of success by just glancing at the graphical progression of the attack and make a decision on the spot as to what action should be taken.

The details screen for the selected host also provides other critical elements, such as scores for threat level and certainty of the detected behaviors according to the Threat Certainty Index. Both of those scores are calculated using a rollup of detections, each of which is scored individually, to give a clear assessment of attack severity while allowing an administrator to delve further into each individual detection.

Another impressive feature is the ability to relate “context” to activity. Here, administrators can evaluate the context of a suspected attack and use that information to detect whether there was indeed a compromise or if the detection of a possible attack was related to a non-malicious cause, such as a change in operational procedures or due to a misconfigured device.

For example, if a host device is assigned a new chore, such as performing extensive backups of network resources, administrators can ascertain that that anomalous activity is a non-threating event without having to first spend hours determining context and the likelihood that data theft is involved.

When additional information is needed to clarify concepts for administrators, the system offers a knowledge base of attack definitions. These define the level of the threat, provide the likelihood of the attack, and detail the root causes behind the identified event. An interesting feature of the system is the ability to print out all of the attack definitions into a single document, which makes it a valuable training tool.

Administrators can further fine-tune the Vectra X-Series attack detection system by identifying “key assets.” Making a host a key asset raises its importance in the activity visualization process. By classifying assets, administrators can adopt a triage approach to dealing with threats, quickly determining what needs to be done immediately to protect a key asset. Tasks associated with lower-priority hosts can be put off until the opportunity presents itself.

What’s more, the visual representations of potential problems allow even neophyte network security managers to quickly interpret and respond to threats before serious problems arise. This in turn helps IT managers meet the challenges associated with hiring seasoned security professionals.

That ease of comprehension doesn’t end at the management screens. Vectra’s X-series security appliances also offer reports that break down events into a “management view” that removes much of the technobabble and presents the information in a fashion that non-technologists can easily understand.

Conclusion

Vectra Networks’ X-Series security appliances prove that behavioral analytics can provide an excellent option in the ongoing fight against data theft and other intrusions. Events that other systems may ignore, such as multiple login attempts to an unusual resource, are detected and escalated to a notification level that prompts administrators to look further into the problem.  What’s more, Vectra Networks clearly demonstrates the power behind data visualization, a power that has gone unnoticed in the world of IT security systems.

Header photo courtesy of Shutterstock. All other images provided by the author.

The post Review: Vectra X-Series Prevents Data Breaches with AI appeared first on Enterprise Networking Planet.

What’s New in Solarwinds NPM Version 11

With each release of NPM, Solarwinds has expanded the feature set. In my past reviews of products from Solarwinds, including Solarwinds UDT, Solarwinds IPAM, and Solarwinds FSM, I noted how well the company integrates new capabilities into each revision of their products. Version 11 of Network Performance Monitor follows that pattern.

Version 11 of NPM introduces what may well be a game changer in the monitoring and analysis segment of the network management market: Deep Packet Inspection (DPI) analysis capabilities. Unlike stateful packet inspection (SPI), which only looks at a packet’s header and footer, DPI examines the header, footer, source and destination of incoming packets as well as the data part of the packet, searching for illegal statements and pre-defined criteria, allowing administrators to define rules that determine whether the traffic should pass through the network.

Simply put, DPI makes it possible to find, identify, classify, reroute or block packets and make determinations based on the content contained in the data packets. It also helps administrators ascertain whether the traffic is secure, compliant, permitted and genuinely required by the end-user/endpoint application.

Ultimately, DPI allows NPM (Network Performance Monitoring) and APM (Application Performance Monitoring) to be combined in a single management silo. That in turn brings a new capability to network managers, one referred to as AA-NPM (Application Aware Network Performance Monitoring). AA-NPM is the key to delivering deeper metrics about both applications and traffic simultaneously, greatly simplifying the performance troubleshooting process.

Other enhancements to the product include:

• Quality Experience Dashboard: Enables administrators to quickly find underlying issues for network performance concerns using a visual model that highlights elements such as latency, data volume and transaction counts.
• Application Dashboard: Allows administrators to delve into application details and chart elements such as application response time, network response time, data volume and transactions.
• Traffic Categorization: New charts and tables visualize the types of traffic and how those traffic types consume bandwidth across the enterprise.
• Packet Analysis Sensors: Network Packet Analysis Sensors (NPAS) can monitor traffic at SPAN/mirror ports and directly on Windows servers.

While those enhancements are notable, the new Deep Packet Inspection analysis capabilities bring the most value to the product, enhancing all monitoring, troubleshooting and analysis capabilities offered by NPM. Case in point is NPM v11’s ability to perform application aware network performance monitoring.

The Quality of Experience Dashboard offers details on application performance, network performance and the overall quality of usage experiences.

When investigating application or network performance issues, administrators can now drill down further into the details of each application and look at information such as response time and details about the application server. CPU load, memory usage and packet loss data round out the picture and give administrators a fuller understanding of how well an application, its servers, and the surrounding network are performing. That server-to-endpoint analytical capability should prove to be the ideal for troubleshooting many  application-related issues.

Hands-On with NPM v11

Network managers responsible for day-to-day operations will find a strong ally in NPM v11. Chock-full of tools, analysis capabilities, reports and dashboards, the product offers immediate value even during installation. NPM v11 has the capability to auto-discover physical and virtual devices on the network using ICMP, SNMP and WMI. In other words, the product will dynamically discover switches, firewalls, routers, wireless access points, servers, and any other SNMP-enabled devices. What’s more, the discovery process continues to run in the background and informs administrators when new devices join the network.

Once devices are discovered, administrators can choose to import those devices into NPM for monitoring and management. A wizard that guides administrators through the import process makes the process exceptionally easy. While importing devices, I was able to choose how the devices should be grouped, based upon filtering parameters, such as device type, interface or other elements specific to a particular device group.

NPM’s discovery engine finds newly attached devices and then offers administrators a simplified way to add those discovered devices to the NPM management systems. Discovery can be scheduled or manually initiated when needed.

First-time users will most likely access NPM v11 using the customizable web console-based dashboard, which defaults to the NPM summary page, which shows actionable elements such as active alerts, high utilization events, hardware health and most recent events.

The NPM summary screen is the primary entry point into NPM. From the summary screen, it is very easy to ascertain the status of the network and delve deeper into issues using drill-down controls, submenus and other navigation tools.

Further easing the management process is the Network Atlas, used to identify all physical and virtual elements on the network. It works hand-in-hand with the mapping tool to create a visual representation of the network. That visual representation offers color-coded links to show the status of the devices on the map. Administrators can import images to use as a background on the map, such as states, cities, geographical maps and so forth, making it easy to identify the location of problems and where their impacts are felt.

Administrators can use the Network Atlas to create visual maps that show the location, status and pertinent information about physical and virtual connections on the network.

Perhaps one of the most powerful capabilities offered by NPM v11 is the ability to drill down into the minutest details from the “all nodes” applet on the dashboard. Hovering over a node on the dashboard provides the current status of the node, clicking on the “plus” icon offers additional information, and clicking on the node name launches a detailed information screen.

The node details page provides a plethora of information.

Administrators can quickly troubleshoot most any problem by drilling down into the Node Details page, where they can further expose elements shown on the details dashboard and leverage ability to filter by time range, connections and other settings.

The Vital Stats screen of the Node Details dashboard provides critical information such as latency and packet loss in both chart and graphical formats.

One of the most relevant troubleshooting capabilities comes from the ability to delve into transmission statistics, such as latency and lost packets. Using that information, administrators can fully trace performance issues to their root causes, instead of making assumptions about whether performance issues are related to applications, application servers, internet connections, routers or something else completely.

Therein lies the true value of Solarwinds NPM v11. It can be summed up as eliminating many of the time-wasting steps of troubleshooting that are normally based upon assumptions and not facts or evidence gathered.

The post Review: Deep Packet Inspection Comes to Solarwinds NPM appeared first on Enterprise Networking Planet.

McAfee, a wholly owned subsidiary of Intel, aims to quell today’s security concerns by combining a plethora of security technologies (IPS, IDS, AV, NGFW, etc) with Advanced Evasion Protection, which the company claims can stop attacks delivered by obfuscation techniques, securing enterprise networks against intrusions, APTs and much more.

While that may be an almost unbelievable claim, McAfee’s NGFW software, now in version 5.7, backs it up.

Hands on with McAfee’s Next Generation Firewall (Versions 5.6 and 5.7)

I put McAfee’s NGFW software through its paces at the company’s Santa Clara, CA, headquarters using a test lab that consisted of multiple distributed Next Generation Firewalls controlled by the company’s Security Management Center (SMC). SMC works as the conductor for centralizing control and policy distribution among the whole family of McAfee NGFWs regardless of physical locations, giving a holistic view of all security in a distributed network.

One of the first tests I performed exercised the SMC’s ability to remotely add a new firewall to the test environment. The process highlighted the ease of use and robustness of SMC.

Adding a firewall can be done using three different methods, two of which are very simple (cloud configuration delivery or USB-based configuration file) and one that requires a bit more hands-on interaction. I chose the latter method, launching an “add firewall” wizard from the SMC management console. The manual configuration required that I input common network criteria, such as port definitions and IP address assignments.

The end result was a configuration file and single-use configuration password. After that process, I had to manually use the new firewall’s CLI to input some more basic information, such as IP information, and provide the temporary password to allow the firewall to connect with the SMC management server. The process was not at all difficult, just time-consuming. For busy administrators, I recommend using either the USB method or cloud-based configuration file delivery.

Once the firewall rebooted, SMC recognized it and allowed me to push down the initial policy, which brought the firewall online. This was the last time I had to use the CLI. All subsequent management tasks occur in the SMC GUI.

After initial configuration, the most important tasks involve defining policies, which control most everything in the firewall, including its usage and who/what can connect. Policies are the key differentiator between “dumb firewalls,” which rely on canned rules, and NGFWs, which offer granular control of individual connectivity elements.

Policies are defined using the SMC management console, which offers a policy definition subsection. Policy definition is simple, and the product incorporates a validation engine to verify that policies make logical sense before they are deployed to the subject NGFW. The definition process also offers several pulldown menus and extensive help, enabling even novice administrators to quickly define standard policies for most use cases.

I was able to define a policy that blocked social media access with just a few mouse clicks and immediately deploy it to a target NGFW. Once the policy is deployed, an active logging system relays policy enforcement actions in real time, exposing the policy’s impact on users. One feature I found particularly useful here was the ability to right click on a log message and then redefine a policy. For example, when I saw that a user’s Facebook access was blocked, I was able to click on the event and add an exception to the policy to allow access.

Policies are fully granular and can be applied down to the individual user level, as well across a complete enterprise. Policies can also be nested, allowing administers to create site polices that can further be controlled using sub-policies, user-based policies, group-based definitions, and most any other authentication scheme.

McAfee’s NGFW family of products offers a full range of security capabilities, just like many of its competitors. These capabilities include intrusion detection and prevention, application-level security, deep packet inspection, unified management, policy creation and control, VPN support, and anti-malware technologies.

What differentiates McAfee’s NGFWs from the competition are three core capabilities that the company has mastered:AET blocking, Multi-Link deployment, and High Availability. We’ll discuss those on Page 2.

How the McAfee NGFW blocks AETs

Arguably one of the most critical capabilities of a NGFW is its ability to prevent malicious code from traversing the network. AETs have made that task especially challenging in recent years. AETs slip past traditional AV and anti-malware solutions by slicing and dicing malicious code to trick perimeter defenses. The code then reassembles at the endpoint. McAfee claims its Advanced Evasion Protection (AEP) feature prevents that from happening. My tests support that claim.

AEP works by combining raw processing power with multi-OSI layer analysis to fully reassemble payloads before allowing them to move onto an endpoint. McAfee accomplishes this by using horizontal packet assembly techniques to look at larger pieces of code. The vendor’s competitive advantage here comes down to that code examination. Competitors rely on ASIC-based processors, which use vertical segment analysis and therefore might miss the obfuscation techniques used for AETs.

To test the product’s AEP capabilities, I used an obfuscation tool known as Evader, to build an APT attack and attempt to pass it on to an endpoint using AETs. The McAfee NGFW effectively blocked every scenario I concocted.

McAfee NGFW Multi-Link technology

Some of the product’s other advanced capabilities leverage Multi-Link technology, which prevents single points of failure, handles load balancing, incorporates augmented VPN technologies, and supports slipstream product updates. Simply put, Multi-Link is the key McAfee High Availability (HA) solution. Larger, multi-site networks will benefit from the stronger links provided by Multi-Link.

Deployed using the SMC, Multi-Link ties together multiple ISP connections that appear as a singular IP path to available resources. All I needed to know was some basic IP and ISP (Net Link) information to quickly make a Multi-Link Connection live. Each Net Link supports QOS/Prioritization, so a link can be assigned as high priority or low priority, which drives the HA algorithms. Choices include active/active or active/standby, which controls traffic routing. Load balancing can use round-trip time for determining the route, or a ratio calculation that assigns traffic based upon available bandwidth percentages. Optionally, load balancing can be disabled, making HA the priority.

Augmented VPNs on McAfee NGFWs

McAfee’s Multi-Link technology also empowers the capabilities of VPN connections, creating something referred to as an Augmented VPN (aVPN), which load balances VPN traffic across multiple connections. Thanks to the drag-and-drop capabilities of SMC, creating an augmented VPN can take under a minute. aVPN is built into the solution and offers additional security in the form of integrated IPSec support, which fortifies encryption.

The nifty thing about an augmented VPN is that VPN traffic can be aggregated across multiple Net Links (using Multi-Link), creating a high-speed, low-cost VPN tunnel for either endpoints or site-to-site communications that incorporates HA without any extra effort. Testing the augmented VPN showed that interrupting any Net Link did not disrupt the VPN traffic. The NGFW simply continued to aggregate the traffic over the available Net Links without any noticeable impact on the endpoint transmitting information.

McAfee provides their own IPSec client VPN software, which fully integrates with the VPN server capabilities and keeps logs filled with pertinent information for auditing, troubleshooting and general reporting. The logging also provides ample proof of how well the augmentation and policy enforcement works.

McAfee NGFW scalability

As enterprises grow, scale becomes an important consideration. Enterprises that grow faster than expected often find themselves in a conundrum when scale comes at a very high price. McAfee addresses scalability issues by incorporating a clustering capability that is both inexpensive and easy to deploy. What’s more, the clustering also offers significant throughput and speed advantages without introducing unnecessary complications.

One of the key elements of clustering is that adding, removing, reconfiguring and updating NGFWs can take place in real time and without interrupting operations. McAfee’s ability to cluster NGFWs that are running different versions of the core software (or even different models) is a key advantage, allowing updates to take place incrementally without service interruption. Failed updates are automatically rolled back and will never take other NGFWs down, making updates, patches and other changes a safe proposition.

Setting up a cluster required little manual configuration. Most of the process takes place using the SMC management console, which offers directed advice. Since I was not using USB or Cloud Configuration options, I did have to manually enter a configuration password using the CLI located on the NGFW that was being added to the cluster. NGFWs that are members of a cluster are usually referred to as “nodes.”

Operationally, I was able to shut down nodes, disrupting the cluster without apparent impact on the end client. To test that, I set up a client system to watch some Youtube videos and then manually disrupted nodes on the cluster. The HA/Load Balancing capabilities kicked in without a hitch. Traffic on the endpoint was not interrupted in any noticeable fashion.

What’s important to recognize about McAfee’s NGFW’s clustering capabilities—and McAfee’s NGFW overall—is that is very simple to deploy, easy to manage, and offers seamless operation, all key considerations for environments where availability is extremely important and endpoints should never experience disruption, such as retail, sales, financial and analytical environments.

Header photo courtesy of Shutterstock.

The post Review: McAfee Enhances Next Generation Firewall appeared first on Enterprise Networking Planet.

A Closer Look at Visual TruView 9.0

When I last reviewed Visual TruView, I deemed it a very capable product that offered a plethora of tools and capabilities, but complex to use and lacking when trying to solve networking problems at the user level. The ability to delve deeper into network traffic and application performance issues has taken on increased importance, especially with the number of applications and services delivered to users from the data center via web technologies.

Visual TruView V9.0 offers an intuitive GUI and easily navigable pull-down menus

Visual TruView 9.0 introduces the capability to fully explore a user connection and then drill down further into packet information, trends and other critical elements that can pinpoint the source of connectivity problems. For example, say a user claims he’s having an application performance issue, where an application either times out or performs slowly. In the past, an administrator would only be able to look at application performance, without any correlation to an individual user.

In-depth information that compares a user’s performance experience to overall application performance makes it easier to spot problems

Now an administrator can drill down into the user’s information and then trend his application performance against the overall performance of the application. That will help an administrator to quickly zero in on where the problem is.

What’s more, an administrator can launch a detailed path analysis to determine what network components were involved in the connection, how the data packets traversed the network and what problems, if any, were encountered. That path analysis capability does require an OptiView XG Network Analysis Tablet installed on the subject network, however.

Detailed packet path traces are readily available and offered visually for administrators trying to track down a problem

The user-level diagnostic capabilities extend beyond application performance and can be used to examine VoIP traffic as well, to quickly investigate any problems with VoiP phones and users. The product offers a highly detailed view into VoIP traffic, filtered by phone number, and can be drilled down into to determine what traffic problems may exist.

VoIP traffic can be analyzed at the endpoint level to highlight communications problems and point to possible solutions

Although Visual TruView 9.0 offers the ability to examine network issues at the user level, the product does not ignore the big picture. A new network utilization module provides information on the overall usage of the network, but with a twist. The visual report offers a trend-centric view based upon a broad time range to show minute-by-minute utilization. That makes it easier to drill down into what actual (not synthetic) network utilization was over time. Administrators can then correlate that information with other data to build a big picture on utilization and delve into what applications, what data centers, what connectivity options and what users (via IP Address) consumed the bandwidth.

Graphing network utilization offers administrators a way to determine when and how network resources were used and provides a quick indication of where resources may need to be relocated

Fluke Networks has also improved the ability to analyze application usage and performance. Enhanced dashboards show application performance based upon actual recorded data that can be filtered by date ranges. The visual representation quickly highlights where and when performance problems appeared.

Administrators can quickly determine what applications have encountered performance problems

Performance is only one aspect of how applications are used across an enterprise network. Administrators must also account for other factors, such as overall usage, servers involved, sites and so on. Visual TruView 9.0 provides all of that information in a configurable application analysis screen, which shows everything from response times to details on what servers or users experienced traffic induced delays. The product also ranks applications and servers by performance and response times, allowing administrators to quickly tune slow sites to increase performance.

Version 9 also brings forth a plethora of usability enhancements, all designed to make the product easier to use and understand. The idea here is to unify network performance management and troubleshooting in a platform accessible to a variety of technical support folks. Businesses no longer have to invest in different tools for applications, networks, VoiP and web services, and can now unify all of those elements under one product.

Visual TruView 9.0 is appliance-based and available under several different models ranging in capacity, performance and throughput. However, the software feature set is the same across the appliance family. Prices start at $25,000 for the entry-level TruView appliance and scales up to $100,000 for the top-of-the-line TruView Appliance. 

The post Review: Fluke Visual TruView 9.0 appeared first on Enterprise Networking Planet.

The combination of UTM (Unified Threat Management) technology with an analytical platform creates a new ideology for building secure networks. They can now be proactive against complex security threats by analyzing multiple data sets, both structured and unstructured, to deliver a comprehensive view of network activity.

I performed hands-on testing of a pair of WatchGuard XTM Series firewalls at WatchGuard’s Seattle testing lab, where I also put WatchGuard Dimension through its paces using data generated by the firewalls under test and data sourced from other WatchGuard firewalls in use at the company. Extensive data sets and high-speed traffic mimicking real-world activity proved ideal for testing the platform. Under analysis, the results were eye-opening.

A closer look at WatchGuard Dimension

WatchGuard Dimension can be deployed as a cloud service to facilitate the need to gather and store large amounts of log data from multiple sources. The implementation I tested used Amazon’s AWS to host the combined services WatchGuard Dimension offers, providing me access to the full functionality of the product via nearly any web browser.

I found the product to be a fascinating security tool. As far as I am aware, it takes a completely new approach to analyzing network traffic. Simply put, WatchGuard Dimension does for network traffic log data what Tableau does for Big Data. It transforms large amounts of data into visual representations.

Visited domains

For example, with WatchGuard Dimension, I was able to correlate certain traffic events from multiple sources over a period of time to identify a trend, presented as a graphical representation that can be automatically placed into a PDF based report.

Using filters and queries, based upon Boolean logic, I was quickly able to isolate the traffic flow from a remote host to a range of internal IP addresses, which WatchGuard Dimension in turn presented as a graphic table. With this, I was able to detect an attack from the remote host. The browser-based management/query console offers several options, submenus, reports and analytical processes. The test environment I used fully leveraged all of the log data from the associated WatchGuard firewalls, enabling me to perform analytics chores on any of the features offered by those firewalls, including complex queries aimed at appropriate use policies (URL Filtering Services), application usage (based upon firewall application control policies), and Data Leakage Protection (DLP) policies, along with all of the normal features firewalls include in their logged information.

WatchGuard Dimension drilldown on CryptoLocker-infected host

The browser-based management console also supports features like drilldown, pivot tables, and the ability to schedule reports for email delivery.

WatchGuard Dimension drilldown on single user

One of the most impressive analytical representations is a world map, which offers color-coded depictions of where data originates or is destined. The map can be filtered by attacks, blocked traffic, allowed traffic, packet type and so on, creating a simplified view of what traffic impacts the network and/or triggers firewall policies.

WatchGuard Dimension threat map showing blocked sites

A closer look at WatchGuard Dimension and the XTM Series

The new XTM firewalls from WatchGuard incorporate a vast array of security technologies that work in a unified fashion to create Next Generation Firewall (NGFW) services. WatchGuard has upped the game on the hardware front by eschewing proprietary hardware in favor of Intel standards-based components, creating  high-performance devices unbound by the limitations of typical ASIC-based firewalls.

What’s more, the adoption of Intel-based technologies allows WatchGuard to easily offer virtual appliance versions of the firewalls for both Hyper-V and VMware environments. Not only does that eliminate the need for proprietary hardware, it also introduces the capability to install WatchGuard XTM firewall services onto hosted infrastructures.

WatchGuard takes a modular approach to the XTM series, allowing users to pick and choose what features they consider most critical for their network edge. That said, the firewall can be configured for antivirus, intrusion protection services, application control, URL filtering, anti-spam, and DLP, all combinable with traditional stateful packet inspection and port protection technologies.

The modular approach offers some other benefits. Customers only pay for what they need and have the advantage of flexible licensing, where licenses are based upon the appliance rather than total user counts. For example, when a customer buys a license for DLP, the license authorizes unlimited users on the device.  

Port counts and throughput capabilities differentiate the various appliances in the XTM family. The 5 Series offers seven ports and as much as 3.5 Gbps of throughput, while the XTM 8 Series offers 14 ports and as much as 14 Gbps of throughput. At the very top of the XTM product pyramid sits the XTM 2520, which offers 35 Gbps of throughput, a dozen 10/100/1000 Ethernet ports and four 10G SFP+ ports.

Of course, WatchGuard also offers various iterations of each model series, with four different configurations available on the 5 Series, three different units under the 8 Series, and so on. The XTM product family includes nine different series of devices. WatchGuard offers special upgrade deals that allow users to move from one series to another at discounted prices.

The devices all share a common management paradigm, with three different styles of interactive management: a command line interface (CLI), a browser based GUI and WatchGuard System Manager (WSM).

The CLI proves very effective for using scripting tools to automate routine tasks across multiple appliances. For example, an administrator can build a script to apply policy changes across multiple devices, to enforce commonality requirements for multi-site security purposes. In my experience, the CLI is the quickest and easiest way to push out multiple changes across multiple devices, because it avoids all of the navigation requirements, such as menu selection, option choices and screen navigation, that normally occur with a GUI.

On the other hand, many administrators, such as those dealing with just a few devices, will be well served by the web interface, which offers a full-featured, easy-to-navigate GUI that eliminates the need to build or execute scripts.

Meanwhile, for administrators looking for the ultimate in ease of use, especially with multiple devices, WSM is a great choice. WSM is a Windows application that rolls up all of the management and configuration chores into a streamlined management program. Administrators can quickly create VPN tunnels, change configurations, update software licenses and perform other functions. What’s more, WSM offers extensive integrated help and several monitoring screens in addition to logging and reporting. For most administrators, WSM will be the management console of choice, even if they are only managing a single XTM appliance.

Pricing for the 5 Series starts at $2,295.00 for the WatchGuard XTM 515 and 1-Year Security Bundle. The 8 Series starts at $12,975 for the WatchGuard XTM 850 and 1-Year Security Bundle. The Security Bundle includes AV, IPS, Spam Blocker, App Control, RED, Webblocker, LiveSecurity and WatchGuard Dimension, with DLP available as an add-on subscription.

Photo courtesy of Shutterstock.

The post Review: WatchGuard’s XTM Series Firewalls Make Security a Snap appeared first on Enterprise Networking Planet.